blog.sergeybelove.ru
@sergeybelove - blog about web securityblog about web security
http://blog.sergeybelove.ru/
blog about web security
http://blog.sergeybelove.ru/
TODAY'S RATING
>1,000,000
Date Range
HIGHEST TRAFFIC ON
Monday
LOAD TIME
0.4 seconds
PAGES IN
THIS WEBSITE
10
SSL
EXTERNAL LINKS
6
SITE IP
104.28.12.101
LOAD TIME
0.406 sec
SCORE
6.2
@sergeybelove - blog about web security | blog.sergeybelove.ru Reviews
https://blog.sergeybelove.ru
blog about web security
Public talks Archives - @sergeybelove
https://blog.sergeybelove.ru/category/public-talks
Slides from my talk at OWASP Poland about different attacks to modern frontend. OWASP EEE (Krakow) – It's only about frontend. Text – click. Huge thanks to Mario. For help while preparing this presentation. February 28th, 2016. Posted In: Public talks.
Frontend in(security) - @sergeybelove
https://blog.sergeybelove.ru/2016/02/frontend-insecurity
Slides from my talk at OWASP Poland about different attacks to modern frontend. OWASP EEE (Krakow) – It's only about frontend. Text – click. Huge thanks to Mario. For help while preparing this presentation. February 28th, 2016. Posted In: Public talks.
Let us see the Impact! - @sergeybelove
https://blog.sergeybelove.ru/2014/12/let-us-see-the-impact
Let us see the Impact! The vulnerability lies in its presence in the records of the domains’ subdomains, which contain addresses belonging to the local network. Let’s suppose that when searching subdomains, we’ve found something like local.target.com, which points to 127.0.0.1 address (or simply to an IP from the local network). Img src = http:/ local.target.com:10024/. Once the victim opens the mail and downloads an image from *. Http:/ local.target.com:631/jobs/? One may transmit XSS and receive cookies.
Remote command execution on the client side via jsonp - @sergeybelove
https://blog.sergeybelove.ru/2015/01/remote-command-execution-on-the-client-side-via-jsonp
Remote command execution on the client side via jsonp. Today I want to reborn my blog and share a little and very simple (and new? Trick – how to get RCE on the client side via jsonp in IE (any verison). This technique looks like on “reflected file download” from last BlackHat. Request sent via a script tag - script src="https:/ status.github.com/api/status.json? Data received as an execution of the predefined function. - script function apiStatus(data) { console.log(data.status); } /script. In case when...
Hamachi on raspberry pi - bash no such file or directory
https://blog.sergeybelove.ru/2015/11/hamachi-on-raspberry-pi-bash-no-such-file-or-directory
Hamachi on raspberry pi – bash no such file or directory. If you have following error after installing hamachi on raspberry pi. Bash: /usr/bin/hamachi: No such file or directory. Ln -s /lib/ld-linux-armhf.so.3 /lib/ld-linux.so.3. November 15th, 2015.
TOTAL PAGES IN THIS WEBSITE
10
@sergeybelove
https://www.sergeybelove.ru/one-button-scan
Online scanner for security holes. Please test responsibly. All tests details are logged. Do not test against websites that you do not have permission to test against. All data is archived in case of abuse. Domain name or IP address. Total domains / IP addresses were checked: 12301. Total scans - 14143, for last 24 hours - 18.
@sergeybelove
https://www.sergeybelove.ru/public-stuff
1 - Hacking videos:. ScreenCast] CodeFest 2014 - pentesting client/server API (sha1 padding and xxe demo) [watch]. Public talk] CodeFest 2014 - pentesting client/server API [watch]. ScreenCast] WordPress - From XSS to RCE. Google service (Waze) [watch]. ScreenCast] Any.DO 0day exploitaion with mosquito tool (gmail 2-steps auth acc hijacking). CTF] DEFCON 20 Documentary Full Version (we are on 02:08 :D) [watch]. ScreenCast] DroidSheep ARP-spoof demo and Fing routerpwn.com d-link dir 320 hacking [watch].
@sergeybelove
https://www.sergeybelove.ru/pwn-stuff
Some of my tools and tricks for web/network pentesting. Info about you for debug purposes. IP (REMOTE ADDR) 23.21.86.101 # User agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10 10 1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36. DNS proxy for Penetration Testers. You can set any record to any value, e.g. A - to XSS payload. Also very useful for dns tunneling detection. Multi-threaded perl script to enumerate DNS information of a domain and to discover non-contiguous ip blocks.
TOTAL LINKS TO THIS WEBSITE
6
Apache2 Ubuntu Default Page: It works
Apache2 Ubuntu Default Page. This is the default welcome page used to test the correct operation of the Apache2 server after installation on Ubuntu systems. It is based on the equivalent page on Debian, from which the Ubuntu Apache packaging is derived. If you can read this page, it means that the Apache HTTP server installed at this site is working properly. You should replace this file. Before continuing to operate your HTTP server. Package was installed on this server. Is always included from the main...
Pet Health Central | Useful health and behavior tips for pet parents
December 30, 2015. Goodbye, PHC Blog! I’m sad to say this is the last post we will have on the Pet Health Central blog. If you haven’t seen on our Pet Health Central Facebook page, our name will be changing to SENTRY Pet Care in order to better serve those who purchase SENTRY products. Our existing blog posts will migrate to our websites to better answer product questions and so that…. By Megan Blake and Super Smiley. December 22, 2015. Top 5 Commands to Teach Your Dog. Often what makes…. I can’t hold ou...
Maz - Sur les Technos du Web… et pas mal de PHP
Sur les Technos du Web et pas mal de PHP. Adapter une vidéo Youtube en fonction de la dimension de l’écran. Lorsque vous affichez une vidéo en provenance de Youtube, l’iframe à insérer dans votre code contient la largeur et la hauteur explicites de la vidéo. Visuellement, sur un smartphone, cela peut donner des résultats peu esthétiques. Vidéo Youtube non adaptative. Lire la suite… →. Menu personnalisé avec Laravel. Programmation Orientée Objet – Les Classes Abstraites. Nous pénétrons désormais dans le m...
Welcome to the Serge Normant blog
Welcome to the Serge Normant blog. Renowned Hairstylist and Creator of The Serge Normant Haircare Line. Screen Style: Movies & Hair:. April 8, 2013. Weʼve all seen it happen: The right leading lady lands the right film role, the world watches with rapt attention and, just like that, her style becomes iconic. In these instances, are we falling for the look of the character or the actress? I think probably a blend of the two. Felliniʼs La Dolca Vita is another classic that impacted me. Years ago, I got...
Music. Education. Creativity.
@sergeybelove - blog about web security
Pritunl – changing self-signed SSL certificate to Lets Encrypt. Imagine that you already have some valid SSL certificate (e.g. from Lets Encrypt with auto-renew, check https:/ www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-14-04. And want to use it for your Pritun’s web panel. Just open main app.py file. Mcedit /usr/lib/pritunl/lib/python2.7/site-packages/pritunl/app.py. Find next strings (lines number 146-149). And replace them (or just comment with #) with.
Блог Сергея Илларионова
Супер-аксессуары для прогрессивных праздников. Прогресс не стоит на месте и сегодня, к счастью для ведущего, существует множество праздничных атрибутов и самый разнообразный реквизит. Конечно, они во многом упрощают наш труд, да и конкурсы-интерактивы с их помощью становятся более привлекательными. Сегодня мы поговорим о надувных или, как их еще называют, аэрокостюмах. Читать далее →. Вредные советы для тех, кто мечтает испортить свою свадьбу. Читать далее →. Читать далее →. Читать далее →. О взаимоотнош...
Photographer Sergey Matisen » live photography
Обучение фотографии в Таллине. Picture of the day. Unofficial Guide To Tallinn. And welcome to my newly rebuild blog. I`m trying to fill it now with information you may be looking for. First a wall. Follow us at Facebook to get updates. Приветствую вас в своем новом блоге. Пока я спешу наполнить его нужной информацией и не всё еще работает так как должно, приглашаю вас на нашу страницу в фейсбуке, где появляются все обновления. Toomas Hendrik Ilves And Evelin Ilves, Song Grounds, 2014. 6 июня 2015 года в...
Sergey Mohov | Blog
Unreal 4 UMG Vertical Scroll and Word Wrap for Monospaced Fonts. May 17th, 2015. This article assumes that you’re already familiar with UE4’s UMGs and its elements such as Multi Line Editable Text Box. If not, please consult the official documentation. Unreal Engine version used: 4.8 Preview 2 for Mac OS. In any text field). Neither of these will find anything:. So yeah, I had to circumvent the native word wrap system and implement a greedy algorithm. Pseudocode shamelessly stolen from Wikipedia:. Since ...
Sergey Stadnik's Blog › Log In
Sergey Stadnik's Blog. Larr; Back to Sergey Stadnik's Blog.
Sergey's blog
My musings and ponderings about devops and technology. Currently v0.0.2. I was fortunate to attend my first DevOpsDays conference in Ghent, Belgium this year. 2014 marks the fifth anniversary of devops, but, in case this is not special enough, Ghent is the place, where the conference started in 2009. So returning there for the 5 year anniversary makes total sense! Wasnt the first one on stage, but she definitely got the room listening. I didnt know about Bridget before the conference and wasnt sure, ...
SOCIAL ENGAGEMENT