HackerTrans
TopNewTrendsCommentsPastAskShowJobs

laserspeed

no profile record

Submissions

MxCheckSec: Validate SPF, DKIM, DMARC, and More

blog.kulkan.com
3 points·by laserspeed·5 bulan yang lalu·1 comments

See no Evil(ginx) / Detecting and stopping AitM phishing threats

blog.kulkan.com
1 points·by laserspeed·5 bulan yang lalu·1 comments

Client-Side Path Traversal: Exploiting CSRF in Header-Based Auth Scenarios

blog.kulkan.com
1 points·by laserspeed·9 bulan yang lalu·1 comments

In4M: Keeping Up with the Latest Infosec News

github.com
1 points·by laserspeed·10 bulan yang lalu·1 comments

Security testing of Gitlab self-hosted deployments

github.com
3 points·by laserspeed·11 bulan yang lalu·3 comments

A PoC using Burp Bambdas to show its simplicity for Quick Wins

blog.kulkan.com
1 points·by laserspeed·12 bulan yang lalu·1 comments

Bypassing Watermark Implementations

blog.kulkan.com
37 points·by laserspeed·12 bulan yang lalu·9 comments

comments

laserspeed
·5 bulan yang lalu·discuss
An open-source tool which validates SPF, DKIM, DMARC and provides human-readable output with recommendations on what and how to fix.

Available in GitHub at: https://github.com/kulkansecurity/mxchecksec
laserspeed
·5 bulan yang lalu·discuss
Identifying Evilginx instances and a fun ANSI attack. All focused on the community version of Evilginx 3.
laserspeed
·9 bulan yang lalu·discuss
In this detailed blog post, Lucas Cebrero Lell walks us through CSPT vulnerabilities and how valuable they are in order to exploit CSRF in apps which have moved away from the typical auth Cookies. There's also a Lab available in github based on React and Node which serves as a sample vulnerable app to try and exploit CSPT.
laserspeed
·10 bulan yang lalu·discuss
In4m is consoled based and summarizes front page hacker-related news from trusted sources (eg hackernews, watchtowr, bleeping computer, ...), showing only titles and links to the original article.
laserspeed
·11 bulan yang lalu·discuss
Agreed! Those are indeed some nice pointers to add.
laserspeed
·11 bulan yang lalu·discuss
A checklist to help pentesters and auditors assess Self-Hosted GitLab instances. Checks include misconfigurations and weaknesses that could lead to privilege escalation and code or secrets theft/abuse. It's a first version focused on Authentication, CI/CD Runners, CI/CD Variables and Project configurations.
laserspeed
·12 bulan yang lalu·discuss
Bambdas are small pieces of Java that can be written to perform a wide variety of tasks within Burp, PortSwigger's HTTP(s) Proxy.

The article shows how to rely on Bambdas to identify sensitive data across multi-step flows or processes, very often found in Webapps.
laserspeed
·12 bulan yang lalu·discuss
Bypassing of different Watermark implementations; including tricks related to Picture-In-Picture, erroneous assumptions at the time of enforcing client-side protections, and then HLS (HTTP Live Streaming) and ways to reassemble videos offline by looking into m3u8 playlists and encrypted video segments.