Oracle Privilege Escalation via XML Deserialization
https://ift.tt/2v3kJbF
Submitted July 25, 2018 at 10:12PM by Bowserjklol
via reddit https://ift.tt/2Lp6gBO
https://ift.tt/2v3kJbF
Submitted July 25, 2018 at 10:12PM by Bowserjklol
via reddit https://ift.tt/2Lp6gBO
Syfrtext
Oracle Privilege Escalation via Deserialization
TLDR: Oracle Database is vulnerable to user privilege escalation via a java deserialization vector that bypasses built in Oracle JVM secur...
Cracking the Walls of the Safari Sandbox: Fuzzing the macOS WindowServer for Exploitable Vulnerabilities
https://ift.tt/2JVawna
Submitted July 25, 2018 at 10:25PM by gaasedelen
via reddit https://ift.tt/2mGMXoV
https://ift.tt/2JVawna
Submitted July 25, 2018 at 10:25PM by gaasedelen
via reddit https://ift.tt/2mGMXoV
Ret2 Systems Blog
Cracking the Walls of the Safari Sandbox
When exploiting real world software or devices, achieving arbitrary code execution on a system may only be the first step towards total compromise. For high ...
Oracle Privilege Escalation via XML Deserialization
https://ift.tt/2v3kJbF
Submitted July 25, 2018 at 10:12PM by Bowserjklol
via reddit https://ift.tt/2Lp6gBO
https://ift.tt/2v3kJbF
Submitted July 25, 2018 at 10:12PM by Bowserjklol
via reddit https://ift.tt/2Lp6gBO
Syfrtext
Oracle Privilege Escalation via Deserialization
TLDR: Oracle Database is vulnerable to user privilege escalation via a java deserialization vector that bypasses built in Oracle JVM secur...
Solving the Atredis BlackHat 2018 CTF Challenge
https://ift.tt/2JRLaXg
Submitted July 25, 2018 at 10:01PM by rolfr
via reddit https://ift.tt/2mNSlH7
https://ift.tt/2JRLaXg
Submitted July 25, 2018 at 10:01PM by rolfr
via reddit https://ift.tt/2mNSlH7
Möbius Strip Reverse Engineering
The Atredis BlackHat 2018 CTF Challenge
This post covers my solution to the Atredis BlackHat 2018 challenge , for which I won second place and a ticket to BlackHat. I'd like to express my gratitude to the author, the increasingly-reclusive Dionysus Blazakis, as well as Atredis for running the…
Top HTTP Security Headers and How to Deploy Them
https://ift.tt/2LP0MN2
Submitted July 25, 2018 at 11:43PM by isityoupaul
via reddit https://ift.tt/2OeiQ4Z
https://ift.tt/2LP0MN2
Submitted July 25, 2018 at 11:43PM by isityoupaul
via reddit https://ift.tt/2OeiQ4Z
Templarbit Inc.
Top HTTP Security Headers and How to Deploy Them
HTTP response headers can be used to increase the security...
Introducing BYOB (Build Your Own Botnet)
https://ift.tt/2OfqsnE
Submitted July 26, 2018 at 06:40AM by PoonSafari
via reddit https://ift.tt/2A7QNBe
https://ift.tt/2OfqsnE
Submitted July 26, 2018 at 06:40AM by PoonSafari
via reddit https://ift.tt/2A7QNBe
GitHub
malwaredllc/byob
BYOB (Build Your Own Botnet). Contribute to malwaredllc/byob development by creating an account on GitHub.
Why No HTTPS? The World's Largest Websites Not Redirecting Insecure Requests to HTTPS
https://whynohttps.com
Submitted July 26, 2018 at 02:37PM by anonyymi
via reddit https://ift.tt/2vedj5N
https://whynohttps.com
Submitted July 26, 2018 at 02:37PM by anonyymi
via reddit https://ift.tt/2vedj5N
Whynohttps
Why No HTTPS? The World's Largest Websites Not Redirecting Insecure Requests to HTTPS
With the web rapidly becoming secure by default, "Why No HTTPS?" is a who's who of the world's biggest websites globally and by country still not defaulting to HTTPS.
Evilginx 2 - Next Generation of Phishing 2FA Tokens (Tool)
https://ift.tt/2JTHIeF
Submitted July 26, 2018 at 03:31PM by kgretzky
via reddit https://ift.tt/2LrIAgf
https://ift.tt/2JTHIeF
Submitted July 26, 2018 at 03:31PM by kgretzky
via reddit https://ift.tt/2LrIAgf
reddit
r/netsec - Evilginx 2 - Next Generation of Phishing 2FA Tokens (Tool)
3 votes and 0 comments so far on Reddit
Running Kali Linux 2018.2 on a GPD Pocket mini-laptop.
https://ift.tt/2mLvc85
Submitted July 26, 2018 at 03:25PM by vasiliborodin
via reddit https://ift.tt/2v7Sk4i
https://ift.tt/2mLvc85
Submitted July 26, 2018 at 03:25PM by vasiliborodin
via reddit https://ift.tt/2v7Sk4i
Hacker Noon
Kali Linux 2018.2 on your Pocket with the GPD 7 mini-laptop.
So after ten years, are netbooks finally cool again? In 2008 saw the zenith of this with regards to personal computing. The Netbook as…
Network Security - The Complete Nmap Ethical Hacking Course
http://sumo.ly/VNj9
Submitted July 26, 2018 at 06:04PM by algbra
via reddit https://ift.tt/2uQNpW6
http://sumo.ly/VNj9
Submitted July 26, 2018 at 06:04PM by algbra
via reddit https://ift.tt/2uQNpW6
Gain From Here
Ethical Hacking and Cyber Security Courses Online
If you are interested in learning Ethical Hacking and Cyber Security Courses online then you can consider some best courses here
A Story About Three Bluetooth Vulnerabilities in Android
https://ift.tt/2Ohz5hm
Submitted July 26, 2018 at 07:09PM by vamediah
via reddit https://ift.tt/2LAksrd
https://ift.tt/2Ohz5hm
Submitted July 26, 2018 at 07:09PM by vamediah
via reddit https://ift.tt/2LAksrd
Another way to get to a system shell – Assistive Technology
https://ift.tt/2v6fGY3
Submitted July 26, 2018 at 07:53PM by oddvarmoe
via reddit https://ift.tt/2mJzKM7
https://ift.tt/2v6fGY3
Submitted July 26, 2018 at 07:53PM by oddvarmoe
via reddit https://ift.tt/2mJzKM7
Oddvar Moe's Blog
Another way to get to a system shell – Assistive Technology
TL;DR Manipulate HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATs\magnifier – StartExe to run other binary when pressing WinKey and plus to zoom. Can load bin…
Code Similarities and Mitigation of Emotet, The Most Common Banking Trojan
https://ift.tt/2LRCCl1
Submitted July 26, 2018 at 09:04PM by desegel
via reddit https://ift.tt/2uP2YOg
https://ift.tt/2LRCCl1
Submitted July 26, 2018 at 09:04PM by desegel
via reddit https://ift.tt/2uP2YOg
Intezer
Mitigating Emotet, The Most Common Banking Trojan - Intezer
Recently, Proofpoint released a fairly surprising report, stating that Banking Trojans have surpassed Ransomware as the top malware threat found in email. This is not too surprising, due to the rising difficulty of cashing out cyber-ransom operations, and…
[Cisco's Talos] Multiple Vulnerabilities in Samsung SmartThings Hub
https://ift.tt/2Omtkiq
Submitted July 26, 2018 at 10:06PM by CaptMeelo
via reddit https://ift.tt/2Ae3GcM
https://ift.tt/2Omtkiq
Submitted July 26, 2018 at 10:06PM by CaptMeelo
via reddit https://ift.tt/2Ae3GcM
Talosintelligence
Vulnerability Spotlight: Multiple Vulnerabilities in Samsung SmartThings Hub
A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group
Hyper Focused iPhone Hacking Campaign Using MDM Software Is Broader Than Previously Known
https://ift.tt/2AclQf3
Submitted July 26, 2018 at 09:52PM by jeremiyteki
via reddit https://ift.tt/2LGOU2P
https://ift.tt/2AclQf3
Submitted July 26, 2018 at 09:52PM by jeremiyteki
via reddit https://ift.tt/2LGOU2P
The Philosophy of MITRE's ATT&CK
https://ift.tt/2OibRI4
Submitted July 26, 2018 at 10:32PM by m8urn
via reddit https://ift.tt/2LL2kuV
https://ift.tt/2OibRI4
Submitted July 26, 2018 at 10:32PM by m8urn
via reddit https://ift.tt/2LL2kuV
The MITRE Corporation
The Philosophy of ATT&CK
About ATT&CK™
Offensive Security Online Exam Proctoring
https://ift.tt/2AajsFN
Submitted July 26, 2018 at 10:54PM by FireFart
via reddit https://ift.tt/2LOUZXH
https://ift.tt/2AajsFN
Submitted July 26, 2018 at 10:54PM by FireFart
via reddit https://ift.tt/2LOUZXH
Offensive-Security
Offensive Security Online Exam Proctoring
When we started out with our online training courses over 12 years ago, we made hard choices about the nature of our courses and certifications. We went against the grain, against the common certification standards, and came up with a unique certification…
Drawing Outside the Box: Precision Issues in Graphic Libraries
https://ift.tt/2uPWXRi
Submitted July 26, 2018 at 11:04PM by tunnelshade
via reddit https://ift.tt/2LVpYRS
https://ift.tt/2uPWXRi
Submitted July 26, 2018 at 11:04PM by tunnelshade
via reddit https://ift.tt/2LVpYRS
Blogspot
Drawing Outside the Box: Precision Issues in Graphic Libraries
By Mark Brand and Ivan Fratric, Google Project Zero In this blog post, we are going to write about a seldom seen vulnerability class tha...
NetSpectre: Read Arbitrary Memory over Network
https://ift.tt/2LsRdXQ
Submitted July 27, 2018 at 04:28AM by dabbler33
via reddit https://ift.tt/2Lqhgiw
https://ift.tt/2LsRdXQ
Submitted July 27, 2018 at 04:28AM by dabbler33
via reddit https://ift.tt/2Lqhgiw
YSK: Reddit's data response collecting company had its data breached - exposing the phone # and email tied to your username. Consider anything on your account you wouldn't want associated publicly.
https://ift.tt/2JYQw30
Submitted July 27, 2018 at 03:32AM by Draesith_42
via reddit https://ift.tt/2v5BL9l
https://ift.tt/2JYQw30
Submitted July 27, 2018 at 03:32AM by Draesith_42
via reddit https://ift.tt/2v5BL9l
reddit
r/YouShouldKnow - YSK: Reddit's data response collecting company had its data breached - exposing the phone # and email tied to…
496 votes and 39 comments so far on Reddit
Screaming Channels: When Electromagnetic Side Channels Meet Radio Transceivers (including appendix alluding to US intelligence agency knowledge of this vulnerability since 1982)
https://ift.tt/2LnFnhQ
Submitted July 27, 2018 at 01:48AM by Sephr
via reddit https://ift.tt/2OiJoSt
https://ift.tt/2LnFnhQ
Submitted July 27, 2018 at 01:48AM by Sephr
via reddit https://ift.tt/2OiJoSt