HackerTrans
トップ新着トレンドコメント過去質問紹介求人

laserspeed

no profile record

投稿

MxCheckSec: Validate SPF, DKIM, DMARC, and More

blog.kulkan.com
3 ポイント·投稿者 laserspeed·5 か月前·1 コメント

See no Evil(ginx) / Detecting and stopping AitM phishing threats

blog.kulkan.com
1 ポイント·投稿者 laserspeed·5 か月前·1 コメント

Client-Side Path Traversal: Exploiting CSRF in Header-Based Auth Scenarios

blog.kulkan.com
1 ポイント·投稿者 laserspeed·9 か月前·1 コメント

In4M: Keeping Up with the Latest Infosec News

github.com
1 ポイント·投稿者 laserspeed·10 か月前·1 コメント

Security testing of Gitlab self-hosted deployments

github.com
3 ポイント·投稿者 laserspeed·11 か月前·3 コメント

A PoC using Burp Bambdas to show its simplicity for Quick Wins

blog.kulkan.com
1 ポイント·投稿者 laserspeed·12 か月前·1 コメント

Bypassing Watermark Implementations

blog.kulkan.com
37 ポイント·投稿者 laserspeed·12 か月前·9 コメント

コメント

laserspeed
·5 か月前·議論
An open-source tool which validates SPF, DKIM, DMARC and provides human-readable output with recommendations on what and how to fix.

Available in GitHub at: https://github.com/kulkansecurity/mxchecksec
laserspeed
·5 か月前·議論
Identifying Evilginx instances and a fun ANSI attack. All focused on the community version of Evilginx 3.
laserspeed
·9 か月前·議論
In this detailed blog post, Lucas Cebrero Lell walks us through CSPT vulnerabilities and how valuable they are in order to exploit CSRF in apps which have moved away from the typical auth Cookies. There's also a Lab available in github based on React and Node which serves as a sample vulnerable app to try and exploit CSPT.
laserspeed
·10 か月前·議論
In4m is consoled based and summarizes front page hacker-related news from trusted sources (eg hackernews, watchtowr, bleeping computer, ...), showing only titles and links to the original article.
laserspeed
·11 か月前·議論
Agreed! Those are indeed some nice pointers to add.
laserspeed
·11 か月前·議論
A checklist to help pentesters and auditors assess Self-Hosted GitLab instances. Checks include misconfigurations and weaknesses that could lead to privilege escalation and code or secrets theft/abuse. It's a first version focused on Authentication, CI/CD Runners, CI/CD Variables and Project configurations.
laserspeed
·12 か月前·議論
Bambdas are small pieces of Java that can be written to perform a wide variety of tasks within Burp, PortSwigger's HTTP(s) Proxy.

The article shows how to rely on Bambdas to identify sensitive data across multi-step flows or processes, very often found in Webapps.
laserspeed
·12 か月前·議論
Bypassing of different Watermark implementations; including tricks related to Picture-In-Picture, erroneous assumptions at the time of enforcing client-side protections, and then HLS (HTTP Live Streaming) and ways to reassemble videos offline by looking into m3u8 playlists and encrypted video segments.