Public pentest report: Thunderbird & Enigmail [pdf]
https://ift.tt/2OBoHBo
Submitted August 02, 2018 at 10:08PM by albinowax
via reddit https://ift.tt/2O4JQ5W
https://ift.tt/2OBoHBo
Submitted August 02, 2018 at 10:08PM by albinowax
via reddit https://ift.tt/2O4JQ5W
One security weakness per 4000 lines of Android source code
https://ift.tt/2LJMAZL
Submitted August 02, 2018 at 10:30PM by AlexKonubov
via reddit https://ift.tt/2LW8Izu
https://ift.tt/2LJMAZL
Submitted August 02, 2018 at 10:30PM by AlexKonubov
via reddit https://ift.tt/2LW8Izu
Medium
We Checked the Android Source Code by PVS-Studio, or Nothing is Perfect
Development of large complex projects is impossible without the use of programming techniques and tools helping to monitor the quality of…
Creating a key generator to reset a Hikvision IP camera's admin password
https://ift.tt/2LHAUGS
Submitted August 02, 2018 at 10:21PM by pierenjan
via reddit https://ift.tt/2KlEAbK
https://ift.tt/2LHAUGS
Submitted August 02, 2018 at 10:21PM by pierenjan
via reddit https://ift.tt/2KlEAbK
neonsea.uk
Creating a key generator to reset a Hikvision IP camera's admin password
Unfortunately, generic IP cameras are notorious for their poor security practices. Most of the time, the manufacturer’s don’t force secure passwords, and mor...
Some (over 2000) phishing URLs you might want to block
https://ift.tt/2M3xLkh
Submitted August 03, 2018 at 01:47AM by dadoftwins71309
via reddit https://ift.tt/2O7H6Vn
https://ift.tt/2M3xLkh
Submitted August 03, 2018 at 01:47AM by dadoftwins71309
via reddit https://ift.tt/2O7H6Vn
archive.fo
PHISHING websites 20180730 #verified - Pastebin.com
archived 2 Aug 2018 15:08:07 UTC
Announcing the BlueHat v18 Schedule
https://ift.tt/2ACv4S8
Submitted August 03, 2018 at 03:40AM by jdrch
via reddit https://ift.tt/2LXsmuM
https://ift.tt/2ACv4S8
Submitted August 03, 2018 at 03:40AM by jdrch
via reddit https://ift.tt/2LXsmuM
Kovter malware teardown, including "invisible" registry persistence
https://ift.tt/2vwDeFN
Submitted August 02, 2018 at 11:02PM by ewhitehats
via reddit https://ift.tt/2ABv1pB
https://ift.tt/2vwDeFN
Submitted August 02, 2018 at 11:02PM by ewhitehats
via reddit https://ift.tt/2ABv1pB
POC and White Paper on Writing Values Regedit Cannot Export or Display
https://ift.tt/2LXDF6l
Submitted August 03, 2018 at 09:41AM by ewhitehats
via reddit https://ift.tt/2O3yQFV
https://ift.tt/2LXDF6l
Submitted August 03, 2018 at 09:41AM by ewhitehats
via reddit https://ift.tt/2O3yQFV
GitHub
ewhitehats/InvisiblePersistence
InvisiblePersistence - Persisting in the Windows registry "invisibly"
A Linux Auditd rule set mapped to MITRE's Attack Framework
https://ift.tt/2O7DgLM
Submitted August 03, 2018 at 06:12PM by digicat
via reddit https://ift.tt/2LX8zf2
https://ift.tt/2O7DgLM
Submitted August 03, 2018 at 06:12PM by digicat
via reddit https://ift.tt/2LX8zf2
reddit
r/blueteamsec - A Linux Auditd rule set mapped to MITRE's Attack Framework
2 votes and 1 comment so far on Reddit
Telewreck - A Burp extension to detect and exploit versions of Telerik Web UI vulnerable to CVE-2017-9248.
https://ift.tt/2MgliGz
Submitted August 03, 2018 at 06:12PM by CaptMeelo
via reddit https://ift.tt/2M1f68o
https://ift.tt/2MgliGz
Submitted August 03, 2018 at 06:12PM by CaptMeelo
via reddit https://ift.tt/2M1f68o
GitHub
capt-meelo/Telewreck
Telewreck - A Burp extension to detect and exploit versions of Telerik Web UI vulnerable to CVE-2017-9248.
Pwning Web Applications via Telerik Web UI
https://ift.tt/2OETbCB
Submitted August 03, 2018 at 06:04PM by CaptMeelo
via reddit https://ift.tt/2vfPPOj
https://ift.tt/2OETbCB
Submitted August 03, 2018 at 06:04PM by CaptMeelo
via reddit https://ift.tt/2vfPPOj
Hack.Learn.Share
Pwning Web Applications via Telerik Web UI
This blog contains write-ups of the things that I researched, learned, and wanted to share to others.
When "ASLR" Is Not Really ASLR - The Case of Incorrect Assumptions and Bad Defaults
https://ift.tt/2LNxBOp
Submitted August 03, 2018 at 07:39PM by certcc
via reddit https://ift.tt/2O5qFJg
https://ift.tt/2LNxBOp
Submitted August 03, 2018 at 07:39PM by certcc
via reddit https://ift.tt/2O5qFJg
insights.sei.cmu.edu
When "ASLR" Is Not Really ASLR - The Case of Incorrect Assumptions and Bad Defaults
As a vulnerability analyst at the CERT Coordination Center, I am interested not only in software vulnerabilities themselves, but also exploits and exploit mitigations. Working in this field, it doesn't take too long to realize that there will never be...
Critical directory traversal bug in cgit 0.8 through 1.2 (patched in 1.2.1)
https://ift.tt/2M1NHmT
Submitted August 04, 2018 at 12:52AM by CodeBlock
via reddit https://ift.tt/2ALusK6
https://ift.tt/2M1NHmT
Submitted August 04, 2018 at 12:52AM by CodeBlock
via reddit https://ift.tt/2ALusK6
reddit
r/netsec - Critical directory traversal bug in cgit 0.8 through 1.2 (patched in 1.2.1)
4 votes and 0 comments so far on Reddit
From Slack to Discord — InfoSec Community has a new home
https://ift.tt/2LR1hdx
Submitted August 04, 2018 at 03:22AM by Eta-Meson
via reddit https://ift.tt/2n7OR21
https://ift.tt/2LR1hdx
Submitted August 04, 2018 at 03:22AM by Eta-Meson
via reddit https://ift.tt/2n7OR21
Medium
From Slack to Discord — InfoSec Community has a new home
Hello members of the InfoSec Community!
Question about using Wifi Pineapple as NIC
https://ift.tt/2O9yZaP
Submitted August 04, 2018 at 06:02AM by Army17C
via reddit https://ift.tt/2KsnhpA
https://ift.tt/2O9yZaP
Submitted August 04, 2018 at 06:02AM by Army17C
via reddit https://ift.tt/2KsnhpA
reddit
r/hacking - Question about using Wifi Pineapple as NIC
3 votes and 1 comment so far on Reddit
Security auditing and automated hunting DNS w/ CoreDNS+malwaredomains+Gravwell
https://ift.tt/2vEFOtA
Submitted August 04, 2018 at 08:20AM by remasis
via reddit https://ift.tt/2LYI0pO
https://ift.tt/2vEFOtA
Submitted August 04, 2018 at 08:20AM by remasis
via reddit https://ift.tt/2LYI0pO
www.gravwell.io
Security Auditing DNS With CoreDNS and Gravwell
This meaty post covers the CoreDNS + Gravwell integration for DNS security auditing. Walk through using DNS threat lists to identify malicious activity and create an orchestration noscript to automatically perform the first few threat hunting steps. Gravwell…
New attack on WPA/WPA using PMKID
https://ift.tt/2nalmwL
Submitted August 04, 2018 at 10:28PM by atomu
via reddit https://ift.tt/2viPdHT
https://ift.tt/2nalmwL
Submitted August 04, 2018 at 10:28PM by atomu
via reddit https://ift.tt/2viPdHT
reddit
r/netsec - New attack on WPA/WPA using PMKID
31 votes and 1 comment so far on Reddit
Local Privilege Escalation in Certiport Testing Software | CVE-2018-12989
https://ift.tt/2AIGIeg
Submitted August 05, 2018 at 12:10AM by MisterCBax
via reddit https://ift.tt/2AEUUVr
https://ift.tt/2AIGIeg
Submitted August 05, 2018 at 12:10AM by MisterCBax
via reddit https://ift.tt/2AEUUVr
CS:GO Map Parser Remote Code Execution
https://ift.tt/2LVHCcF
Submitted August 05, 2018 at 01:50AM by ret2got
via reddit https://ift.tt/2KsqS6U
https://ift.tt/2LVHCcF
Submitted August 05, 2018 at 01:50AM by ret2got
via reddit https://ift.tt/2KsqS6U
How Paytm (India’s largest digital wallet company) was disclosing its Customer Information.
https://ift.tt/2vFBD0i
Submitted August 05, 2018 at 02:04PM by security_blogs
via reddit https://ift.tt/2OcYdVJ
https://ift.tt/2vFBD0i
Submitted August 05, 2018 at 02:04PM by security_blogs
via reddit https://ift.tt/2OcYdVJ
Medium
#BugBounty — @Paytm Customer Information is at risk — India’s largest digital wallet company
Hi Guys,
Twittersploit - RAT that uses Twitter Direct Messaging for C2
https://ift.tt/2vCLjZv
Submitted August 05, 2018 at 07:29PM by drstarskymrhutch
via reddit https://ift.tt/2M5nxzy
https://ift.tt/2vCLjZv
Submitted August 05, 2018 at 07:29PM by drstarskymrhutch
via reddit https://ift.tt/2M5nxzy
Sociosploit
Twitter Remote Access Trojan (Twittersploit) | SocioSploit
TL;DR Summary Developed a malware sample that leverages Twitter direct messaging as a channel for command and control. Background Web Service Command and Control Have recently been structuring a lot of my penetration testing efforts around the MITRE ATT&CK…
Padding Oracle attack against Telegram Passport
https://ift.tt/2KzfExO
Submitted August 05, 2018 at 09:56PM by th3zero
via reddit https://ift.tt/2LVBhxO
https://ift.tt/2KzfExO
Submitted August 05, 2018 at 09:56PM by th3zero
via reddit https://ift.tt/2LVBhxO
pequalsnp-team.github.io
Padding Oracle attack against Telegram Passport
Team Page