InfoSec Write-ups - Medium-- Walkthrough on the TryHackMe EternalBlue machine.ReconBefore tackling any machine , there is a couple of Nmap scans that I like to use:All the switches in the first scan can be simply replaced by the -A switch, but sometimes it’s good to remind oneself what that switch does.The second runs all the scans included in … Continue reading TryHackMe. Exploiting EternalBlue Vulnerability.
InfoSec Write-ups - Medium-- Source Code Analysis and Exploiting API KeysI was getting lots of requests and msg on Whatsapp, LinkedIn, Twitter about the source code analysis, and exploitation of API Keys. So I will share my approach and also some blogs and writeups which you can refer to get a clear understanding.Google ImagesSo whenever we … Continue reading Source Code Analysis and API Keys Exploitations
InfoSec Write-ups - Medium-- Hey fam, i hope everyone is doing okay and able to use this time efficiently for self development and to self reflect. This corona virus pandemic has grown a bit tiring to be honest and gets the best of us.Here is my attempt at helping you understand a bug often overlooked when … Continue reading How to spot and exploit postMessage vulnerablities?
Latest Hacking News-- Slack has recently fixed a critical remote code execution vulnerability affecting its desktop apps. This RCE flaw posed a serious Slack Patched A Critical RCE Flaw In Desktop Apps on Latest Hacking News. View original article on Latest Hacking News
Latest Hacking News-- One more time, the Android Play Store has made it to the news due to a security problem. This time, TERRACOTTA Ad Fraud Botnet Targeted Android Play Store on Latest Hacking News. View original article on Latest Hacking News
Latest Hacking News-- The npm Security team has recently removed a malicious package from its official repository. The malicious npm package attempted to Malicious npm Package Emerged To Steal Browser And Discord Data on Latest Hacking News. View original article on Latest Hacking News
Latest Hacking News-- The old banking trojan QBot has surfaced online once again as researchers discovered its new variant active in the wild. QBot Trojan Comes Back With New Nasty Tricks – Active Campaigns Detected on Latest Hacking News. View original article on Latest Hacking News
KitPloit - PenTest Tools!-- wordlist_generator generates wordlists with unique words with techniques mentioned in tomnomnom's report "Who, What, Where, When". It takes URLs from gau and splits them to get words in URLs. Then it requests each URL to fetch all words. Finally, wordlist_generator removes from wordlist everything from "denylists" directory files to keep only … Continue reading Wordlist_Generator – Unique Wordlist Generator Of Unique Wordlists
Latest Hacking News-- Heads up Instagram users! The hackers are targeting you once again. A new phishing scheme is actively targeting Instagram users New Instagram Phishing Scheme Aims At Hacking Profiles on Latest Hacking News. View original article on Latest Hacking News
InfoSec Write-ups - Medium-- LimeSDR setup with GNURadio, gr-limesdr and GQRX on Ubuntu-20.04-Part-1LimeSDR with Acrylic CaseBored of this pandemic and I Finally dusted my LimeSDR and setup lab in Ubuntu-20.04. Ubuntu-20.04 has added all the previous PPAs of SDR domain into its default APT cache. This caught my attention. So we will look into how to … Continue reading LimeSDR setup with GNURadio, gr-limesdr and GQRX on Ubuntu-20.04
Hacker's Directory 