Twitter-fiókunk, a @PentesterLab minden héten közzéteszi azoknak a cikkeknek a listáját, amelyeket érdemes elolvasni. Ez a 2019-es cikkek listája. Jó szórakozást!!
30/12/2019
🗞️ https://medium.com/@terjanq/clobbering-the-clobbered-vol-2-fb199ad7ec41
🗞️ https://bertjwregeer.keybase.pub/2019-12-10%20-%20error_page%20request%20smuggling.pdf
23/12/2019
🗞️ https://unit42.paloaltonetworks.com/what-i-learned-from-reverse-engineering-windows-containers/
🗞️ https://eng.getwisdom.io/hacking-github-with-unicode-dotless-i/
🗞️ https://offensi.com/2019/12/16/4-google-cloud-shell-bugs-explained-introduction/
16/12/2019
🗞️ https://hipotermia.pw/bb/http-desync-idor
🗞️ https://www.reddit.com/r/crypto/comments/e8t17w/comment/faerj2m
🗞️ https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui
🗞️ https://diverto.github.io/2019/11/18/Cracking-LUKS-passphrases
09/12/2019
🗞️ https://github.com/bkimminich/juice-shop/issues/1173#
🗞️ https://css.csail.mit.edu/6.858/2013/readings/plan9auth.pdf
🗞️ https://github.com/netanel01/ctf-writeups/blob/master/googlectf/2019/pwn_gomium/README.md
🗞️ https://www.noob.ninja/2019/12/spilling-local-files-via-xxe-when-http.html?m=1
02/12/2019
🗞️ http://blog.infosectcbr.com.au/2019/11/uclibc-unlink-heap-exploitation.html
🗞️ https://blog.teddykatz.com/2019/11/23/json-padding-oracles.html
25/11/2019
🗞️ https://know.bishopfox.com/research/reasonably-secure-electron
18/11/2019
🗞️ https://tpm.fail/tpmfail.pdf
🗞️ https://serializethoughts.com/2019/10/28/solving-mstg-crackme-angr
🗞️ https://blog.infosectcbr.com.au/2019/11/avr-libc-house-of-spirit.html
11/11/2019
🗞️ https://blog.teddykatz.com/2019/11/05/github-oauth-bypass.html
🗞️ https://nathandavison.com/blog/abusing-http-hop-by-hop-request-headers
🗞️ http://re.alisa.sh/notes/iBoot-address-space.html
04/11/2019
🗞️ https://research.securitum.com/prototype-pollution-rce-kibana-cve-2019-7609/
🗞️ https://lab.wallarm.com/race-condition-in-web-applications/
28/10/2019
🗞️ https://buer.haus/2019/10/18/a-tale-of-exploitation-in-spreadsheet-file-conversions/
🗞️ https://tagazok.virtualabs.fr/Workshop-How_to_use_btlejack.pdf
🗞️ https://www.shielder.it/blog/dont-open-that-xml-xxe-to-rce-in-xml-plugins-for-vs-code-eclipse-theia/
21/10/2019
🗞️ https://srcincite.io/assets/postscript-pat-and-his-black-and-white-hat.pdf
🗞️ https://hacks.mozilla.org/2019/10/firefoxs-new-websocket-inspector/
🗞️ https://blog.paloaltonetworks.com/2019/10/cloud-kubernetes-vulnerabilities/
14/10/2019
🗞️ https://medium.com/sensorfu/how-my-application-ran-away-and-call-home-from-redmond-de7af081100d
🗞️ https://blog.redteam.pl/2019/10/internal-domain-name-collision-dns.html?m=1
07/10/2019
🗞️ https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/
🗞️ https://5alt.me/2019/10/HackMD%20Stored%20XSS%20and%20HackMD%20Desktop%20RCE/
🗞️ https://googleprojectzero.blogspot.com/2019/09/windows-exploitation-tricks-spoofing.html?m=1
30/09/2019
🗞️ https://portswigger.net/research/one-xss-cheatsheet-to-rule-them-all
🗞️ https://vavkamil.cz/2019/09/15/how-to-bypass-android-certificate-pinning-and-intercept-ssl-traffic/
23/09/2019
🗞️ https://research.securitum.com/server-side-template-injection-on-the-example-of-pebble/
🗞️ https://shhnjk.blogspot.com/2019/09/nonce-based-csp-service-worker-csp.html
16/09/2019
🗞️ https://blog.evilpacket.net/2019/leveraging-javascript-debuggers/
🗞️ https://medium.com/@cc1h2e1/write-up-of-two-http-requests-smuggling-ff211656fe7d
09/09/2019
🗞️ https://medium.com/@prsecurity_/how-to-build-an-internal-red-team-7957ec644695
🗞️ https://alephsecurity.com/2019/09/02/Z3-for-webapp-security/
02/09/2019
🗞️ https://speakerdeck.com/filedescriptor/the-cookie-monster-in-your-browsers
🗞️ https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html
🗞️ https://research.aurainfosec.io/same-origin-policy/
26/08/2019
🗞️ https://about.gitlab.com/2019/08/14/american-fuzzy-lop-on-gitlab/
🗞️ https://dttw.tech/posts/SJ40_7MNS
🗞️ https://soroush.secproject.com/blog/2019/08/uploading-web-config-for-fun-and-profit-2/
🗞️ http://addxorrol.blogspot.com/2019/08/rashomon-of-disclosure.html?m=1
19/08/2019
🗞️ https://devco.re/blog/2019/08/09/attacking-ssl-vpn-part-2-breaking-the-Fortigate-ssl-vpn/
🗞️ https://github.com/trailofbits/audit-kubernetes/blob/master/reports/Kubernetes%20White%20Paper.pdf
12/08/2019
🗞️ https://www.msreverseengineering.com/blog/2019/8/5/automation-techniques-in-c-reverse-engineering
🗞️ https://portswigger.net/blog/http-desync-attacks-request-smuggling-reborn
🗞️ https://i.blackhat.com/USA-19/Wednesday/us-19-Munoz-SSO-Wars-The-Token-Menace-wp.pdf
🗞️ https://www.imperialviolet.org/2019/08/10/ctap2features.html
05/08/2019
🗞️ https://blog.cloudflare.com/a-gentle-introduction-to-linux-kernel-fuzzing/
🗞️ https://rhys.io/post/rce-in-ruby-using-mustache-templates
🗞️ https://blog.matthewbarber.io/2019/07/22/how-to-make-compressed-file-quines
🗞️ http://blog.infosectcbr.com.au/2019/07/linux-heap-tcache-poisoning.html
29/07/2019
🗞️ https://www.synacktiv.com/posts/exploit/exploiting-a-no-name-freebsd-kernel-vulnerability.html
🗞️ https://blog.ropnop.com/docker-for-pentesters/
🗞️ https://medium.com/@iSecMax/сookie-based-xss-exploitation-2300-bug-bounty-story-9bc532ffa564
22/07/2019
🗞️ https://blog.trailofbits.com/2019/07/19/understanding-docker-container-escapes/
🗞️ https://thezerohack.com/hack-any-instagram
🗞️ https://blog.assetnote.io/bug-bounty/2019/07/17/rce-on-zoom/
🗞️ https://hackerone.com/reports/587854
15/07/2019
🗞️ https://medium.com/@ruvlol/rce-in-jira-cve-2019-11581-901b845f0f
🗞️ https://www.cs.purdue.edu/homes/schau/files/pkcs1v1_5-ndss19.pdf
01/07/2019
🗞️ http://blog.ret2.io/2019/06/26/attacking-intel-tsx/
🗞️ https://blog.ripstech.com/2019/dotcms515-sqli-to-rce/
24/06/2019
🗞️ https://medium.com/intigriti/how-spending-our-saturday-hacking-earned-us-20k-60990c4678d4
🗞️ https://alephsecurity.com/2019/06/17/xnu-qemu-arm64-1/
17/06/2019
🗞️ https://cryptosense.com/blog/how-ledger-hacked-an-hsm/
🗞️ https://citizenlab.ca/docs/stalkerware-holistic.pdf
🗞️ https://speakerdeck.com/andresriancho/internet-scale-analysis-of-aws-cognito-security
10/06/2019
🗞️ https://blog.npmjs.org/post/185397814280/plot-to-steal-cryptocurrency-foiled-by-the-npm
🗞️ https://www.ee.oulu.fi/research/ouspg/Disclosure_tracking
03/06/2019
🗞️ https://code.fb.com/security/service-encryption/
🗞️ https://www.chromestatus.com/feature/5088147346030592
🗞️ https://arxiv.org/abs/1905.13055
27/05/2019
🗞️ https://github.com/veorq/cryptocoding/
🗞️ https://teamrot.fi/2019/05/23/self-hosted-burp-collaborator-with-custom-domain/
20/05/2019
🗞️ https://guidovranken.com/2019/05/14/differential-fuzzing-of-cryptographic-libraries/
🗞️ https://eprint.iacr.org/2019/459.pdf
🗞️ https://leakfree.wordpress.com/2015/03/12/php-object-instantiation-cve-2015-1033/
13/05/2019
🗞️ https://corb3nik.github.io/blog/ins-hack-2019/bypasses-everywhere
🗞️ https://www.colecornford.com/post/2019-04-06-subresource-integrity/
🗞️ https://anvilventures.com/blog/looking-inside-the-box.html
06/05/2019
🗞️ https://www.synacktiv.com/ressources/GLPI_9.4.0_Type_juggling_auth_bypass.pdf
🗞️ https://securityriskadvisors.com/blog/aws-iam-exploitation/
🗞️ https://blog.syscall.party/post/ltdh-re-walkthrough/
29/04/2019
22/04/2019
🗞️ https://www.synacktiv.com/ressources/advisories/Sitecore_CSRF_deserialize_RCE.pdf
🗞️ https://gitlab.com/cybears/fall-of-cybeartron/
15/04/2019
🗞️ https://rhinosecuritylabs.com/application-security/cve-2019-0227-expired-domain-rce-apache-axis/
🗞️ https://mahmoudsec.blogspot.com/2019/04/handlebars-template-injection-and-rce.html
🗞️ http://sec.eddyproject.com/6000-hackerone-disclosed-reports/
🗞️ https://medium.com/starting-up-security/starting-up-security-policy-104261d5438a
08/04/2019
🗞️ https://blog.filippo.io/a-literate-go-implementation-of-poly1305/
🗞️ https://medium.com/@terjanq/how-i-am-able-to-hijack-you-1cab793a01d1
🗞️ https://blog.doyensec.com/2019/04/03/subverting-electron-apps-via-insecure-preload.html
01/04/2019
🗞️ https://mogwailabs.de/blog/2019/03/attacking-java-rmi-services-after-jep-290/
🗞️ https://chybeta.github.io/2019/03/16/Analysis-for【CVE-2019-5418】File-Content-Disclosure-on-Rails/
25/03/2019
🗞️ https://blog.assetnote.io/bug-bounty/2019/03/19/rce-on-mozilla-zero-day-webpagetest/
🗞️ https://tosc.iacr.org/index.php/ToSC/article/view/892/843
18/03/2019
🗞️ https://people.eng.unimelb.edu.au/vjteague/UniversalVerifiabilitySwissPost.pdf
🗞️ https://blog.tint0.com/2019/03/a-saga-of-code-executions-on-zimbra.html?m=1
11/03/2019)
🗞️ https://www.vulnano.com/2019/03/facebook-messenger-server-random-memory.html
🗞️ https://mobile.twitter.com/rootxharsh/status/1104068814810087424