GitHub’s Post

Proof of concept for CVE-2024-36401 on GeoServer. This demonstration aims to initiate a reverse shell connection on the target system. Details: https://lnkd.in/gYiPKqqT #cybersecurity #infosec #infosecurity

Proof of concept for CVE-2024-36401 on GeoServer. This demonstration aims to initiate a reverse shell connection on the target system. Details: https://lnkd.in/e-ZMMF6R #cybersecurity #infosec #infosecurity

CVE-2024-3094 has shaken the open source community with its critical supply chain compromise, affecting XZ Utils and potentially enabling unauthorized access through SSH authentication bypass. The silver lining is that this brought some great research from the community. Get the details, and the technical analysis from the Vulcan Cyber research team and how to fix the CVE in our blog >> https://lnkd.in/dYkfw9fi

HACKSUDO: THOR Vulnhub CTF Walkthrough Welcome to the HACKSUDO walkthrough of THOR, a captivating Vulnhub CTF challenge. In this concise guide, we'll unravel the mysteries of THOR, highlighting key steps to conquer its vulnerabilities and claim the flags. So, join us on this thrilling journey as we navigate through the depths of THOR's security landscape. Let's dive in! Razz Security Academy Mahesh Razz

Just finished Frank Moley's Spring: Spring Security course - recommend it for anyone looking to learn more about Spring security!  #springsecurity #springframework.

blog on HACKSUDO: THOR vulnhub CTF Walkthrough done by our intern Meghana U At Razz Security Academy, we've developed a Cyber Security and Ethical Hacking foundation course to provide essential insights into offensive security practices and diverse developed cybersecurity domains, thereby equipping individuals with valuable knowledge for cybersecurity roles. These are the modules that will be provided in the course: 1. Introduction to Ethical Hacking & Cyber Security 2. Networking Fundamentals 3. Basics on Linux 4. Information Gathering 5. Wi-Fi Hacking 6. Android Hacking 7. HackLab Setup 8. Nmap and Metasploit 9. System Hacking 10. Man In The Middle Attack 11. Cryptography 12. Google Hacking Database(GHDB) or Google Dorking 13. Steganography 14. Burp Suite 15. Content and Sub-Domain Discovery 16. Web Application Hacking This will further help you Explore core concepts such as SOC (Security Operations Center), VAPT (Vulnerability Assessment and Penetration Testing), and other cybersecurity concepts that will further enhance your understanding and expertise in cybersecurity. we are providing courses in 3 different modes: 1. offline (weekdays/weekends) 2. online 3. self-paced. To join the course and further queries +91 8618710868 contact@razzsecurity.com Follow Razz Security Academy for updates on jobs. ( Note: Kindly join on both apps and new job updates will be there ) Discord group: https://lnkd.in/gmV6UmsX Whatsapp group: https://lnkd.in/gzvWmVqk VAPT Jobs, SOC Analyst (ICSA), CyberSecurity Jobs, SIEM & SOC CyberSecurity Jobs, Cybersecurity Jobs , CSOC Analyst - Cyber Security Operations Center , Splunk Security Operations Center Analyst QRadar Security Operations Center Analyst SOCAnalyst Penetration Testing Penetration Tester (ICPT) Penetration Tester Redfox Security - Penetration Testing Services #jobsearch #cybersecurityjobs #jobhiring #hiring #jobalert #jobforfresher #Discord #community #securityanalyst #socanalyst #cybersecurityanalyst #applicationsecurityengineer #networksecurityengineer #vulnerabilityassessment #penetrationtesting

Technical tools need technical "How To" guides. That's one of the many things we do for our clients. If you've built a cybersecurity tool and need to let people know how to use it, get in touch! Here's one we made for IPinfo.io's CLI 👇 🔗 https://lnkd.in/gmBhryEj (This article was written by HackerContent! If you need cybersecurity-focused content like this for your organisation, get in touch today: hackercontent.com)

Just Completed: Chemistry from HackTheBox 🚀 Exploited file upload vulnerabilities, cracked hashes, and leveraged a file-read exploit to gain root access. Here is how I tackled it: 🔍 Initial Recon: - Ran rustscan to identify open ports, followed by nmap for deeper analysis. - Used feroxbuster to locate directories. 🌐 Web Application Discovery:  - Created an account and logged in to the application, where I found a .cif file upload feature.  - Discovered an exploit for this upload functionality, confirming it with a sleep 10 command.  - Uploaded a reverse shell payload and gained a reverse shell from the saved file. 💾 Database Extraction:  - Located a database.db file on the box, dumped it with sqlite3 to retrieve an MD5 hash of the user’s password.  - Cracked the hash using Crackstation, then accessed the box as that user via SSH. 🔒 Privilege Escalation:  - Found a service listening on port 8080, forwarded it to my local machine with SSH.  - Analyzed the service in Burp Suite, identifying it as ahttpio. Discovered an exploit for this service, requiring a specific directory.  - Located the directory with ffuf and used the exploit to read any file as root. 👑 Root Access:  - Accessed root.txt using the file-read exploit and completed the box. Proof: https://lnkd.in/g94Ey3gz Writeup: https://lnkd.in/g8C-FimP #HackTheBox #Cybersecurity #PenTesting #Linux #CTF #InfoSec #EthicalHacking #RedTeam #CyberSkills #BugBounty #CaptureTheFlag #OffensiveSecurity #LearningByDoing

A Terminal UI for browsing security vulnerabilities (CVEs) As default it uses the vulnerability database (NVD) from NIST and provides search and listing functionalities in the terminal with different theming options. The minimum supported Rust version (MSRV) is 1.74.1. #devopskhan

🚀 Day 2: Banner Grabbing & Service Enumeration – Part of my 7-day cybersecurity challenge! Today, I focused on #banner grabbing, an essential technique for collecting information about services running on open ports. This helps in understanding the software versions in use and lays the groundwork for identifying any potential vulnerabilities later on. 🔍 Steps I Followed: 1. Used the command nmap -sV -sC -p80,3306 (ip address) to capture service banners. 2. Gathered version details for services running on detected open ports. 3. Cross-checked the versions with known vulnerabilities databases (manual check after grabbing). Key Findings: Port 80 (Apache): Default Apache page detected. Port 3306 (MariaDB): Standard MariaDB service running. Additional output highlighted some configuration details that don't pose immediate risks but offer insights into how the system is set up. While banner grabbing didn’t reveal any direct vulnerabilities, it provides valuable context for deeper analysis. Excited for Day 3: Web Server Vulnerability Assessment with Nikto! Stay tuned for more insights! 💻🔒 #cybersecurityChallenge #BannerGrabbing #penetrationTesting #ethicalHacking