Leaderboard

53R3N17Y | Python based script for Information Gathering. Operating Systems Tested OSX El Capitan 10.11 Ubuntu 16.04 Backbox 5 Install MacOSX (as root) git clone https://github.com/abaykan/53R3N17Y.git /usr/local/share/serenity >echo 'alias serenity="/usr/local/share/serenity && ./serenity"' > ~/.zshrc cd /usr/local/share/serenity pip install -r requirements.txt serenity -h Linux (as root) git clone https://github.com/abaykan/53R3N17Y.git /usr/local/share/serenity >echo 'alias serenity="/usr/local/share/serenity && ./serenity"' > ~/.bashrc cd /usr/local/share/serenity pip install -r requirements.txt serenity -h note: tested with Python 2.7.14 Sursa: https://github.com/abaykan/53R3N17Y

https://nytrosecurity.com/2018/03/31/netripper-at-blackhat-asia-arsenal-2018/

Salutare tuturor, De multa vreme nimeni nu a mai postat pe aici si am decis sa fac o serie de CrackMe challenges. Voi incepe cu Android, pentru ca e mai simplu de facut reversing si pentru a vedea daca se gasesc persoane interesate... In caz ca se gasesc, fac si ceva mai avansat (Android, Windows, Linux). CrackMe 0x01 Reguli: Va rog, NU POSTATI flag-urile direct in topic; Comentati cu "Done" la finisarea challenge-ului; Fiecare flag m-il trimiteti prin mesaj privat; Dificultate: Incepator; Link download: https://drive.google.com/file/d/1WR9DNW9G0uriCziv0Yarn4fewJbb3GJy/view?usp=sharing Checksum: [SHA-256] 250e0cf1731736e1c4385ac119701d61a042fcf5a09b25ff3a89746979bfd314, [MD5] 0b06afd55faefce5273742d1a80b6b6a; VirusTotal: https://www.virustotal.com/#/file/250e0cf1731736e1c4385ac119701d61a042fcf5a09b25ff3a89746979bfd314/details P.S. Acest challenge e unul super super simplu, insa in caz ca aveti intrebari adresati-le direct in comentarii! Completed by: aml (https://rstforums.com/forum/profile/207155-aml/); BogdanNBV (https://rstforums.com/forum/profile/29134-bogdannbv/); theandruala (https://rstforums.com/forum/profile/172582-theandruala/);

Te-a luat google ca duplicat, avand valabile ambele versiuni ale site-ului. Modifica in htaccess, ca toate prefixurile (http, https, www, non-www) sa duca in aceeasi parte <IfModule mod_rewrite.c> Options +FollowSymLinks RewriteEngine On //Redirect http to https RewriteCond %{SERVER_PORT} 80 RewriteCond %{HTTP_HOST} ^(www\.)?example\.com RewriteRule ^(.*)$ https://www.example.com/$1 [R,L] //Redirect non-www to www RewriteCond %{HTTP_HOST} ^example.com [NC] RewriteRule ^(.*)$ https://www.example.com/$1 [L,R=301] </IfModule> sau varianta simpla, RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

md5(crack_me.jpg) = C720E708AB375E531BB77DCA9DD08D38

https://www.ripstech.com/php-security-calendar-2017/

tbmnull Jul 6 Making an XSS triggered by CSP bypass on Twitter. Hi there, I’m a security researcher & bug hunter, but still learning. I want to share how hard it was to find an XSS (Cross Site Scripting) on such a huge organization and well secured Twitter.com and how I could achieve it with combining another security vulnerability CSP (Content Security Policy) bypass. Here is the story: After digging a lot on Twitter’s subdomains, I came across to https://careers.twitter.com/. As you can guess, it is Twitter’s career site, you can search for jobs as an opportunity to work with them, but I search for bugs. Sometime later, I thought I’ve found a reflection for an XSS on the URL: https://careers.twitter.com/en/jobs-search.html?location=1" onmouseover=”alert(1)&q=1&start=70&team= with the location parameter. But wait, there was no alert! I couldn’t be able to trigger it! Because they’ve implemented CSP as: content-security-policy: default-src ‘self’ ; connect-src ‘self’ ; font-src ‘self’ https://*.twimg.com https://*.twitter.com data:; frame-src ‘self’ https://twitter.com https://*.twitter.com [REDACTED] https://*.twitter.com; report-uri https://twitter.com/i/csp_report and It blocked the javascript alert box to be come to scene. So, I was unsuccessful on getting this work, unfortunately. Then I applied to my master @brutelogic as always and asked him that I’ve found some XSS (didn’t share the details nor domain) but I could not be able to get it work because of the CSP. He adviced me to find a way to bypass it! I already remember his saying: “For god’s sake, stop talking and go find a way to bypass the CSP!”. Thanks bro :) I tried a lot to find the way, and gave up that time. After trying a lot and looking for something on other domains, I figured out an URL that’s going under the radar within GET requests hiddenly. URL was: https://analytics.twitter.com/tpm?tpm_cb= The response Content-type was application/javascript and what I write as the parameter tpm_cb, it was reflecting on the page! I was lucky this time, and I tried to combine both my findings to make the XSS work. So, I created: https://careers.twitter.com/en/jobs-search.html?location=1"> src=//analytics.twitter.com/tpm?tpm_cb=alert(document.domain)>// willing “><script src= on the XSS reflection will work. And voila! It worked! Happy End! I screamed out in my office and all my colleagues were afraid. Sorry guys :) I immediately reported these to Twitter via their bug bounty program on Hackerone, they triaged and rewarded me very quickly. Also they fixed the XSS on career site but CSP bypass took a long time to fix. But in the end both sides were satisfied. Thanks to Twitter Security Team and an awesome community hackerone! Hope this helps newbies like me to develop themselves. And If you want to share your thoughts, just ping me on Twitter: @tbmnull Thanks for reading. Sursa: https://medium.com/@tbmnull/making-an-xss-triggered-by-csp-bypass-on-twitter-561f107be3e5

Name: Iepurasul_cel_viteaz.jpg SHA-1: 473F7236DA2AE45FB56A9DDAAB25B1287762B624 Iepurasii viteji: 1. @pr00f 2. @Hertz 3. @sandabot

Nu uitati sa folositi si emulatorul Android, daca nu doriti sa instalati aplicatia pe telefon

Far Cry 5 Released a Few Days Ago & Unsurprisingly the Game Uses Denuvo V5.0 DRM Protection Which is Further Protected by VMProtect The Way Things Are, Far Cry 5 not the Getting 's Cracked Is Soon Offline Activation Here https://www.darckrepacks.com/topic/3279-far-cry-5-offline-activation-by-darck/