Apple Patches Critical Root Access Flaw in macOS
http://feedproxy.google.com/~r/Securityweek/~3/DXKzQxuCjUY/apple-patches-critical-root-access-flaw-macos
Apple has released a security update for macOS High Sierra in an effort to patch a critical authentication bypass vulnerability that can be easily exploited to gain root access to a system.
read more (http://www.securityweek.com/apple-patches-critical-root-access-flaw-macos)
http://feedproxy.google.com/~r/Securityweek/~3/DXKzQxuCjUY/apple-patches-critical-root-access-flaw-macos
Apple has released a security update for macOS High Sierra in an effort to patch a critical authentication bypass vulnerability that can be easily exploited to gain root access to a system.
read more (http://www.securityweek.com/apple-patches-critical-root-access-flaw-macos)
Securityweek
Apple Patches Critical Root Access Flaw in macOS | SecurityWeek.Com
Apple rushes to patch critical macOS High Sierra vulnerability that can be exploited to gain root access to a system
libcurl contains a read out of bounds flaw in the FTP wildcard function.
Docs Vulnerability : https://curl.haxx.se/docs/adv_2017-ae72.html
Patched : https://curl.haxx.se/CVE-2017-8817.patch
Docs Vulnerability : https://curl.haxx.se/docs/adv_2017-ae72.html
Patched : https://curl.haxx.se/CVE-2017-8817.patch
Canadian hacker behind 500M Yahoo hack reveals Russian connection
https://www.hackread.com/canadian-hacker-behind-500m-yahoo-hack-reveals-russian-connection%e2%80%8b/
https://www.hackread.com/canadian-hacker-behind-500m-yahoo-hack-reveals-russian-connection%e2%80%8b/
Hackread - Latest Cybersecurity, Tech, Crypto & Hacking News
Canadian hacker behind 500M Yahoo hack reveals Russian connection
In 2014, Yahoo announced that it had suffered a massive data breach in which 500 million user accounts containing emails and passwords were stolen. The
NTLM Relaying Attack in 2017
1 - You get NT hash with Mimikatz [https://github.com/gentilkiwi/mimikatz]
2 - You get Net-NTLM in modern windows environments with Responder [https://github.com/lgandx/Responder] or Inveigh [https://github.com/Kevin-Robertson/Inveigh].
[*] This article is going to be talking about what you can do with Net-NTLM in modern windows environments.
https://byt3bl33d3r.github.io/practical-guide-to-ntlm-relaying-in-2017-aka-getting-a-foothold-in-under-5-minutes.html
Video : https://www.youtube.com/embed/f9oMVoc2Umc
1 - You get NT hash with Mimikatz [https://github.com/gentilkiwi/mimikatz]
2 - You get Net-NTLM in modern windows environments with Responder [https://github.com/lgandx/Responder] or Inveigh [https://github.com/Kevin-Robertson/Inveigh].
[*] This article is going to be talking about what you can do with Net-NTLM in modern windows environments.
https://byt3bl33d3r.github.io/practical-guide-to-ntlm-relaying-in-2017-aka-getting-a-foothold-in-under-5-minutes.html
Video : https://www.youtube.com/embed/f9oMVoc2Umc
GitHub
GitHub - gentilkiwi/mimikatz: A little tool to play with Windows security
A little tool to play with Windows security. Contribute to gentilkiwi/mimikatz development by creating an account on GitHub.
Socket Data Transfer With RSA Encryption
https://github.com/raminfp/socket_rsa_python
TODO:
- Multi-Client
- C&C
- Simple Malware for send agents
- Reverse shell
https://github.com/raminfp/socket_rsa_python
TODO:
- Multi-Client
- C&C
- Simple Malware for send agents
- Reverse shell
GitHub
GitHub - raminfp/socket_rsa_python
Contribute to raminfp/socket_rsa_python development by creating an account on GitHub.
Writing a Simple Linux Kernel Module – Sourcerer Blog
https://blog.sourcerer.io/writing-a-simple-linux-kernel-module-d9dc3762c234
https://blog.sourcerer.io/writing-a-simple-linux-kernel-module-d9dc3762c234
Medium
Writing a Simple Linux Kernel Module
Grabbing the Golden Ring-0
#Qubes_Core
Qubes OS A reasonably secure operating system ( https://www.qubes-os.org/ )
Founder : https://en.wikipedia.org/wiki/Joanna_Rutkowska
Download : https://www.qubes-os.org/downloads/
Qubes OS A reasonably secure operating system ( https://www.qubes-os.org/ )
Founder : https://en.wikipedia.org/wiki/Joanna_Rutkowska
Download : https://www.qubes-os.org/downloads/
HackerOne
#Qubes_Core Qubes OS A reasonably secure operating system ( https://www.qubes-os.org/ ) Founder : https://en.wikipedia.org/wiki/Joanna_Rutkowska Download : https://www.qubes-os.org/downloads/
Qubes OS is a project, Qubes support Linux multi-process applications. Comparable to virtual machines, (eg : Graphene runs applications in an isolated environment (QVM)),
We can see "Graphene Library OS" [https://github.com/oscarlab/graphene] can support running Linux applications with the latest Intel SGX (Software Guard Extension) in secure hardware and diffrent memory regions,
We have different application environment with multi-tasking in the virtual machines in user-space with Qubes OS,
We can see "Graphene Library OS" [https://github.com/oscarlab/graphene] can support running Linux applications with the latest Intel SGX (Software Guard Extension) in secure hardware and diffrent memory regions,
We have different application environment with multi-tasking in the virtual machines in user-space with Qubes OS,
GitHub
GitHub - oscarlab/graphene: Graphene / Graphene-SGX - a library OS for Linux multi-process applications, with Intel SGX support
Graphene / Graphene-SGX - a library OS for Linux multi-process applications, with Intel SGX support - GitHub - oscarlab/graphene: Graphene / Graphene-SGX - a library OS for Linux multi-process appl...
XXE inside a SOAP node:
<soap:Body><foo><![CDATA[<!DOCTYPE doc [<!ENTITY % dtd SYSTEM "http://0x0:22/"> %dtd;]><xxx/>]]></foo></soap:Body>
<soap:Body><foo><![CDATA[<!DOCTYPE doc [<!ENTITY % dtd SYSTEM "http://0x0:22/"> %dtd;]><xxx/>]]></foo></soap:Body>