Creating signed and customized backdoored macOS applications
https://ift.tt/2MsW6Np
Submitted June 15, 2018 at 05:22PM by wootock
via reddit https://ift.tt/2sYQZN8
https://ift.tt/2MsW6Np
Submitted June 15, 2018 at 05:22PM by wootock
via reddit https://ift.tt/2sYQZN8
Medium
Response to
This post will show you the steps necessary to embed an Empire payload within a trusted PKG installer, using Apple’s own Developer Tools…
Betabot still alive with multi-stage packing
https://ift.tt/2LTIeec
Submitted June 15, 2018 at 09:32PM by Mysterii8
via reddit https://ift.tt/2t7r5Ws
https://ift.tt/2LTIeec
Submitted June 15, 2018 at 09:32PM by Mysterii8
via reddit https://ift.tt/2t7r5Ws
Medium
Betabot still alive with multi-stage packing.
This analysis was done in cooperation with Thomas (@securityimpacts). Check out his blog, he does awesome stuff there securityimpact.net
510 Million Password Hashes in 1GB of RAM
https://ift.tt/2yiudoC
Submitted June 15, 2018 at 10:10PM by woobeewho
via reddit https://ift.tt/2JGsvTc
https://ift.tt/2yiudoC
Submitted June 15, 2018 at 10:10PM by woobeewho
via reddit https://ift.tt/2JGsvTc
Totally Pwning the Tapplock Smart Lock (the API way)
https://ift.tt/2HRSPnr
Submitted June 15, 2018 at 10:42PM by soullessredhead
via reddit https://ift.tt/2LSbiTf
https://ift.tt/2HRSPnr
Submitted June 15, 2018 at 10:42PM by soullessredhead
via reddit https://ift.tt/2LSbiTf
Medium
Totally Pwning the Tapplock Smart Lock (the API way)
tl:dr: Tapplocks api endpoints had no security checks other than a valid token to access any data.This
Who's up for BeanSec next Wednesday 6/20? (NetSec meetup in Cambridge, MA)
https://ift.tt/2JHTo9l
Submitted June 15, 2018 at 11:45PM by Kv603
via reddit https://ift.tt/2JRlbQu
https://ift.tt/2JHTo9l
Submitted June 15, 2018 at 11:45PM by Kv603
via reddit https://ift.tt/2JRlbQu
reddit
r/boston - Who's up for BeanSec next week? (6/20, Free NetSec meetup in Cambridge)
2 votes and 0 so far on reddit
MysteryBot; a new Android banking Trojan ready for Android 7 and 8
https://ift.tt/2sZiPsn
Submitted June 16, 2018 at 01:41AM by EvanConover
via reddit https://ift.tt/2HWeLhc
https://ift.tt/2sZiPsn
Submitted June 16, 2018 at 01:41AM by EvanConover
via reddit https://ift.tt/2HWeLhc
Threatfabric
MysteryBot; a new Android banking Trojan ready for Android 7 and 8
New Android banking Trojan and ransomware MysteryBot has been successful in finding a way to log user keystrokes on Android 7 and 8.
Show r/netsec: Reflected Client XSS at Amazon.com
https://ift.tt/2yccL4M
Submitted June 15, 2018 at 10:39PM by MeProtozoan
via reddit https://ift.tt/2tgpo9A
https://ift.tt/2yccL4M
Submitted June 15, 2018 at 10:39PM by MeProtozoan
via reddit https://ift.tt/2tgpo9A
Medium
Reflected Client XSS at Amazon.com
Bug that allows to steal cookies from all Amazon domains and redirect visitors to a phishing login screen.
A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python.
https://ift.tt/2MtV3Ni
Submitted June 15, 2018 at 10:52PM by 0x90_n0ps
via reddit https://ift.tt/2JFKWY1
https://ift.tt/2MtV3Ni
Submitted June 15, 2018 at 10:52PM by 0x90_n0ps
via reddit https://ift.tt/2JFKWY1
GitHub
GitHub - nccgroup/house: A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python.
A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python. - GitHub - nccgroup/house: A runtime mobile application analysis toolkit with a Web GUI, powered b...
Open Source Plugin for Kubernetes Security
https://ift.tt/2HQy6QW
Submitted June 16, 2018 at 01:09AM by Simple_End
via reddit https://ift.tt/2LTs04D
https://ift.tt/2HQy6QW
Submitted June 16, 2018 at 01:09AM by Simple_End
via reddit https://ift.tt/2LTs04D
GitHub
octarinesec/kubectl-rbac
Contribute to kubectl-rbac development by creating an account on GitHub.
Microsoft COM for Windows Remote Code Execution Vulnerability (CVE-2018-0824) Analysis and PoC
https://ift.tt/2HTGIq2
Submitted June 15, 2018 at 09:41PM by 0xdea
via reddit https://ift.tt/2t6Rg0D
https://ift.tt/2HTGIq2
Submitted June 15, 2018 at 09:41PM by 0xdea
via reddit https://ift.tt/2t6Rg0D
Blogspot
Marshalling to SYSTEM - An analysis of CVE-2018-0824
In May 2018 Microsoft patched an interesting vulnerability ( CVE-2018-0824 ) which was reported by Nicolas Joly of Microsoft's MSRC: A rem...
” Database hacked of India’s Popular Sports company”-Bypassing Host Header to SQL injection to dumping Database — An unusual case of SQL injection
https://ift.tt/2t0rT0l
Submitted June 15, 2018 at 06:03PM by security_blogs
via reddit https://ift.tt/2tbrF5H
https://ift.tt/2t0rT0l
Submitted June 15, 2018 at 06:03PM by security_blogs
via reddit https://ift.tt/2tbrF5H
Blogspot
#BugBounty —” Database hacked of India’s Popular Sports company”-Bypassing Host Header to SQL injection to dumping Database — An…
Hi Guys, One more interesting blog , one more interesting vulnerability that I managed to found out during my bugbounty hunt and it comes...
Another way to pwn the Tapplock Smart Lock (the API way)
https://ift.tt/2HRSPnr
Submitted June 16, 2018 at 02:11AM by RookieJoey
via reddit https://ift.tt/2tcNqBZ
https://ift.tt/2HRSPnr
Submitted June 16, 2018 at 02:11AM by RookieJoey
via reddit https://ift.tt/2tcNqBZ
Medium
Totally Pwning the Tapplock Smart Lock (the API way)
tl:dr: Tapplocks api endpoints had no security checks other than a valid token to access any data.This
Taking Over Kubernetes Cluster Without RBAC
https://ift.tt/2lfjlOO
Submitted June 16, 2018 at 02:54AM by jekapats
via reddit https://ift.tt/2yfcxKx
https://ift.tt/2lfjlOO
Submitted June 16, 2018 at 02:54AM by jekapats
via reddit https://ift.tt/2yfcxKx
GitHub
octarinesec/kubectl-rbac
Contribute to kubectl-rbac development by creating an account on GitHub.
Prevent Kubernetes Cluster Takeover with Kubectl RBAC Plugin
https://ift.tt/2HQy6QW
Submitted June 16, 2018 at 06:48PM by jekapats
via reddit https://ift.tt/2HTrh1b
https://ift.tt/2HQy6QW
Submitted June 16, 2018 at 06:48PM by jekapats
via reddit https://ift.tt/2HTrh1b
GitHub
octarinesec/kubectl-rbac
Contribute to kubectl-rbac development by creating an account on GitHub.
SafeSpec: Banishing the Spectre of a Meltdown with Leakage-Free Speculation
https://ift.tt/2HWlnfx
Submitted June 16, 2018 at 06:25PM by mttd
via reddit https://ift.tt/2JOW8xn
https://ift.tt/2HWlnfx
Submitted June 16, 2018 at 06:25PM by mttd
via reddit https://ift.tt/2JOW8xn
reddit
SafeSpec: Banishing the Spectre of a Meltdown with... • r/netsec
5 points and 0 comments so far on reddit
SafeSpec: Banishing the Spectre of a Meltdown with Leakage-Free Speculation [PDF Paper]
https://ift.tt/2JKy42K
Submitted June 16, 2018 at 11:16PM by Scene_News
via reddit https://ift.tt/2yg8BsD
https://ift.tt/2JKy42K
Submitted June 16, 2018 at 11:16PM by Scene_News
via reddit https://ift.tt/2yg8BsD
reddit
r/netsec - SafeSpec: Banishing the Spectre of a Meltdown with Leakage-Free Speculation [PDF Paper]
3 votes and 0 so far on reddit
Hacking Amazon's #1 seller Smart Pet Food Dispenser
https://ift.tt/2teclFr
Submitted June 17, 2018 at 06:58AM by Expect3
via reddit https://ift.tt/2yf1wsE
https://ift.tt/2teclFr
Submitted June 17, 2018 at 06:58AM by Expect3
via reddit https://ift.tt/2yf1wsE
Collections of Infosec Tweets
https://ift.tt/2liPXH6
Submitted June 17, 2018 at 09:20AM by fireh7nter
via reddit https://ift.tt/2JZAOZm
https://ift.tt/2liPXH6
Submitted June 17, 2018 at 09:20AM by fireh7nter
via reddit https://ift.tt/2JZAOZm
Infosec Tweets
Tweets are of others
Spectre Attacks: Exploiting Speculative Execution
https://ift.tt/2EORJIX
Submitted June 17, 2018 at 09:09AM by Scene_News
via reddit https://ift.tt/2JQgW7H
https://ift.tt/2EORJIX
Submitted June 17, 2018 at 09:09AM by Scene_News
via reddit https://ift.tt/2JQgW7H
WebUSB Vulnerabilities, actions of YubiCo, and disclosure madness
https://ift.tt/2lf0B1G
Submitted June 17, 2018 at 10:49AM by Kikawala
via reddit https://ift.tt/2yokb5o
https://ift.tt/2lf0B1G
Submitted June 17, 2018 at 10:49AM by Kikawala
via reddit https://ift.tt/2yokb5o
The Complete Beginner Guide to Learn Ethical Hacking
https://ift.tt/2HMRtuq
Submitted June 17, 2018 at 07:42PM by jbvmt
via reddit https://ift.tt/2JXvi6E
https://ift.tt/2HMRtuq
Submitted June 17, 2018 at 07:42PM by jbvmt
via reddit https://ift.tt/2JXvi6E
Medium
The Complete Beginner Guide to Learn Ethical Hacking
If you want to learn ethical hacking so that you can hack computer systems like black hat hackers and secure them like security experts…