HackerTrans
TopNewTrendsCommentsPastAskShowJobs

laserspeed

no profile record

Submissions

MxCheckSec: Validate SPF, DKIM, DMARC, and More

blog.kulkan.com
3 points·by laserspeed·vor 5 Monaten·1 comments

See no Evil(ginx) / Detecting and stopping AitM phishing threats

blog.kulkan.com
1 points·by laserspeed·vor 5 Monaten·1 comments

Client-Side Path Traversal: Exploiting CSRF in Header-Based Auth Scenarios

blog.kulkan.com
1 points·by laserspeed·vor 9 Monaten·1 comments

In4M: Keeping Up with the Latest Infosec News

github.com
1 points·by laserspeed·vor 10 Monaten·1 comments

Security testing of Gitlab self-hosted deployments

github.com
3 points·by laserspeed·vor 11 Monaten·3 comments

A PoC using Burp Bambdas to show its simplicity for Quick Wins

blog.kulkan.com
1 points·by laserspeed·vor 12 Monaten·1 comments

Bypassing Watermark Implementations

blog.kulkan.com
37 points·by laserspeed·vor 12 Monaten·9 comments

comments

laserspeed
·vor 5 Monaten·discuss
An open-source tool which validates SPF, DKIM, DMARC and provides human-readable output with recommendations on what and how to fix.

Available in GitHub at: https://github.com/kulkansecurity/mxchecksec
laserspeed
·vor 5 Monaten·discuss
Identifying Evilginx instances and a fun ANSI attack. All focused on the community version of Evilginx 3.
laserspeed
·vor 9 Monaten·discuss
In this detailed blog post, Lucas Cebrero Lell walks us through CSPT vulnerabilities and how valuable they are in order to exploit CSRF in apps which have moved away from the typical auth Cookies. There's also a Lab available in github based on React and Node which serves as a sample vulnerable app to try and exploit CSPT.
laserspeed
·vor 10 Monaten·discuss
In4m is consoled based and summarizes front page hacker-related news from trusted sources (eg hackernews, watchtowr, bleeping computer, ...), showing only titles and links to the original article.
laserspeed
·vor 11 Monaten·discuss
Agreed! Those are indeed some nice pointers to add.
laserspeed
·vor 11 Monaten·discuss
A checklist to help pentesters and auditors assess Self-Hosted GitLab instances. Checks include misconfigurations and weaknesses that could lead to privilege escalation and code or secrets theft/abuse. It's a first version focused on Authentication, CI/CD Runners, CI/CD Variables and Project configurations.
laserspeed
·vor 12 Monaten·discuss
Bambdas are small pieces of Java that can be written to perform a wide variety of tasks within Burp, PortSwigger's HTTP(s) Proxy.

The article shows how to rely on Bambdas to identify sensitive data across multi-step flows or processes, very often found in Webapps.
laserspeed
·vor 12 Monaten·discuss
Bypassing of different Watermark implementations; including tricks related to Picture-In-Picture, erroneous assumptions at the time of enforcing client-side protections, and then HLS (HTTP Live Streaming) and ways to reassemble videos offline by looking into m3u8 playlists and encrypted video segments.