Friday, October 5, 2018

Penetration Testing Bookmarks Collection


Now if another day new entry, in the blog this time with a collection of Pentesting Bookmarks that I found in code.google which has been running since 2011 the last update that is version 1.5 as you see it has a moderate amount of resources to the which we can access and be able to know, most of the blogs presented by simple access that I did not know them or by joke: (you can tell that I do not know anything about the network, obviously you have more than one that maybe is broken of the links but if we go to what is the idea of ​​sharing knowledge because we do not put to work and put together new bookmarks referring to this world that strikes us all, we do not know who is involved in this process to be able to work and be able to gather, among all those who are encouraged to notice in this post to do so and coordinate

RECAPTCHA BYPASS VIA HTTP PARAMETER POLLUTION

reCAPTCHA

Image result for recaptcha v2

I reported a reCAPTCHA bypass to Google in late January. The bypass required the web application using reCAPTCHA to craft the request to /recaptcha/api/siteverify in an insecure way; but when this situation occurred the attacker was able to bypass the protection every time. The security issue was fixed “upstream” at Google’s reCAPTCHA API and no modifications are required to your web applications.

Osmedeus - Fully Automated Offensive Security Tool For Reconnaissance And Vulnerability Scanning

Osmedeus allow you automated run the collection of awesome tools to  reconnaissance  and  vulnerability scanning  against the target.