[-] Vulnerable Software:APfell/Mythic [-] Software Description:APfell/Mythic is a cross-platform, post-exploit, red teaming framework built with python3, docker, docker-compose, and a web browser UI. It’s designed to provide a collaborative and user-friendly interface for operators, managers, and reporting throughout mac and Linux-based red teaming. [-] Product Description:APfell/Mythic is a cross-platform, post-exploit, red teaming framework built with python3, docker, […]
IntroductionTelecommunications companies nowadays became huge enough to have millions of subscribers under its hood, those companies are doing their best to digitalize and revolutionize their online services to serve the needs of the mass subscribers, In a result of this digitalization process, many security weakness may appear which could affect the safety of customers data […]
إزاى تحمي نفسك إفتراضياً ومادياً دى عبارة عن نصائح موجودة فى صورة تصنيفات احنا بننصح بيها فى Seekurity، هتقدر بالنصائح دى تحمى نفسك وخصوصيتك سواء لو كنت بتستخدم كمبيوتر او موبايل وانت اونلاين، النصائح دى لا تنطبق على الناس المخترقة بالفعل لان دا بالنسبالهم هتبقى سيناريوهات ملهاش لازمه، والسؤال الفلسفى اللى هوا اعرف انا […]
Web Applications nowadays are capable of making online video and audio chatting and sometimes without even the need of external *plugins* or *extensions* Hooray! From usability perspective this is something so cool and very helpful but we are not here for usability, Usability is always cool but when it comes to security concerns, the whole […]
[-] Product Description:MyBB-2FA is an unmaintained MyBB plugin that allows MyBB admins to enable Two Factor Authentication in for their forums users. [-] Vulnerability Type:Cross Site Request Forgery [-] Impact and more info:https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF) [-] Vulnerable Request Type:GET based [-] Vulnerable Module/Parameter/Path:MyBB_Installation/usercp.php?action=mybb2fa&do=[ACTION] [-] Proof of Concept URL:MyBB_Installation/usercp.php?action=mybb2fa&do=deactivateMyBB_Installation/usercp.php?action=mybb2fa&do=activate [-] Fix Suggestion:Implement an Anti-CSRF token to protect forging […]
Let’s start with a simple question, what is Physical Security? and why it’s important? Based on techtarget.com’s article: Physical security is the protection of personnel, hardware, software, networks and data from physical actions and events that could cause serious loss or damage to an enterprise, agency or institution. This includes protection from fire, flood, natural […]
In this write-up we will show you how Seekurity team was able to harvest all the user’s private/custom activities leaves more than 20 million private custom activities data in danger. First of all, this write-up is not a new one and the discovery itself is dated back to 2017 but we decided to disclose it […]
TL;DR Today’s bug is a trivial bypass one which if exploited will give the attacker the ability to download a large file regardless of the quota limits that Google put in place as a mitigation/control for any kind of abuse.
“الحقونى، ملفاتى كلها اتشفرت” تقريباً مفيش اى حد مسمعش عن تطبيقات الفدية الخبيثة، واحد من اصل ١٠ اشخاص بيصابوا بيها، ومفيش مره ننزل فيها بوست على فيسبوك غير لما يكون فى على الاقل كومنت من نوع “الحقنى ملفاتى اتشفرت” او “الحقنى ملفاتى كلها اتغير امتدادها ومبقتش تفتح” او “سكرين شوت من سطح المكتب وكل […]
TL;DR A year ago we have been contacted by one of our clients from Middle east regarding looking for/implementing a payment processing solution for their own eCommerce solution and asked us to assist them in order to give them some candidates working in the same field in the middle east but we refused because our […]
موضة جديدة اتبعتها المواقع حديثا وهيا الكسب من خلال تعدين العملات الرقمية بدلا من استخدام اعلانات Google Ads او اى خدمة اعلانات اخرى على امل تحقيق مكسب اسرع، فى التحقيق دا هنتكلم عن جريدة “الاهرام اونلاين” وتعدين العملات الرقمية، واحد من متابعينا بتاريخ ٩ نوفمبر ٢٠١٨ بعتلنا على الصفحة الرسمية ل Seekurity ان موقع “جريدة […]
واحده من الحاجات اللى احنا مميزين فيها بالاضافه للخدمات التانيه اللى بنقدمها هيا ال Investigations، معظم التحقيقات اللى دخلنا فيها ك Seekurity كنا بنقدم نتايج دقيقه بنسبة ٩٩٪ ودا بسبب التكنيكس اللى بنتبعها بحسب خبرتنا فى المجال، فى البوست دا حبيت اشارك معاكم تكنيك اتبعناه من حوالى 3 سنين وحبه تقريباً لما كنا شغالين […]
