A Collision Too-Perfect - Cheeky executables, both MD5 and SHA1 hashes are equal , different run output [CHALLENGE WRITEUP]
http://ift.tt/2tuXd4J
Submitted August 03, 2017 at 05:20PM by dalmoz
via reddit http://ift.tt/2un5U1i
http://ift.tt/2tuXd4J
Submitted August 03, 2017 at 05:20PM by dalmoz
via reddit http://ift.tt/2un5U1i
Hacker Noon
A Collision Too-Perfect
Cheeky executables, both MD5 and SHA1 hashes are equal , different run output (“Eat more hashes” Challenge Write-Up)
Toolkit for capturing MFA logons
http://ift.tt/2vw40jQ
Submitted August 03, 2017 at 05:15PM by disclosure5
via reddit http://ift.tt/2u6OL0I
http://ift.tt/2vw40jQ
Submitted August 03, 2017 at 05:15PM by disclosure5
via reddit http://ift.tt/2u6OL0I
GitHub
technion/3652fa
3652fa - Office 365 MFA capture toolkit
Write-Up: DEFCON 25 Recon Village OSINT CTF
http://ift.tt/2v2Pzkl
Submitted August 03, 2017 at 10:21PM by himanshudas
via reddit http://ift.tt/2waUBeD
http://ift.tt/2v2Pzkl
Submitted August 03, 2017 at 10:21PM by himanshudas
via reddit http://ift.tt/2waUBeD
www.digitalsecurity.fr
Write-Up: DEFCON 25 Recon Village OSINT CTF | Digital Security
This blogpost is a write-up of some online challenges we managed to solve during the DEFCON 25 Recon Village OSINT CTF.
Researcher Who Stopped WannaCry Ransomware Detained in US After DefCon [MalwareTech]
http://ift.tt/2vtds79
Submitted August 03, 2017 at 10:03PM by setcursorpos
via reddit http://ift.tt/2v2PEEE
http://ift.tt/2vtds79
Submitted August 03, 2017 at 10:03PM by setcursorpos
via reddit http://ift.tt/2v2PEEE
Motherboard
Researcher Who Stopped WannaCry Ransomware Detained in US After Def Con
Marcus Hutchins, AKA MalwareTech, previously registered a specific domain included in the ransomware’s code, which stopped the malware from spreading.
Researcher Who Stopped WannaCry Ransomware Detained in US After Def Con
http://ift.tt/2wpdRVc
Submitted August 03, 2017 at 11:00PM by n3versleeps
via reddit http://ift.tt/2vwGfIF
http://ift.tt/2wpdRVc
Submitted August 03, 2017 at 11:00PM by n3versleeps
via reddit http://ift.tt/2vwGfIF
Motherboard
Researcher Who Stopped WannaCry Ransomware Detained in US After Def Con
Marcus Hutchins, AKA MalwareTech, previously registered a specific domain included in the ransomware’s code, which stopped the malware from spreading.
Pythonizing the VMware Backdoor - ZDI researchers describe the VMware Backdoor RPC interface and how to write tools to analyze it.
http://ift.tt/2v0r49g
Submitted August 03, 2017 at 10:05PM by RedmondSecGnome
via reddit http://ift.tt/2hrT80p
http://ift.tt/2v0r49g
Submitted August 03, 2017 at 10:05PM by RedmondSecGnome
via reddit http://ift.tt/2hrT80p
Zero Day Initiative
Pythonizing the VMware Backdoor
In my previous VMware blog, I detailed how to exploit a Use-After-Free
vulnerability that affected drag-and-drop functionality and triggered
through the Backdoor RPC interface. After reading it, one of my ZDI
colleagues, Vincent Lee, asked me to add…
vulnerability that affected drag-and-drop functionality and triggered
through the Backdoor RPC interface. After reading it, one of my ZDI
colleagues, Vincent Lee, asked me to add…
CheckPlease: Implant-Security Modules in PowerShell, Python, Go, Ruby, Perl, C, and C#
http://ift.tt/2sCKEV8
Submitted August 04, 2017 at 06:06AM by arvanaghi
via reddit http://ift.tt/2hsUjfU
http://ift.tt/2sCKEV8
Submitted August 04, 2017 at 06:06AM by arvanaghi
via reddit http://ift.tt/2hsUjfU
GitHub
Arvanaghi/CheckPlease
CheckPlease - Payload-Agnostic Implant Security
Nessus Compliance Generator - Simple GUI for creating and editing nessus compliance files.
http://ift.tt/2u8Wlry
Submitted August 04, 2017 at 06:10AM by trustdarkness
via reddit http://ift.tt/2vuUiNY
http://ift.tt/2u8Wlry
Submitted August 04, 2017 at 06:10AM by trustdarkness
via reddit http://ift.tt/2vuUiNY
Cyber Operations, Analysis, and Research
Nessus Compliance Generator
Today we’re releasing a tool called Nessus Compliance Generator as open source under the BSD License. The full code can be found on the Argonne National Laboratory github. Nessus has many options to check for audit and compliance issues on
A generic unpacker for Android malware (as presented at DEF CON 25)
http://ift.tt/2fdFcGM
Submitted August 04, 2017 at 01:09PM by ynvb
via reddit http://ift.tt/2uqaA6R
http://ift.tt/2fdFcGM
Submitted August 04, 2017 at 01:09PM by ynvb
via reddit http://ift.tt/2uqaA6R
GitHub
CheckPointSW/android_unpacker
android_unpacker - A (hopefully) generic unpacker for packed Android apps.
A Python Package for Creating Backdoors - Coverutils
http://ift.tt/2vyJUpb
Submitted August 04, 2017 at 02:15PM by Evil1337
via reddit http://ift.tt/2v4DjzX
http://ift.tt/2vyJUpb
Submitted August 04, 2017 at 02:15PM by Evil1337
via reddit http://ift.tt/2v4DjzX
0x00sec - The Home of the Hacker
A Python Package for creating backdoors!
Hey, guys (and gals)! Long time no see. I 've been working hard on several projects and stuff lately so I was just an observer all that time. Observing this page and several projects starting on github, I was really impressed with how many backdoor projects…
Introducing ANGRYPUPPY
http://ift.tt/2vzbRgF
Submitted August 04, 2017 at 03:36PM by mdsec
via reddit http://ift.tt/2uqM59s
http://ift.tt/2vzbRgF
Submitted August 04, 2017 at 03:36PM by mdsec
via reddit http://ift.tt/2uqM59s
www.mdsec.co.uk
Introducing ANGRYPUPPY – MDSec
Automating lateral movement with ANGRYPUPPY
Using Hover to Compromise the Confidentiality of User Input on Android
http://ift.tt/2vyMDiB
Submitted August 04, 2017 at 04:43PM by lyinch
via reddit http://ift.tt/2wrBmwJ
http://ift.tt/2vyMDiB
Submitted August 04, 2017 at 04:43PM by lyinch
via reddit http://ift.tt/2wrBmwJ
How to get a Super Stelfy Shell (that AV doesn't pick up) - Tutorials - 0x00sec
http://ift.tt/2vw1c5B
Submitted August 04, 2017 at 05:51PM by maxxori
via reddit http://ift.tt/2vzbJ0M
http://ift.tt/2vw1c5B
Submitted August 04, 2017 at 05:51PM by maxxori
via reddit http://ift.tt/2vzbJ0M
0x00sec - The Home of the Hacker
How to get a Super Stelfy Shell (that AV doesn't pick up)
Getting Stealthy with Stelf Hello 0x00'ers! In this tutorial, I am going to be giving away some content that has been sought after for a long time. Everybody knows that most prebuilt tools such as Metasploit don't work, payloads generated by them, or…
Steganography in contemporary cyberattacks
http://ift.tt/2hqFn1O
Submitted August 04, 2017 at 04:12AM by stevewatson301
via reddit http://ift.tt/2v3m9UL
http://ift.tt/2hqFn1O
Submitted August 04, 2017 at 04:12AM by stevewatson301
via reddit http://ift.tt/2v3m9UL
Securelist
Steganography in contemporary cyberattacks
Today, a dangerous new trend is emerging: steganography is increasingly being used by actors creating malware and cyber-espionage tools. Most modern anti-malware solutions provide little, if any, protection from steganography, while any carrier in which a…
Turning XSS into RCE in all Electron-based apps (Slack, Atom, Visual Studio Code, WordPress Desktop, Basecamp3, Mattermost, ..)
http://ift.tt/2vAp7l8
Submitted August 04, 2017 at 10:42PM by nibblesec
via reddit http://ift.tt/2wsFXyI
http://ift.tt/2vAp7l8
Submitted August 04, 2017 at 10:42PM by nibblesec
via reddit http://ift.tt/2wsFXyI
Doyensec
Modern Alchemy: Turning XSS into RCE · Doyensec's Blog
Doyensec's Blog :: Doyensec is an independent security research and development company focused on vulnerability discovery and remediation.
A zebra in sheep’s clothing: How a Microsoft icon-display bug in Windows allows attackers to masquerade PE files with special icons
http://ift.tt/2uoQ46f
Submitted August 04, 2017 at 09:40PM by another_philip
via reddit http://ift.tt/2vzPVC9
http://ift.tt/2uoQ46f
Submitted August 04, 2017 at 09:40PM by another_philip
via reddit http://ift.tt/2vzPVC9
Keybase Browser Extension Insecure
http://ift.tt/2v6sAX8
Submitted August 05, 2017 at 04:41PM by mickeyc
via reddit http://ift.tt/2fh8RPh
http://ift.tt/2v6sAX8
Submitted August 05, 2017 at 04:41PM by mickeyc
via reddit http://ift.tt/2fh8RPh
reddit
Keybase Browser Extension Insecure • r/netsec
3 points and 0 comments so far on reddit
Automobile Hacking, Part 1: The CAN Protocol | hackers-arise
http://ift.tt/2vy7mCd
Submitted August 05, 2017 at 07:51PM by maxxori
via reddit http://ift.tt/2hxrP4H
http://ift.tt/2vy7mCd
Submitted August 05, 2017 at 07:51PM by maxxori
via reddit http://ift.tt/2hxrP4H
hackers-arise
Automobile Hacking, Part 1: The CAN Protocol | hackers-arise
Automobile hacking is one of the leading edge areas of our hacking discipline. As our automobiles have become smarter and smarter, they include more and more el...
setattrlist() iOS Kernel Vulnerability Explained
http://ift.tt/2wsaJIf
Submitted August 05, 2017 at 08:53PM by maxxori
via reddit http://ift.tt/2wheS2g
http://ift.tt/2wsaJIf
Submitted August 05, 2017 at 08:53PM by maxxori
via reddit http://ift.tt/2wheS2g
reddit
setattrlist() iOS Kernel Vulnerability Explained • r/netsec
1 points and 2 comments so far on reddit
Java Deserialization Exploit Resulting RCE on Thick Client Application
http://ift.tt/2ue5yyM
Submitted August 05, 2017 at 11:00PM by sandeep1337
via reddit http://ift.tt/2ubZNxw
http://ift.tt/2ue5yyM
Submitted August 05, 2017 at 11:00PM by sandeep1337
via reddit http://ift.tt/2ubZNxw
SecureLayer7
JavaDeserialization Exploit Resulting RCE on Thick Client Penetration Testing
Rebooting Public Sector Cybersecurity
http://ift.tt/2fayjG3
Submitted August 06, 2017 at 02:03AM by Synesthesia108
via reddit http://ift.tt/2firCll
http://ift.tt/2fayjG3
Submitted August 06, 2017 at 02:03AM by Synesthesia108
via reddit http://ift.tt/2firCll
Accenture
Rebooting Public Sector Cybersecurity | Accenture
Read Accenture's report about how US government agencies are confident in their overall cybersecurity strategies.