Analysis of CVE-2024-43044 — From file read to RCE in Jenkins through agents

https://blog.convisoappsec.com/en/analysis-of-cve-2024-43044/

Conviso AppSec

Analysis of CVE-2024-43044 — From file read to RCE in Jenkins through agents

The Jenkins team released an advisory (CVE-2024-43044) for an arbitrary file read vulnerability that allows an agent to be able to read files

SQL Injection Explained  With @BuildHackSecure + FREE LABS!

https://www.youtube.com/watch?v=EZXvxpbFqvg

YouTube

SQL Injection Explained With @BuildHackSecure + FREE LABS!

LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! ***👍*** ***📚*** If you want to learn bug bounty hunting from me: https://bugbounty.nahamsec.training ***💻*** If you want to practice some of my free labs and challenges: https://app.hackinghub.io ***💵*** FREE…

Hacking and securing ElectronJS apps

https://pentesting.academy/p/hacking-and-securing-electronjs-apps

pentesting.academy

Hacking and securing ElectronJS apps

19 rules to attack and defend ElectronJS apps ***🥷***

How to root an Android device for analysis and vulnerability assessment
https://www.pentestpartners.com/security-blog/how-to-root-an-android-device-for-analysis-and-vulnerability-assessment/

Pentestpartners

How to root an Android device for analysis and vulnerability assessment | Pen Test Partners

TL;DR Rooting is useful for Android assessments The process is relatively simple It will wipe all user data from the device and void any warranty Introduction For mobile testing, be it for apps or hardware, having complete control over the device is essential…

Intercepting Mobile Application Traffic with Caido and Frida

https://brownfinesecurity.com/blog/intercepting-mobile-traffic-with-caido-and-frida/

Brown Fine Security

Intercepting Mobile Application Traffic with Caido and Frida

Proxying HTTP traffic from mobile devices using Caido and Frida

سلام دوستان.
شرایط جذب نیرو تست نفوذ وب در یک شرکت دانش بنیان مهیا شده.

ممنون میشم رزومه خودتونو به پی وی بنده ارسال کنید.
@nashenas_tm

https://x.com/mehrshad323/status/1826124055688425504

X (formerly Twitter)

mehrshad alizadeh (@mehrshad323) on X

خیلی از دوستان راجب ربات های پیام ناشناس نظر گذاشتن منم گفتم نظر خودمو اعلام کنم. به نظر من تقریبا هرکسی که با api تلگرام کار کرده باشه و یک ربات لانچ کرده باشه میدونه که خیلی عجیب نیست دیتای شما دست صاحبان ربات باشه( البته کاملا موافقم که این نقض حریم خصوصی…

SSRFing the Web with the help of Copilot Studio

https://www.tenable.com/blog/ssrfing-the-web-with-the-help-of-copilot-studio

Tenable®

SSRFing the Web with the help of Copilot Studio

Tenable Research discovered a critical information-disclosure vulnerability in Microsoft’s Copilot Studio via a server-side request forgery (SSRF), which allowed researchers access to potentially sensitive information regarding service internals with potential…

دموی 2 ( دوم ) از دوره Android RAT Development

یکی از آموزش های این دوره نحوه Bind کردن فایل RAT APK به هر فایل APK

نحوه Bind کردن فایل RAT به نرم افزار معروف v2rayNG

دقت داشته باشید که تقریبا بالای ۹۰ درصد میشود به تمامی فایل های APK عملیات Bind را انجام داد.

مدرس : میثم منصف

Java - NDK (C/C++) - Node JS

Tested :
Android 14 - Redmi Note 13 - Xiaomi / Samsung Devices
Android 13
Android 12
Android 11 & below

منتظر باشید ...

@SecCode

https://www.armosec.io/blog/cve-2024-7646-ingress-nginx-annotation-validation-bypass/

ARMO

CVE-2024-7646: Ingress-NGINX Annotation Validation Bypass

Learn how CVE-2024-7646 allows attackers to bypass ingress-nginx validation and compromise Kubernetes clusters, and how to secure your systems