big-list-of-naughty-strings
ms-teams-rce
Our great sponsors
| big-list-of-naughty-strings | ms-teams-rce | |
|---|---|---|
| 41 | 4 | |
| 45,851 | 1,110 | |
| - | - | |
| 0.0 | 4.5 | |
| 10 days ago | over 3 years ago | |
| Python | ||
| MIT License | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
big-list-of-naughty-strings
- What's that touchscreen in my room?
-
Horrib
Related: https://github.com/minimaxir/big-list-of-naughty-strings
The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.
- The Big List of Naughty Strings
-
Super sorry to the guy with the username reset on GitHub
Sounds like we need to use the Big List Of Naughty Strings to weed out troublesome usernames...
https://github.com/minimaxir/big-list-of-naughty-strings
- API Security Testing
-
Discussion Thread
oh boy oh boy https://github.com/minimaxir/big-list-of-naughty-strings
-
100+ Must Know Github Repositories For Any Programmer
2. Big List of Naughty Strings
- A Summary of Fuzzing Tools and Dictionaries For Bug Bounty Hunters
- Damned dirty input
ms-teams-rce
-
Zoom vs MS Teams for Security
Just adding this here for people who think Teams is secure: https://github.com/oskarsve/ms-teams-rce
-
Schluss mit Microsoft und Co: Dortmund beschließt Wechsel zu Open Source
So als Beispiel https://github.com/oskarsve/ms-teams-rce
-
Can’t login to iCloud with “true” as the last name
> They tend to react with "either you can show us that this is a real danger or we'll ignore it".
This is a bit of a Catch-22 situation, as I get the feeling that proving the danger would often involve doing things that bounty programs specifically forbid, such as "Moving beyond “proof of concept” repro steps"[0]. That may be part of the reason why Microsoft got away with such a stingy response to the RCE vulnerability found in Teams by Oskars Vegeris.[1]
[0] https://www.microsoft.com/en-us/msrc/bounty-online-services?...
[1] https://github.com/oskarsve/ms-teams-rce/blob/main/README.md
-
Firefox not planning on supporting PWA
There's another angle to this that was discussed on the Risky Business[0] podcast a while back, namely the security angle. As the recent Microsoft Team's vulnerability[1] illustrated, with many Electron apps any XSS vulnerability turns into RCE. Personally I am moving away from Slack, Discord, and other electron apps like them. The browser sandbox ensures that XSS is "only" XSS and doesn't turn into RCE as well.
0: https://www.risky.biz/
1: https://github.com/oskarsve/ms-teams-rce
What are some alternatives?
SecLists - SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
docker-jitsi-meet - Jitsi Meet on Docker
CheatSheetSeries - The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
lots - Letterhead, template, form, autotext, mail merge,... extension for LibreOffice
eslint-plugin-no-unsanitized - Custom ESLint rule to disallows unsafe innerHTML, outerHTML, insertAdjacentHTML and alike
webapp-manager
javascript-questions - A long list of (advanced) JavaScript questions, and their explanations :sparkles:
content - The content behind MDN Web Docs
33-js-concepts - 📜 33 JavaScript concepts every developer should know.
WSL - Issues found on WSL
freeCodeCamp - freeCodeCamp.org's open-source codebase and curriculum. Learn to code for free.
awesome-cheatsheets - 👩💻👨💻 Awesome cheatsheets for popular programming languages, frameworks and development tools. They include everything you should know in one single file.