dwisiswant0/proxylogscan - A fast tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin (CVE-2021-26855) / ProxyLogon.
https://ift.tt/3cgBplO
https://ift.tt/3cgBplO
Browser exploit via side channel attack: Researchers have discovered a new side-channel that they say can be reliably exploited to leak information from web browsers that could then be leveraged to track users even when JavaScript is completely disabled.
"This is a side-channel attack which doesn't require any JavaScript to run," the researchers said. "This means noscript blockers cannot stop it. The attacks work even if you strip out all of the fun parts of the web browsing experience. This makes it very difficult to prevent without modifying deep parts of the operating system."
https://arxiv.org/abs/2103.04952
https://thehackernews.com/2021/03/new-browser-attack-allows-tracking.html
"This is a side-channel attack which doesn't require any JavaScript to run," the researchers said. "This means noscript blockers cannot stop it. The attacks work even if you strip out all of the fun parts of the web browsing experience. This makes it very difficult to prevent without modifying deep parts of the operating system."
https://arxiv.org/abs/2103.04952
https://thehackernews.com/2021/03/new-browser-attack-allows-tracking.html
Microsoft's GitHub under fire after disappearing proof-of-concept exploit for critical Microsoft Exchange vuln.
On Wednesday, shortly after security researcher Nguyen Jang posted a proof-of-concept exploit on GitHub that abuses a Microsoft Exchange vulnerability revealed earlier this month, GitHub, which is owned by Microsoft, removed code, to the alarm of security researchers.
On Wednesday, shortly after security researcher Nguyen Jang posted a proof-of-concept exploit on GitHub that abuses a Microsoft Exchange vulnerability revealed earlier this month, GitHub, which is owned by Microsoft, removed code, to the alarm of security researchers.
Google has released proof-of-concept code for conducting a Spectre-based attack against its Chrome browser to show how web developers can take steps to mitigate browser-based side-channel attacks.
Exploit Code repo: https://github.com/google/security-research-pocs/tree/master/spectre.js
https://www.theregister.com/2021/03/12/google_spectre_code/
Exploit Code repo: https://github.com/google/security-research-pocs/tree/master/spectre.js
https://www.theregister.com/2021/03/12/google_spectre_code/
GitHub
security-research-pocs/spectre.js at master · google/security-research-pocs
Proof-of-concept codes created as part of security research done by Google Security Team. - google/security-research-pocs
Forwarded from P0SCon
DDOS Attack in Real" by Amir Kiani, LIVE NOW.
You can join live Q&A after presentation at 16:45 PM IRST ( 13:15 PM GMT ) we have live Q&A with presenters on Discord server.
https://www.youtube.com/watch?v=Lwwdhkm6qBI&list=PLWCWUHzTw-g-42Fxr5X1cOZQiar5APpI4&index=14
You can join live Q&A after presentation at 16:45 PM IRST ( 13:15 PM GMT ) we have live Q&A with presenters on Discord server.
https://www.youtube.com/watch?v=Lwwdhkm6qBI&list=PLWCWUHzTw-g-42Fxr5X1cOZQiar5APpI4&index=14
YouTube
DDOS: Big Damage, Low Price, Hard To Defend By Amir Kiani in P0SCon2021
Forwarded from Security Analysis
Crimson is a tool that automates some of the Pentester or Bug Bounty Hunter tasks. It uses many open source tools, most of them are available for download from github.
https://github.com/Karmaz95/crimson
#tools #recon #bugbounty
@securation
https://github.com/Karmaz95/crimson
#tools #recon #bugbounty
@securation
GitHub
GitHub - Karmaz95/crimson: Web Application Security Testing Tools
Web Application Security Testing Tools. Contribute to Karmaz95/crimson development by creating an account on GitHub.
Watch "Hacking into Google's Network for $133,337" on YouTube
https://youtu.be/g-JgA1hvJzA
https://youtu.be/g-JgA1hvJzA
YouTube
Hacking into Google's Network for $133,337
In this video we hear the story how Ezequiel Pereira found a critical vulnerability in Google Cloud and was awarded $164,674 in total. This is a crazy bug, because it requires so much knowledge about Google internals. We will learn about Google's Global Software…