вторник, 30 април 2019 г.
Vanilla Rat v1.5 (SRC) By DannyTheSloth
» CSharp: Vanilla Rat v1.5
» Tamanho: 46,7 MB ::.
» Data da Criação: 27/04/2019 [15:19]
from Connect Trojan http://bit.ly/2ZLoSQb
via IFTTT
Vanilla Rat v1.5 By DannyTheSloth
събота, 27 април 2019 г.
Auto Updates [Program Updater] (SRC) By 0OMPHALOS
DotNet Patcher 4.5.9.0 (SRC)
петък, 26 април 2019 г.
Abstract Particle Effects - GDI+ - WPF (SRC)
вторник, 23 април 2019 г.
Startup Sentinel v1.7.5.23
понеделник, 22 април 2019 г.
H Worm Plus v1.1 Coder H O U D I N I - Legends DeveloPer
вторник, 16 април 2019 г.
AsyncRAT v0.4 (SRC) By NYAN CAT
понеделник, 15 април 2019 г.
Anti Analysis v0.2 (SRC/CSharp & VB.Net) Anti-VM By NYAN CAT
njRAT v0.7d Stub (SRC) Edited By NYAN CAT
RevengeRAT | Using Pastebin Instead of NO-IP (SRC) By NYAN CAT
неделя, 14 април 2019 г.
NYAN Worm v0.1 (SRC) By NYAN CAT
dnSpy v6.0.4 By 0xd4d
Lime-Loader v5 (SRC) By NYAN CAT
Weaponizing CVE-2019-0841 with LAPS ↳...
Weaponizing CVE-2019-0841 with LAPS
↳ https://rastamouse.me/2019/04/weaponizing-cve-2019-0841-with-laps/
On April 9, Nabeel Ahmed annouced details of CVE-2019-0841 - the tl;dr being that it allows low privilged users to take Full Control of files owned by NT AUTHORITY\SYSTEM, which can lead to EoP. Nabeel published a comprehensive blog describing the vulnerability, PoC code and a video demonstration….
from Hack+ http://bit.ly/2Z6QAXr
via IFTTT
lc/brute53 ↳ http://bit.ly/2UdOzVG brute53 A tool to bruteforce nameservers when working...
lc/brute53
↳ https://github.com/lc/brute53
brute53 A tool to bruteforce nameservers when working with subdomain delegations to AWS. Based off Frans Rosén’s talk “DNS hijacking using cloud providers - no verification needed” Pre-requisites: golang AWS IAM User with access to Route53 Installation: go get -u github….
from Hack+ http://bit.ly/2Zdlttk
via IFTTT
събота, 13 април 2019 г.
Disable Windows Defender (SRC Code / CSharp)
H Worm v1.0 Plus Coder H O U D I N I - Legends DeveloPer
петък, 12 април 2019 г.
Simple And Clean PowerShell Injection Revenge-RAT [VBScript] By Fares
Unauthenticated Account Takeover Through HTTP Leak ↳...
Unauthenticated Account Takeover Through HTTP Leak
↳ https://medium.com/@mrnikhilsri/unauthenticated-account-takeover-through-http-leak-33386bb0ba0b
If you notice the request, emailBody used a template. Lets first test, if we can control this value and try injecting html. As you can see, we can control the emailBody and User’s input used in the email templating is not sanitized (HTML injection)….
from Hack+ http://bit.ly/2KzSBYO
via IFTTT
How Legal Hackers Are Changing The Legal Industry ↳...
How Legal Hackers Are Changing The Legal Industry
↳ https://www.forbes.com/sites/valentinpivovarov/2018/11/07/legalhackers/
What is your first impression when you hear the term ‘hacker’? Let me guess. A person who hacks a system illegally and damage companies, creating a financial problem or stealing data? This reputation took shape in society at the beginning of the development of the era of the Internet….
from Hack+ http://bit.ly/2UUZqbl
via IFTTT
Better Exfiltration via HTML Injection ↳...
Better Exfiltration via HTML Injection
↳ https://medium.com/@d0nut/better-exfiltration-via-html-injection-31c72a2dae8b
This is a story about how I (re)discovered an exploitation technique and took a bug with fairly limited impact to a 5 digit bounty by bypassing existing mitigations. André Baptista and Cache-Money were working on a very strange bug….
from Hack+ http://bit.ly/2Kw6Y0j
via IFTTT
четвъртък, 11 април 2019 г.
Better API Penetration Testing with Postman – Part 3 ↳...
Better API Penetration Testing with Postman – Part 3
↳ https://blog.secureideas.com/2019/04/better-api-penetration-testing-with-postman-part-3.html
In Part 1 of this series, we got started with Postman and generally creating collections and requests. In Part 2, we set Postman to proxy through Burp Suite, so that we could use its fuzzing and request tampering facilities….
from Hack+ http://bit.ly/2v0vzQo
via IFTTT
сряда, 10 април 2019 г.
AsyncRAT v0.3 (SRC) By NYAN CAT
SSRF vulnerability via FFmpeg HLS processing ↳...
SSRF vulnerability via FFmpeg HLS processing
↳ https://medium.com/@valeriyshevchenko/ssrf-vulnerability-via-ffmpeg-hls-processing-f3823c16f3c7
Once I performed pentest for one famous company. The object of testing was a platform for searching, licensing and managing music with using it on youtube. In the process of testing, I found a form for uploading my videos in the user’s personal account….
from Hack+ http://bit.ly/2Ub81Cm
via IFTTT
вторник, 9 април 2019 г.
mykter/aws-security-cert-service-notes ↳...
mykter/aws-security-cert-service-notes
↳ https://github.com/mykter/aws-security-cert-service-notes
An all-in-one-place collection of security information about all of the core AWS services. These are the notes I created whilst studying for the AWS Certified Security - Specialty exam. They are intended as a knowledge check, reminder, and subject list for each AWS service….
from Hack+ http://bit.ly/2Ismfwe
via IFTTT
Tricky CORS Bypass in Yahoo! View ↳ http://bit.ly/2uVFk2f Recently, HackerOne hosted...
Tricky CORS Bypass in Yahoo! View
↳ https://www.corben.io/tricky-CORS/
Recently, HackerOne hosted their second Hack The World competition. During this time I decided to take a look at Yahoo’s bug bounty program because I have heard good things about them and also due to the fact that their scope is pretty big. After finding a few issues in my.yahoo….
from Hack+ http://bit.ly/2OYJY8F
via IFTTT
CORS Misconfigurations Explained ↳...
CORS Misconfigurations Explained
↳ https://blog.detectify.com/2018/04/26/cors-misconfigurations-explained/
Is your CORS configuration making your web application vulnerable? When misconfigured, CORS can be bypassed in many different ways. In this article, we take a closer look at CORS misconfigurations and explain the most common mistakes that can lead to a bypass….
from Hack+ http://bit.ly/2OYJUpr
via IFTTT
понеделник, 8 април 2019 г.
Convert VBS To EXE Demo Version By Eagle Master
6,000+ HackerOne Disclosed Reports ↳ http://bit.ly/2OZOXWD In...
6,000+ HackerOne Disclosed Reports
↳ http://sec.eddyproject.com/6000-hackerone-disclosed-reports/
In order to achieve an “endless” reading list, I used the HackerOne API to collect every single disclosed report on HackerOne within the last 5 years. Multiple people asked for the list – so here it is! Over 6,000 reports included….
from Hack+ http://bit.ly/2uRwVfV
via IFTTT