Splunk Universal Forwarder Hijacking – Airman – Medium BackgroundSplunk Universal Forwarder includes a management service that is listening on TCP port 808... 2019-02-26 00:25:25 | 阅读: 671 | 收藏 | medium.com forwarder universal attacker machine remote

How To Exploit PHP Remotely To Bypass Filters & WAF Rules In the last three articles, I’ve been focused on how to bypass WAF rule set in order to exploit a re... 2019-1-7 00:38:43 | 阅读: 4 | 收藏 | Stories by theMiddle on Medium - medium.com bypass remote php sucuri readjun

Web Application Firewall (WAF) Evasion Techniques #3 This article explores how to use an uninitialized Bash variable to bypass WAF regular expression bas... 2019-1-7 00:37:6 | 阅读: 10 | 收藏 | Stories by theMiddle on Medium - medium.com bypass modsecurity readapr readjan injection

How I got your phone number through Facebook – intigriti – Medium Don’t have the time to read the entire article? Go to the FAQ section below for everything you shoul... 2018-12-08 15:53:21 | 阅读: 612 | 收藏 | medium.com facebook 0477 belgian 9th 2500

Windows Event Log to the Dark Side – Mustafa – Medium Event log is a component of Microsoft Windows which provides a central logging service for the operation system, logs helped fixing problems and provided many traces and evidences for forensics.Event... 2018-10-26 15:36:04 | 阅读: 314 | 收藏 | medium.com eventlog windows logfiles payload logfile

Swiftness — A bug bounty data management tool. – Sahil Ahamad – Medium Swiftness with my targets and data.Swiftness is a macOS productivity tool for bug hunters and securi... 2018-09-09 20:09:52 | 阅读: 349 | 收藏 | medium.com swiftness inbuilt download checklist github

緩衝區溢位攻擊之三(Buffer Overflow) 無論如何我們直接寫shellcode並跳轉到上面執行的方法不再適用，那怎麼辦呢？此時就要導入ROP的概念。什麼是ROP( Return-Oriented Programming)？引述wiki:… a... 2018-08-16 04:28:08 | 阅读: 21 | 收藏 | medium.com 我們 bss 參數 執行 payload

DNSBL: Not just for spam Using DNS in order to block botnet, spammers and Tor with Nginx, Lua, ModSecurity and FakeDNSDNSBL i... 2018-8-13 04:5:20 | 阅读: 7 | 收藏 | Stories by theMiddle on Medium - medium.com blackhole spammers modsecurity dnsbl honey

Attacking Private Networks from the Internet with DNS Rebinding TL;DR Following the wrong link could allow remote attackers to control your WiFi router, Google Home... 2018-07-18 22:46:10 | 阅读: 366 | 收藏 | medium.com network rebinding rebind victim malicious

AppArmor: Say Goodbye to Remote Command Execution. Detecting human users: Is there a way to block enumeration, fuzz or web scan?No, you won’t be able t... 2018-7-3 13:14:27 | 阅读: 4 | 收藏 | Stories by theMiddle on Medium - medium.com stupid bots lua ftw totally

PHPMyAdmin 4.8.0 ~ 4.8.1 Remote Code Execution – Henry Huang – Medium TL;DRI discovered a file inclusion vulnerability in index.php from PMA 4.8.0 ~ 4.8.1, and it is assi... 2018-07-01 01:10:56 | 阅读: 294 | 收藏 | medium.com php whitelist passwd inclusion

$4500 Bounty — How I got lucky – InfoSec Write-ups – Medium This is a short explanation of how I took over a subdomain by doing recon at the right time and what... 2018-06-08 03:10:22 | 阅读: 317 | 收藏 | medium.com subdomain competition aquatone lucky honestly

1.4 Billion Clear Text Credentials Discovered in a Single Database A Massive Resource for Cybercriminals Makes it Easy to Access Billions of Credentials.Now even unsop... 2018-06-07 23:23:59 | 阅读: 326 | 收藏 | medium.com passwords database 4iq reuse truncated

How Apple store all your email metadata for years on their servers Today I’m going to reveal how Apple ended up with all the metadata of the emails you ever sent (and... 2018-06-05 21:48:25 | 阅读: 294 | 收藏 | medium.com contacts recipient developer kept iremember

Building A HackTheBox FluxCapacitor 2018-5-21 06:8:49 | 阅读: 3 | 收藏 | Stories by theMiddle on Medium - medium.com

Building A HackTheBox FluxCapacitor What I Learned Making This Box For HTBImage by by Gabe SanchezLet’s start with important stuff, the... 2018-5-21 06:8:49 | 阅读: 8 | 收藏 | Stories by theMiddle on Medium - medium.com secrule trim deleting urldecode lua

TCACHE exploitation 最近越來越排斥在medium上寫很技術性的東西，因為我發現自己點開medium也不想看太艱澀的內容，所以之後會考慮把這類內容移動到其他地方，接下來進入本篇正題。若不熟悉ptmalloc heap ex... 2018-04-09 19:51:47 | 阅读: 18 | 收藏 | medium.com fastbin perthread security 一個 檢查

RDP hijacking — how to hijack RDS and RemoteApp sessions transparently to move through an… How you can very easily use Remote Desktop Services to gain lateral movement through a network, usin... 2018-03-19 00:27:38 | 阅读: 305 | 收藏 | medium.com windows tscon microsoft remote sticky

Bug Bounty Toolkit – BugBountyHunting – Medium Last updated: 15th February 2018Bug bounty platforms and programsGet paid for finding bugs and vulne... 2018-03-10 23:30:16 | 阅读: 429 | 收藏 | medium.com github firmware analysis haddix tips

PHP SSRF Techniques 2018-3-1 15:53:31 | 阅读: 2 | 收藏 | Stories by theMiddle on Medium - medium.com