امنیت اطلاعات
#python #news @sec_nerd
https://developers.slashdot.org/story/19/08/24/2242248/uk-cybersecurity-agency-urges-devs-to-drop-python-2
#python
#news
@sec_nerd
#python
#news
@sec_nerd
developers.slashdot.org
UK Cybersecurity Agency Urges Devs To Drop Python 2
Python's End-of-Life date is 129 days away, warns the UK National Cyber Security Centre (NCSC). "There will be no more bug fixes, or security updates, from Python's core developers." An anonymous reader quotes ZDNet: The UK's cyber-security agency warned…
پایتون را از NSA بیاموزید!
https://nsa.sfo2.digitaloceanspaces.com/comp3321.pdf
@sec_nerd
فایل مربوط به دوره آموزشی COMP 3321 سازمان NSA است
حجم: ۱۱۸ مگابایت
برخی نکات استخراج شده از این فایل :
https://kushaldas.in/posts/python-course-inside-of-nsa-via-a-foia-request.html
#nsa
#python
@sec_nerd
https://nsa.sfo2.digitaloceanspaces.com/comp3321.pdf
@sec_nerd
فایل مربوط به دوره آموزشی COMP 3321 سازمان NSA است
حجم: ۱۱۸ مگابایت
برخی نکات استخراج شده از این فایل :
https://kushaldas.in/posts/python-course-inside-of-nsa-via-a-foia-request.html
#nsa
#python
@sec_nerd
برای یادگیری حملات deserialization
کلیات:
0️⃣https://blog.detectify.com/2018/03/21/owasp-top-10-insecure-deserialization/
جاوا:
0️⃣https://nickbloor.co.uk/2017/08/13/attacking-java-deserialization/
1️⃣https://www.studytonight.com/java/serialization-and-deserialization.php
پیاده سازی حملات در burp برای جاوا:
0️⃣https://blog.netspi.com/java-deserialization-attacks-burp/
1️⃣https://github.com/PortSwigger/java-serial-killer
2️⃣https://github.com/summitt/burp-ysoserial
نمونه جاوایی:
0️⃣https://medium.com/abn-amro-red-team/java-deserialization-from-discovery-to-reverse-shell-on-limited-environments-2e7b4e14fbef
دات نت و ریموتینگ در باینری:
0️⃣https://github.com/tyranid/ExploitRemotingService
دات نت و soap:
0️⃣https://github.com/nccgroup/VulnerableDotNetHTTPRemoting
دات نت بصورت عمومی:
0️⃣https://github.com/pwntester/ysoserial.net/blob/master/README.md
php:
https://nickbloor.co.uk/2018/02/28/popping-wordpress/
نمونه برای php:
0️⃣https://blog.checkpoint.com/wp-content/uploads/2016/08/Exploiting-PHP-7-unserialize-Report-160826.pdf
دو نمونه برای nodejs:
0️⃣https://medium.com/bugbountywriteup/celestial-a-node-js-deserialization-hackthebox-walk-through-c71a4da14eaa
1️⃣https://opsecx.com/index.php/2017/02/08/exploiting-node-js-deserialization-bug-for-remote-code-execution/
پایتون:
0️⃣https://dan.lousqui.fr/explaining-and-exploiting-deserialization-vulnerability-with-python-en.html
1️⃣https://docs.python.org/3/library/pickle.html
اپلیکیشن آسیب پذیری پایتونی:
0️⃣https://github.com/TheBlusky/pickle-prick
نمونه برای پایتون:
0️⃣https://dan.lousqui.fr/explaining-and-exploiting-deserialization-vulnerability-with-python-en.html
1️⃣https://www.journaldev.com/15638/python-pickle-example
چیت شیت:
0️⃣https://cheatsheetseries.owasp.org/cheatsheets/Deserialization_Cheat_Sheet.html
credits:soroush dalili, Nishith K
#deserialization
#java #dotnet
#php #python #burpsuite #writeup #web #pentest
@sec_nerd
کلیات:
0️⃣https://blog.detectify.com/2018/03/21/owasp-top-10-insecure-deserialization/
جاوا:
0️⃣https://nickbloor.co.uk/2017/08/13/attacking-java-deserialization/
1️⃣https://www.studytonight.com/java/serialization-and-deserialization.php
پیاده سازی حملات در burp برای جاوا:
0️⃣https://blog.netspi.com/java-deserialization-attacks-burp/
1️⃣https://github.com/PortSwigger/java-serial-killer
2️⃣https://github.com/summitt/burp-ysoserial
نمونه جاوایی:
0️⃣https://medium.com/abn-amro-red-team/java-deserialization-from-discovery-to-reverse-shell-on-limited-environments-2e7b4e14fbef
دات نت و ریموتینگ در باینری:
0️⃣https://github.com/tyranid/ExploitRemotingService
دات نت و soap:
0️⃣https://github.com/nccgroup/VulnerableDotNetHTTPRemoting
دات نت بصورت عمومی:
0️⃣https://github.com/pwntester/ysoserial.net/blob/master/README.md
php:
https://nickbloor.co.uk/2018/02/28/popping-wordpress/
نمونه برای php:
0️⃣https://blog.checkpoint.com/wp-content/uploads/2016/08/Exploiting-PHP-7-unserialize-Report-160826.pdf
دو نمونه برای nodejs:
0️⃣https://medium.com/bugbountywriteup/celestial-a-node-js-deserialization-hackthebox-walk-through-c71a4da14eaa
1️⃣https://opsecx.com/index.php/2017/02/08/exploiting-node-js-deserialization-bug-for-remote-code-execution/
پایتون:
0️⃣https://dan.lousqui.fr/explaining-and-exploiting-deserialization-vulnerability-with-python-en.html
1️⃣https://docs.python.org/3/library/pickle.html
اپلیکیشن آسیب پذیری پایتونی:
0️⃣https://github.com/TheBlusky/pickle-prick
نمونه برای پایتون:
0️⃣https://dan.lousqui.fr/explaining-and-exploiting-deserialization-vulnerability-with-python-en.html
1️⃣https://www.journaldev.com/15638/python-pickle-example
چیت شیت:
0️⃣https://cheatsheetseries.owasp.org/cheatsheets/Deserialization_Cheat_Sheet.html
credits:soroush dalili, Nishith K
#deserialization
#java #dotnet
#php #python #burpsuite #writeup #web #pentest
@sec_nerd
Detectify Blog
OWASP TOP 10: Insecure Deserialization - Detectify Blog
Insecure Deserialization is one of the vulnerabilities on OWASP‘s Top 10 list and allows attackers to transfer a payload using serialized objects. This happens when integrity checks are not in place and deserialized data is not sanitized or validated.
👍1
امنیت اطلاعات
برای یادگیری حملات deserialization کلیات: 0️⃣https://blog.detectify.com/2018/03/21/owasp-top-10-insecure-deserialization/ جاوا: 0️⃣https://nickbloor.co.uk/2017/08/13/attacking-java-deserialization/ 1️⃣https://www.studytonight.com/java/serialization-and…
https://www.rapid7.com/research/report/exploiting-jsos/
Java Serialization: A Practical Exploitation Guide
#deserialization
#java #dotnet
#php #python #burpsuite #writeup #web #pentest
@sec_nerd
Java Serialization: A Practical Exploitation Guide
#deserialization
#java #dotnet
#php #python #burpsuite #writeup #web #pentest
@sec_nerd
Rapid7
Rapid7 Labs - Trusted Cybersecurity Research