@Phantasm_Lab


Channel's geo and language: not specified, English
Category: Technologies


- Red x Blue Security
- Bug Bounty 💷 💵
- Exploitable tools
- Programming Languages
- Malware Analysis
🇺🇸 🇧🇷 🇪🇸
since 2017 ©

Parceiros:
@TIdaDepressaoOficial @acervoprivado @ReneGadesx @G4t3w4y

Related channels

Channel's geo and language
not specified, English
Statistics
Posts filter






🔎 Threat Intel Roundup: CrushFTP, CS2, Lazarus, Trigona
Week in Overview(5 Dec-12 Dec)


Vuln Research in VIDEO GAMES?!?!

Our adventure with FreeDroid RPG began when we were perusing the National Vulnerability Database (NVD) for video game-related bugs and discovered two CVEs from 2020 related to this game: CVE-2020-14938 and CVE-2020-14939. Both CVEs involved ways to maliciously manipulate the save game data—each fascinating in their own right. As we looked into the technical details of this original research from LogicalTrust, we noticed anomalies in the patches that were meant to address these vulnerabilities, sparking a deeper investigation

https://youtu.be/vHocemqpOuo?si=x7Et0MJdhwMdHTIv


What is Prometheus ?

Prometheus is an open-source systems monitoring and alerting toolkit originally built at SoundCloud. Since its inception in 2012, many companies and organizations have adopted Prometheus, and the project has a very active developer and user community

Prometheus collects and stores its metrics as time series data, i.e. metrics information is stored with the timestamp at which it was recorded, alongside optional key-value pairs called labels.

https://prometheus.io/docs/introduction/overview/




Alien Vault - The World’s First Truly Open Threat Intelligence Community

https://otx.alienvault.com/








SSRFire - An automated SSRF finder

@aswinchandran274/ssrfire-an-automated-ssrf-finder-798f3ee8a38' rel='nofollow'>https://medium.com/@aswinchandran274/ssrfire-an-automated-ssrf-finder-798f3ee8a38


(Authenticated) Stored XSS - Simple Download Monitor 3.9.19 (Wordpress Plugin)

@DreadPirateRobertt/stored-xss-simple-download-monitor-3-9-19-wordpress-plugin-cbef1564a44b' rel='nofollow'>https://medium.com/@DreadPirateRobertt/stored-xss-simple-download-monitor-3-9-19-wordpress-plugin-cbef1564a44b


File Shared < 1.6.48 (Wordpress Plugin) — Sensitive Data Exposure Mysql version, enviroment..

When we try upload an unauthorized file, The plugin core stored Database sensitive informations like Mysql Version, Enviroment informations, userid, user_session, ip,(browser informations).

@DreadPirateRobertt/file-shared-1-6-48-wordpress-plugin-sensitive-data-exposure-mysql-version-enviroment-343356762353' rel='nofollow'>https://medium.com/@DreadPirateRobertt/file-shared-1-6-48-wordpress-plugin-sensitive-data-exposure-mysql-version-enviroment-343356762353


NSA - Mitigating Web Shells

This repository houses a number of tools and signatures to help defend networks against web shell malware. More information about web shells and the analytics used by the tools here is available in NSA and ASD web shell mitigation guidance Detect and Prevent Web Shell Malware.

https://github.com/nsacyber/Mitigating-Web-Shells






Forward from: The Bug Bounty Hunter
OTP Bypass via Source Page Inspection

@katmaca2014/otp-bypass-via-source-page-inspection-3c6ac90a0fb5' rel='nofollow'>https://medium.com/@katmaca2014/otp-bypass-via-source-page-inspection-3c6ac90a0fb5


Getting started with the Red Team Guides

RedTeamGuides is a platform that provides red team tutorial and guidance along with cheatsheets. It is aimed at helping security professionals and enthusiasts to learn about red teaming and penetration testing techniques.

The platform provides a wide range of resources, including step-by-step tutorials, how-to guides, and cheat sheets, that cover different topics related to red teaming, such as reconnaissance, exploitation, post-exploitation, and privilege escalation. The guides are regularly updated to keep up with the latest techniques and tools in the field.

https://redteamguides.com/index.html




Forward from: SHELL SHOCK

20 last posts shown.