🔰 Another cool Reverse Shell #cheat_sheet @hacklido
https://www.github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Methodology%20and%20Resources%2FReverse%20Shell%20Cheatsheet.md
https://www.github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Methodology%20and%20Resources%2FReverse%20Shell%20Cheatsheet.md
GitHub
PayloadsAllTheThings/Methodology and Resources/Reverse Shell Cheatsheet.md at master · swisskyrepo/PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF - swisskyrepo/PayloadsAllTheThings
🔰Let's understand each file system of #LINUX in detail: @hacklido
1. Ext, Ext2, Ext3 and Ext4 file system
The file system Ext stands for Extended File System. It was primarily developed for MINIX OS. The Ext file system is an older version, and is no longer used due to some limitations.
Ext2 is the first Linux file system that allows managing two terabytes of data.
Ext3 is developed through Ext2; it is an upgraded version of Ext2 and contains backward compatibility.
Ext4 file system is the faster file system among all the Ext file systems. It is a very compatible option for the SSD (solid-state drive) disks, and it is the default file system in Linux distribution.
2. JFS File System
JFS stands for Journaled File System, and it is developed by IBM for AIX Unix. It is an alternative to the Ext file system.
3. ReiserFS File System
ReiserFS is an alternative to the Ext3 file system. It has improved performance and advanced features.
5. Btrfs File System
Btrfs stands for the B tree file system. It is used for fault tolerance, repair system, fun administration, extensive storage configuration, and more.
6. Swap File System
The swap file system is used for memory paging in Linux operating system during the system hibernation.
1. Ext, Ext2, Ext3 and Ext4 file system
The file system Ext stands for Extended File System. It was primarily developed for MINIX OS. The Ext file system is an older version, and is no longer used due to some limitations.
Ext2 is the first Linux file system that allows managing two terabytes of data.
Ext3 is developed through Ext2; it is an upgraded version of Ext2 and contains backward compatibility.
Ext4 file system is the faster file system among all the Ext file systems. It is a very compatible option for the SSD (solid-state drive) disks, and it is the default file system in Linux distribution.
2. JFS File System
JFS stands for Journaled File System, and it is developed by IBM for AIX Unix. It is an alternative to the Ext file system.
3. ReiserFS File System
ReiserFS is an alternative to the Ext3 file system. It has improved performance and advanced features.
5. Btrfs File System
Btrfs stands for the B tree file system. It is used for fault tolerance, repair system, fun administration, extensive storage configuration, and more.
6. Swap File System
The swap file system is used for memory paging in Linux operating system during the system hibernation.
🔰sri-check | A #Burp Suite extension for identifying missing Subresource Integrity attributes. @hacklido
https://github.com/PortSwigger/sri-check
https://github.com/PortSwigger/sri-check
GitHub
GitHub - PortSwigger/sri-check: A Burp Suite extension for identifying missing Subresource Integrity attributes.
A Burp Suite extension for identifying missing Subresource Integrity attributes. - PortSwigger/sri-check
Burp similar-request-excluder
🔰 #Burp Suite extension that detects similar CFG-paths from HTTP responses in a black box manner. @hacklido
https://github.com/PortSwigger/similar-request-excluder
🔰 #Burp Suite extension that detects similar CFG-paths from HTTP responses in a black box manner. @hacklido
https://github.com/PortSwigger/similar-request-excluder
GitHub
GitHub - PortSwigger/similar-request-excluder: A Burp Suite extension that detects similar CFG-paths from HTTP responses in a black…
A Burp Suite extension that detects similar CFG-paths from HTTP responses in a black box manner. - PortSwigger/similar-request-excluder
🔰ImHex
A #Hex Editor for #Reverse_Engineering , Programmers and people that value their eye sight when working at 3 AM. @hacklido
https://github.com/WerWolv/ImHex
A #Hex Editor for #Reverse_Engineering , Programmers and people that value their eye sight when working at 3 AM. @hacklido
https://github.com/WerWolv/ImHex
GitHub
GitHub - WerWolv/ImHex: 🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3…
🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM. - WerWolv/ImHex
🔰My phone was spying on me, so I tracked down the surveillants. @hacklido
https://nrkbeta.no/2020/12/03/my-phone-was-spying-on-me-so-i-tracked-down-the-surveillants/
https://nrkbeta.no/2020/12/03/my-phone-was-spying-on-me-so-i-tracked-down-the-surveillants/
NRKbeta
My Phone Was Spying on Me, so I Tracked Down the Surveillants
There are 160 apps on my phone. What they're actually doing, I don't know. But I decided to find out.
This is an English translation, read the original here.
I have a feeling these apps are …
This is an English translation, read the original here.
I have a feeling these apps are …
🔰 #Binary Ninja #plugin to deal with the strings #encoding in the most common Golang obfuscator: gobfuscate @hacklido
https://www.kryptoslogic.com/blog/2020/12/automated-string-de-gobfuscation/
https://www.kryptoslogic.com/blog/2020/12/automated-string-de-gobfuscation/
Kryptoslogic
Automated string de-gobfuscation
Last week the Network Security Research Lab at 360 released a blog post on an obfuscated backdoor written in Go named Blackrota. They claim that the Blackrota backdoor is available for both x86/x86-64 architectures which is no surprise given how capable Golang’s…
🔰#Automated #Pen_Testing: Can It Replace Humans? @hacklido
https://www.darkreading.com/vulnerabilities---threats/automated-pen-testing-can-it-replace-humans/a/d-id/1339513?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple
These #tools have come a long way, but are they far enough along to make human pen testers obsolete?
https://www.darkreading.com/vulnerabilities---threats/automated-pen-testing-can-it-replace-humans/a/d-id/1339513?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple
These #tools have come a long way, but are they far enough along to make human pen testers obsolete?
Dark Reading
Automated Pen Testing: Can It Replace Humans?
These tools have come a long way, but are they far enough along to make human pen testers obsolete?
🔰 #CVE -2020-8913: @hacklido
Persistent code execution in #Google Play Core Library ( #PoC )
https://blog.oversecured.com/Oversecured-automatically-discovers-persistent-code-execution-in-the-Google-Play-Core-Library/
Vulnerability in #Google Play Core Library Remains Unpatched in Google Play Applications... @hacklido
https://research.checkpoint.com/2020/vulnerability-in-google-play-core-library-remains-unpatched-in-google-play-applications/
Persistent code execution in #Google Play Core Library ( #PoC )
https://blog.oversecured.com/Oversecured-automatically-discovers-persistent-code-execution-in-the-Google-Play-Core-Library/
Vulnerability in #Google Play Core Library Remains Unpatched in Google Play Applications... @hacklido
https://research.checkpoint.com/2020/vulnerability-in-google-play-core-library-remains-unpatched-in-google-play-applications/
News, Techniques & Guides
Oversecured automatically discovers persistent code execution in the Google Play Core Library
The Google Play Core Library is a popular library for Android that allows updates to various parts of an app to be delivered at runtime without the participation of the user, via the Google API...
🔰Garuda #Linux
An Indian Operating System based on GNU Linux! You are really going to fall in love with it's speed and Interface. @hacklido
Link: https://garudalinux.org
An Indian Operating System based on GNU Linux! You are really going to fall in love with it's speed and Interface. @hacklido
Link: https://garudalinux.org
🔰 #SQL injection - Let's dump the database
@hacklido
https://c4r33r1ncsec.blogspot.com/2020/12/sql-injection-lets-dump-database.html
@hacklido
https://c4r33r1ncsec.blogspot.com/2020/12/sql-injection-lets-dump-database.html
Blogspot
SQL Injection – “Let’s dump the database”
🔰 A Pre-Exam For Future #OSCP Students! :: H4cklife!! — No-life it @hacklido
https://h4cklife.org/posts/a-pre-exam-for-future-oscp-students/
https://h4cklife.org/posts/a-pre-exam-for-future-oscp-students/
H4cklife!!
A Pre-Exam For Future OSCP Students!
Overview Whether you are in preparation for your lab time to begin or you just want to get a feel for what exam day will be like, I've put together a few practice exams for future OSCP students to take. These boxes should be comprehensive enough to cover…
🔰 Collection of #malware #source_code for a variety of platforms in an array of different #programming languages. @hacklido
https://github.com/vxunderground/MalwareSourceCode
https://github.com/vxunderground/MalwareSourceCode
GitHub
GitHub - vxunderground/MalwareSourceCode: Collection of malware source code for a variety of platforms in an array of different…
Collection of malware source code for a variety of platforms in an array of different programming languages. - vxunderground/MalwareSourceCode
🔰 #Cheat_Sheet: #GraphQL #websecurity @hacklido
⚡Input validation
⚡ DoS prevention
⚡Access control
⚡ Batching attacks
⚡ Tools and other best practices
cheatsheetseries.owasp.org/cheatsheets/GraphQL_Cheat_Sheet.html
⚡Input validation
⚡ DoS prevention
⚡Access control
⚡ Batching attacks
⚡ Tools and other best practices
cheatsheetseries.owasp.org/cheatsheets/GraphQL_Cheat_Sheet.html
cheatsheetseries.owasp.org
GraphQL - OWASP Cheat Sheet Series
Website with the collection of all the cheat sheets of the project.
🔰 #PoC exploits for #CVE -2020-17143 and CVE-2020-17141 which demonstrate the #XXE bugs against Exchange #Server. @hacklido
- Low privileged authentication only
- CVE-2020-17141 is interesting because its in the EWS #API
https://srcincite.io/pocs/cve-2020-17143.py.txt
https://srcincite.io/pocs/cve-2020-17141.py.txt
- Low privileged authentication only
- CVE-2020-17141 is interesting because its in the EWS #API
https://srcincite.io/pocs/cve-2020-17143.py.txt
https://srcincite.io/pocs/cve-2020-17141.py.txt
🔰 #RCE via #LFI Log Poisoning - The Death Potion @hacklido
https://shahjerry33.medium.com/rce-via-lfi-log-poisoning-the-death-potion-c0831cebc16d
https://shahjerry33.medium.com/rce-via-lfi-log-poisoning-the-death-potion-c0831cebc16d
Medium
RCE via LFI Log Poisoning - The Death Potion
Hello everyone, I would like to share one of my recent findings on a Vulnerability Disclosure Program. It is related to how I escalated to…
🔰 #Reverse_Engineering Tips — Setup #Kernel #Debugging on #Windows 10 @hacklido
https://medium.com/malware-buddy/reverse-engineering-tips-kernel-debugging-on-windows-10-784e43be7353
https://medium.com/malware-buddy/reverse-engineering-tips-kernel-debugging-on-windows-10-784e43be7353
Medium
[Reverse Engineering Tips] — Setting up Kernel Debugging on Windows 10
The Windows kernel allows the operating system to interact with the hardware and system resources of the computer. It runs the code in a…