https://research.checkpoint.com/black-hat-2019-whatsapp-protocol-decryption-for-chat-manipulation-and-more/
https://github.com/romanzaikin/BurpExtension-WhatsApp-Decryption-CheckPoint
https://github.com/romanzaikin/BurpExtension-WhatsApp-Decryption-CheckPoint
Check Point Research
Black Hat 2019 – WhatsApp Protocol Decryption for Chat Manipulation and More - Check Point Research
Research By: Dikla Barda, Roman Zaikin and Oded Vanunu According to sources, WhatsApp, the Facebook-owned messaging application has over 1.5 billion users in over 180 countries. The average user checks WhatsApp more than 23 times per day. And, the number…
https://medium.com/@valeriyshevchenko/jenkins-rce-poc-or-simple-pre-auth-remote-code-execution-on-the-server-d18b868a77cb
#BugBounty
#writeup
#BugBounty
#writeup
Medium
Jenkins RCE PoC or simple pre-auth remote code execution on the Server.
Once upon a time, a friend of mine asked me a question — "Do you know any fresh RCE for the Jenkins environment ?". I was informed already…
Instagram Added to Facebook Data-Abuse Bounty Program
Social media giant also launches invitation-only bug bounty program for 'Checkout on Instagram'.
Instagram users aware of a third-party application developer misusing their personal data can now report the activity to the company and potentially earn a reward for it.
Facebook, which owns Instagram, on Monday expanded its Data Abuse Bounty program to Instagram in a continuing effort to crack down on application developers and other third parties that are misusing user data on the company's social media platforms.
https://www.darkreading.com/vulnerabilities---threats/instagram-added-to-facebook-data-abuse-bounty-program/d/d-id/1335569
Social media giant also launches invitation-only bug bounty program for 'Checkout on Instagram'.
Instagram users aware of a third-party application developer misusing their personal data can now report the activity to the company and potentially earn a reward for it.
Facebook, which owns Instagram, on Monday expanded its Data Abuse Bounty program to Instagram in a continuing effort to crack down on application developers and other third parties that are misusing user data on the company's social media platforms.
https://www.darkreading.com/vulnerabilities---threats/instagram-added-to-facebook-data-abuse-bounty-program/d/d-id/1335569
Dark Reading
Instagram Added to Facebook Data-Abuse Bounty Program
Social media giant also launches invitation-only bug bounty program for 'Checkout on Instagram'.
Exfiltration through FTP using OOB XXE
Upload accepts .xlsx files --> Unzip sample .xlsx file -> add payload in workbook.xml/[Content_Types].xml after xml declaration --> DTD file send data via ftp://remote-ip/%data --> run ftp server using xxe-ftp-server.rb --> /etc/passwd
Via: https://twitter.com/_ayoubfathi_/status/1164536885244583941
Upload accepts .xlsx files --> Unzip sample .xlsx file -> add payload in workbook.xml/[Content_Types].xml after xml declaration --> DTD file send data via ftp://remote-ip/%data --> run ftp server using xxe-ftp-server.rb --> /etc/passwd
Via: https://twitter.com/_ayoubfathi_/status/1164536885244583941
GAME OVER: Detecting and Stopping an APT41 Operation
https://www.fireeye.com/blog/threat-research/2019/08/game-over-detecting-and-stopping-an-apt41-operation.html
https://www.fireeye.com/blog/threat-research/2019/08/game-over-detecting-and-stopping-an-apt41-operation.html
Google Cloud Blog
GAME OVER: Detecting and Stopping an APT41 Operation | Mandiant | Google Cloud Blog
Forwarded from P0SCon
Abstracts are received. After evaluating the abstracts and arranging travel and resistance, the details of speakers will be announced.
P0SCon2019
📆 12 Oct 2019
Register for P0SCon2019:
🇮🇷 ::Iranian Citizens::
https://evnd.co/w3uRC
🇺🇳::Non-Iranian Citizens::
Contact: p0scon@uut.ac.ir
http://poscon.ir
@P0SCon
P0SCon2019
📆 12 Oct 2019
Register for P0SCon2019:
🇮🇷 ::Iranian Citizens::
https://evnd.co/w3uRC
🇺🇳::Non-Iranian Citizens::
Contact: p0scon@uut.ac.ir
http://poscon.ir
@P0SCon
What happens if we use our brain's 100% capacity
https://twitter.com/cyanpiny/status/1175030939891712000
https://twitter.com/cyanpiny/status/1175030939891712000
How Edward Snowden Would Use A Smartphone
-Graphene OS
-all traffic through TOR
-use ad-blocker and password manager
-use Signal or Wire
-...
https://www.eva.nmccann.net/blog/snowden-smartphone
-Graphene OS
-all traffic through TOR
-use ad-blocker and password manager
-use Signal or Wire
-...
https://www.eva.nmccann.net/blog/snowden-smartphone
McCann Tech
How Edward Snowden Would Use A Smartphone — McCann Tech
How Edward Snowden would use a smartphone, if he had to.
Counter-Strike Global Offensive CVE-2019-15943
https://blog.firosolutions.com/exploits/counter-strike-go/
https://blog.firosolutions.com/exploits/counter-strike-go/
Firo Solutions
Counter-Strike Global Offensive CVE-2019-15943