Week of Evading Microsoft ATA - Day 2 - OverPTH and Golden ticket
http://ift.tt/2viwR8C
Submitted August 08, 2017 at 09:12PM by SamratAsh0k
via reddit http://ift.tt/2vgJiU1
http://ift.tt/2viwR8C
Submitted August 08, 2017 at 09:12PM by SamratAsh0k
via reddit http://ift.tt/2vgJiU1
Labofapenetrationtester
Week of Evading Microsoft ATA - Day 2
Home of Nikhil SamratAshok Mittal. Posts about Pen Testing.
Windows Exploitation Tricks: Arbitrary Directory Creation to Arbitrary File Read
http://ift.tt/2umrKak
Submitted August 08, 2017 at 10:03PM by Extremite
via reddit http://ift.tt/2umqOyu
http://ift.tt/2umrKak
Submitted August 08, 2017 at 10:03PM by Extremite
via reddit http://ift.tt/2umqOyu
googleprojectzero.blogspot.co.uk
Windows Exploitation Tricks: Arbitrary Directory Creation to Arbitrary File Read
Posted by James Forshaw, Project Zero For the past couple of months I’ve been presenting my “Introduction to Windows Logical Privilege ...
Identity and authentication are becoming synonymous in infosec and people on blockchain are breaking new ground
http://ift.tt/2fbOXoA
Submitted August 08, 2017 at 11:03PM by Ricmerrifield
via reddit http://ift.tt/2umvV5O
http://ift.tt/2fbOXoA
Submitted August 08, 2017 at 11:03PM by Ricmerrifield
via reddit http://ift.tt/2umvV5O
Ric Merrifield
Identity on the blockchain - big companies enter the conversation - Ric Merrifield
http://id2020.org With companies already spending tens of billions of dollars authenticating identities for everything from bank transactions to car rentals and peer-to-peer boat sales – off chain, it’s no surprise big companies are seeing the enormity of…
New RCE in Windows Search
http://ift.tt/2vLXOV8
Submitted August 09, 2017 at 01:41AM by mave_of_wutilation
via reddit http://ift.tt/2uDL8KW
http://ift.tt/2vLXOV8
Submitted August 09, 2017 at 01:41AM by mave_of_wutilation
via reddit http://ift.tt/2uDL8KW
Microsoft
{{windowTitle}}
Security guidance articles
Harvesting Cb Response Data Leaks for fun and profit
http://ift.tt/2vDyL6e
Submitted August 09, 2017 at 05:14PM by campuscodi
via reddit http://ift.tt/2wt7PUi
http://ift.tt/2vDyL6e
Submitted August 09, 2017 at 05:14PM by campuscodi
via reddit http://ift.tt/2wt7PUi
DirectDefense
Harvesting Cb Response Data Leaks for fun and profit | DirectDefense
Carbon Black’s Cb Response product is one of the more popular endpoint detection and response (EDR) tools available in an ever-growing marketspace. However, as a function of how the tool is architected, it is also a prolific data leaker. This threat report…
NuCypher: TLS/SSL for decentralized applications (white paper updated)
http://ift.tt/2vmQWe5
Submitted August 09, 2017 at 09:24PM by michwill
via reddit http://ift.tt/2vmR6Su
http://ift.tt/2vmQWe5
Submitted August 09, 2017 at 09:24PM by michwill
via reddit http://ift.tt/2vmR6Su
Medium
NuCypher brings privacy and security to the public blockchain
(For a deeper dive, check out our technical white paper and business primer).
How to confirm a Google user's specific email address (Bug Bounty Submission)
http://ift.tt/2wtMKcB
Submitted August 09, 2017 at 09:23PM by TomAnthony
via reddit http://ift.tt/2vmKKmh
http://ift.tt/2wtMKcB
Submitted August 09, 2017 at 09:23PM by TomAnthony
via reddit http://ift.tt/2vmKKmh
reddit
How to confirm a Google user's specific email address... • r/netsec
3 points and 0 comments so far on reddit
Week of Evading Microsoft ATA - Day 3 - Constrained Delegation, Attacks across trusts, DCSync and DNSAdmins
http://ift.tt/2vP2nhx
Submitted August 09, 2017 at 09:43PM by SamratAsh0k
via reddit http://ift.tt/2vjG2r7
http://ift.tt/2vP2nhx
Submitted August 09, 2017 at 09:43PM by SamratAsh0k
via reddit http://ift.tt/2vjG2r7
Labofapenetrationtester
Week of Evading Microsoft ATA - Day 3 - Constrained Delegation, Attacks across trusts, DCSync and DNSAdmins
Home of Nikhil SamratAshok Mittal. Posts about Pen Testing.
Providing a Common Vulnerability score (CVSSv2) using neural network
http://ift.tt/2hGQMee
Submitted August 09, 2017 at 09:42PM by isox_xx
via reddit http://ift.tt/2wuiv5l
http://ift.tt/2hGQMee
Submitted August 09, 2017 at 09:42PM by isox_xx
via reddit http://ift.tt/2wuiv5l
Wallarm
New from Wallarm Research: First AI-based Tool to Predict Vulnerability Risk
Wallarm Inc., a leading developer of AI-based Web Application security solutions, and Vulners.com, the security database of software…
Secret Program to Offer Rewards up to $250K for VM Escape Vulnerabilities
http://ift.tt/2wuJ22j
Submitted August 10, 2017 at 02:00AM by breadtk
via reddit http://ift.tt/2vkdcXo
http://ift.tt/2wuJ22j
Submitted August 10, 2017 at 02:00AM by breadtk
via reddit http://ift.tt/2vkdcXo
Bugcrowd
Secret Program to Offer Rewards up to $250K
Casey Ellis discusses a new private bug bounty program set to launch with a top reward of $250K.
[TUTORIAL]x86 assembly shellcode with execve syscall
http://ift.tt/2uqY4EG
Submitted August 10, 2017 at 03:03AM by _____WINTERMUTE_____
via reddit http://ift.tt/2hKWawJ
http://ift.tt/2uqY4EG
Submitted August 10, 2017 at 03:03AM by _____WINTERMUTE_____
via reddit http://ift.tt/2hKWawJ
Sebastian Neef - 0day.work
Writing my first shellcode - iptables -P INPUT ACCEPT
I've recently started to look into basic application security concepts using the imho excellent material from OpenSecurityTraining.info. In this blogpost I'd like to share my first piece of shellcode executing iptables -P INPUT ACCEPT. Background After…
$10k Host header (Google Bug Bounty)
http://ift.tt/2uqBGQ8
Submitted August 10, 2017 at 03:45AM by epereiralopez
via reddit http://ift.tt/2vQCZYC
http://ift.tt/2uqBGQ8
Submitted August 10, 2017 at 03:45AM by epereiralopez
via reddit http://ift.tt/2vQCZYC
Google
$10k host header - Test
Testing
Windows 95 Bug Hunting
https://www.youtube.com/watch?v=Q9v8lQYitak
Submitted August 10, 2017 at 04:41AM by badbytesio
via reddit http://ift.tt/2uqX9nS
https://www.youtube.com/watch?v=Q9v8lQYitak
Submitted August 10, 2017 at 04:41AM by badbytesio
via reddit http://ift.tt/2uqX9nS
YouTube
Stream Recording: Windows 95 Bug Finding #2 - Testing IE 5.5
Now that we have a VM up and running, we're going to go after some old-school Windows 95 bugs, starting with landing an exploit for IE 5.5.
SHA2017 talks are up
http://ift.tt/2vfJd1i
Submitted August 10, 2017 at 04:18PM by pheexx
via reddit http://ift.tt/2uscu7P
http://ift.tt/2vfJd1i
Submitted August 10, 2017 at 04:18PM by pheexx
via reddit http://ift.tt/2uscu7P
media.ccc.de
media.ccc.de -
Still Hacking Anyway
Still Hacking Anyway
Video Streaming Portal des Chaos Computer Clubs
Using drone telemetry data to determine origin, operator, environment and flight path
http://ift.tt/2wwvi77
Submitted August 10, 2017 at 05:00PM by hp777us
via reddit http://ift.tt/2vI9ckn
http://ift.tt/2wwvi77
Submitted August 10, 2017 at 05:00PM by hp777us
via reddit http://ift.tt/2vI9ckn
Dronesec
Why UAV telemetry data is a cyber/physical security risk - Dronesec
Using the telemetry from the UAV you can determine a set of characteristics that indicate that a particular flight represents a counter-UAS test flight...
The Legacy Risk: How Outdated Systems Expose Your Data
http://ift.tt/2fuKWvD
Submitted August 10, 2017 at 05:38PM by InfoSecCrazy
via reddit http://ift.tt/2wLh5mb
http://ift.tt/2fuKWvD
Submitted August 10, 2017 at 05:38PM by InfoSecCrazy
via reddit http://ift.tt/2wLh5mb
itsecuritycentral.teramind.co
The Legacy Risk: How Outdated Systems Expose Your Data | IT Security Central
Outdated systems can actually expose an organisation's data, putting them at a higher risk of threat.
SAP Pentest: 3 zero-days to gain the SAP admin account
http://ift.tt/2wxb0dy
Submitted August 10, 2017 at 07:35PM by alexander_polyakov
via reddit http://ift.tt/2vSdntM
http://ift.tt/2wxb0dy
Submitted August 10, 2017 at 07:35PM by alexander_polyakov
via reddit http://ift.tt/2vSdntM
Man behind QNAP NAS botnet convicted
http://ift.tt/2ursivD
Submitted August 10, 2017 at 08:47PM by BoatWizard
via reddit http://ift.tt/2vSAbKx
http://ift.tt/2ursivD
Submitted August 10, 2017 at 08:47PM by BoatWizard
via reddit http://ift.tt/2vSAbKx
BleepingComputer
HackinItaly: The Story Behind the Takedown of a 2,500-Strong QNAP NAS Botnet
Last Friday, on August 4, a jury in the US found Fabio Gasperini, an Italian citizen, guilty of building a botnet that he used to hijack remote servers and surreptitiously click on ads for his personal profits.
Week of Evading Microsoft ATA - Day 4 - Silver ticket, Kerberoast and SQL Servers
http://ift.tt/2wxzHH4
Submitted August 10, 2017 at 08:26PM by SamratAsh0k
via reddit http://ift.tt/2fvUaIl
http://ift.tt/2wxzHH4
Submitted August 10, 2017 at 08:26PM by SamratAsh0k
via reddit http://ift.tt/2fvUaIl
Labofapenetrationtester
Week of Evading Microsoft ATA - Day 4 - Silver ticket, Kerberoast and SQL Servers
Home of Nikhil SamratAshok Mittal. Posts about Pen Testing.
Developing an exploit to complete the Blue Frost Security Ekoparty challenge
http://ift.tt/2hNNbLg
Submitted August 10, 2017 at 08:21PM by RedmondSecGnome
via reddit http://ift.tt/2fvMFkq
http://ift.tt/2hNNbLg
Submitted August 10, 2017 at 08:21PM by RedmondSecGnome
via reddit http://ift.tt/2fvMFkq
reddit
Developing an exploit to complete the Blue Frost... • r/netsec
2 points and 0 comments so far on reddit
Plasma - an interactive disassembler for x86/ARM/MIPS.
http://ift.tt/2iu0fFh
Submitted August 10, 2017 at 08:27PM by voidMOSity
via reddit http://ift.tt/2wxBsUo
http://ift.tt/2iu0fFh
Submitted August 10, 2017 at 08:27PM by voidMOSity
via reddit http://ift.tt/2wxBsUo
GitHub
plasma-disassembler/plasma
plasma - Plasma is an interactive disassembler for x86/ARM/MIPS. It can generates indented pseudo-code with colored syntax.