Getting started with the Red Team Guides
RedTeamGuides is a platform that provides red team tutorial and guidance along with cheatsheets. It is aimed at helping security professionals and enthusiasts to learn about red teaming and penetration testing techniques.
The platform provides a wide range of resources, including step-by-step tutorials, how-to guides, and cheat sheets, that cover different topics related to red teaming, such as reconnaissance, exploitation, post-exploitation, and privilege escalation. The guides are regularly updated to keep up with the latest techniques and tools in the field.
https://redteamguides.com/index.html
RedTeamGuides is a platform that provides red team tutorial and guidance along with cheatsheets. It is aimed at helping security professionals and enthusiasts to learn about red teaming and penetration testing techniques.
The platform provides a wide range of resources, including step-by-step tutorials, how-to guides, and cheat sheets, that cover different topics related to red teaming, such as reconnaissance, exploitation, post-exploitation, and privilege escalation. The guides are regularly updated to keep up with the latest techniques and tools in the field.
https://redteamguides.com/index.html
Forwarded from The Bug Bounty Hunter
OTP Bypass via Source Page Inspection
https://medium.com/@katmaca2014/otp-bypass-via-source-page-inspection-3c6ac90a0fb5
https://medium.com/@katmaca2014/otp-bypass-via-source-page-inspection-3c6ac90a0fb5
Medium
OTP Bypass via Source Page Inspection
I will explain an OTP (One-Time-Password) Bypass I found during a website penetration test. Lets get into it…
NSA - Mitigating Web Shells
This repository houses a number of tools and signatures to help defend networks against web shell malware. More information about web shells and the analytics used by the tools here is available in NSA and ASD web shell mitigation guidance Detect and Prevent Web Shell Malware.
https://github.com/nsacyber/Mitigating-Web-ShellsGitHub
GitHub - nsacyber/Mitigating-Web-Shells: Guidance for mitigation web shells. #nsacyber
Guidance for mitigation web shells. #nsacyber. Contribute to nsacyber/Mitigating-Web-Shells development by creating an account on GitHub.
File Shared < 1.6.48 (Wordpress Plugin) — Sensitive Data Exposure Mysql version, enviroment..
When we try upload an unauthorized file, The plugin core stored Database sensitive informations like Mysql Version, Enviroment informations, userid, user_session, ip,(browser informations).
https://medium.com/@DreadPirateRobertt/file-shared-1-6-48-wordpress-plugin-sensitive-data-exposure-mysql-version-enviroment-343356762353Medium
File Shared < 1.6.48 (Wordpress Plugin) — Sensitive Data Exposure Mysql version, enviroment, ++;
File Shared Plugin
(Authenticated) Stored XSS - Simple Download Monitor 3.9.19 (Wordpress Plugin)
https://medium.com/@DreadPirateRobertt/stored-xss-simple-download-monitor-3-9-19-wordpress-plugin-cbef1564a44b
https://medium.com/@DreadPirateRobertt/stored-xss-simple-download-monitor-3-9-19-wordpress-plugin-cbef1564a44b
Medium
(Authenticated) Stored XSS - Simple Download Monitor 3.9.19 (Wordpress Plugin)
Disclaimer
SSRFire - An automated SSRF finder
https://medium.com/@aswinchandran274/ssrfire-an-automated-ssrf-finder-798f3ee8a38
https://medium.com/@aswinchandran274/ssrfire-an-automated-ssrf-finder-798f3ee8a38
Medium
SSRFire - An automated SSRF finder
Introduction
FFuF - Fuzzing Tool
👨💻🛠 In this week's episode of Hacker Tools, we will take a look at FFuF.
https://www.youtube.com/watch?v=UDaeS7455mU
👨💻🛠 In this week's episode of Hacker Tools, we will take a look at FFuF.
https://www.youtube.com/watch?v=UDaeS7455mU
YouTube
Fuzzing for beginners! FFuF - Hacker Tools
👨💻🛠️ In this week's episode of Hacker Tools, we will take a look at FFuF.
00:00 Introduction
00:15 What is fuzzing?
01:20 FFuF
01:30 Running FFuF
04:30 Post request options
05:30 Bug bounty Options
06:10 Recursion & redirects
07:30 Matcher options
08:30…
00:00 Introduction
00:15 What is fuzzing?
01:20 FFuF
01:30 Running FFuF
04:30 Post request options
05:30 Bug bounty Options
06:10 Recursion & redirects
07:30 Matcher options
08:30…
Forwarded from Android Security & Malware
Leveraging a Hooking Framework to Expand Malware Detection Coverage on the Android Platform
https://unit42.paloaltonetworks.com/hooking-framework-in-sandbox-to-analyze-android-apk/
https://unit42.paloaltonetworks.com/hooking-framework-in-sandbox-to-analyze-android-apk/
Unit 42
Leveraging a Hooking Framework to Expand Malware Detection Coverage on the Android Platform
We employ static and dynamic analysis to dissect two case studies using obfuscation in Android malware: a Cerberus banking trojan and HiddenAd adware.
Forwarded from Android Security & Malware
iOS Pentesting Series
Learn how to work with useful tools and apps such as Frida, Objection, 3uTools, Cydia, Burp, fsmon, fridump, SSL bypass, reFlutter etc.
Part 1: https://kishorbalan.medium.com/start-your-first-ios-application-pentest-with-me-part-1-1692311f1902
Part 2: https://kishorbalan.medium.com/ios-pentesting-series-part-2-into-the-battlefield-f17ed2778890
Part 3: https://kishorbalan.medium.com/ios-pentesting-series-part-3-the-ceasefire-53fcea3bbd70
Learn how to work with useful tools and apps such as Frida, Objection, 3uTools, Cydia, Burp, fsmon, fridump, SSL bypass, reFlutter etc.
Part 1: https://kishorbalan.medium.com/start-your-first-ios-application-pentest-with-me-part-1-1692311f1902
Part 2: https://kishorbalan.medium.com/ios-pentesting-series-part-2-into-the-battlefield-f17ed2778890
Part 3: https://kishorbalan.medium.com/ios-pentesting-series-part-3-the-ceasefire-53fcea3bbd70
Medium
Start your first iOS Application Pentest with me.. (Part- 1)
Hola Heckers,
What is Prometheus ?
Prometheus is an open-source systems monitoring and alerting toolkit originally built at SoundCloud. Since its inception in 2012, many companies and organizations have adopted Prometheus, and the project has a very active developer and user community
Prometheus collects and stores its metrics as time series data, i.e. metrics information is stored with the timestamp at which it was recorded, alongside optional key-value pairs called labels.
https://prometheus.io/docs/introduction/overview/
Prometheus is an open-source systems monitoring and alerting toolkit originally built at SoundCloud. Since its inception in 2012, many companies and organizations have adopted Prometheus, and the project has a very active developer and user community
Prometheus collects and stores its metrics as time series data, i.e. metrics information is stored with the timestamp at which it was recorded, alongside optional key-value pairs called labels.
https://prometheus.io/docs/introduction/overview/
prometheus.io
Overview | Prometheus
An open-source monitoring system with a dimensional data model, flexible query language, efficient time series database and modern alerting approach.
Vuln Research in VIDEO GAMES?!?!
Our adventure with FreeDroid RPG began when we were perusing the National Vulnerability Database (NVD) for video game-related bugs and discovered two CVEs from 2020 related to this game: CVE-2020-14938 and CVE-2020-14939. Both CVEs involved ways to maliciously manipulate the save game data—each fascinating in their own right. As we looked into the technical details of this original research from LogicalTrust, we noticed anomalies in the patches that were meant to address these vulnerabilities, sparking a deeper investigation
https://youtu.be/vHocemqpOuo?si=x7Et0MJdhwMdHTIv
Our adventure with FreeDroid RPG began when we were perusing the National Vulnerability Database (NVD) for video game-related bugs and discovered two CVEs from 2020 related to this game: CVE-2020-14938 and CVE-2020-14939. Both CVEs involved ways to maliciously manipulate the save game data—each fascinating in their own right. As we looked into the technical details of this original research from LogicalTrust, we noticed anomalies in the patches that were meant to address these vulnerabilities, sparking a deeper investigation
https://youtu.be/vHocemqpOuo?si=x7Et0MJdhwMdHTIv
YouTube
Vuln Research in VIDEO GAMES?!?!
🔥 Learn How To Do Vuln Research in Video Games With Patch Analysis
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
🔗 Links:
GH Article:…
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: https://patreon.com/guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
🔗 Links:
GH Article:…