Переводы статей для xss.pro

Отслеживать
Пожалуйста, обратите внимание, что пользователь заблокирован
tabac сказал(а):

CloudGoat Official Walkthrough Series: “rce_web_app” - Rhino Security Labs

This blog post is the official walkthrough of the new rce_web_app CloudGoat scenario. This post covers the two different paths to complete the scenario.
rhinosecuritylabs.com

libssh2 integer overflows and an out-of-bounds read (CVE-2019-13115)

Get a technical deep dive into some libssh2 integer overflows and an out-of-bounds read. Semmle researcher Kevin Backhouse shows how the vulnerability can be triggered by connecting to a malicious ssh server.
blog.semmle.com

SetWindowHookEx Code Injection

ired.team

Rapid7

Rapid7’s cybersecurity experts break down the latest vulnerabilities, exploits, and attacks. Detect threats faster with trusted news, insights & threat intel.
blog.rapid7.com
последняя статья переведена но она не полная. Автор перевода посчитал не нужным и вырезал 30% из статьи текста. Она сейчас на модерации.
 
Пожалуйста, обратите внимание, что пользователь заблокирован
Возьму в работу эти 3:

SetWindowHookEx Code Injection

ired.team

libssh2 integer overflows and an out-of-bounds read (CVE-2019-13115)

Get a technical deep dive into some libssh2 integer overflows and an out-of-bounds read. Semmle researcher Kevin Backhouse shows how the vulnerability can be triggered by connecting to a malicious ssh server.
blog.semmle.com

CloudGoat Official Walkthrough Series: “rce_web_app” - Rhino Security Labs

This blog post is the official walkthrough of the new rce_web_app CloudGoat scenario. This post covers the two different paths to complete the scenario.
rhinosecuritylabs.com
 
Очень не хватает информации по энроллу. Если у кого-нибудь есть толковые статьи на эту тему, я готов за свой счёт их перевести, и выложить на форум. Пишите если что в личку.
 

CVE-2019-0888: Use-After-Free in Windows ActiveX Data Objects (ADO)

Details of the vulnerability we reported to Microsoft and was fixed in last month’s Patch Tuesday
news.sophos.com

Waves Maxx Audio DLL Side-Loading LPE via Windows Registry - VerSprite, Threat Modeling and Pentesting Services

This blog post focuses on the Windows registry and how improper permissions assignment on registry keys can lead to vulnerabilities in applications.
versprite.com

15 Ways to Bypass the PowerShell Execution Policy

By default, PowerShell is configured to prevent the execution of PowerShell scripts on Windows systems. In this blog I’ll cover 15 ways to bypass the PowerShell execution policy without having local administrator rights on the system.
blog.netspi.com
(старовата, но актуальна)

The eCh0raix Ransomware

www.anomali.com

Integrating security into your DevOps Lifecycle

GitLab application security testing for SAST, DAST, Dependency scanning, Container Scanning and more within the DevSecOps CI pipeline with vulnerability management and compliance.
fuzzit.dev

An Exploit Chain Against Citrix SD-WAN

Multiple vulnerabilities to pivot through the Citrix SD-WAN
medium.com
 

15 Ways to Bypass the PowerShell Execution Policy

By default, PowerShell is configured to prevent the execution of PowerShell scripts on Windows systems. In this blog I’ll cover 15 ways to bypass the PowerShell execution policy without having local administrator rights on the system.
blog.netspi.com
Возьмусь за эту если никто не против
 

15 Ways to Bypass the PowerShell Execution Policy

By default, PowerShell is configured to prevent the execution of PowerShell scripts on Windows systems. In this blog I’ll cover 15 ways to bypass the PowerShell execution policy without having local administrator rights on the system.
blog.netspi.com
https://xss.pro/threads/30376
Готово!
 
Пожалуйста, обратите внимание, что пользователь заблокирован
Пожалуйста, обратите внимание, что пользователь заблокирован

Preventing Mimikatz Attacks

Mimikatz is playing a vital role in every internal penetration test or red team engagement mainly for its capability to extract passwords…
medium.com
 

U-XSS in OperaMini for iOS Browser (0-Day) [CVE-2019-13607]

Security Blog
blog.rakeshmane.com

Exploiting CVE-2019-1040 - Combining relay vulnerabilities for RCE and Domain Admin

Earlier this week, Microsoft issued patches for CVE-2019-1040, which is a vulnerability that allows for bypassing of NTLM relay mitigations. The vulnerability was discovered by Marina Simakov and Yaron Zinar (as well as several others credited in the Microsoft advisory), and they published a...
dirkjanm.io

Corben Leo

infosec write-ups and ramblings
www.corben.io
 
Пожалуйста, обратите внимание, что пользователь заблокирован
Возьму эти:

Exploiting CVE-2019-1040 - Combining relay vulnerabilities for RCE and Domain Admin

Earlier this week, Microsoft issued patches for CVE-2019-1040, which is a vulnerability that allows for bypassing of NTLM relay mitigations. The vulnerability was discovered by Marina Simakov and Yaron Zinar (as well as several others credited in the Microsoft advisory), and they published a...
dirkjanm.io

Corben Leo

infosec write-ups and ramblings
www.corben.io

Preventing Mimikatz Attacks

Mimikatz is playing a vital role in every internal penetration test or red team engagement mainly for its capability to extract passwords…
medium.com
 
интересные статьи:

Research, News, and Perspectives

blog.trendmicro.com
часть 1 (начало) https://medium.com/alertot/web-scra...e-telnet-service-in-scrapy-1-5-2-ad5260fea0db
часть 2 (продолжение) https://medium.com/alertot/web-scra...king-files-from-the-spiders-host-bd508f81d498

JSON hijacking for the modern web

I presented this topic at OWASP London and Manchester. You can find the talk and slides below: Slides from OWASP London talk Benjamin Dumke-von der Ehe found an interesting way to steal data cross dom
portswigger.net

Hacking Tinderâs Premium Model

In this blog, I’ll be talking about how we can bypass the tinder’s premium service and convert likes into matches through a vulnerability…
medium.com

How I Could Have Hacked Any Instagram Account - The Zero Hack

This article is about how I found a vulnerability on Instagram that allowed me to hack any Instagram account without consent permission. Facebook and Instagram security team fixed the issue and rewarded me $30000 as a part of their bounty program. Facebook is working constantly to improve its...
thezerohack.com
 
Пожалуйста, обратите внимание, что пользователь заблокирован
BabaDook сказал(а):

Preventing Mimikatz Attacks

Mimikatz is playing a vital role in every internal penetration test or red team engagement mainly for its capability to extract passwords…
medium.com
Статья говно, ниочем. Не третье время. Сарян, я ложанул.
 
Заранее извиняюсь за то, что долгое время не выкладываю статьи.Я сейчас в "отпуске" и не могу переводить их.
 
Пожалуйста, обратите внимание, что пользователь заблокирован
Пожалуйста, обратите внимание, что пользователь заблокирован
Взял эти:

Hacking Tinderâs Premium Model

In this blog, I’ll be talking about how we can bypass the tinder’s premium service and convert likes into matches through a vulnerability…
medium.com


How I Could Have Hacked Any Instagram Account - The Zero Hack

This article is about how I found a vulnerability on Instagram that allowed me to hack any Instagram account without consent permission. Facebook and Instagram security team fixed the issue and rewarded me $30000 as a part of their bounty program. Facebook is working constantly to improve its...
thezerohack.com
 
admin


Напишите ответ...
  • Вставить:
Прикрепить файлы
Верх