SharpSecDump – .Net Port Of The Remote SAM + LSA Secrets Dumping Functionality Of Impacket’S Secretsdump.Py

~ Dade Murphy ~ Leave a comment

KitPloit - PenTest Tools!-- .Net port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py. By default runs in the context of the current user. Please only use in environments you own or have permission to test against 🙂 Usage SharpSecDump.exe -target=192.168.1.15 -u=admin -p=Password123 -d=test.local Required Flags -target - Comma seperated list … Continue reading SharpSecDump – .Net Port Of The Remote SAM + LSA Secrets Dumping Functionality Of Impacket’S Secretsdump.Py

Google Sunsets Chrome Web Store Payments System Affecting Paid Chrome Extensions

~ Dade Murphy ~ Leave a comment

Latest Hacking News-- Google Chrome has just announced a serious change that may not be good news for many developers. In a surprise Google Sunsets Chrome Web Store Payments System Affecting Paid Chrome Extensions on Latest Hacking News. View original article on Latest Hacking News

Velociraptor – Endpoint Visibility and Collection Tool

~ Dade Murphy ~ Leave a comment

KitPloit - PenTest Tools!-- Velociraptor is a tool for collecting host based state information using Velocidex Query Language (VQL) queries. To learn more about Velociraptor, read the documentation on: https://www.velocidex.com/docs/ Quick start If you want to see what Velociraptor is all about simply: Download the binary from the release page for your favorite platform (Windows/Linux/MacOS). … Continue reading Velociraptor – Endpoint Visibility and Collection Tool

How to Attack Web Applications with Burp Suite & SQL Injection

~ Dade Murphy ~ Leave a comment

Null Byte « WonderHowTo-- Web applications are becoming more and more popular, replacing traditional desktop programs at an accelerated rate. With all these new apps out on the web comes various security implications associated with being connected to the internet where anyone can poke and prod at them. One of the simplest, yet the most … Continue reading How to Attack Web Applications with Burp Suite & SQL Injection

Go-Dork – The Fastest Dork Scanner Written In Go

~ Dade Murphy ~ Leave a comment

KitPloit - PenTest Tools!-- The fastest dork scanner written in Go. There are also various search engines supported by go-dork, including Google, Shodan, Bing, Duck, Yahoo and Ask. Install Download a prebuilt binary from releases page, unpack and run! or If you have go compiler installed and configured: > GO111MODULE=on go get -v github.com/dwisiswant0/go-dork/... Usage … Continue reading Go-Dork – The Fastest Dork Scanner Written In Go

PII Leakage via IDOR + Weak PasswordReset = Full Account Takeover

~ Dade Murphy ~ Leave a comment

InfoSec Write-ups - Medium-- Hello Hunters, this is a quick write up on one of my recent findings on a bug bounty program. Before jumping into the vulnerability, let us get familiarized with few terms.What is PII Leakage?Personally identifiable information (PII) is any data that could potentially identify a specific individual, such as username,userID or any other … Continue reading PII Leakage via IDOR + Weak PasswordReset = Full Account Takeover

How I earned $500 from Google – Flaw in Authentication

~ Dade Murphy ~ Leave a comment

InfoSec Write-ups - Medium-- How I earned $500 from Google - Flaw in AuthenticationHello Everyone!This is my first writeup.Today I will share the write-up of my first accepted bug in Google, Which is in “Google Cloud Partner Advantage Portal” where I was able to modify personal details for victim account via Broken Authentication.What does “broken authentication” … Continue reading How I earned $500 from Google – Flaw in Authentication