CRLF Injection Into PHP’s cURL Options
https://ift.tt/2LL8Ces
Submitted August 01, 2018 at 09:12PM by albinowax
via reddit https://ift.tt/2LJw77J
https://ift.tt/2LL8Ces
Submitted August 01, 2018 at 09:12PM by albinowax
via reddit https://ift.tt/2LJw77J
Medium
CRLF Injection Into PHP’s cURL Options
This is a post about injecting carriage return and line feed characters into a internal API call. I wrote this up a year ago as a Gist on…
Reddit had a security incident. Here's what you need to know.
https://ift.tt/2LSMr5z
Submitted August 01, 2018 at 11:23PM by sanitybit
via reddit https://ift.tt/2OBX9vF
https://ift.tt/2LSMr5z
Submitted August 01, 2018 at 11:23PM by sanitybit
via reddit https://ift.tt/2OBX9vF
reddit
We had a security incident. Here's what you need to know.
**TL;DR**: A hacker broke into a few of Reddit’s systems and managed to access some user data, including some current email addresses and a 2007...
Creating a key generator to reset a Hikvision IP camera's admin password
https://ift.tt/2LHAUGS
Submitted August 02, 2018 at 12:00AM by AVERAGE_TEST_DUMMY
via reddit https://ift.tt/2O4Opxg
https://ift.tt/2LHAUGS
Submitted August 02, 2018 at 12:00AM by AVERAGE_TEST_DUMMY
via reddit https://ift.tt/2O4Opxg
neonsea.uk
Creating a key generator to reset a Hikvision IP camera's admin password
Unfortunately, generic IP cameras are notorious for their poor security practices. Most of the time, the manufacturer’s don’t force secure passwords, and mor...
IMPLEMENTING A TRUSTED THIRD-PARTY SYSTEM FOR SECURE SHELL
https://ift.tt/2AwGGG5
Submitted August 02, 2018 at 01:28PM by kavanutz
via reddit https://ift.tt/2LKFqoe
https://ift.tt/2AwGGG5
Submitted August 02, 2018 at 01:28PM by kavanutz
via reddit https://ift.tt/2LKFqoe
Sshkeybox
KeyBox - Documentation: Whitepaper
Implementing a Trusted Third-Party System for Secure Shell
Escaping the Sandbox - Microsoft Office on MacOS
https://ift.tt/2n12YGy
Submitted August 02, 2018 at 01:47PM by dmchell
via reddit https://ift.tt/2AzEPAv
https://ift.tt/2n12YGy
Submitted August 02, 2018 at 01:47PM by dmchell
via reddit https://ift.tt/2AzEPAv
www.mdsec.co.uk
Escaping the Sandbox – Microsoft Office on MacOS – MDSec
A post describing how to escape the MacOS sandbox from within Office
Cisco is buying Duo Security for 2.35B
https://ift.tt/2LNDQBV
Submitted August 02, 2018 at 06:59PM by macx333
via reddit https://ift.tt/2LYvfeO
https://ift.tt/2LNDQBV
Submitted August 02, 2018 at 06:59PM by macx333
via reddit https://ift.tt/2LYvfeO
Cisco Announces Intent to Acquire Duo
https://ift.tt/2AvuNA8
Submitted August 02, 2018 at 06:51PM by patoh
via reddit https://ift.tt/2vwDd4L
https://ift.tt/2AvuNA8
Submitted August 02, 2018 at 06:51PM by patoh
via reddit https://ift.tt/2vwDd4L
Duo Security
The Evolution of Networking and Security: Cisco Announces Intent to Acquire Duo
8 years, 12,000 customers, and over 700 extremely talented and dedicated team members later, we’ve made our mark on the industry, helping to make security easy and effective for all, and earning the love of our customers, partners, and community. I could…
Bypassing and exploiting Bucket Upload Policies and Signed URLs
https://ift.tt/2AzTHPf
Submitted August 02, 2018 at 08:35PM by albinowax
via reddit https://ift.tt/2n59Ous
https://ift.tt/2AzTHPf
Submitted August 02, 2018 at 08:35PM by albinowax
via reddit https://ift.tt/2n59Ous
Detectify Labs
Bypassing and exploiting Bucket Upload Policies and Signed URLs
TL;DR Bucket upload policies are a convenient way to upload data to a bucket directly from the client. Going through the rules in upload policies and the logic related to some file-access scenarios we show how full bucket object listings were exposed with…
massive cryptojacking campaign targeting tens of thousands of MikroTik routers
https://ift.tt/2LIDYCx
Submitted August 02, 2018 at 08:03PM by ksigler
via reddit https://ift.tt/2OByxDj
https://ift.tt/2LIDYCx
Submitted August 02, 2018 at 08:03PM by ksigler
via reddit https://ift.tt/2OByxDj
Trustwave
Mass MikroTik Router Infection – First we cryptojack Brazil, then we take the World?
On July 31st , just after getting back to the office from my talk at RSA Asia 2018 about how cyber criminals use cryptocurrencies for their malicious activities, I noticed a huge surge of CoinHive in Brazil. After a quick...
ASP.NET resource files (.RESX) and deserialisation issues
https://ift.tt/2M2XVUg
Submitted August 02, 2018 at 09:08PM by digicat
via reddit https://ift.tt/2Mg0Fdt
https://ift.tt/2M2XVUg
Submitted August 02, 2018 at 09:08PM by digicat
via reddit https://ift.tt/2Mg0Fdt
How I could have stolen your local files using just a simple HTML file
https://ift.tt/2M5ACpl
Submitted August 02, 2018 at 08:45PM by ziyahanalbeniz
via reddit https://ift.tt/2O6aFXu
https://ift.tt/2M5ACpl
Submitted August 02, 2018 at 08:45PM by ziyahanalbeniz
via reddit https://ift.tt/2O6aFXu
Netsparker
Exploiting a Microsoft Edge Vulnerability to Steal Files
This blog post documents the experiment of our Security Researcher Ziyahan Abeniz in exploiting a Microsoft Edge browser vulnerability. Proof of Exploit video included.
Public pentest report: Thunderbird & Enigmail [pdf]
https://ift.tt/2OBoHBo
Submitted August 02, 2018 at 10:08PM by albinowax
via reddit https://ift.tt/2O4JQ5W
https://ift.tt/2OBoHBo
Submitted August 02, 2018 at 10:08PM by albinowax
via reddit https://ift.tt/2O4JQ5W
One security weakness per 4000 lines of Android source code
https://ift.tt/2LJMAZL
Submitted August 02, 2018 at 10:30PM by AlexKonubov
via reddit https://ift.tt/2LW8Izu
https://ift.tt/2LJMAZL
Submitted August 02, 2018 at 10:30PM by AlexKonubov
via reddit https://ift.tt/2LW8Izu
Medium
We Checked the Android Source Code by PVS-Studio, or Nothing is Perfect
Development of large complex projects is impossible without the use of programming techniques and tools helping to monitor the quality of…
Creating a key generator to reset a Hikvision IP camera's admin password
https://ift.tt/2LHAUGS
Submitted August 02, 2018 at 10:21PM by pierenjan
via reddit https://ift.tt/2KlEAbK
https://ift.tt/2LHAUGS
Submitted August 02, 2018 at 10:21PM by pierenjan
via reddit https://ift.tt/2KlEAbK
neonsea.uk
Creating a key generator to reset a Hikvision IP camera's admin password
Unfortunately, generic IP cameras are notorious for their poor security practices. Most of the time, the manufacturer’s don’t force secure passwords, and mor...
Some (over 2000) phishing URLs you might want to block
https://ift.tt/2M3xLkh
Submitted August 03, 2018 at 01:47AM by dadoftwins71309
via reddit https://ift.tt/2O7H6Vn
https://ift.tt/2M3xLkh
Submitted August 03, 2018 at 01:47AM by dadoftwins71309
via reddit https://ift.tt/2O7H6Vn
archive.fo
PHISHING websites 20180730 #verified - Pastebin.com
archived 2 Aug 2018 15:08:07 UTC
Announcing the BlueHat v18 Schedule
https://ift.tt/2ACv4S8
Submitted August 03, 2018 at 03:40AM by jdrch
via reddit https://ift.tt/2LXsmuM
https://ift.tt/2ACv4S8
Submitted August 03, 2018 at 03:40AM by jdrch
via reddit https://ift.tt/2LXsmuM
Kovter malware teardown, including "invisible" registry persistence
https://ift.tt/2vwDeFN
Submitted August 02, 2018 at 11:02PM by ewhitehats
via reddit https://ift.tt/2ABv1pB
https://ift.tt/2vwDeFN
Submitted August 02, 2018 at 11:02PM by ewhitehats
via reddit https://ift.tt/2ABv1pB
POC and White Paper on Writing Values Regedit Cannot Export or Display
https://ift.tt/2LXDF6l
Submitted August 03, 2018 at 09:41AM by ewhitehats
via reddit https://ift.tt/2O3yQFV
https://ift.tt/2LXDF6l
Submitted August 03, 2018 at 09:41AM by ewhitehats
via reddit https://ift.tt/2O3yQFV
GitHub
ewhitehats/InvisiblePersistence
InvisiblePersistence - Persisting in the Windows registry "invisibly"
A Linux Auditd rule set mapped to MITRE's Attack Framework
https://ift.tt/2O7DgLM
Submitted August 03, 2018 at 06:12PM by digicat
via reddit https://ift.tt/2LX8zf2
https://ift.tt/2O7DgLM
Submitted August 03, 2018 at 06:12PM by digicat
via reddit https://ift.tt/2LX8zf2
reddit
r/blueteamsec - A Linux Auditd rule set mapped to MITRE's Attack Framework
2 votes and 1 comment so far on Reddit
Telewreck - A Burp extension to detect and exploit versions of Telerik Web UI vulnerable to CVE-2017-9248.
https://ift.tt/2MgliGz
Submitted August 03, 2018 at 06:12PM by CaptMeelo
via reddit https://ift.tt/2M1f68o
https://ift.tt/2MgliGz
Submitted August 03, 2018 at 06:12PM by CaptMeelo
via reddit https://ift.tt/2M1f68o
GitHub
capt-meelo/Telewreck
Telewreck - A Burp extension to detect and exploit versions of Telerik Web UI vulnerable to CVE-2017-9248.
Pwning Web Applications via Telerik Web UI
https://ift.tt/2OETbCB
Submitted August 03, 2018 at 06:04PM by CaptMeelo
via reddit https://ift.tt/2vfPPOj
https://ift.tt/2OETbCB
Submitted August 03, 2018 at 06:04PM by CaptMeelo
via reddit https://ift.tt/2vfPPOj
Hack.Learn.Share
Pwning Web Applications via Telerik Web UI
This blog contains write-ups of the things that I researched, learned, and wanted to share to others.