Timeless Debugging of Complex Software: Root Cause Analysis of a Non-Deterministic JavaScriptCore Vulnerability
https://ift.tt/2K3ai1y
Submitted June 19, 2018 at 09:25PM by gaasedelen
via reddit https://ift.tt/2JQM5vZ
https://ift.tt/2K3ai1y
Submitted June 19, 2018 at 09:25PM by gaasedelen
via reddit https://ift.tt/2JQM5vZ
Ret2 Systems Blog
Timeless Debugging of Complex Software
In software security, root cause analysis (RCA) is the process used to “remove the mystery” from irregular software execution and measure the security impact...
WebAssembly: potentials and pitfalls (security issues)
https://ift.tt/2yoaZxA
Submitted June 19, 2018 at 06:59PM by CyberBullets
via reddit https://ift.tt/2li4oLR
https://ift.tt/2yoaZxA
Submitted June 19, 2018 at 06:59PM by CyberBullets
via reddit https://ift.tt/2li4oLR
Forcepoint
WebAssembly: potentials and pitfalls
We at Forcepoint have recently touched on the topic of WebAssembly (also known as WA or Wasm). Part of this effort was discussed briefly in an earlier blog post on in-browser coin mining. Today we are going to talk more about the basics of Wasm, and discuss…
BYOL - A Novel Technique to Execute .NET Assemblies Entirely Within Memory by Using the “execute-assembly” Command
https://ift.tt/2tlOcNe
Submitted June 20, 2018 at 11:25AM by TechLord2
via reddit https://ift.tt/2t9e67C
https://ift.tt/2tlOcNe
Submitted June 20, 2018 at 11:25AM by TechLord2
via reddit https://ift.tt/2t9e67C
FireEye
Bring Your Own Land (BYOL) – A Novel Red Teaming Technique « Bring Your Own Land (BYOL) – A Novel Red Teaming Technique
By developing custom C#-based assemblies, attackers no longer need to rely on the tools present on the target system; they can instead write and deliver their own tools using a technique we call Bring Your Own Land (BYOL).
Tokenvator - A Tool to Elevate Privilege using Windows Tokens (Article and Sources)
https://ift.tt/2JZAryh
Submitted June 20, 2018 at 11:16AM by TechLord2
via reddit https://ift.tt/2ttsI1d
https://ift.tt/2JZAryh
Submitted June 20, 2018 at 11:16AM by TechLord2
via reddit https://ift.tt/2ttsI1d
NetSPI Blog
Tokenvator: A Tool to Elevate Privilege using Windows Tokens
Open source tool to build and fix valid SSL certificate chains
https://ift.tt/2GW40eY
Submitted June 20, 2018 at 12:06PM by Scene_News
via reddit https://ift.tt/2JZmyg1
https://ift.tt/2GW40eY
Submitted June 20, 2018 at 12:06PM by Scene_News
via reddit https://ift.tt/2JZmyg1
GitHub
trimstray/sslmerge
sslmerge - Is an open source tool to help you build a valid SSL certificate chain from the root certificate to the end-user certificate. Also can help you fix the incomplete certificate chain and d...
Backdooring PE-File (with ASLR)
https://ift.tt/2tmYJrn
Submitted June 20, 2018 at 12:05PM by Scene_News
via reddit https://ift.tt/2JO2nFQ
https://ift.tt/2tmYJrn
Submitted June 20, 2018 at 12:05PM by Scene_News
via reddit https://ift.tt/2JO2nFQ
reddit
r/netsec - Backdooring PE-File (with ASLR)
7 votes and 0 so far on reddit
Attacking Private Networks from the Internet with DNS Rebinding
https://ift.tt/2I3OzRT
Submitted June 20, 2018 at 03:39PM by campuscodi
via reddit https://ift.tt/2MFC2HX
https://ift.tt/2I3OzRT
Submitted June 20, 2018 at 03:39PM by campuscodi
via reddit https://ift.tt/2MFC2HX
Medium
Attacking Private Networks from the Internet with DNS Rebinding
TL;DR Following the wrong link could allow remote attackers to control your WiFi router, Google Home, Roku, Sonos speakers, home…
Why You Must Learn to Love DNSSEC
https://ift.tt/2I4k5iG
Submitted June 20, 2018 at 04:52PM by R-EDDIT
via reddit https://ift.tt/2JRgeLD
https://ift.tt/2I4k5iG
Submitted June 20, 2018 at 04:52PM by R-EDDIT
via reddit https://ift.tt/2JRgeLD
Circleid
Why You Must Learn to Love DNSSEC
It's been nearly two months since the high profile BGP hijack attack against MyEtherwallet, where crypto thieves used BGP leaks to hijack MEW's name servers, which were on Amazon's Route53, and inserted their own fake name servers which directed victims to…
ZeroFont Phishing: Manipulating Font Size to Get Past Office 365 Security
https://ift.tt/2I5u5Zf
Submitted June 20, 2018 at 05:59PM by dtdn
via reddit https://ift.tt/2lk3hLJ
https://ift.tt/2I5u5Zf
Submitted June 20, 2018 at 05:59PM by dtdn
via reddit https://ift.tt/2lk3hLJ
Avanan
ZeroFont Phishing: Manipulating Font Size to Get Past Office 365 Security
ZeroFont attacks involve inserting hidden words with a font size of zero that are invisible to the recipient into a phishing email in order to fool Microsoft's impersonation scanning.
CVE-2018-10956: Unauthenticated Privileged Directory Traversal in IPConfigure Orchid Core VMS
https://ift.tt/2Kc5CXj
Submitted June 20, 2018 at 06:56PM by userofcomputers
via reddit https://ift.tt/2JZbWxP
https://ift.tt/2Kc5CXj
Submitted June 20, 2018 at 06:56PM by userofcomputers
via reddit https://ift.tt/2JZbWxP
Nettitude Labs
CVE-2018-10956: Unauthenticated Privileged Directory Traversal in IPConfigure Orchid Core VMS
Affected Software: IPConfigure Orchid Core VMS (All versions < 2.0.6, tested on Linux and Windows) Vulnerability: Unauthenticated Privileged Directory Traversal CVE: CVE-2018-10956 Impact: Arbit…
BSides Vancouver: 2018 (Workshop) Walkthrough [TR]
https://ift.tt/2lkd843
Submitted June 20, 2018 at 07:25PM by rdincel1
via reddit https://ift.tt/2to8UMl
https://ift.tt/2lkd843
Submitted June 20, 2018 at 07:25PM by rdincel1
via reddit https://ift.tt/2to8UMl
DeepPhish: Simulating Malicious AI
https://ift.tt/2MagKkL
Submitted June 20, 2018 at 09:13PM by bhediyakadushmankobi
via reddit https://ift.tt/2MIC2Ha
https://ift.tt/2MagKkL
Submitted June 20, 2018 at 09:13PM by bhediyakadushmankobi
via reddit https://ift.tt/2MIC2Ha
afl-fuzz on different file systems
https://ift.tt/2losZyO
Submitted June 20, 2018 at 10:35PM by overflowingInt
via reddit https://ift.tt/2temfHO
https://ift.tt/2losZyO
Submitted June 20, 2018 at 10:35PM by overflowingInt
via reddit https://ift.tt/2temfHO
Jussi Judin's weblog
afl-fuzz on different file systems
Taking a look how afl-fuzz behaves on different file systems.
Using the Office 365 Activities API to Investigate Business Email Compromises
https://ift.tt/2K8tpHC
Submitted June 20, 2018 at 11:20PM by Goovscoov
via reddit https://ift.tt/2ysqk0i
https://ift.tt/2K8tpHC
Submitted June 20, 2018 at 11:20PM by Goovscoov
via reddit https://ift.tt/2ysqk0i
Crowdstrike
Using the Office 365 Activities API to Investigate Business Email Compromises
Learn how CrowdStrike Services used the Office 365 Activities API to investigate Business Email Compromises (BECs) involving cyber fraud and theft.
Reverse Shell from an OpenVPN Configuration File
https://ift.tt/2tpEEAO
Submitted June 20, 2018 at 10:50PM by chicksdigthelongrun
via reddit https://ift.tt/2MJEXPN
https://ift.tt/2tpEEAO
Submitted June 20, 2018 at 10:50PM by chicksdigthelongrun
via reddit https://ift.tt/2MJEXPN
Medium
Reverse Shell from an OpenVPN Configuration File
While doing background research on OpenVPN I stumbled upon an interesting question on Stack Exchange.
Wavethrough - Bypassing modern browsers security policies with audio files & service workers
https://ift.tt/2yrHLxQ
Submitted June 21, 2018 at 12:17AM by hannibal_f4e
via reddit https://ift.tt/2MGbBC5
https://ift.tt/2yrHLxQ
Submitted June 21, 2018 at 12:17AM by hannibal_f4e
via reddit https://ift.tt/2MGbBC5
Jakearchibald
I discovered a browser bug
I accidentally discovered a huge browser security bug. Here's what it does, and how I discovered it…
Exploring PowerShell AMSI and Logging Evasion
https://ift.tt/2tj7dzM
Submitted June 21, 2018 at 12:32AM by TheUglyStranger
via reddit https://ift.tt/2K3rnoF
https://ift.tt/2tj7dzM
Submitted June 21, 2018 at 12:32AM by TheUglyStranger
via reddit https://ift.tt/2K3rnoF
reddit
r/netsec - Exploring PowerShell AMSI and Logging Evasion
3 votes and 0 so far on reddit
TLbleed: the reason why OpenBSD disabled HyperThreading
https://ift.tt/2lmpnx2
Submitted June 21, 2018 at 02:18AM by stingraycharles
via reddit https://ift.tt/2M4SrEL
https://ift.tt/2lmpnx2
Submitted June 21, 2018 at 02:18AM by stingraycharles
via reddit https://ift.tt/2M4SrEL
Blackhat
Black Hat USA 2018
The A-to-Z of Cloud Exposure DLP & Incident Response
https://ift.tt/2K4DAwE
Submitted June 21, 2018 at 06:18AM by b1t_viper
via reddit https://ift.tt/2tovyEn
https://ift.tt/2K4DAwE
Submitted June 21, 2018 at 06:18AM by b1t_viper
via reddit https://ift.tt/2tovyEn
phpMyAdmin 4.8.x LFI to RCE
https://ift.tt/2todoCN
Submitted June 21, 2018 at 07:10AM by Ambulong
via reddit https://ift.tt/2ln6MkD
https://ift.tt/2todoCN
Submitted June 21, 2018 at 07:10AM by Ambulong
via reddit https://ift.tt/2ln6MkD
Vulnspy Blog
phpMyAdmin 4.8.x LFI to RCE (Authorization Required)
Author: @Ambulong Security Team ChaMd5 disclose a Local File Inclusion vulnerability in phpMyAdmin latest version 4.8.1. And the exploiting of this vulnerability may lead to Remote Code Execution. In
Fake Fortnite for Android links found on YouTube
https://ift.tt/2logAe9
Submitted June 21, 2018 at 08:39PM by EvanConover
via reddit https://ift.tt/2M63mxK
https://ift.tt/2logAe9
Submitted June 21, 2018 at 08:39PM by EvanConover
via reddit https://ift.tt/2M63mxK
Malwarebytes Labs
Fake Fortnite for Android links found on YouTube - Malwarebytes Labs
The extremely popular video game Fortnite is coming to Android sometime this summer, and the fanbase is going wild. Not surprisingly, mobile malware developers are taking advantage. Already, there are several videos on YouTube with links claiming to be versions…