HackerTrans
TopNewTrendsCommentsPastAskShowJobs

laserspeed

no profile record

Submissions

MxCheckSec: Validate SPF, DKIM, DMARC, and More

blog.kulkan.com
3 points·by laserspeed·5 месяцев назад·1 comments

See no Evil(ginx) / Detecting and stopping AitM phishing threats

blog.kulkan.com
1 points·by laserspeed·5 месяцев назад·1 comments

Client-Side Path Traversal: Exploiting CSRF in Header-Based Auth Scenarios

blog.kulkan.com
1 points·by laserspeed·9 месяцев назад·1 comments

In4M: Keeping Up with the Latest Infosec News

github.com
1 points·by laserspeed·10 месяцев назад·1 comments

Security testing of Gitlab self-hosted deployments

github.com
3 points·by laserspeed·11 месяцев назад·3 comments

A PoC using Burp Bambdas to show its simplicity for Quick Wins

blog.kulkan.com
1 points·by laserspeed·12 месяцев назад·1 comments

Bypassing Watermark Implementations

blog.kulkan.com
37 points·by laserspeed·12 месяцев назад·9 comments

comments

laserspeed
·5 месяцев назад·discuss
An open-source tool which validates SPF, DKIM, DMARC and provides human-readable output with recommendations on what and how to fix.

Available in GitHub at: https://github.com/kulkansecurity/mxchecksec
laserspeed
·5 месяцев назад·discuss
Identifying Evilginx instances and a fun ANSI attack. All focused on the community version of Evilginx 3.
laserspeed
·9 месяцев назад·discuss
In this detailed blog post, Lucas Cebrero Lell walks us through CSPT vulnerabilities and how valuable they are in order to exploit CSRF in apps which have moved away from the typical auth Cookies. There's also a Lab available in github based on React and Node which serves as a sample vulnerable app to try and exploit CSPT.
laserspeed
·10 месяцев назад·discuss
In4m is consoled based and summarizes front page hacker-related news from trusted sources (eg hackernews, watchtowr, bleeping computer, ...), showing only titles and links to the original article.
laserspeed
·11 месяцев назад·discuss
Agreed! Those are indeed some nice pointers to add.
laserspeed
·11 месяцев назад·discuss
A checklist to help pentesters and auditors assess Self-Hosted GitLab instances. Checks include misconfigurations and weaknesses that could lead to privilege escalation and code or secrets theft/abuse. It's a first version focused on Authentication, CI/CD Runners, CI/CD Variables and Project configurations.
laserspeed
·12 месяцев назад·discuss
Bambdas are small pieces of Java that can be written to perform a wide variety of tasks within Burp, PortSwigger's HTTP(s) Proxy.

The article shows how to rely on Bambdas to identify sensitive data across multi-step flows or processes, very often found in Webapps.
laserspeed
·12 месяцев назад·discuss
Bypassing of different Watermark implementations; including tricks related to Picture-In-Picture, erroneous assumptions at the time of enforcing client-side protections, and then HLS (HTTP Live Streaming) and ways to reassemble videos offline by looking into m3u8 playlists and encrypted video segments.