Revised Emotet Downloader - A Technical Analysis
https://ift.tt/2Mr9YrD
Submitted June 15, 2018 at 06:49AM by RookieJoey
via reddit https://ift.tt/2t6D0E8
https://ift.tt/2Mr9YrD
Submitted June 15, 2018 at 06:49AM by RookieJoey
via reddit https://ift.tt/2t6D0E8
0ffset
Post 0x10: A Revised Emotet Downloader
You may remember I wrote a post where I took apart an Emotet Downloader that used Macros and Powershell commands to download Emotet from compromised websites. Well they’ve revised how their d…
Zabbix Threat Control: Transform your monitoring into vulnerability assessment system. "Fix it!" button included. #sorrynessus
https://ift.tt/2tbML3I
Submitted June 15, 2018 at 02:47PM by isox_xx
via reddit https://ift.tt/2yco795
https://ift.tt/2tbML3I
Submitted June 15, 2018 at 02:47PM by isox_xx
via reddit https://ift.tt/2yco795
GitHub
vulnersCom/zabbix-threat-control
zabbix-threat-control - Zabbix vulnerability assessment plugin
Firebird Security Patch: Replacement of use of SHA-1 in the SRP Client Proof with SHA-256
https://ift.tt/2LSp88b
Submitted June 15, 2018 at 03:05PM by mariuz
via reddit https://ift.tt/2yaiKqZ
https://ift.tt/2LSp88b
Submitted June 15, 2018 at 03:05PM by mariuz
via reddit https://ift.tt/2yaiKqZ
reddit
r/netsec - Firebird Security Patch: Replacement of use of SHA-1 in the SRP Client Proof with SHA-256
2 votes and 0 so far on reddit
Creating signed and customized backdoored macOS applications
https://ift.tt/2MsW6Np
Submitted June 15, 2018 at 05:22PM by wootock
via reddit https://ift.tt/2sYQZN8
https://ift.tt/2MsW6Np
Submitted June 15, 2018 at 05:22PM by wootock
via reddit https://ift.tt/2sYQZN8
Medium
Response to
This post will show you the steps necessary to embed an Empire payload within a trusted PKG installer, using Apple’s own Developer Tools…
Betabot still alive with multi-stage packing
https://ift.tt/2LTIeec
Submitted June 15, 2018 at 09:32PM by Mysterii8
via reddit https://ift.tt/2t7r5Ws
https://ift.tt/2LTIeec
Submitted June 15, 2018 at 09:32PM by Mysterii8
via reddit https://ift.tt/2t7r5Ws
Medium
Betabot still alive with multi-stage packing.
This analysis was done in cooperation with Thomas (@securityimpacts). Check out his blog, he does awesome stuff there securityimpact.net
510 Million Password Hashes in 1GB of RAM
https://ift.tt/2yiudoC
Submitted June 15, 2018 at 10:10PM by woobeewho
via reddit https://ift.tt/2JGsvTc
https://ift.tt/2yiudoC
Submitted June 15, 2018 at 10:10PM by woobeewho
via reddit https://ift.tt/2JGsvTc
Totally Pwning the Tapplock Smart Lock (the API way)
https://ift.tt/2HRSPnr
Submitted June 15, 2018 at 10:42PM by soullessredhead
via reddit https://ift.tt/2LSbiTf
https://ift.tt/2HRSPnr
Submitted June 15, 2018 at 10:42PM by soullessredhead
via reddit https://ift.tt/2LSbiTf
Medium
Totally Pwning the Tapplock Smart Lock (the API way)
tl:dr: Tapplocks api endpoints had no security checks other than a valid token to access any data.This
Who's up for BeanSec next Wednesday 6/20? (NetSec meetup in Cambridge, MA)
https://ift.tt/2JHTo9l
Submitted June 15, 2018 at 11:45PM by Kv603
via reddit https://ift.tt/2JRlbQu
https://ift.tt/2JHTo9l
Submitted June 15, 2018 at 11:45PM by Kv603
via reddit https://ift.tt/2JRlbQu
reddit
r/boston - Who's up for BeanSec next week? (6/20, Free NetSec meetup in Cambridge)
2 votes and 0 so far on reddit
MysteryBot; a new Android banking Trojan ready for Android 7 and 8
https://ift.tt/2sZiPsn
Submitted June 16, 2018 at 01:41AM by EvanConover
via reddit https://ift.tt/2HWeLhc
https://ift.tt/2sZiPsn
Submitted June 16, 2018 at 01:41AM by EvanConover
via reddit https://ift.tt/2HWeLhc
Threatfabric
MysteryBot; a new Android banking Trojan ready for Android 7 and 8
New Android banking Trojan and ransomware MysteryBot has been successful in finding a way to log user keystrokes on Android 7 and 8.
Show r/netsec: Reflected Client XSS at Amazon.com
https://ift.tt/2yccL4M
Submitted June 15, 2018 at 10:39PM by MeProtozoan
via reddit https://ift.tt/2tgpo9A
https://ift.tt/2yccL4M
Submitted June 15, 2018 at 10:39PM by MeProtozoan
via reddit https://ift.tt/2tgpo9A
Medium
Reflected Client XSS at Amazon.com
Bug that allows to steal cookies from all Amazon domains and redirect visitors to a phishing login screen.
A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python.
https://ift.tt/2MtV3Ni
Submitted June 15, 2018 at 10:52PM by 0x90_n0ps
via reddit https://ift.tt/2JFKWY1
https://ift.tt/2MtV3Ni
Submitted June 15, 2018 at 10:52PM by 0x90_n0ps
via reddit https://ift.tt/2JFKWY1
GitHub
GitHub - nccgroup/house: A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python.
A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python. - GitHub - nccgroup/house: A runtime mobile application analysis toolkit with a Web GUI, powered b...
Open Source Plugin for Kubernetes Security
https://ift.tt/2HQy6QW
Submitted June 16, 2018 at 01:09AM by Simple_End
via reddit https://ift.tt/2LTs04D
https://ift.tt/2HQy6QW
Submitted June 16, 2018 at 01:09AM by Simple_End
via reddit https://ift.tt/2LTs04D
GitHub
octarinesec/kubectl-rbac
Contribute to kubectl-rbac development by creating an account on GitHub.
Microsoft COM for Windows Remote Code Execution Vulnerability (CVE-2018-0824) Analysis and PoC
https://ift.tt/2HTGIq2
Submitted June 15, 2018 at 09:41PM by 0xdea
via reddit https://ift.tt/2t6Rg0D
https://ift.tt/2HTGIq2
Submitted June 15, 2018 at 09:41PM by 0xdea
via reddit https://ift.tt/2t6Rg0D
Blogspot
Marshalling to SYSTEM - An analysis of CVE-2018-0824
In May 2018 Microsoft patched an interesting vulnerability ( CVE-2018-0824 ) which was reported by Nicolas Joly of Microsoft's MSRC: A rem...
” Database hacked of India’s Popular Sports company”-Bypassing Host Header to SQL injection to dumping Database — An unusual case of SQL injection
https://ift.tt/2t0rT0l
Submitted June 15, 2018 at 06:03PM by security_blogs
via reddit https://ift.tt/2tbrF5H
https://ift.tt/2t0rT0l
Submitted June 15, 2018 at 06:03PM by security_blogs
via reddit https://ift.tt/2tbrF5H
Blogspot
#BugBounty —” Database hacked of India’s Popular Sports company”-Bypassing Host Header to SQL injection to dumping Database — An…
Hi Guys, One more interesting blog , one more interesting vulnerability that I managed to found out during my bugbounty hunt and it comes...
Another way to pwn the Tapplock Smart Lock (the API way)
https://ift.tt/2HRSPnr
Submitted June 16, 2018 at 02:11AM by RookieJoey
via reddit https://ift.tt/2tcNqBZ
https://ift.tt/2HRSPnr
Submitted June 16, 2018 at 02:11AM by RookieJoey
via reddit https://ift.tt/2tcNqBZ
Medium
Totally Pwning the Tapplock Smart Lock (the API way)
tl:dr: Tapplocks api endpoints had no security checks other than a valid token to access any data.This
Taking Over Kubernetes Cluster Without RBAC
https://ift.tt/2lfjlOO
Submitted June 16, 2018 at 02:54AM by jekapats
via reddit https://ift.tt/2yfcxKx
https://ift.tt/2lfjlOO
Submitted June 16, 2018 at 02:54AM by jekapats
via reddit https://ift.tt/2yfcxKx
GitHub
octarinesec/kubectl-rbac
Contribute to kubectl-rbac development by creating an account on GitHub.
Prevent Kubernetes Cluster Takeover with Kubectl RBAC Plugin
https://ift.tt/2HQy6QW
Submitted June 16, 2018 at 06:48PM by jekapats
via reddit https://ift.tt/2HTrh1b
https://ift.tt/2HQy6QW
Submitted June 16, 2018 at 06:48PM by jekapats
via reddit https://ift.tt/2HTrh1b
GitHub
octarinesec/kubectl-rbac
Contribute to kubectl-rbac development by creating an account on GitHub.
SafeSpec: Banishing the Spectre of a Meltdown with Leakage-Free Speculation
https://ift.tt/2HWlnfx
Submitted June 16, 2018 at 06:25PM by mttd
via reddit https://ift.tt/2JOW8xn
https://ift.tt/2HWlnfx
Submitted June 16, 2018 at 06:25PM by mttd
via reddit https://ift.tt/2JOW8xn
reddit
SafeSpec: Banishing the Spectre of a Meltdown with... • r/netsec
5 points and 0 comments so far on reddit
SafeSpec: Banishing the Spectre of a Meltdown with Leakage-Free Speculation [PDF Paper]
https://ift.tt/2JKy42K
Submitted June 16, 2018 at 11:16PM by Scene_News
via reddit https://ift.tt/2yg8BsD
https://ift.tt/2JKy42K
Submitted June 16, 2018 at 11:16PM by Scene_News
via reddit https://ift.tt/2yg8BsD
reddit
r/netsec - SafeSpec: Banishing the Spectre of a Meltdown with Leakage-Free Speculation [PDF Paper]
3 votes and 0 so far on reddit
Hacking Amazon's #1 seller Smart Pet Food Dispenser
https://ift.tt/2teclFr
Submitted June 17, 2018 at 06:58AM by Expect3
via reddit https://ift.tt/2yf1wsE
https://ift.tt/2teclFr
Submitted June 17, 2018 at 06:58AM by Expect3
via reddit https://ift.tt/2yf1wsE
Collections of Infosec Tweets
https://ift.tt/2liPXH6
Submitted June 17, 2018 at 09:20AM by fireh7nter
via reddit https://ift.tt/2JZAOZm
https://ift.tt/2liPXH6
Submitted June 17, 2018 at 09:20AM by fireh7nter
via reddit https://ift.tt/2JZAOZm
Infosec Tweets
Tweets are of others