x86_64 TCP bind shellcode with basic authentication on Linux with 136 bytes explained
http://ift.tt/2zxHAy4
Submitted November 10, 2017 at 05:34PM by 0x4ndr3
via reddit http://ift.tt/2zwwc7x
http://ift.tt/2zxHAy4
Submitted November 10, 2017 at 05:34PM by 0x4ndr3
via reddit http://ift.tt/2zwwc7x
Pentester's life
x86_64 TCP bind shellcode with basic authentication on Linux systems
The objective here is to create a tcp_bind_shell using Assembly x64, which will ask for a passcode, and have no null bytes in it.
arlo sign in
Arlo.netgear.com is the default web address that is used to manage the login access for arlo advance camera. Just like all other networking devices , Arlo camera itself doesn’t with any kind of user interface that means you will need a smart device for accessing the configuration for your arlo camera.http://ift.tt/2zMbRw6
Submitted November 10, 2017 at 05:35PM by miarobberts
via reddit http://ift.tt/2zvhrSB
Arlo.netgear.com is the default web address that is used to manage the login access for arlo advance camera. Just like all other networking devices , Arlo camera itself doesn’t with any kind of user interface that means you will need a smart device for accessing the configuration for your arlo camera.http://ift.tt/2zMbRw6
Submitted November 10, 2017 at 05:35PM by miarobberts
via reddit http://ift.tt/2zvhrSB
Arlo
Arlo.netgear.com - Arlo
Arlo.netgear.com is the default web address that is used to manage the login access for Arlo advance camera. Just like all other networking devices, Arlo camera itself doesn’t with any kind of user interface that means, you will need a smart device for accessing…
MineSweepR - detecting embedded cryptocurrency miners using PhantomJS and CPU monitoring
http://ift.tt/2yqgszL
Submitted November 10, 2017 at 06:36PM by alexshatberg
via reddit http://ift.tt/2zsOMhq
http://ift.tt/2yqgszL
Submitted November 10, 2017 at 06:36PM by alexshatberg
via reddit http://ift.tt/2zsOMhq
GitHub
wrinkl3/MineSweepR
MineSweepR - Detect embedded cryptocurrency miners based on CPU usage
Cisco ASA series part eight: Exploiting the CVE-2016-1287 heap overflow over IKEv1
http://ift.tt/2zypN9M
Submitted November 10, 2017 at 06:17PM by digicat
via reddit http://ift.tt/2mbmVwO
http://ift.tt/2zypN9M
Submitted November 10, 2017 at 06:17PM by digicat
via reddit http://ift.tt/2mbmVwO
reddit
Cisco ASA series part eight: Exploiting the... • r/netsec
1 points and 0 comments so far on reddit
Security In 5: Episode 109 - Tools, Tips and Tricks - DuckDuckGo
http://ift.tt/2Azwp7U
Submitted November 10, 2017 at 07:43PM by BinaryBlog
via reddit http://ift.tt/2yq0ci6
http://ift.tt/2Azwp7U
Submitted November 10, 2017 at 07:43PM by BinaryBlog
via reddit http://ift.tt/2yq0ci6
Libsyn
Security In Five Podcast: Episode 109 - Tools, Tips and Tricks - DuckDuckGo
This week's TTT episode talks about the search engine DuckDuckGo. If you want to search without being tracked, recorded and followed then you should use DuckDuckGo. This episode goes into the details of how other search engines work and why DuckDuckGo is…
Eavesdropper: The Mobile Vulnerability Exposing Millions of Conversations
http://ift.tt/2jeQv3p
Submitted November 10, 2017 at 08:30PM by EvanConover
via reddit http://ift.tt/2iJKTdA
http://ift.tt/2jeQv3p
Submitted November 10, 2017 at 08:30PM by EvanConover
via reddit http://ift.tt/2iJKTdA
Appthority
Eavesdropper: The Mobile Vulnerability Exposing Millions of Conversations - Appthority
Appthority has discovered a significant data exposure vulnerability we’ve named Eavesdropper that affects almost 700 apps in enterprise environments. The vulnerability is caused by including hard coded credentials in mobile applications that are using the…
#AVGater: Getting Local Admin by Abusing the Anti-Virus Quarantine
http://ift.tt/2jhYe0n
Submitted November 10, 2017 at 08:11PM by stevewatson301
via reddit http://ift.tt/2zzHWUY
http://ift.tt/2jhYe0n
Submitted November 10, 2017 at 08:11PM by stevewatson301
via reddit http://ift.tt/2zzHWUY
Linux Process Hunter
http://ift.tt/2ma4bNV
Submitted November 10, 2017 at 08:27PM by _spartak
via reddit http://ift.tt/2zsP0oA
http://ift.tt/2ma4bNV
Submitted November 10, 2017 at 08:27PM by _spartak
via reddit http://ift.tt/2zsP0oA
GitLab
nowayout / prochunter
Linux Process Hunter
How to solve the Malwarebytes CrackMe: a step-by-step tutorial
http://ift.tt/2hZK8NZ
Submitted November 10, 2017 at 08:39PM by EvanConover
via reddit http://ift.tt/2zKVek9
http://ift.tt/2hZK8NZ
Submitted November 10, 2017 at 08:39PM by EvanConover
via reddit http://ift.tt/2zKVek9
Malwarebytes Labs
How to solve the Malwarebytes CrackMe: a step-by-step tutorial
One of our analysts created a Malwarebytes CrackMe—an exercise in malware analysis—that was released to Twitter and triggered a positive response.
Reverse Engineering and Exploiting a Smart Massager
http://ift.tt/2hkrakq
Submitted November 10, 2017 at 09:41PM by rwestergren
via reddit http://ift.tt/2zvuzHM
http://ift.tt/2hkrakq
Submitted November 10, 2017 at 09:41PM by rwestergren
via reddit http://ift.tt/2zvuzHM
Medium
How I Reverse Engineered and Exploited a Smart Massager
Hello people, I am writing a blog post after a long time.
Bypassing Server-Side Request Forgery filters by abusing a bug in Ruby's native resolver.
http://ift.tt/2hhlk3c
Submitted November 10, 2017 at 11:41PM by teknogeek1
via reddit http://ift.tt/2zyYJHN
http://ift.tt/2hhlk3c
Submitted November 10, 2017 at 11:41PM by teknogeek1
via reddit http://ift.tt/2zyYJHN
EdOverflow
Bypassing Server-Side Request Forgery filters by abusing a bug in Ruby's native resolver.
I discovered a bug in Resolv::getaddresses that has direct security implications on any Ruby-based application or gem that relies on it for anything security related.
Using Roles for Access Control is not Role-Based Access Control
http://ift.tt/2mdpMoX
Submitted November 11, 2017 at 01:09AM by shawnmckinney
via reddit http://ift.tt/2yP1dEv
http://ift.tt/2mdpMoX
Submitted November 11, 2017 at 01:09AM by shawnmckinney
via reddit http://ift.tt/2yP1dEv
iamfortress
Using Roles for Access Control is not RBAC
I hear this kind of statement all the time: ‘We use Roles/Groups for access control in our systems and applications so we’re RBAC’. My response is an emphatic: ‘No –…
20 Percent of Mobile Cryptocurrency Malware Attacks Are In the US
http://ift.tt/2Az2oFB
Submitted November 11, 2017 at 12:16AM by SecurityTrust
via reddit http://ift.tt/2ypogBB
http://ift.tt/2Az2oFB
Submitted November 11, 2017 at 12:16AM by SecurityTrust
via reddit http://ift.tt/2ypogBB
Motherboard
20 Percent of Mobile Cryptocurrency Malware Attacks Are In the US
And infection rates could rise.
RunPE: How to hide code behind a legit process
http://ift.tt/2zAetKC
Submitted November 11, 2017 at 01:59AM by maxxori
via reddit http://ift.tt/2yPapbZ
http://ift.tt/2zAetKC
Submitted November 11, 2017 at 01:59AM by maxxori
via reddit http://ift.tt/2yPapbZ
Adlice Software
RunPE: How to hide code behind a legit process - Adlice Software
RunPE: How to hide code behind a legit process - RunPE is a trick used by some malware to hide code into a legit process. Learn how to detect.
How to represent nested and modified hash algorithms, used on Hashes.org
http://ift.tt/2ABF2iE
Submitted November 11, 2017 at 03:48AM by s3inlc
via reddit http://ift.tt/2zu9uNO
http://ift.tt/2ABF2iE
Submitted November 11, 2017 at 03:48AM by s3inlc
via reddit http://ift.tt/2zu9uNO
Wordpress
Algorithms on Hashes.org
With all the abilities Hashes.org provides to generate hash algorithms, there are unlimited ways of making things go smoothly or horribly wrong. For this reason, I will list some general examples …
200+ sessions over the last year reffered from a mysterious site
Over the last year, i've gotten 240+ sessions originating from http://ift.tt/2AAiGxK. Most of them are from Russia. Is it just crawlers, or should i actually look further into this?... and why in the world does the site say "Happy New Year" with fancy christmas animations and an odd painting of Santa Claus?
Submitted November 11, 2017 at 06:09AM by Dellitsni
via reddit http://ift.tt/2yr89U8
Over the last year, i've gotten 240+ sessions originating from http://ift.tt/2AAiGxK. Most of them are from Russia. Is it just crawlers, or should i actually look further into this?... and why in the world does the site say "Happy New Year" with fancy christmas animations and an odd painting of Santa Claus?
Submitted November 11, 2017 at 06:09AM by Dellitsni
via reddit http://ift.tt/2yr89U8
reddit
200+ sessions over the last year reffered from a... • r/security
Over the last year, i've gotten 240+ sessions originating from...
WP-SpamShield Removed from WordPress.org Directory Without Cause
http://ift.tt/2AASlzy
Submitted November 11, 2017 at 02:54AM by campuscodi
via reddit http://ift.tt/2yr8aYc
http://ift.tt/2AASlzy
Submitted November 11, 2017 at 02:54AM by campuscodi
via reddit http://ift.tt/2yr8aYc
RED SAND // BLOG
WP-SpamShield Removed from WordPress.org Directory Without Cause
A message from Scott: Hi everyone, Even though we abide by all of the published guidelines for developers, and the plugin has no security issues, the WP-SpamShield plugin was removed from the WordPress.org directory today. We were blindsided by the WordPress.org…
A penetration tester’s guide to sub-domain enumeration
http://ift.tt/2z55SOe
Submitted November 11, 2017 at 12:19PM by diaanasxsw
via reddit http://ift.tt/2hlCzQM
http://ift.tt/2z55SOe
Submitted November 11, 2017 at 12:19PM by diaanasxsw
via reddit http://ift.tt/2hlCzQM
Appsecco
A penetration tester’s guide to sub-domain enumeration
As a penetration tester or a bug bounty hunter, most of the times you are given a single domain or a set of domains when you start a…
Convert Hex to Assembly code using simple python noscript
http://ift.tt/2me6Gz1
Submitted November 11, 2017 at 04:04PM by InformationSecurity
via reddit http://ift.tt/2zueD8v
http://ift.tt/2me6Gz1
Submitted November 11, 2017 at 04:04PM by InformationSecurity
via reddit http://ift.tt/2zueD8v
Haider Mahmood Infosec Blog
Convert Hex To Assembly Using Simple Python Script
Convert hex Shellcode to Assembly instructions using Python noscript. The Example shown is a Hex msfvenom shellcode converted to assembly instructions.
Using Gathering Information Tools Through TOR Network
http://ift.tt/2yRctQX
Submitted November 11, 2017 at 07:54PM by sectronex
via reddit http://ift.tt/2zu1s7z
http://ift.tt/2yRctQX
Submitted November 11, 2017 at 07:54PM by sectronex
via reddit http://ift.tt/2zu1s7z
vallejo.cc
Using Gathering Information Tools Through TOR Network
Previous days I have been playing with nmap and other tools to gather information, through tor network. I wanted to share my experience with it, and the configuration that I am currently using. I h…
Using Gathering Information Tools Through TOR Network
http://ift.tt/2yRctQX
Submitted November 11, 2017 at 07:55PM by sectronex
via reddit http://ift.tt/2ysDntY
http://ift.tt/2yRctQX
Submitted November 11, 2017 at 07:55PM by sectronex
via reddit http://ift.tt/2ysDntY
vallejo.cc
Using Gathering Information Tools Through TOR Network
Previous days I have been playing with nmap and other tools to gather information, through tor network. I wanted to share my experience with it, and the configuration that I am currently using. I h…