InfoSec Write-ups - Medium-- Winja CTF 2020: Write-upToday I participated in Winja CTF, It was a really Awesome Experience.I was able to solve 7 challenges so here I am sharing my approach to solve them.1. Liar LiarThe first thing I did was check “file” command itself.fileSo it’s ASCII text file.so I tried cat this_is_a_binarycat fileSo in img src, we can … Continue reading Winja CTF: Write-up
KitPloit - PenTest Tools!-- A fast tool to scan CRLF vulnerability written in Go Installation from Binary The installation is easy. You can download a prebuilt binary from releases page, unpack and run! or with $ curl -sSfL http://git.io/get-crlfuzz | sh -s -- -b /usr/local/bin from Source If you have go1.13+ compiler installed and configured: … Continue reading CRLFuzz – A Fast Tool To Scan CRLF Vulnerability Written In Go
InfoSec Write-ups - Medium-- Parameter Tampering: Special CharactersContinue reading on InfoSec Write-ups » View original article on InfoSec Write-ups - Medium
InfoSec Write-ups - Medium-- Hashcat is the world’s fastest and most advanced password recovery utility, supporting five unique modes of attack for over 300 highly-optimized hashing algorithms. hashcat currently supports CPUs, GPUs, and other hardware accelerators on Linux, Windows, and macOS, and has facilities to help enable distributed password cracking.HashCatHere we will be looking into … Continue reading Cracking Hashes with HashCat
KitPloit - PenTest Tools!-- Wireshark plugin to work with Event Tracing for Windows Microsoft Message Analyzer is being retired and its download packages were removed from microsoft.com sites on November 25 2019. Wireshark have built a huge library of network protocol dissectors. The best tool for Windows would be one that can gather and mix … Continue reading Winshark – A Wireshark Plugin To Instrument ETW
The Hacker News-- Dear Android users, if you use the Firefox web browser on your smartphones, make sure it has been updated to version 80 or the latest available version on the Google Play Store. ESET security researcher Lukas Stefanko yesterday tweeted an alert demonstrating the exploitation of a recently disclosed high-risk remote command execution … Continue reading A Bug Could Let Attackers Hijack Firefox for Android via Wi-Fi Network
KitPloit - PenTest Tools!-- Scan only once by IP address and reduce scan times with Nmap for large amounts of data. Unimap is an abbreviation of "Unique Nmap Scan". The tool can run in Linux, OSX, Windows or Android (Termux) without problems.Why? If you have plans to run an Nmap to a whole organization you … Continue reading Unimap – Scan Only Once By IP Address And Reduce Scan Times With Nmap For Large Amounts Of Data
The Hacker News-- Capping off a busy week of charges and sanctions against Iranian hackers, a new research offers insight into what's a six-year-long ongoing surveillance campaign targeting Iranian expats and dissidents with an intention to pilfer sensitive information. The threat actor, suspected to be of Iranian origin, is said to have orchestrated the campaign with … Continue reading Researchers Uncover 6-Year Cyber Espionage Campaign Targeting Iranian Dissidents
KitPloit - PenTest Tools!-- A Blind XSS Injector tool Features Inject Blind XSS payloads into custom headers Inject Blind XSS payloads into parameters Uses Different Request Methods (PUT,POST,GET,OPTIONS) all at once Tool Chaining Really fast Easy to setup Install $ go get -u github.com/ethicalhackingplayground/bxss Arguments ____ | _ \ | |_) |_ _____ ___ | … Continue reading Bxss – A Blind XSS Injector Tool
Malwarebytes Labs-- Even though some organizations and companies may not realize it, their domain name is an important asset. Their web presence can even make or break companies. Therefor, “domain name abuse” is something that can ruin your reputation. Losing control There are several ways in which perpetrators can abuse your good name to make … Continue reading Is domain name abuse something companies should worry about?
Hacker's Directory 