You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
Instantly share code, notes, and snippets.
🤖
Happiness Developer
Mehdi Chaouch
mehdichaouch
🤖
Happiness Developer
Computer Scientist, PHP Developer (Magento/Symfony), Growth Hacker padawan 🤖.
Founder of @advocodo and cofounder of @babycrea to spread DIY sewing & love 💕
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The vulnerability with the highest CVSS score of 8.8 (CVE-2023-38218) states that it is an unauthenticated privilege escalation due to improper input validation.
GitHub Search Syntax for Finding API Keys/Secrets/Tokens
As a security professional, it is important to conduct a thorough reconnaissance. With the increasing use of APIs nowadays, it has become paramount to keep access tokens and other API-related secrets secure in order to prevent leaks. However, despite technological advances, human error remains a factor, and many developers still unknowingly hardcode their API secrets into source code and commit them to public repositories. GitHub, being a widely popular platform for public code repositories, may inadvertently host such leaked secrets. To help identify these vulnerabilities, I have created a comprehensive search list using powerful search syntax that enables the search of thousands of leaked keys and secrets in a single search.
Search Syntax:
(path:*.{File_extension1} OR path:*.{File_extension-N}) AND ({Keyname1} OR {Keyname-N}) AND (({Signature/pattern1} OR {Signature/pattern-N}) AND ({PlatformTag1} OR {PlatformTag-N}))
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Calculate the diff between 2 Magento core_config_data tables and generate as SQL
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Quelques observations sur les attaques par phishing ciblant Paypal
Jouons avec le phishing Paypal
Courant septembre, j'ai testé un développement qui cherche des patterns parmi (les certificats TLS venant d'être délivrés
publiquement)[http://certstream.calidog.io/]. La limite de cette recherche, c'est qu'elle s'applique sur des noms de domaines et pas des URL complètes !
Il suffit de filtrer ces certificats avec le mot-clé « paypal » pour obtenir des dizaines de noms de domaines malveillants
par jour, avec parfois... juste un .zip à la racine. Comme j'en ai attrapé quelques-uns (ici 16shop), c'est l'occasion de les décortiquer ;)
Comment ça marche ?
Essayons de comprendre comment les attaquants travaillent !