HackerTrans
TopNewTrendsCommentsPastAskShowJobs

laserspeed

no profile record

Submissions

MxCheckSec: Validate SPF, DKIM, DMARC, and More

blog.kulkan.com
3 points·by laserspeed·قبل 5 أشهر·1 comments

See no Evil(ginx) / Detecting and stopping AitM phishing threats

blog.kulkan.com
1 points·by laserspeed·قبل 5 أشهر·1 comments

Client-Side Path Traversal: Exploiting CSRF in Header-Based Auth Scenarios

blog.kulkan.com
1 points·by laserspeed·قبل 9 أشهر·1 comments

In4M: Keeping Up with the Latest Infosec News

github.com
1 points·by laserspeed·قبل 10 أشهر·1 comments

Security testing of Gitlab self-hosted deployments

github.com
3 points·by laserspeed·قبل 11 شهرًا·3 comments

A PoC using Burp Bambdas to show its simplicity for Quick Wins

blog.kulkan.com
1 points·by laserspeed·قبل 12 شهرًا·1 comments

Bypassing Watermark Implementations

blog.kulkan.com
37 points·by laserspeed·قبل 12 شهرًا·9 comments

comments

laserspeed
·قبل 5 أشهر·discuss
An open-source tool which validates SPF, DKIM, DMARC and provides human-readable output with recommendations on what and how to fix.

Available in GitHub at: https://github.com/kulkansecurity/mxchecksec
laserspeed
·قبل 5 أشهر·discuss
Identifying Evilginx instances and a fun ANSI attack. All focused on the community version of Evilginx 3.
laserspeed
·قبل 9 أشهر·discuss
In this detailed blog post, Lucas Cebrero Lell walks us through CSPT vulnerabilities and how valuable they are in order to exploit CSRF in apps which have moved away from the typical auth Cookies. There's also a Lab available in github based on React and Node which serves as a sample vulnerable app to try and exploit CSPT.
laserspeed
·قبل 10 أشهر·discuss
In4m is consoled based and summarizes front page hacker-related news from trusted sources (eg hackernews, watchtowr, bleeping computer, ...), showing only titles and links to the original article.
laserspeed
·قبل 11 شهرًا·discuss
Agreed! Those are indeed some nice pointers to add.
laserspeed
·قبل 11 شهرًا·discuss
A checklist to help pentesters and auditors assess Self-Hosted GitLab instances. Checks include misconfigurations and weaknesses that could lead to privilege escalation and code or secrets theft/abuse. It's a first version focused on Authentication, CI/CD Runners, CI/CD Variables and Project configurations.
laserspeed
·قبل 12 شهرًا·discuss
Bambdas are small pieces of Java that can be written to perform a wide variety of tasks within Burp, PortSwigger's HTTP(s) Proxy.

The article shows how to rely on Bambdas to identify sensitive data across multi-step flows or processes, very often found in Webapps.
laserspeed
·قبل 12 شهرًا·discuss
Bypassing of different Watermark implementations; including tricks related to Picture-In-Picture, erroneous assumptions at the time of enforcing client-side protections, and then HLS (HTTP Live Streaming) and ways to reassemble videos offline by looking into m3u8 playlists and encrypted video segments.