Zero to Account Takeover: How I ‘Impersonated’ Someone Else Using Auth0
https://ift.tt/2HoomNA
Submitted June 06, 2018 at 12:21PM by whitehattracker
via reddit https://ift.tt/2JfkzYP
https://ift.tt/2HoomNA
Submitted June 06, 2018 at 12:21PM by whitehattracker
via reddit https://ift.tt/2JfkzYP
Blog | Imperva
Zero to Account Takeover: How I ‘Impersonated’ Someone Else Using Auth0 – Blog | Imperva
There’s a fine line between an unintended use and a bug; this was my conclusion after taking a look at Auth0, an identity-as-a-service offering with 2000 enterprise customers.
Zip Slip: a form of directory traversal that can be exploited by extracting files from an archive
https://ift.tt/2syq9ei
Submitted June 06, 2018 at 03:44PM by deadcan
via reddit https://ift.tt/2JlNFSg
https://ift.tt/2syq9ei
Submitted June 06, 2018 at 03:44PM by deadcan
via reddit https://ift.tt/2JlNFSg
snyk.io
Snyk - Zip Slip Vulnerability
Zip Slip is a widespread arbitrary file overwrite critical vulnerability, which typically results in remote command execution. It was discovered and responsibly disclosed by the Snyk Security team, and affects thousands of projects.
Command and Control – Browser
https://ift.tt/2sHcYHm
Submitted June 06, 2018 at 08:10PM by TheUglyStranger
via reddit https://ift.tt/2xOtcnH
https://ift.tt/2sHcYHm
Submitted June 06, 2018 at 08:10PM by TheUglyStranger
via reddit https://ift.tt/2xOtcnH
Penetration Testing Lab
Command and Control – Browser
Red Teams are always focused in the discovery of innovative ways to establish connections back to their command and control infrastructure. The main reasons that leads red teams to use standard pro…
Retguard: An improved stack protector for OpenBSD
https://ift.tt/2kSMsY9
Submitted June 06, 2018 at 08:00PM by dn3t
via reddit https://ift.tt/2HpNljB
https://ift.tt/2kSMsY9
Submitted June 06, 2018 at 08:00PM by dn3t
via reddit https://ift.tt/2HpNljB
reddit
r/netsec - Retguard: An improved stack protector for OpenBSD
2 votes and 0 so far on reddit
Snyk - Zip Slip Vulnerability
https://ift.tt/2syq9ei
Submitted June 06, 2018 at 10:04PM by rain5
via reddit https://ift.tt/2HqaGBJ
https://ift.tt/2syq9ei
Submitted June 06, 2018 at 10:04PM by rain5
via reddit https://ift.tt/2HqaGBJ
snyk.io
Snyk - Zip Slip Vulnerability
Zip Slip is a widespread arbitrary file overwrite critical vulnerability, which typically results in remote command execution. It was discovered and responsibly disclosed by the Snyk Security team, and affects thousands of projects.
Major Vulnerabilities in Foscam Cameras found by VDOO Security
https://ift.tt/2sCLaEJ
Submitted June 06, 2018 at 10:41PM by KenjiKawai
via reddit https://ift.tt/2sKk51O
https://ift.tt/2sCLaEJ
Submitted June 06, 2018 at 10:41PM by KenjiKawai
via reddit https://ift.tt/2sKk51O
VDOO
Major Vulnerabilities in Foscam Cameras
VDOO security research teams have been conducting, for the last several months, a wide scope security research of leading IoT products in the field of safety and security. In most of the cases, the…
There's Life in the Old Dog Yet: Tearing New Holes into Intel/iPhone Cellular Modems
https://ift.tt/2JmzSvh
Submitted June 07, 2018 at 04:28AM by overflowingInt
via reddit https://ift.tt/2sQcm2m
https://ift.tt/2JmzSvh
Submitted June 07, 2018 at 04:28AM by overflowingInt
via reddit https://ift.tt/2sQcm2m
reddit
r/netsec - There's Life in the Old Dog Yet: Tearing New Holes into Intel/iPhone Cellular Modems
0 votes and 0 so far on reddit
CVE-2018-6148: Incorrect handling of CSP header
https://ift.tt/2xP0Ytg
Submitted June 07, 2018 at 01:28PM by haseen-sapne
via reddit https://ift.tt/2M4jReE
https://ift.tt/2xP0Ytg
Submitted June 07, 2018 at 01:28PM by haseen-sapne
via reddit https://ift.tt/2M4jReE
Chrome Releases
Stable Channel Update for Desktop
The stable channel has been updated to 67.0.3396.79 for Windows, Mac, and Linux, which will roll out over the coming days/weeks. Securit...
Hackers post protest messages on Iranian airport monitors
https://ift.tt/2HtbOV4
Submitted June 07, 2018 at 04:01PM by lormayna
via reddit https://ift.tt/2Lwf1WD
https://ift.tt/2HtbOV4
Submitted June 07, 2018 at 04:01PM by lormayna
via reddit https://ift.tt/2Lwf1WD
Trend.Az
Hackers post protest messages on Iranian airport monitors
Hackers have taken control of monitors in Tabriz International Airport of Iran’s East Azerbaijan province on June 7, Iranian media outlets reported.
Freddy: Burp Suite extension to automatically identify deserialization issues in Java and .NET applications
https://ift.tt/2sNlfcZ
Submitted June 07, 2018 at 04:46PM by 0xdea
via reddit https://ift.tt/2JChfWW
https://ift.tt/2sNlfcZ
Submitted June 07, 2018 at 04:46PM by 0xdea
via reddit https://ift.tt/2JChfWW
Cookies for dummies Part 2: Third-party tracking cookies (noobs only)
https://ift.tt/2JzWlrp
Submitted June 07, 2018 at 04:36PM by silentsniffer
via reddit https://ift.tt/2HqToEI
https://ift.tt/2JzWlrp
Submitted June 07, 2018 at 04:36PM by silentsniffer
via reddit https://ift.tt/2HqToEI
WST
Cookies for dummies Part 2: Third-party tracking cookies | WST
Cookie basics. What are targeted ads? How Facebook gets the data collected by Amazon? Third party cookies. Should I delete my cookies?
Adobe Flash Zero-Day Leveraged For Targeted Attack In Middle East
https://ift.tt/2LwE5wy
Submitted June 07, 2018 at 11:42PM by RamblinWreckGT
via reddit https://ift.tt/2Hsaulu
https://ift.tt/2LwE5wy
Submitted June 07, 2018 at 11:42PM by RamblinWreckGT
via reddit https://ift.tt/2Hsaulu
ICEBRG | Streaming Network Forensics™
Streaming Network Forensics™ for Real-Time Threat Detection and Response | ICEBRG | Streaming Network Forensics™
ICEBRG reduces network security risk by accelerating threat detection, triage, and response to rapidly-evolving breaches across global networks.
apkast - APK fAST analysis
https://ift.tt/2sPO7B8
Submitted June 08, 2018 at 02:14AM by nervium7331
via reddit https://ift.tt/2Lw9NKj
https://ift.tt/2sPO7B8
Submitted June 08, 2018 at 02:14AM by nervium7331
via reddit https://ift.tt/2Lw9NKj
GitLab
prisma / apkast
A bash noscript to automatize the analysis of APKs: unzip, decompile, analyze and extract information.
A blog post about discovering and disclosing Supermicro firmware issues
https://ift.tt/2Hx89FQ
Submitted June 08, 2018 at 07:53AM by laplinker
via reddit https://ift.tt/2kWbo0V
https://ift.tt/2Hx89FQ
Submitted June 08, 2018 at 07:53AM by laplinker
via reddit https://ift.tt/2kWbo0V
Eclypsium Blog
Firmware Vulnerabilities in Supermicro Systems
As part of our ongoing security research efforts, we recently reviewed various Supermicro systems and discovered serious firmware vulnerabilities.
Steam, Fire, and Paste – A Story of UXSS via DOM-XSS & Clickjacking in Steam Inventory Helper
https://ift.tt/2M9sXHh
Submitted June 08, 2018 at 08:39AM by mandatoryprogrammer
via reddit https://ift.tt/2JBUnqI
https://ift.tt/2M9sXHh
Submitted June 08, 2018 at 08:39AM by mandatoryprogrammer
via reddit https://ift.tt/2JBUnqI
Thehackerblog
Steam, Fire, and Paste - A Story of UXSS via DOM-XSS & Clickjacking in Steam Inventory Helper | The Hacker Blog
The “Steam Inventory Helper” Chrome extension version 1.13.6 suffered from both a DOM-based Cross-site Scripting (XSS) and a clickjacking vulnerability. By
The Seven Properties of Highly Secure Devices - Microsoft Research
https://ift.tt/2oD3zRh
Submitted June 08, 2018 at 05:45PM by bella_sm
via reddit https://ift.tt/2HtPScE
https://ift.tt/2oD3zRh
Submitted June 08, 2018 at 05:45PM by bella_sm
via reddit https://ift.tt/2HtPScE
Microsoft Research
The Seven Properties of Highly Secure Devices - Microsoft Research
Industry largely underestimates the critical societal need to embody the highest levels of security in every network-connected device—every child’s toy, every household’s appliances, and every industry’s equipment. High development and maintenance costs have…
Exploiting an Implementation flaw in Mycroft AI Vocal assistant to reach RCE
https://ift.tt/2sTy8Ck
Submitted June 09, 2018 at 05:49PM by Nhoya
via reddit https://ift.tt/2sJz24N
https://ift.tt/2sTy8Ck
Submitted June 09, 2018 at 05:49PM by Nhoya
via reddit https://ift.tt/2sJz24N
GitHub
Nhoya/MycroftAI-RCE
MycroftAI-RCE - "Zero Click" Remote Code Execution in Mycroft AI vocal assistant
m4ngl3m3! v0.1 (Common password pattern generator using strings list)
https://ift.tt/2HADvLO
Submitted June 10, 2018 at 12:04AM by localh0t
via reddit https://ift.tt/2JqJjNR
https://ift.tt/2HADvLO
Submitted June 10, 2018 at 12:04AM by localh0t
via reddit https://ift.tt/2JqJjNR
Medium
m4ngl3m3! v0.1
Hi there!
m4ngl3m3! - A common password pattern generator using strings list
https://ift.tt/2sV2ynw
Submitted June 10, 2018 at 12:56AM by localh0t
via reddit https://ift.tt/2LA2p0C
https://ift.tt/2sV2ynw
Submitted June 10, 2018 at 12:56AM by localh0t
via reddit https://ift.tt/2LA2p0C
GitHub
localh0t/m4ngl3m3
m4ngl3m3 - Common password pattern generator using strings list
Endpoint detection Superpowers on the cheap — part 1
https://ift.tt/2Htk1cd
Submitted June 11, 2018 at 01:56AM by Olafhartong
via reddit https://ift.tt/2sMdTal
https://ift.tt/2Htk1cd
Submitted June 11, 2018 at 01:56AM by Olafhartong
via reddit https://ift.tt/2sMdTal
Medium
Endpoint detection Superpowers on the cheap — part 1
In this blog series, I will talk about my endpoint detection stack focused on Windows environments and mostly based on Sysmon.
Replacing Socat with Nginx for Redirection
https://ift.tt/2JAT37k
Submitted June 11, 2018 at 07:20AM by audrummer15
via reddit https://ift.tt/2LBn0ld
https://ift.tt/2JAT37k
Submitted June 11, 2018 at 07:20AM by audrummer15
via reddit https://ift.tt/2LBn0ld
The Coffeegist
Resilient Red Team HTTPS Redirection Using Nginx
On a typical red team assessment, a redirector is a crucial part of the infrastructure in use. A redirector is basically a box that sits out on the internet (usually in some type of cloud service provider’s network) and forwards traffic for the red team so…