Sign in to follow this
Followers
0
Exploits Microsoft Baseline Security Analyzer 2.3 XML Injection
By
1337day-Exploits, in Updated Exploits
-
Similar Content
-
By itsMe
Hidden Content
Give reaction to this post to see the hidden content. PwnFox
PwnFox is a Firefox/Burp extension that provides usefull tools for your security audit.
If you are a chrome user you can check https://github.com/nccgroup/autochrome.
Single click BurpProxy
Connect to Burp with a simple click, this will probably remove the need for other add-ons like foxyProxy. However, if you need the extra features provided by foxyProxy you can leave this unchecked.
Containers Profiles
PwnFox gives you fast access to Firefox containers. This allows you to have multiple identities in the same browser. When PwnFox and the Add container header option are enabled, PwnFox will automatically add an X-PwnFox-Color header to highlight the query in Burp.
PwnFoxBurp will automatically highlight and strip the header, but you can also specify your own behavior with addons like logger++.
Security header remover
Sometimes it’s easier to work with the security header disabled. You can now do it with a single button press. Don’t forget to reenable them before testing your final payload.
Headers stripped:
Content-Security-Policy
X-XSS-Protection
X-Frame-Options
X-Content-Type-Options
Hidden Content
Give reaction to this post to see the hidden content. -
By itsMe
Hidden Content
Give reaction to this post to see the hidden content. The Best WordPress Security Plugin to
Secure & Protect WordPress
Built by the WordPress security experts
iThemes Security Pro takes the guesswork out of WordPress security. You shouldn’t have to be a security professional to use a security plugin, so iThemes Security Pro makes it easy to secure & protect your WordPress website.
Hidden Content
Give reaction to this post to see the hidden content.
Hidden Content
Give reaction to this post to see the hidden content. -
By itsMe
Hidden Content
Give reaction to this post to see the hidden content. This project is a simple collection of various shellcode injection techniques, aiming to streamline the process of endpoint detection evaluation, besides challenging myself to get into the Golang world.
Hidden Content
Give reaction to this post to see the hidden content. -
By itsMe
Hidden Content
Give reaction to this post to see the hidden content. HawkScan
Security Tool for Reconnaissance and Information Gathering on a website. (python 2.x & 3.x)
This script uses “WafW00f” to detect the WAF in the first step.
This script uses “Sublist3r” to scan subdomains.
This script uses “waybacktool” to check in waybackmachine.
Features
URL fuzzing and dir/file detection
Test backup/old file on all the files found (index.php.bak, index.php~ …)
Check header information
Check DNS information
Check whois information
User-agent random or personal
Extract files
Keep a trace of the scan
Check @mail in the website and check if @mails leaked
CMS detection + version and vulns
Subdomain Checker
Backup system (if the script stopped, it take again in the same place)
WAF detection
Add personal prefix
Auto-update script
Auto or personal output of scan (scan.txt)
Check Github
Recursive dir/file
Scan with an authentication cookie
Option –profil to pass profil page during the scan
HTML report
Work it with py2 and py3
Add option rate-limit if the app is unstable (–timesleep)
Check-in waybackmachine
Response error to WAF
Check if DataBase firebaseio exist and accessible
Automatic threads depending on the response to a website (and reconfig if WAF detected too many times). Max: 30
Search S3 buckets in source code page
Testing bypass of waf if detected
Testing if it’s possible scanning with “localhost” host
Changelog v1.5.3
– add setup.sh
Hidden Content
Give reaction to this post to see the hidden content. -
By itsMe
Hidden Content
Give reaction to this post to see the hidden content. Security Onion
Security Onion is a free and open source Linux distribution for intrusion detection, enterprise security monitoring, and log management. It includes Elasticsearch, Logstash, Kibana, Snort, Suricata, Bro, OSSEC, Sguil, Squert, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes!
Below are several diagrams to represent the current architecture and deployment scenarios for Security Onion on the Elastic Stack.
Core Components
Logstash – Parse and format logs.
Elasticsearch – Ingest and index logs.
Kibana – Visualize ingested log data.
Auxiliary Components
Curator – Manage indices through scheduled maintenance.
ElastAlert – Query Elasticsearch and alert on user-defined anomalous behavior or other interesting bits of information.
FreqServer -Detect DGAs and find random file names, script names, process names, service names, workstation names, TLS certificate subjects and issuer subjects, etc.
DomainStats – Get additional info about a domain by providing additional context, such as creation time, age, reputation, etc.
Changelog v2.2 RC3
First, we have a new so-analyst script that will optionally install a GNOME desktop environment, Chromium web browser, NetworkMiner, Wireshark, and many other analyst tools.
Next, we’ve collapsed Hunt filter icons and action links into a new quick action bar that will appear when you click a field value. Actions include:
Filtering the hunt query
Pivot to PCAP
Create an alert in TheHive
Google search for the value
Analyze the value on VirusTotal.com
Finally, we’ve greatly improved support for airgap deployments. There is more work to be done in the next release, but we’re getting closer!
Hidden Content
Give reaction to this post to see the hidden content.
-