Application Whitelisting Bypass and Arbitrary Unsigned Code Execution Technique in winrm.vbs
https://ift.tt/2Jh8sFR
Submitted July 13, 2018 at 12:30PM by sanderD
via reddit https://ift.tt/2KVZGCI
https://ift.tt/2Jh8sFR
Submitted July 13, 2018 at 12:30PM by sanderD
via reddit https://ift.tt/2KVZGCI
Posts By SpecterOps Team Members
Application Whitelisting Bypass and Arbitrary Unsigned Code Execution Technique in winrm.vbs
Bypass Technique Denoscription
RFID Thief v2.0 - Build & Tutorial for Long Range RFID Cloning
https://ift.tt/2NRnOo2
Submitted July 13, 2018 at 05:46PM by Imperium89
via reddit https://ift.tt/2Lf98NM
https://ift.tt/2NRnOo2
Submitted July 13, 2018 at 05:46PM by Imperium89
via reddit https://ift.tt/2Lf98NM
scund00r
RFID Thief v2.0
Building and using the RFID Thief v2.0 for long range RFID cloning
Phone in the right hand? You're a hacker! - Methods that Google (etc) use for fingerprinting users
https://ift.tt/2utzq7Q
Submitted July 13, 2018 at 06:30PM by SmokeyBread
via reddit https://ift.tt/2zAok6N
https://ift.tt/2utzq7Q
Submitted July 13, 2018 at 06:30PM by SmokeyBread
via reddit https://ift.tt/2zAok6N
BBC News
Phone in the right hand? You're a hacker!
How firms are using cutting-edge techniques to stop cyber criminals breaching their networks.
Many Android email apps and PayPal are vulnerable to recipient spoofing
https://ift.tt/2LfKFrF
Submitted July 13, 2018 at 10:12PM by Sephr
via reddit https://ift.tt/2Ldlm9r
https://ift.tt/2LfKFrF
Submitted July 13, 2018 at 10:12PM by Sephr
via reddit https://ift.tt/2Ldlm9r
xda-developers
Many Android email apps and PayPal are vulnerable to recipient spoofing
Many Android email applications and some apps like PayPal can be tricked to show a false recipient rather than the real intended addressee.
Mueller Indictment of 12 GRU Agents has Interesting Technical Details
https://ift.tt/2zDJcKk
Submitted July 13, 2018 at 10:07PM by PrimeMover17
via reddit https://ift.tt/2KQDZUJ
https://ift.tt/2zDJcKk
Submitted July 13, 2018 at 10:07PM by PrimeMover17
via reddit https://ift.tt/2KQDZUJ
Advanced Mobile Malware Campaign in India uses Malicious MDM
https://ift.tt/2L8qizN
Submitted July 13, 2018 at 09:55PM by polar
via reddit https://ift.tt/2Nfb5KB
https://ift.tt/2L8qizN
Submitted July 13, 2018 at 09:55PM by polar
via reddit https://ift.tt/2Nfb5KB
Talosintelligence
Advanced Mobile Malware Campaign in India uses Malicious MDM
A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group
PayPal recipient spoofing vulnerability
https://ift.tt/2LfKFrF
Submitted July 13, 2018 at 11:28PM by Sephr
via reddit https://ift.tt/2LdzSOt
https://ift.tt/2LfKFrF
Submitted July 13, 2018 at 11:28PM by Sephr
via reddit https://ift.tt/2LdzSOt
xda-developers
Many Android email apps and PayPal are vulnerable to recipient spoofing
Many Android email applications and some apps like PayPal can be tricked to show a false recipient rather than the real intended addressee.
airgapping a MacBook air, a Broadcom15700a2 mystery
https://ift.tt/2uzK1hk
Submitted July 14, 2018 at 09:51AM by nullified-
via reddit https://ift.tt/2meFTj3
https://ift.tt/2uzK1hk
Submitted July 14, 2018 at 09:51AM by nullified-
via reddit https://ift.tt/2meFTj3
reddit
r/netsec - airgapping a MacBook air, a Broadcom15700a2 mystery
12 votes and 0 comments so far on Reddit
IDA IPython - pure Python implementation for both IDA6.x and IDA7.x (x-post from /r/ReverseEngineering)
https://ift.tt/2LfjTTD
Submitted July 14, 2018 at 05:56AM by tmr232
via reddit https://ift.tt/2NbWXSq
https://ift.tt/2LfjTTD
Submitted July 14, 2018 at 05:56AM by tmr232
via reddit https://ift.tt/2NbWXSq
GitHub
tmr232/ida_ipython
ida_ipython - An IDA Pro Plugin for embedding an IPython Kernel
DNS-Over-TLS Built-In & Enforced - 1.1.1.1 and the GL.iNet GL-AR750S
https://ift.tt/2NRtrTg
Submitted July 14, 2018 at 10:55PM by civicode
via reddit https://ift.tt/2KTTmeU
https://ift.tt/2NRtrTg
Submitted July 14, 2018 at 10:55PM by civicode
via reddit https://ift.tt/2KTTmeU
Cloudflare Blog
DNS-Over-TLS Built-In & Enforced - 1.1.1.1 and the GL.iNet GL-AR750S
Back in April, I wrote about how it was possible to modify a router to encrypt DNS queries over TLS using Cloudflare's 1.1.1.1 DNS Resolver and a GL.iNet router; the folks at GL.iNet read that blog post and decided to bake DNS-Over-TLS support into their…
Hamburglar - Directory/file traversal to find keys, ip addresses, emails, crypto addresses, and more. One configurable noscript, regex driven.
https://ift.tt/2mjIRTI
Submitted July 15, 2018 at 12:20AM by amusciano
via reddit https://ift.tt/2zDWCWR
https://ift.tt/2mjIRTI
Submitted July 15, 2018 at 12:20AM by amusciano
via reddit https://ift.tt/2zDWCWR
GitHub
needmorecowbell/Hamburglar
Hamburglar -- collect useful information from urls, directories, and files - needmorecowbell/Hamburglar
INDIAN SOFTWARE PIRACY SITE (URET.IN): A COVER FOR CHILD PORNOGRAPHY AND DRUGS
https://ift.tt/2LiHUpz
Submitted July 15, 2018 at 04:55PM by RookieJoey
via reddit https://ift.tt/2uATtRJ
https://ift.tt/2LiHUpz
Submitted July 15, 2018 at 04:55PM by RookieJoey
via reddit https://ift.tt/2uATtRJ
INDIAN SOFTWARE PIRACY SITE (URET.IN): A COVER FOR CHILD PORNOGRAPHY AND DRUGS
A Desolate Den of Depravity, Darkness, Drugs and Child Abuse
How Russian Hackers Compromised the 2016 U.S. Presidential Election
https://ift.tt/2Le8Mdn
Submitted July 16, 2018 at 07:12PM by ExcellentGold
via reddit https://ift.tt/2Js2dPs
https://ift.tt/2Le8Mdn
Submitted July 16, 2018 at 07:12PM by ExcellentGold
via reddit https://ift.tt/2Js2dPs
hackers-arise
Confessions of a Professional Hacker: How Russian Hackers Compromised the 2016 U.S. Presidential Election | hackers-arise
On July 13, 2018, the U.S. Justice Department handed down a 29-page indictment against 12 intelligence officers of the GRU, Russia's military intelligence agen...
Create a Digital Fortress With a Private Search Engine and a VPN
https://ift.tt/2zJdxqT
Submitted July 16, 2018 at 08:03PM by stewofkc
via reddit https://ift.tt/2LdVg9O
https://ift.tt/2zJdxqT
Submitted July 16, 2018 at 08:03PM by stewofkc
via reddit https://ift.tt/2LdVg9O
Secjuice.com
Create a Digital Fortress With a Private Search Engine and a VPN
Learn how to create a 'digital fortress' to maintain your online privacy using a search engine and a VPN with security researcher Christian Stewart.
Pentester demonstrates how to hack SAML
https://ift.tt/2mmj0dP
Submitted July 16, 2018 at 08:45PM by Quackledork
via reddit https://ift.tt/2zJsGIO
https://ift.tt/2mmj0dP
Submitted July 16, 2018 at 08:45PM by Quackledork
via reddit https://ift.tt/2zJsGIO
Anitian
Owning SAML - Anitian
Exploiting a SAML Implementation During a recent web application test, I discovered a bug in a Security Assertion Markup Language (SAML) implementation. This bug involved an insecure implementation of a SAML feature combined with a custom authentication mechanism…
Cloudflare, Fastly, Mozilla and Apple working on SNI encryption for TLS 1.3
https://ift.tt/2u4fAQp
Submitted July 16, 2018 at 09:50PM by SerSwimsALot
via reddit https://ift.tt/2zFO0Pu
https://ift.tt/2u4fAQp
Submitted July 16, 2018 at 09:50PM by SerSwimsALot
via reddit https://ift.tt/2zFO0Pu
Improving Wireshark for Wi-Fi Packet Analysis
https://ift.tt/2Jrd3oW
Submitted July 16, 2018 at 01:44AM by vasiliborodin
via reddit https://ift.tt/2uquLnF
https://ift.tt/2Jrd3oW
Submitted July 16, 2018 at 01:44AM by vasiliborodin
via reddit https://ift.tt/2uquLnF
Airxperts
Improving Wireshark for Wi-Fi Packet Analysis - Airxperts
TLDR; Download the wirehshark profile now or read on.. Wireshark Even if you’re an avid user of some of the premium packet analysis tools out there, such as Savvius’ excellent Omnipeek, every so often most people will be opening up the free Wireshark to look…
CERT Keyfinder: A tool for analyzing private (and public) key files, including support for Android APK files.
https://ift.tt/2mkFQlT
Submitted July 16, 2018 at 11:49PM by certcc
via reddit https://ift.tt/2NWlGuX
https://ift.tt/2mkFQlT
Submitted July 16, 2018 at 11:49PM by certcc
via reddit https://ift.tt/2NWlGuX
GitHub
CERTCC/keyfinder
keyfinder - Tool for analyzing private (and public) key files, including support for Android APK files.
PrestaShop 1.6 Privilege Escalation (CVE-2018-13784)
https://ift.tt/2LibNJy
Submitted July 17, 2018 at 03:27PM by cfambionics
via reddit https://ift.tt/2LfWbWZ
https://ift.tt/2LibNJy
Submitted July 17, 2018 at 03:27PM by cfambionics
via reddit https://ift.tt/2LfWbWZ
Ambionics
PrestaShop 1.6 Privilege Escalation
Prestashop 1.6.1.19 sessions can be read and written by an attacker, resulting in a range of vulnerabilities including privilege escalation and remote code execution.
Modelling APT32 in CALDERA
https://ift.tt/2zW3HSP
Submitted July 17, 2018 at 09:17PM by Wietze-
via reddit https://ift.tt/2uDp7y0
https://ift.tt/2zW3HSP
Submitted July 17, 2018 at 09:17PM by Wietze-
via reddit https://ift.tt/2uDp7y0
PwC
Signal the ATT&CK: Part 1
In the first of a two part series, Paul Bottomley and Wietze Beukema explore our Tanium Signal development and testing, using one particular threat group, APT32 (also known as Ocean Lotus).
(Not OP) I built a screenshot API and some guy was mining cryptocurrencies with it.
https://ift.tt/2r3yC7T
Submitted July 17, 2018 at 09:06PM by OogieFrenchieBoogie
via reddit https://ift.tt/2mozzpd
https://ift.tt/2r3yC7T
Submitted July 17, 2018 at 09:06PM by OogieFrenchieBoogie
via reddit https://ift.tt/2mozzpd
Medium
I built a screenshot API and some guy was mining cryptocurrencies with it.
Hey folks, just wanted to share this story. Yes, I could have been better prepared for what happend, I know. :)