Vulnerability disclosure – Cisco Meeting Server (CMS) arbitrary TCP relaying
https://ift.tt/2JAu30T
Submitted June 13, 2018 at 08:45PM by Nitr4x
via reddit https://ift.tt/2JzCWrJ
https://ift.tt/2JAu30T
Submitted June 13, 2018 at 08:45PM by Nitr4x
via reddit https://ift.tt/2JzCWrJ
PowerShell Process Hollowing (RunPE) Script
https://ift.tt/2sVeOFm
Submitted June 13, 2018 at 10:11PM by PhisherPrice
via reddit https://ift.tt/2LInRjS
https://ift.tt/2sVeOFm
Submitted June 13, 2018 at 10:11PM by PhisherPrice
via reddit https://ift.tt/2LInRjS
GitHub
FuzzySecurity/PowerShell-Suite
PowerShell-Suite - My musings with PowerShell
How I Found CVE-2018-8819: Out-of-Band (OOB) XXE in WebCTRL
https://ift.tt/2JyOTxI
Submitted June 13, 2018 at 10:04PM by coalfirelabs
via reddit https://ift.tt/2HPkRjG
https://ift.tt/2JyOTxI
Submitted June 13, 2018 at 10:04PM by coalfirelabs
via reddit https://ift.tt/2HPkRjG
Coalfire.com
Post
Coalfire Labs blog posts with opinions, findings and research from the technical testing of IT perspective.
How modern containerization trend is exploited by attackers
https://ift.tt/2t0Qote
Submitted June 13, 2018 at 10:01PM by Chris911
via reddit https://ift.tt/2JHvpTu
https://ift.tt/2t0Qote
Submitted June 13, 2018 at 10:01PM by Chris911
via reddit https://ift.tt/2JHvpTu
reddit
How modern containerization trend is exploited by attackers • r/netsec
0 points and 0 comments so far on reddit
Kicking the Rims – A Guide for Securely Writing and Auditing Chrome Extensions
https://ift.tt/2JKHeIJ
Submitted June 13, 2018 at 09:39PM by mandatoryprogrammer
via reddit https://ift.tt/2HMaRY6
https://ift.tt/2JKHeIJ
Submitted June 13, 2018 at 09:39PM by mandatoryprogrammer
via reddit https://ift.tt/2HMaRY6
Thehackerblog
Kicking the Rims - A Guide for Securely Writing and Auditing Chrome Extensions | The Hacker Blog
This guide attempts to outline extension security anti-patterns, as well as provide a usable service (tarnish) to aide developers and security researchers in
Internet of Insecure Things
https://ift.tt/2t3ZgP2
Submitted June 13, 2018 at 10:12PM by nishaanthguna
via reddit https://ift.tt/2l8AzNy
https://ift.tt/2t3ZgP2
Submitted June 13, 2018 at 10:12PM by nishaanthguna
via reddit https://ift.tt/2l8AzNy
ifc0nf1g.xyz
Internet of Insecure Things
A couple of weeks back, I got the opportunity of pentesting an IoT device. To give a brief background, it was a Pi running Apache which served static content. Recently, there has been a lot of focus on IoT security, especially after the havoc created by malware…
Index access of an ABC news server (ABC 11) Thought some of you might enjoy a live one, the ISpy.jpg is hilarious!
https://ift.tt/2t4POuF
Submitted June 13, 2018 at 11:08PM by Olivero
via reddit https://ift.tt/2t45ezq
https://ift.tt/2t4POuF
Submitted June 13, 2018 at 11:08PM by Olivero
via reddit https://ift.tt/2t45ezq
A new Intel CPU bug is revealed - Intel FP security issue
https://ift.tt/2HMfaTr
Submitted June 13, 2018 at 11:01PM by xJRWR
via reddit https://ift.tt/2y7zUpc
https://ift.tt/2HMfaTr
Submitted June 13, 2018 at 11:01PM by xJRWR
via reddit https://ift.tt/2y7zUpc
reddit
r/netsec - A new Intel CPU bug is revealed - Intel FP security issue
1 votes and 1 so far on reddit
Want to Break Into a Locked Windows 10 Device? Ask Cortana (CVE-2018-8140)
https://ift.tt/2Jxyyte
Submitted June 14, 2018 at 12:29AM by 0xdea
via reddit https://ift.tt/2HMMI3P
https://ift.tt/2Jxyyte
Submitted June 14, 2018 at 12:29AM by 0xdea
via reddit https://ift.tt/2HMMI3P
McAfee Blogs
Want to Break Into a Locked Windows 10 Device? Ask Cortana (CVE-2018-8140)
June’s “Patch Tuesday” (June 12) is here, but it is likely many Windows 10 users have not yet applied these updates. If you have not, just be sure not to leave your laptop lying around!
SigSpoof: Spoofing signatures in GnuPG, Enigmail, GPGTools and python-gnupg (CVE-2018-12020)
https://ift.tt/2Jz92DQ
Submitted June 14, 2018 at 01:05AM by hannob
via reddit https://ift.tt/2JMSP9W
https://ift.tt/2Jz92DQ
Submitted June 14, 2018 at 01:05AM by hannob
via reddit https://ift.tt/2JMSP9W
reddit
SigSpoof: Spoofing signatures in GnuPG, Enigmail,... • r/netsec
1 points and 0 comments so far on reddit
Server-Side Spreadsheet Injection – Formula Injection to Remote Code Execution
https://ift.tt/2t7qkNa
Submitted June 14, 2018 at 02:11AM by GH0S1_R33P0R
via reddit https://ift.tt/2Morwon
https://ift.tt/2t7qkNa
Submitted June 14, 2018 at 02:11AM by GH0S1_R33P0R
via reddit https://ift.tt/2Morwon
Bishop Fox
Server-Side Spreadsheet Injection - Formula Injection to Remote Code Execution - Bishop Fox
Bishop Fox's Jake Miller explains server-side spreadsheet injection, an attack vector based on CSV injection, in this technical write-up based off his Empire Hacking Meetup presentation.
Introducing the Internet Intelligence Map | Dyn Blog
https://ift.tt/2JVmYqW
Submitted June 14, 2018 at 03:50AM by phr3sh_
via reddit https://ift.tt/2LMPGaN
https://ift.tt/2JVmYqW
Submitted June 14, 2018 at 03:50AM by phr3sh_
via reddit https://ift.tt/2LMPGaN
Dyn
Introducing the Internet Intelligence Map | Dyn Blog
Today, we are proud to announce a new website we're calling the Internet Intelligence Map. This free site will help to democratize ...
A Novel Side-Channel Attack gainst ECDSA and DSA - Extract a 256-bit ECDSA Private Key using a Simple Cache Attack by Observing only a Few Thousand Signatures (Whitepaper with Full Poc) - See Comment
https://ift.tt/2l7sJ6V
Submitted June 14, 2018 at 07:57AM by TechLord2
via reddit https://ift.tt/2JPVC5Q
https://ift.tt/2l7sJ6V
Submitted June 14, 2018 at 07:57AM by TechLord2
via reddit https://ift.tt/2JPVC5Q
Polly.JS - A Standalone, Framework-agnostic JavaScript Library that enables Recording, Replaying, and Stubbing HTTP Interactions (Full Sources, API and other Technical Content) - See Comment
https://ift.tt/2JgxRjM
Submitted June 14, 2018 at 08:52AM by TechLord2
via reddit https://ift.tt/2HQ2I50
https://ift.tt/2JgxRjM
Submitted June 14, 2018 at 08:52AM by TechLord2
via reddit https://ift.tt/2HQ2I50
GitHub
Netflix/pollyjs
pollyjs - Record, Replay, and Stub HTTP Interactions.
How to abuse SeLoadDriverPrivilege for privilege escalation
https://ift.tt/2lbBWv8
Submitted June 14, 2018 at 02:33PM by gid0rah
via reddit https://ift.tt/2MrNV4j
https://ift.tt/2lbBWv8
Submitted June 14, 2018 at 02:33PM by gid0rah
via reddit https://ift.tt/2MrNV4j
Tarlogic Security - Cyber Security and Ethical hacking
Abusing SeLoadDriverPrivilege for privilege escalation
0x01 – Preamble
In Windows operating systems, it is well known that assigning certain privileges to user accounts without administration permissions can result in local privilege escalation attacks. Although Microsoft's documentation is quite clear about…
In Windows operating systems, it is well known that assigning certain privileges to user accounts without administration permissions can result in local privilege escalation attacks. Although Microsoft's documentation is quite clear about…
From Secure Messaging to Secure Collaboration
https://ift.tt/2yc6d6d
Submitted June 14, 2018 at 06:12PM by sjmurdoch
via reddit https://ift.tt/2LMT05Q
https://ift.tt/2yc6d6d
Submitted June 14, 2018 at 06:12PM by sjmurdoch
via reddit https://ift.tt/2LMT05Q
Creating signed and customized backdoored macOS applications by abusing Apple Developer tools
https://ift.tt/2MsW6Np
Submitted June 14, 2018 at 07:05PM by wootock
via reddit https://ift.tt/2ldmLBP
https://ift.tt/2MsW6Np
Submitted June 14, 2018 at 07:05PM by wootock
via reddit https://ift.tt/2ldmLBP
Medium
Response to
This post will show you the steps necessary to embed an Empire payload within a trusted PKG installer, using Apple’s own Developer Tools…
MirageFox: APT15 Resurfaces With New Tools Based On Old Ones
https://ift.tt/2lbvp3C
Submitted June 14, 2018 at 09:59PM by 0xbaadf00dsec
via reddit https://ift.tt/2t8rSXu
https://ift.tt/2lbvp3C
Submitted June 14, 2018 at 09:59PM by 0xbaadf00dsec
via reddit https://ift.tt/2t8rSXu
Intezer
MirageFox: APT15 Resurfaces With New Tools Based On Old Ones - Intezer
Coincidentally, following the recent hack of a US Navy contractor and theft of highly sensitive data on submarine warfare, we have found evidence of very recent activity by a group referred to as APT15, known for committing cyber espionage which is believed…
How to protect your Django App from the most common hacker attacks
https://ift.tt/2ye1PDW
Submitted June 15, 2018 at 12:24AM by isityoupaul
via reddit https://ift.tt/2t8hajz
https://ift.tt/2ye1PDW
Submitted June 15, 2018 at 12:24AM by isityoupaul
via reddit https://ift.tt/2t8hajz
Templarbit Inc.
Content Security Policy with Django
The best way to protect your Django App from XSS attacks ...
Endpoint detection Superpowers on the cheap — part 3 — Sysmon Tampering
https://ift.tt/2HLXTK9
Submitted June 15, 2018 at 01:57AM by Olafhartong
via reddit https://ift.tt/2JK4Xsn
https://ift.tt/2HLXTK9
Submitted June 15, 2018 at 01:57AM by Olafhartong
via reddit https://ift.tt/2JK4Xsn
Medium
Endpoint detection Superpowers on the cheap — part 3 — Sysmon Tampering
In part 2, I talked about how to deploy and maintain Sysmon and its configuration.
Server-Side Spreadsheet Injection - Formula Injection to Remote Code Execution
https://ift.tt/2t7qkNa
Submitted June 14, 2018 at 08:31PM by theBumbleSec
via reddit https://ift.tt/2JBtmUZ
https://ift.tt/2t7qkNa
Submitted June 14, 2018 at 08:31PM by theBumbleSec
via reddit https://ift.tt/2JBtmUZ
Bishop Fox
Server-Side Spreadsheet Injection - Formula Injection to Remote Code Execution - Bishop Fox
Bishop Fox's Jake Miller explains server-side spreadsheet injection, an attack vector based on CSV injection, in this technical write-up based off his Empire Hacking Meetup presentation.