Polly.JS - A Standalone, Framework-agnostic JavaScript Library that enables Recording, Replaying, and Stubbing HTTP Interactions (Full Sources, API and other Technical Content) - See Comment
https://ift.tt/2JgxRjM
Submitted June 14, 2018 at 08:52AM by TechLord2
via reddit https://ift.tt/2HQ2I50
https://ift.tt/2JgxRjM
Submitted June 14, 2018 at 08:52AM by TechLord2
via reddit https://ift.tt/2HQ2I50
GitHub
Netflix/pollyjs
pollyjs - Record, Replay, and Stub HTTP Interactions.
How to abuse SeLoadDriverPrivilege for privilege escalation
https://ift.tt/2lbBWv8
Submitted June 14, 2018 at 02:33PM by gid0rah
via reddit https://ift.tt/2MrNV4j
https://ift.tt/2lbBWv8
Submitted June 14, 2018 at 02:33PM by gid0rah
via reddit https://ift.tt/2MrNV4j
Tarlogic Security - Cyber Security and Ethical hacking
Abusing SeLoadDriverPrivilege for privilege escalation
0x01 – Preamble
In Windows operating systems, it is well known that assigning certain privileges to user accounts without administration permissions can result in local privilege escalation attacks. Although Microsoft's documentation is quite clear about…
In Windows operating systems, it is well known that assigning certain privileges to user accounts without administration permissions can result in local privilege escalation attacks. Although Microsoft's documentation is quite clear about…
From Secure Messaging to Secure Collaboration
https://ift.tt/2yc6d6d
Submitted June 14, 2018 at 06:12PM by sjmurdoch
via reddit https://ift.tt/2LMT05Q
https://ift.tt/2yc6d6d
Submitted June 14, 2018 at 06:12PM by sjmurdoch
via reddit https://ift.tt/2LMT05Q
Creating signed and customized backdoored macOS applications by abusing Apple Developer tools
https://ift.tt/2MsW6Np
Submitted June 14, 2018 at 07:05PM by wootock
via reddit https://ift.tt/2ldmLBP
https://ift.tt/2MsW6Np
Submitted June 14, 2018 at 07:05PM by wootock
via reddit https://ift.tt/2ldmLBP
Medium
Response to
This post will show you the steps necessary to embed an Empire payload within a trusted PKG installer, using Apple’s own Developer Tools…
MirageFox: APT15 Resurfaces With New Tools Based On Old Ones
https://ift.tt/2lbvp3C
Submitted June 14, 2018 at 09:59PM by 0xbaadf00dsec
via reddit https://ift.tt/2t8rSXu
https://ift.tt/2lbvp3C
Submitted June 14, 2018 at 09:59PM by 0xbaadf00dsec
via reddit https://ift.tt/2t8rSXu
Intezer
MirageFox: APT15 Resurfaces With New Tools Based On Old Ones - Intezer
Coincidentally, following the recent hack of a US Navy contractor and theft of highly sensitive data on submarine warfare, we have found evidence of very recent activity by a group referred to as APT15, known for committing cyber espionage which is believed…
How to protect your Django App from the most common hacker attacks
https://ift.tt/2ye1PDW
Submitted June 15, 2018 at 12:24AM by isityoupaul
via reddit https://ift.tt/2t8hajz
https://ift.tt/2ye1PDW
Submitted June 15, 2018 at 12:24AM by isityoupaul
via reddit https://ift.tt/2t8hajz
Templarbit Inc.
Content Security Policy with Django
The best way to protect your Django App from XSS attacks ...
Endpoint detection Superpowers on the cheap — part 3 — Sysmon Tampering
https://ift.tt/2HLXTK9
Submitted June 15, 2018 at 01:57AM by Olafhartong
via reddit https://ift.tt/2JK4Xsn
https://ift.tt/2HLXTK9
Submitted June 15, 2018 at 01:57AM by Olafhartong
via reddit https://ift.tt/2JK4Xsn
Medium
Endpoint detection Superpowers on the cheap — part 3 — Sysmon Tampering
In part 2, I talked about how to deploy and maintain Sysmon and its configuration.
Server-Side Spreadsheet Injection - Formula Injection to Remote Code Execution
https://ift.tt/2t7qkNa
Submitted June 14, 2018 at 08:31PM by theBumbleSec
via reddit https://ift.tt/2JBtmUZ
https://ift.tt/2t7qkNa
Submitted June 14, 2018 at 08:31PM by theBumbleSec
via reddit https://ift.tt/2JBtmUZ
Bishop Fox
Server-Side Spreadsheet Injection - Formula Injection to Remote Code Execution - Bishop Fox
Bishop Fox's Jake Miller explains server-side spreadsheet injection, an attack vector based on CSV injection, in this technical write-up based off his Empire Hacking Meetup presentation.
Android Malware Worm that mines Cryptocurrency is infecting Amazon Fire TV and Fire TV Stick devices
https://ift.tt/2HFbT8x
Submitted June 15, 2018 at 07:15AM by Prav123
via reddit https://ift.tt/2JPy1lJ
https://ift.tt/2HFbT8x
Submitted June 15, 2018 at 07:15AM by Prav123
via reddit https://ift.tt/2JPy1lJ
AFTVnews
Android Malware Worm that mines Cryptocurrency is infecting Amazon Fire TV and Fire TV Stick devices
An Android virus, specifically a malware worm variant, has been spreading across Android devices and has started appearing on Amazon Fire TVs and Fire TV Sticks. The worm is not specifically targeting Fire TV devices, but they are vulnerable because of their…
Revised Emotet Downloader - A Technical Analysis
https://ift.tt/2Mr9YrD
Submitted June 15, 2018 at 06:49AM by RookieJoey
via reddit https://ift.tt/2t6D0E8
https://ift.tt/2Mr9YrD
Submitted June 15, 2018 at 06:49AM by RookieJoey
via reddit https://ift.tt/2t6D0E8
0ffset
Post 0x10: A Revised Emotet Downloader
You may remember I wrote a post where I took apart an Emotet Downloader that used Macros and Powershell commands to download Emotet from compromised websites. Well they’ve revised how their d…
Zabbix Threat Control: Transform your monitoring into vulnerability assessment system. "Fix it!" button included. #sorrynessus
https://ift.tt/2tbML3I
Submitted June 15, 2018 at 02:47PM by isox_xx
via reddit https://ift.tt/2yco795
https://ift.tt/2tbML3I
Submitted June 15, 2018 at 02:47PM by isox_xx
via reddit https://ift.tt/2yco795
GitHub
vulnersCom/zabbix-threat-control
zabbix-threat-control - Zabbix vulnerability assessment plugin
Firebird Security Patch: Replacement of use of SHA-1 in the SRP Client Proof with SHA-256
https://ift.tt/2LSp88b
Submitted June 15, 2018 at 03:05PM by mariuz
via reddit https://ift.tt/2yaiKqZ
https://ift.tt/2LSp88b
Submitted June 15, 2018 at 03:05PM by mariuz
via reddit https://ift.tt/2yaiKqZ
reddit
r/netsec - Firebird Security Patch: Replacement of use of SHA-1 in the SRP Client Proof with SHA-256
2 votes and 0 so far on reddit
Creating signed and customized backdoored macOS applications
https://ift.tt/2MsW6Np
Submitted June 15, 2018 at 05:22PM by wootock
via reddit https://ift.tt/2sYQZN8
https://ift.tt/2MsW6Np
Submitted June 15, 2018 at 05:22PM by wootock
via reddit https://ift.tt/2sYQZN8
Medium
Response to
This post will show you the steps necessary to embed an Empire payload within a trusted PKG installer, using Apple’s own Developer Tools…
Betabot still alive with multi-stage packing
https://ift.tt/2LTIeec
Submitted June 15, 2018 at 09:32PM by Mysterii8
via reddit https://ift.tt/2t7r5Ws
https://ift.tt/2LTIeec
Submitted June 15, 2018 at 09:32PM by Mysterii8
via reddit https://ift.tt/2t7r5Ws
Medium
Betabot still alive with multi-stage packing.
This analysis was done in cooperation with Thomas (@securityimpacts). Check out his blog, he does awesome stuff there securityimpact.net
510 Million Password Hashes in 1GB of RAM
https://ift.tt/2yiudoC
Submitted June 15, 2018 at 10:10PM by woobeewho
via reddit https://ift.tt/2JGsvTc
https://ift.tt/2yiudoC
Submitted June 15, 2018 at 10:10PM by woobeewho
via reddit https://ift.tt/2JGsvTc
Totally Pwning the Tapplock Smart Lock (the API way)
https://ift.tt/2HRSPnr
Submitted June 15, 2018 at 10:42PM by soullessredhead
via reddit https://ift.tt/2LSbiTf
https://ift.tt/2HRSPnr
Submitted June 15, 2018 at 10:42PM by soullessredhead
via reddit https://ift.tt/2LSbiTf
Medium
Totally Pwning the Tapplock Smart Lock (the API way)
tl:dr: Tapplocks api endpoints had no security checks other than a valid token to access any data.This
Who's up for BeanSec next Wednesday 6/20? (NetSec meetup in Cambridge, MA)
https://ift.tt/2JHTo9l
Submitted June 15, 2018 at 11:45PM by Kv603
via reddit https://ift.tt/2JRlbQu
https://ift.tt/2JHTo9l
Submitted June 15, 2018 at 11:45PM by Kv603
via reddit https://ift.tt/2JRlbQu
reddit
r/boston - Who's up for BeanSec next week? (6/20, Free NetSec meetup in Cambridge)
2 votes and 0 so far on reddit
MysteryBot; a new Android banking Trojan ready for Android 7 and 8
https://ift.tt/2sZiPsn
Submitted June 16, 2018 at 01:41AM by EvanConover
via reddit https://ift.tt/2HWeLhc
https://ift.tt/2sZiPsn
Submitted June 16, 2018 at 01:41AM by EvanConover
via reddit https://ift.tt/2HWeLhc
Threatfabric
MysteryBot; a new Android banking Trojan ready for Android 7 and 8
New Android banking Trojan and ransomware MysteryBot has been successful in finding a way to log user keystrokes on Android 7 and 8.
Show r/netsec: Reflected Client XSS at Amazon.com
https://ift.tt/2yccL4M
Submitted June 15, 2018 at 10:39PM by MeProtozoan
via reddit https://ift.tt/2tgpo9A
https://ift.tt/2yccL4M
Submitted June 15, 2018 at 10:39PM by MeProtozoan
via reddit https://ift.tt/2tgpo9A
Medium
Reflected Client XSS at Amazon.com
Bug that allows to steal cookies from all Amazon domains and redirect visitors to a phishing login screen.
A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python.
https://ift.tt/2MtV3Ni
Submitted June 15, 2018 at 10:52PM by 0x90_n0ps
via reddit https://ift.tt/2JFKWY1
https://ift.tt/2MtV3Ni
Submitted June 15, 2018 at 10:52PM by 0x90_n0ps
via reddit https://ift.tt/2JFKWY1
GitHub
GitHub - nccgroup/house: A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python.
A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python. - GitHub - nccgroup/house: A runtime mobile application analysis toolkit with a Web GUI, powered b...
Open Source Plugin for Kubernetes Security
https://ift.tt/2HQy6QW
Submitted June 16, 2018 at 01:09AM by Simple_End
via reddit https://ift.tt/2LTs04D
https://ift.tt/2HQy6QW
Submitted June 16, 2018 at 01:09AM by Simple_End
via reddit https://ift.tt/2LTs04D
GitHub
octarinesec/kubectl-rbac
Contribute to kubectl-rbac development by creating an account on GitHub.