Attacking the attackers: Execute code on the attacker's c&c
https://ift.tt/2M3uEW5
Submitted August 01, 2018 at 02:22AM by aaabbbaaabb
via reddit https://ift.tt/2mXHHgJ
https://ift.tt/2M3uEW5
Submitted August 01, 2018 at 02:22AM by aaabbbaaabb
via reddit https://ift.tt/2mXHHgJ
DNSRBL - Real-time Blackhole List (RBL)
https://dnsrbl.org/
Submitted August 01, 2018 at 08:03AM by unquietwiki
via reddit https://ift.tt/2v6M7GH
https://dnsrbl.org/
Submitted August 01, 2018 at 08:03AM by unquietwiki
via reddit https://ift.tt/2v6M7GH
Breaking the Bluetooth Pairing: A Fixed Coordinate Invalid Curve Attack
https://ift.tt/2AlidUf
Submitted August 01, 2018 at 09:23AM by TechLord2
via reddit https://ift.tt/2M7Y3yl
https://ift.tt/2AlidUf
Submitted August 01, 2018 at 09:23AM by TechLord2
via reddit https://ift.tt/2M7Y3yl
PowerShell Inside a Certificate? – Part 2
https://ift.tt/2KeKbRj
Submitted August 01, 2018 at 01:03PM by daanraman
via reddit https://ift.tt/2vsOvqw
https://ift.tt/2KeKbRj
Submitted August 01, 2018 at 01:03PM by daanraman
via reddit https://ift.tt/2vsOvqw
NVISO Labs
PowerShell Inside a Certificate? – Part 2
We developed a method to detect certificate files that do not contain a real certificate. Trojanized certificates like these are often not detected by AV and IDS. Fake certificates containing a Win…
Threat Intelligence Report - Campaign DOKKAEBI(a.k.a Malware analysis using HWP documents)
https://ift.tt/2v8qjdQ
Submitted August 01, 2018 at 07:00PM by 2runjack2
via reddit https://ift.tt/2Khf87g
https://ift.tt/2v8qjdQ
Submitted August 01, 2018 at 07:00PM by 2runjack2
via reddit https://ift.tt/2Khf87g
Inside Look at Emotet's Global Victims and Malspam Qakbot Payloads
https://ift.tt/2LVvQ0O
Submitted August 01, 2018 at 07:36PM by not_2sec4u
via reddit https://ift.tt/2M85bec
https://ift.tt/2LVvQ0O
Submitted August 01, 2018 at 07:36PM by not_2sec4u
via reddit https://ift.tt/2M85bec
Kryptoslogic
Inside Look at Emotet's Global Victims and Malspam Qakbot Payloads
The Emotet botnet reputation precedes it; historically aggressive and malicious, today it has evolved and incorporated a number of advancements to create a m...
Disclose Facebook Internal Server Information With A Strange Poll [Bug Bounty]
https://ift.tt/2NZ54SQ
Submitted August 01, 2018 at 09:02PM by wongmjane
via reddit https://ift.tt/2OBEno3
https://ift.tt/2NZ54SQ
Submitted August 01, 2018 at 09:02PM by wongmjane
via reddit https://ift.tt/2OBEno3
CRLF Injection Into PHP’s cURL Options
https://ift.tt/2LL8Ces
Submitted August 01, 2018 at 09:12PM by albinowax
via reddit https://ift.tt/2LJw77J
https://ift.tt/2LL8Ces
Submitted August 01, 2018 at 09:12PM by albinowax
via reddit https://ift.tt/2LJw77J
Medium
CRLF Injection Into PHP’s cURL Options
This is a post about injecting carriage return and line feed characters into a internal API call. I wrote this up a year ago as a Gist on…
Reddit had a security incident. Here's what you need to know.
https://ift.tt/2LSMr5z
Submitted August 01, 2018 at 11:23PM by sanitybit
via reddit https://ift.tt/2OBX9vF
https://ift.tt/2LSMr5z
Submitted August 01, 2018 at 11:23PM by sanitybit
via reddit https://ift.tt/2OBX9vF
reddit
We had a security incident. Here's what you need to know.
**TL;DR**: A hacker broke into a few of Reddit’s systems and managed to access some user data, including some current email addresses and a 2007...
Creating a key generator to reset a Hikvision IP camera's admin password
https://ift.tt/2LHAUGS
Submitted August 02, 2018 at 12:00AM by AVERAGE_TEST_DUMMY
via reddit https://ift.tt/2O4Opxg
https://ift.tt/2LHAUGS
Submitted August 02, 2018 at 12:00AM by AVERAGE_TEST_DUMMY
via reddit https://ift.tt/2O4Opxg
neonsea.uk
Creating a key generator to reset a Hikvision IP camera's admin password
Unfortunately, generic IP cameras are notorious for their poor security practices. Most of the time, the manufacturer’s don’t force secure passwords, and mor...
IMPLEMENTING A TRUSTED THIRD-PARTY SYSTEM FOR SECURE SHELL
https://ift.tt/2AwGGG5
Submitted August 02, 2018 at 01:28PM by kavanutz
via reddit https://ift.tt/2LKFqoe
https://ift.tt/2AwGGG5
Submitted August 02, 2018 at 01:28PM by kavanutz
via reddit https://ift.tt/2LKFqoe
Sshkeybox
KeyBox - Documentation: Whitepaper
Implementing a Trusted Third-Party System for Secure Shell
Escaping the Sandbox - Microsoft Office on MacOS
https://ift.tt/2n12YGy
Submitted August 02, 2018 at 01:47PM by dmchell
via reddit https://ift.tt/2AzEPAv
https://ift.tt/2n12YGy
Submitted August 02, 2018 at 01:47PM by dmchell
via reddit https://ift.tt/2AzEPAv
www.mdsec.co.uk
Escaping the Sandbox – Microsoft Office on MacOS – MDSec
A post describing how to escape the MacOS sandbox from within Office
Cisco is buying Duo Security for 2.35B
https://ift.tt/2LNDQBV
Submitted August 02, 2018 at 06:59PM by macx333
via reddit https://ift.tt/2LYvfeO
https://ift.tt/2LNDQBV
Submitted August 02, 2018 at 06:59PM by macx333
via reddit https://ift.tt/2LYvfeO
Cisco Announces Intent to Acquire Duo
https://ift.tt/2AvuNA8
Submitted August 02, 2018 at 06:51PM by patoh
via reddit https://ift.tt/2vwDd4L
https://ift.tt/2AvuNA8
Submitted August 02, 2018 at 06:51PM by patoh
via reddit https://ift.tt/2vwDd4L
Duo Security
The Evolution of Networking and Security: Cisco Announces Intent to Acquire Duo
8 years, 12,000 customers, and over 700 extremely talented and dedicated team members later, we’ve made our mark on the industry, helping to make security easy and effective for all, and earning the love of our customers, partners, and community. I could…
Bypassing and exploiting Bucket Upload Policies and Signed URLs
https://ift.tt/2AzTHPf
Submitted August 02, 2018 at 08:35PM by albinowax
via reddit https://ift.tt/2n59Ous
https://ift.tt/2AzTHPf
Submitted August 02, 2018 at 08:35PM by albinowax
via reddit https://ift.tt/2n59Ous
Detectify Labs
Bypassing and exploiting Bucket Upload Policies and Signed URLs
TL;DR Bucket upload policies are a convenient way to upload data to a bucket directly from the client. Going through the rules in upload policies and the logic related to some file-access scenarios we show how full bucket object listings were exposed with…
massive cryptojacking campaign targeting tens of thousands of MikroTik routers
https://ift.tt/2LIDYCx
Submitted August 02, 2018 at 08:03PM by ksigler
via reddit https://ift.tt/2OByxDj
https://ift.tt/2LIDYCx
Submitted August 02, 2018 at 08:03PM by ksigler
via reddit https://ift.tt/2OByxDj
Trustwave
Mass MikroTik Router Infection – First we cryptojack Brazil, then we take the World?
On July 31st , just after getting back to the office from my talk at RSA Asia 2018 about how cyber criminals use cryptocurrencies for their malicious activities, I noticed a huge surge of CoinHive in Brazil. After a quick...
ASP.NET resource files (.RESX) and deserialisation issues
https://ift.tt/2M2XVUg
Submitted August 02, 2018 at 09:08PM by digicat
via reddit https://ift.tt/2Mg0Fdt
https://ift.tt/2M2XVUg
Submitted August 02, 2018 at 09:08PM by digicat
via reddit https://ift.tt/2Mg0Fdt
How I could have stolen your local files using just a simple HTML file
https://ift.tt/2M5ACpl
Submitted August 02, 2018 at 08:45PM by ziyahanalbeniz
via reddit https://ift.tt/2O6aFXu
https://ift.tt/2M5ACpl
Submitted August 02, 2018 at 08:45PM by ziyahanalbeniz
via reddit https://ift.tt/2O6aFXu
Netsparker
Exploiting a Microsoft Edge Vulnerability to Steal Files
This blog post documents the experiment of our Security Researcher Ziyahan Abeniz in exploiting a Microsoft Edge browser vulnerability. Proof of Exploit video included.
Public pentest report: Thunderbird & Enigmail [pdf]
https://ift.tt/2OBoHBo
Submitted August 02, 2018 at 10:08PM by albinowax
via reddit https://ift.tt/2O4JQ5W
https://ift.tt/2OBoHBo
Submitted August 02, 2018 at 10:08PM by albinowax
via reddit https://ift.tt/2O4JQ5W
One security weakness per 4000 lines of Android source code
https://ift.tt/2LJMAZL
Submitted August 02, 2018 at 10:30PM by AlexKonubov
via reddit https://ift.tt/2LW8Izu
https://ift.tt/2LJMAZL
Submitted August 02, 2018 at 10:30PM by AlexKonubov
via reddit https://ift.tt/2LW8Izu
Medium
We Checked the Android Source Code by PVS-Studio, or Nothing is Perfect
Development of large complex projects is impossible without the use of programming techniques and tools helping to monitor the quality of…
Creating a key generator to reset a Hikvision IP camera's admin password
https://ift.tt/2LHAUGS
Submitted August 02, 2018 at 10:21PM by pierenjan
via reddit https://ift.tt/2KlEAbK
https://ift.tt/2LHAUGS
Submitted August 02, 2018 at 10:21PM by pierenjan
via reddit https://ift.tt/2KlEAbK
neonsea.uk
Creating a key generator to reset a Hikvision IP camera's admin password
Unfortunately, generic IP cameras are notorious for their poor security practices. Most of the time, the manufacturer’s don’t force secure passwords, and mor...