Leaderboard

Salut si Hristos a înviat! In ultimele luni am lucrat la un proiect de hosting in România care are ca scop crearea unui nod independent fata de restul datacentrelor din tara, unde noi avem control asupra tuturor aspectelor, de la locație, net, IP-uri, echipamente, servere, routere, switch-uri, UPS-uri, redundanta electrica, răcire si tot ce tine de livrarea unui serviciu la standardele cu care suntem cu toții obișnuiți. Ne puteți vizita site-ul la adresa: https://cloudforest.ro/ Momentan, oferim doua servicii: - Servere private virtuale cloud - Am creat propriul cloud Openstack din infrastructura pe care o avem, interconectata cu porturi de 10Gbps. Avem cam cele mai folosite si recente imagini cloud, configurare automata cu cloud-init, root deblocat și parola generata. Adminisrarea se face web din contul de client cu toate optiunile de care aveti nevoie, consola, chei SSH, rebuild, firewall privat si multe altele. In plus, aveti si un snapshot gratuit pentru fiecare VPS. - Gazduire Servere Jocuri cu panou Pterodactyl, IP dedicat, fara limite de slots si acces nelimitat la procesor. - Gazduire web - clasica, panou de control Virtualmin & certificat ssl automat. Doar schimbati ns-urile domeniului in ns1.cloudforest.ro si ns2.cloudforest.ro - Gazduire web gratuita - la fel de performanta precum gazduirea web normala, insa limitata la 1 domeniu, 1 baza de date si 1 GB stocare Puteți citi mai multe detalii asupra serverelor noastre si întreaga infrastructura aici: Infrastructura Noastra Cat despre politica de utilizare, nu permitem folosirea abuziva a resurselor si a lățimii de banda, si, evident, toleranta este 0 pentru orice fel de activitate ilegala printre care si nu ne limitam la: malware spreading, scanning, botnet hosting, spam, abuzare port 25, orice fel de blackhat usage. Nu avem nicio problema sa raportam/colaboram cu autoritatile.

OSWE/AWAE Preparation Jan 22, 2020 WebExploit Development Share on: updated Content AWAE1.5 OSWE Exam Preparation This post contains all trainings and tutorials that could be useful for offensive security’s OSWE certification. I will be updating the post during my lab and preparation for the exam. Course Syllabus: https://www.offensive-security.com/documentation/awae-syllabus.pdf Before registering for AWAE Lab: Get comfortable with python requests library Read Web Application Hacker’s handbook, again if you already did Get familiar with Burpsuite Get familiar with regex Get hands on with OWASP top 10 2017 Vulnerabilities Vulnerable Apps for practice on OWASP Portswigger WebSecAcademy Practice code review skills - OWASP SKF Before registering for the OSWE Exam: XSS to RCE AtMail Email Server Appliance 6.4 - Persistent Cross-Site Scripting Chaining XSS, CSRF to achieve RCE Code analysis to gaining RCE Magento 2.3.1: Unauthenticated Stored XSS to RCE Mybb 18.20 From Stored XSS to RCE Bypassing File Upload Restrictions: [Paper] File Upload Restrictions Bypass Shell the web - Methods of a Ninja Unrestricted File Upload Atlassian Crowd Pre-auth RCE Popcorn machine from HackTheBox Vault machine from HackTheBox Authentication Bypass to RCE ATutor 2.2.1 Authentication Bypass ATutor LMS password_reminder TOCTOU Authentication Bypass ATutor 2.2.1 - Directory Traversal / Remote Code Execution Cubecart Admin Authentication Bypass Trendmicro smart protection bypass to RCE Password Reset Vulnerability Testing Password rest functionalities OWASP - Forgot Password Cheatsheet How we hacked multiple user accounts using weak reset tokens for passwords SQL Injection: RCE with SQL Injection - MSSQL SQL Injection to LFI to RCE - MySQL From SQLi to SHELL (I and II) - PentesterLab Pre-Auth Takeover of OXID eShops Blind SQL Injection [Paper] PostgreSQL Injection Having Fun With PostgreSQL Blind Postgresql Sql Injection Tutorial SQL Injection Cheat Sheet - PentestMonkey SQL Injection Cheat Sheet - PayloadAllTheThings Exploiting H2 SQL injection to RCE JavaScript Injection: Server Side JS Injection Remote Code Execution in math.js Arbitrary code execution in fast-redact NVIDIA GeForce Experience OS Command Injection - CVE-2019-5678 SetTimeout and SetInterval use eval therefore are evil Pentesting Node.js Application : Nodejs Application Security NodeJS remote debugging with vscode Escape NodeJS Sandboxes PHP Type Juggling: OWASP - PHPMagicTricks TypeJuggling PHP Type Juggling - Introduction Type Juggling, PHP Object Injection, SQLi Writing Exploits For PHP Type Juggling Type Juggling Authentication Bypass Vulnerability in CMS Made Simple PHP Magic Hashes Detailed Explanation of PHP Type Juggling Vulnerabilities [Video] PHP Type Juggling Vulnerabilities, Netsparker [Video] Falafel machine from HackTheBox Deserialization: Deserialization_Cheat_Sheet Insecure deserialization - PayloadAllthethings [Paper] Deserialization Vulnerability Serialization : A Big Threat JAVA Deserialization Understanding & practicing java deserialization exploits Understanding JAVA Deserialization Exploiting blind Java deserialization with Burp and Ysoserial Details on Oracle Web Logic Desrialization Analysis of Weblogic Deserialization [Video] Matthias Kaiser - Exploiting Deserialization Vulnerabilities in Java .NET Deserialization Use of Deserialization in .NET Framework Methods and Classes. Exploiting Deserialisation in ASP.NET via ViewState Remote Code Execution via Insecure Deserialization in Telerik UI [Video] Friday the 13th: JSON Attacks - BlackHat [Paper] Are you My Type? [Video] JSON Machine from HackTheBox - Ippsec PHP Object Injection/Deserialization What is PHP Object Injection phpBB 3.2.3: Phar Deserialization to RCE Exploiting PHP Desrialization Analysis of typo3 Deserialization Vulnerability Attack Surface of PHP Deserialization Vulnerability via Phar [Video] Intro to PHP Deserialization / Object Injection - Ippsec [Video] Advanced PHP Deserialization - Phar Files - Ippsec [Video] Exploiting PHP7 unserialize (33c3) NodeJS Deserialization Exploiting Node.js deserialization bug for Remote Code Execution The good, the bad and RCE on NodeJS applications Attacking Deserialization in JS Node.js Deserialization Attack – Detailed Tutorial [Video] Celestial machine from HackTheBox - Ippsec XML External Entity (XXE) Attack A Deep Dive into XXE Injection From XXE to RCE: Pwn2Win CTF 2018 Writeup Blind XXE to RCE Apache Flex BlazeDS XXE Vulnerabilty WebLogic EJBTaglibDescriptor XXE Server Side Template Injection (SSTI) [Portswigger Research] Server Side Template Injection [Video] SSTI : RCE For The Modern Web App - albinowax Server Side Template Injection Jinja2 template injection filter bypasses Exploitation of Server Side Template Injection with Craft CMS plugin SEOmatic <=3.1.3 Websocekts InSecurity Introduction to WebSockets [Video] Hacking with Websocket - BlackHat Remote Hardware takeover via Websocket Hijacking Cross-Site WebSocket Hijacking to full Session Compromise Source Code Audit Introduction to Code Review [PentesterLab] Static code analysis writeups TrendMicro - Secure Coding Dojo Bug Hunting with Static Code Analysis [Video] Shopify Remote Code Execution - Hackerone Finding vulnerabilities in source code ( APS.NET) A deep dive into ASP.NET Deserialization Writeups by mr_me Youtube Playlist Further References/Reviews From AWAE to OSWE the preperation guide - hansesecure OSWE Exam Review 2020 Notes gifts inside - 21y4d OSWE Cheat Sheet - V1s3r1on wetw0rk/AWAE-PREP https://codewhitesec.blogspot.com/ https://blog.ripstech.com/ https://rhinosecuritylabs.com Sursa: https://z-r0crypt.github.io/blog/2020/01/22/oswe/awae-preparation/

udemy = yt + ca daca cauti cpp advanced poti da si de "hello world" de unde reiese ca yt e de cateva ori mai bun cand e vb de programare insa de exemplu daca am lua game hacking: Cum sa faci un dll, injectoru, cum sa faci programu ca sa poata executa codul inauntrul jocului si tot asa mai departe, ceva mai aproape de system.

Ba fraților, nu mai vorbiți prostii aici ca e plin de polițiști slugarnici la parchetarii analfabeți din statul ticălos, militienesc, escroc si preacurvit romanesc. Te trezesti cu usa sparta si cu masina de spalat demontata pe motiv ca iezista' indicii temeinice si presupuneri rezonabile ca ar fi server