A Burp Suite Automation Tool with Slack Integration
http://ift.tt/2uhtptl
Submitted August 07, 2017 at 08:36PM by netw0rm
via reddit http://ift.tt/2uiI8Z5
http://ift.tt/2uhtptl
Submitted August 07, 2017 at 08:36PM by netw0rm
via reddit http://ift.tt/2uiI8Z5
GitHub
0x4D31/burpa
burpa - A Burp Suite Automation Tool with Slack Integration
Dridex AtomBombing in Detail
http://ift.tt/2vx7fHA
Submitted August 07, 2017 at 10:08PM by maxxori
via reddit http://ift.tt/2ui0l4V
http://ift.tt/2vx7fHA
Submitted August 07, 2017 at 10:08PM by maxxori
via reddit http://ift.tt/2ui0l4V
Logdown
Dridex AtomBombing in detail « reversingminds's Blog
Dridex has evolved, and now Dridex V4 uses Atom Bombing to perform process injection.
This metho...
This metho...
A public default on Rsync exposed sensitive electrical information and inspector data.
http://ift.tt/2vf2Oi1
Submitted August 08, 2017 at 02:03AM by laurasmith909
via reddit http://ift.tt/2vfGipn
http://ift.tt/2vf2Oi1
Submitted August 08, 2017 at 02:03AM by laurasmith909
via reddit http://ift.tt/2vfGipn
Upguard
Blackout: Engineering Firm Exposes Critical Infrastructure Data
An unprotected backup at a Texas engineering firm exposes critical infrastructure data and information on sensitive clients serving the state.
We wrote an intro to AI/ML for Security Pros and aren't selling it, so here it is for free
http://ift.tt/2uBtWWv
Submitted August 08, 2017 at 10:53AM by bwall9809
via reddit http://ift.tt/2hEB4jH
http://ift.tt/2uBtWWv
Submitted August 08, 2017 at 10:53AM by bwall9809
via reddit http://ift.tt/2hEB4jH
Creating Real Looking User Accounts in AD Lab (by DarkOperator)
http://ift.tt/2vfkBHA
Submitted August 08, 2017 at 03:17PM by BaconZombie
via reddit http://ift.tt/2ulaPVv
http://ift.tt/2vfkBHA
Submitted August 08, 2017 at 03:17PM by BaconZombie
via reddit http://ift.tt/2ulaPVv
Shell is Only the Beginning
Creating Real Looking User Accounts in AD Lab
As I write my own tools for IR Hunting and Post-Expoitation I like to have
a large realistic set of AD accounts and also accounts with accentuated and
not english characters to make sure my tools will work in large
environments and also simulate multiple…
a large realistic set of AD accounts and also accounts with accentuated and
not english characters to make sure my tools will work in large
environments and also simulate multiple…
Smuggling HTA files in Internet Explorer/Edge
http://ift.tt/2ukhbQV
Submitted August 08, 2017 at 03:50PM by digicat
via reddit http://ift.tt/2vfR7cB
http://ift.tt/2ukhbQV
Submitted August 08, 2017 at 03:50PM by digicat
via reddit http://ift.tt/2vfR7cB
reddit
Smuggling HTA files in Internet Explorer/Edge • r/netsec
1 points and 0 comments so far on reddit
A New Nmap Cheat Sheet
http://ift.tt/2fq3vB5
Submitted August 08, 2017 at 06:30PM by GoldFishGenocide
via reddit http://ift.tt/2fpkVOr
http://ift.tt/2fq3vB5
Submitted August 08, 2017 at 06:30PM by GoldFishGenocide
via reddit http://ift.tt/2fpkVOr
Station X
Nmap Cheat Sheet
Target Specification Switch Example Denoscription nmap 192.168.1.1 Scan a single IP nmap 192.168.1.1 192.168.2.1 Scan specific IPs nmap 192.168.1.1-254 Scan a range nmap scanme.nmap.org Scan a domain nmap 192.168.1.0/24 Scan using CIDR notation -iL nmap -iL…
F-Secure Anti-Virus: Arbitrary Free Vulnerability via TNEF
http://ift.tt/2ulFou9
Submitted August 08, 2017 at 06:17PM by landave
via reddit http://ift.tt/2ukOcfT
http://ift.tt/2ulFou9
Submitted August 08, 2017 at 06:17PM by landave
via reddit http://ift.tt/2ukOcfT
landave's blog
F-Secure Anti-Virus: Arbitrary Free Vulnerability via TNEF
Blog about anti-virus software and its issues.
Hunting for Malicious npm Packages
http://ift.tt/2ulbS7S
Submitted August 08, 2017 at 06:04PM by jwcrux
via reddit http://ift.tt/2vAsY1q
http://ift.tt/2ulbS7S
Submitted August 08, 2017 at 06:04PM by jwcrux
via reddit http://ift.tt/2vAsY1q
The Duo Security Bulletin
Hunting Malicious npm Packages
Duo Labs analyzes npm packages and how attackers can use malicious packages to gain access to and control over systems.
Week of Evading Microsoft ATA - Day 2 - OverPTH and Golden ticket
http://ift.tt/2viwR8C
Submitted August 08, 2017 at 09:12PM by SamratAsh0k
via reddit http://ift.tt/2vgJiU1
http://ift.tt/2viwR8C
Submitted August 08, 2017 at 09:12PM by SamratAsh0k
via reddit http://ift.tt/2vgJiU1
Labofapenetrationtester
Week of Evading Microsoft ATA - Day 2
Home of Nikhil SamratAshok Mittal. Posts about Pen Testing.
Windows Exploitation Tricks: Arbitrary Directory Creation to Arbitrary File Read
http://ift.tt/2umrKak
Submitted August 08, 2017 at 10:03PM by Extremite
via reddit http://ift.tt/2umqOyu
http://ift.tt/2umrKak
Submitted August 08, 2017 at 10:03PM by Extremite
via reddit http://ift.tt/2umqOyu
googleprojectzero.blogspot.co.uk
Windows Exploitation Tricks: Arbitrary Directory Creation to Arbitrary File Read
Posted by James Forshaw, Project Zero For the past couple of months I’ve been presenting my “Introduction to Windows Logical Privilege ...
Identity and authentication are becoming synonymous in infosec and people on blockchain are breaking new ground
http://ift.tt/2fbOXoA
Submitted August 08, 2017 at 11:03PM by Ricmerrifield
via reddit http://ift.tt/2umvV5O
http://ift.tt/2fbOXoA
Submitted August 08, 2017 at 11:03PM by Ricmerrifield
via reddit http://ift.tt/2umvV5O
Ric Merrifield
Identity on the blockchain - big companies enter the conversation - Ric Merrifield
http://id2020.org With companies already spending tens of billions of dollars authenticating identities for everything from bank transactions to car rentals and peer-to-peer boat sales – off chain, it’s no surprise big companies are seeing the enormity of…
New RCE in Windows Search
http://ift.tt/2vLXOV8
Submitted August 09, 2017 at 01:41AM by mave_of_wutilation
via reddit http://ift.tt/2uDL8KW
http://ift.tt/2vLXOV8
Submitted August 09, 2017 at 01:41AM by mave_of_wutilation
via reddit http://ift.tt/2uDL8KW
Microsoft
{{windowTitle}}
Security guidance articles
Harvesting Cb Response Data Leaks for fun and profit
http://ift.tt/2vDyL6e
Submitted August 09, 2017 at 05:14PM by campuscodi
via reddit http://ift.tt/2wt7PUi
http://ift.tt/2vDyL6e
Submitted August 09, 2017 at 05:14PM by campuscodi
via reddit http://ift.tt/2wt7PUi
DirectDefense
Harvesting Cb Response Data Leaks for fun and profit | DirectDefense
Carbon Black’s Cb Response product is one of the more popular endpoint detection and response (EDR) tools available in an ever-growing marketspace. However, as a function of how the tool is architected, it is also a prolific data leaker. This threat report…
NuCypher: TLS/SSL for decentralized applications (white paper updated)
http://ift.tt/2vmQWe5
Submitted August 09, 2017 at 09:24PM by michwill
via reddit http://ift.tt/2vmR6Su
http://ift.tt/2vmQWe5
Submitted August 09, 2017 at 09:24PM by michwill
via reddit http://ift.tt/2vmR6Su
Medium
NuCypher brings privacy and security to the public blockchain
(For a deeper dive, check out our technical white paper and business primer).
How to confirm a Google user's specific email address (Bug Bounty Submission)
http://ift.tt/2wtMKcB
Submitted August 09, 2017 at 09:23PM by TomAnthony
via reddit http://ift.tt/2vmKKmh
http://ift.tt/2wtMKcB
Submitted August 09, 2017 at 09:23PM by TomAnthony
via reddit http://ift.tt/2vmKKmh
reddit
How to confirm a Google user's specific email address... • r/netsec
3 points and 0 comments so far on reddit
Week of Evading Microsoft ATA - Day 3 - Constrained Delegation, Attacks across trusts, DCSync and DNSAdmins
http://ift.tt/2vP2nhx
Submitted August 09, 2017 at 09:43PM by SamratAsh0k
via reddit http://ift.tt/2vjG2r7
http://ift.tt/2vP2nhx
Submitted August 09, 2017 at 09:43PM by SamratAsh0k
via reddit http://ift.tt/2vjG2r7
Labofapenetrationtester
Week of Evading Microsoft ATA - Day 3 - Constrained Delegation, Attacks across trusts, DCSync and DNSAdmins
Home of Nikhil SamratAshok Mittal. Posts about Pen Testing.
Providing a Common Vulnerability score (CVSSv2) using neural network
http://ift.tt/2hGQMee
Submitted August 09, 2017 at 09:42PM by isox_xx
via reddit http://ift.tt/2wuiv5l
http://ift.tt/2hGQMee
Submitted August 09, 2017 at 09:42PM by isox_xx
via reddit http://ift.tt/2wuiv5l
Wallarm
New from Wallarm Research: First AI-based Tool to Predict Vulnerability Risk
Wallarm Inc., a leading developer of AI-based Web Application security solutions, and Vulners.com, the security database of software…
Secret Program to Offer Rewards up to $250K for VM Escape Vulnerabilities
http://ift.tt/2wuJ22j
Submitted August 10, 2017 at 02:00AM by breadtk
via reddit http://ift.tt/2vkdcXo
http://ift.tt/2wuJ22j
Submitted August 10, 2017 at 02:00AM by breadtk
via reddit http://ift.tt/2vkdcXo
Bugcrowd
Secret Program to Offer Rewards up to $250K
Casey Ellis discusses a new private bug bounty program set to launch with a top reward of $250K.
[TUTORIAL]x86 assembly shellcode with execve syscall
http://ift.tt/2uqY4EG
Submitted August 10, 2017 at 03:03AM by _____WINTERMUTE_____
via reddit http://ift.tt/2hKWawJ
http://ift.tt/2uqY4EG
Submitted August 10, 2017 at 03:03AM by _____WINTERMUTE_____
via reddit http://ift.tt/2hKWawJ
Sebastian Neef - 0day.work
Writing my first shellcode - iptables -P INPUT ACCEPT
I've recently started to look into basic application security concepts using the imho excellent material from OpenSecurityTraining.info. In this blogpost I'd like to share my first piece of shellcode executing iptables -P INPUT ACCEPT. Background After…
$10k Host header (Google Bug Bounty)
http://ift.tt/2uqBGQ8
Submitted August 10, 2017 at 03:45AM by epereiralopez
via reddit http://ift.tt/2vQCZYC
http://ift.tt/2uqBGQ8
Submitted August 10, 2017 at 03:45AM by epereiralopez
via reddit http://ift.tt/2vQCZYC
Google
$10k host header - Test
Testing