7421 matches found
PowerShell: In-Memory Injection Using CertUtil.exe
Have you ever heard the old saying," The only constant in life is change?" Nothing is truer in the world of penetration testing and information security than the certainty of change. New defenses are always emerging, and the guys and gals in the red team game are always having to evolve our effor...
CVE-2016-10650
ntfserver is a Network Testing Framework Server. ntfserver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the...
CVE-2016-10650
CVE-2016-10650 affects ntfserver (Network Testing Framework Server). The vulnerability arises because ntfserver downloads binary resources over HTTP, allowing a network-positioned attacker to perform a MITM and swap the requested binary with a malicious one, potentially leading to remote code exe...
GDRP and Penetration Testing: What You Need to Know
The post GDRP and Penetration Testing: What You Need to Know appeared first on Rhino Security Labs...
ZipperDown vulnerability, hype or imminent-vulnerability warning-the black bar safety net
! One, overview Recently, ZipperDown vulnerability is disclosed, the vulnerability affects Android and iOS two platform, including the iOS app market up to 10%of the application the vulnerability exists, and no shortage of many popular applications, triggering the industry's strong reaction...
Burpa - A Burp Suite Automation Tool
A Burp Suite Automation Tool With Slack Integration. Requirements burp-rest-api Burp Suite Professional slackclient Usage $ python burpa.py -h / / / / / / / / / / / // / // / / / // / // / /./,// / ./,/ // burpa version 0.1 / by 0x4D31 usage: burpa.py -h -a scan,proxy-config,stop -pP PROXYPORT...
Outpost24 Appsec Scale for Web Application Scanning
Today I would like to write about yet another Outpost24 product - cloud Web Application Scanner Appsec Scale. It is available in the same interface as Outpost24 Outscan, that I reviewed earlier. Select APPSEC SCALE in the start menu and you can scan web applications: New application If you don't...
Timber 1.1 - Cross-Site Request Forgery Vulnerability
Exploit for php platform in category web applications Exploit Title: Timber - Ultimate Freelancer Platform 1.1 - Cross site request forgery Date: 2018-05-24 Exploit Author: L0RD or email protected Vendor Homepage: https://codecanyon.net/item/timber-ultimate-freelancer-platform/14747284?srank=1717...
Pro Tip: The Right Way to Test JSON Parameters with Burp
Heres a Burp trick you might not know, which helped find this instance of command execution and lots of SQL injection in other applications. Despite PortSwigger claiming otherwise, Burp does not parse JSON very well, especially nested JSON parameters and values like you see below...
Microsoft Windows Kernel 'Win32k.sys' Local Privilege Escalation Vulnerability(CVE-2018-8120)
作者:bigric3 作者博客: 5月15日ESET发文其在3月份捕获了一个 pdf远程代码执行(cve-2018-4990)+windows本地权限提升(cve-2018-8120)的样本。ESET发文后,我从vt上下载了这样一份样本()。初步逆向,大致明确如外界所传,该漏洞处于开发测试阶段,不慎被上传到了公网样本检测的网上,由ESET捕获并提交微软和adobe修补。测试特征字符串如下 定位样本中关键的代码并调试分析...
Security update for testing the software stack (moderate)
This update contains a security update for testing the software stack...
Penetration Testing Requirements for GDPR
We get lots of people asking us what it is they need to have tested as a requirement for GDPR Compliance, so I've put this together to provide some clarity. This post is NOT a definitive guide to the General Data Protection Regulations. It is however, helpful, real world advice about what you...
Linux Screenshot XWindows - Volatility Plugin To Extract X Screenshots From A Memory Dump
The goal of this volatility plugin is to extract a screenshot of all open X windows from a memory dump. Overview The plugin first dumps the X server memory mappings. These mappings are then given in input to a C program loader, along with the output of Adam's plugin. This C program mmaps with the...
DNSBin - Tool To Test Data Exfiltration Through DNS (RCE and XXE)
DNSBin is a simple tool to test data exfiltration through DNS and help test vulnerability like RCE or XXE when the environment has significant constraint. The project is in two parts, the first one is the web server and it's component. It offers a basic web UI, for most cases you won't need more...
Rockwell Scada System 27.011 - Cross-Site Scripting
Exploit Title: Rockwell Scada System - Cross-Site Scripting Date: 2018-05-16 Exploit Author: t4rkd3vilz Vendor Homepage: https://rockwellautomation.com/ Software Link: http://compatibility.rockwellautomation.com/Pages/MultiProductDownload.aspx?famID=4 Version: 1769-L16ER-BB1B, Version 27.011 and...
Web Application Penetration Testing Tool: Tracy
Tracy is a pentesting tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner. tracy should be used during the mapping-the-application phase of the pentest to identify sources of input and their corresponding outputs. tracy...
openSUSE Security Update : testing the software stack (openSUSE-2018-428) (deprecated)
This update contains a security update for testing the software stack. It turns out this was not a real security advisory but a test. This plugin is deprecated. %NASLMINLEVEL 999999 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUS...
AutoTTP - Automated Tactics Techniques & Procedures
Automated Tactics Techniques & Procedures. Re-running complex sequences manually for regression tests, product evaluations, generate data for researchers & so on can be tedious. I toyed with the idea of making it easier to script Empire or any frameworks/products/toolkits that provide APIs like...
Twitter is Testing End-to-End Encrypted Direct Messages
Twitter has been adopting new trends at a snail's pace. But it's better to be late than never. Since 2013 people were speculating that Twitter will bring end-to-end encryption to its direct messages, and finally almost 5 years after the encryption era began, the company is now testing an end-to-e...
Exploitation Framework for Embedded Devices: RouterSploit
The RouteSploit Framework is an open-source exploitation framework dedicated to embedded devices. The RouteSploit Framework consists of various modules that aids penetration testing operations: exploits – modules that take advantage of identified vulnerabilities creds – modules designed to test...