How to run Mimikatz on SharpHellsGate - Mark Mo - Medium I learned a few things and had to trouble shoot a few things so I thought this might be helpful to s... 2020-06-13 16:46:28 | 阅读: 623 | 收藏 | medium.com mimikatz shellcode payload am0nsec hellsgate

Let’s Bypass CSRF Protection & Password Confirmation to Takeover Victim Accounts :D Anti-CSRF Tokens are a way that allows the server to uniquely distinguish who actually requests the... 2020-06-13 01:43:20 | 阅读: 150 | 收藏 | medium.com bypass 1host forged victim editprofile

XSS to Database Credential Leakage & Database Access — Story of total luck! Reflected Cross-Site Scripting happens when you provide a malicious javascript code to some input pa... 2020-06-06 21:47:06 | 阅读: 132 | 收藏 | medium.com database lucky luck malicious wordpress

Found Stored Cross-Site Scripting — What’s Next? — Privilege Escalation like a Boss :D Cross-site scripting is one of the prominent attacks of all time. It is still being exploited in the... 2020-05-20 01:17:37 | 阅读: 129 | 收藏 | medium.com attacker hanging exploited remote hijacking

The “+” here is used to create an alias. The “+” here is used to create an alias. For example, If your email id is [email protected] — ex... 2020-05-19 14:50:17 | 阅读: 147 | 收藏 | medium.com example0516 synack harshbothra poet bugcrowd

Secure Sublinear Time Differentially Private Median Computation 2020-5-7 23:55:20 | 阅读: 1 | 收藏 | Stories by SAP Security Research on Medium - medium.com

Secure Computation of the k-th Ranked Element in a Star Network 2020-4-19 23:7:26 | 阅读: 1 | 收藏 | Stories by SAP Security Research on Medium - medium.com

Lessons Learned from SunDEW: A Self Defense Environment for Web Applications 2020-3-20 02:19:27 | 阅读: 1 | 收藏 | Stories by SAP Security Research on Medium - medium.com

XXE on Windows system …then what ?? - Hamada - Medium Assignment :During a pentest, i was auditing a web application which hosting documents and files in... 2020-02-17 17:47:15 | 阅读: 633 | 收藏 | medium.com payload windows friend microsoft b00m

Finding and exploiting CVE-2018–7445 (unauthenticated RCE in MikroTik’s RouterOS SMB) CVE-2018–7445 is a stack buffer overflow in the SMB service binary present in all RouterOS versions... 2020-02-01 00:46:18 | 阅读: 519 | 收藏 | medium.com routeros payload mutiny crash fuzzer

picoCTF 2019 — JS Kiddie writeup (850 points) The writeup for Script Kiddie 1 and the Script Kiddie 2 challengesPhoto by Kevin Horvat on UnsplashT... 2019-10-24 18:31:26 | 阅读: 10 | 收藏 | Stories by @radekk on Medium - medium.com kiddie shifter solved qr

HITCON CTF 2019 Quals — One Punch Man [PWN 292pts] 題目是經典類選單題型，可以new/modify/show/delete：debut(new) — 可以分配0x80–0x400(small range)，然後是用calloc給的modiry(rena... 2019-10-16 19:08:37 | 阅读: 21 | 收藏 | medium.com 一塊 calloc 0x400 一個 unsorted

Red Teamer’s Guide to Pulse Secure SSL VPN - InfoSec Write-ups - Medium This write-up is the collective efforts of collaborating with various hackers on exploring and furth... 2019-10-07 12:24:02 | 阅读: 479 | 收藏 | medium.com ssh sshd pulse orange injection

URL Bar Spoofing Flaw in Safari for iOS 12.3 and iOS 13 Beta | CVE-2019-8727 While working for browser-based attacks on the URL bar, I learned a way where it was still possible... 2019-10-04 17:36:51 | 阅读: 468 | 收藏 | medium.com spoofing spoof autofocus security setinterval

How to find vulnerabilities on OS X? Photo by Benjamin Voros on UnsplashA while ago I did find a security vulnerability in hundreds of Ma... 2019-9-15 20:55:58 | 阅读: 7 | 收藏 | Stories by @radekk on Medium - medium.com sparkle appcast updater sequelpro dsa

5min Bash — sed When you should use “sed” command?Replacing text in files and stdin, i.e. “cat”, “echo” commandsRemo... 2019-9-14 22:13:11 | 阅读: 6 | 收藏 | Stories by @radekk on Medium - medium.com replacing bak backup

5min Bash — grep When you should use “grep” command?Searching for files with a specific text or regular expression pa... 2019-9-14 21:59:45 | 阅读: 6 | 收藏 | Stories by @radekk on Medium - medium.com zgrep inverse occurrences recursively

Hacking home routers from the Internet If an attacker is able to execute commands directly on your router he can:Attack your internal netwo... 2019-9-12 15:1:1 | 阅读: 7 | 收藏 | Stories by @radekk on Medium - medium.com attacker rebinding remote nvram sop

Puzzle hidden in the book The full title of this polish book is “Praktyczna inżynieria wsteczna” which we can translate to “Ap... 2019-9-10 15:1:1 | 阅读: 8 | 收藏 | Stories by @radekk on Medium - medium.com crc32c checksums memory rwx

Firefox and Burp Suite There is a few popular ways to run Burp Suite from PortSwigger in the pentesting environment. The si... 2019-9-5 15:1:2 | 阅读: 11 | 收藏 | Stories by @radekk on Medium - medium.com burp proxy cacert software security