CS:GO Map Parser Remote Code Execution
https://ift.tt/2LVHCcF
Submitted August 05, 2018 at 01:50AM by ret2got
via reddit https://ift.tt/2KsqS6U
https://ift.tt/2LVHCcF
Submitted August 05, 2018 at 01:50AM by ret2got
via reddit https://ift.tt/2KsqS6U
How Paytm (India’s largest digital wallet company) was disclosing its Customer Information.
https://ift.tt/2vFBD0i
Submitted August 05, 2018 at 02:04PM by security_blogs
via reddit https://ift.tt/2OcYdVJ
https://ift.tt/2vFBD0i
Submitted August 05, 2018 at 02:04PM by security_blogs
via reddit https://ift.tt/2OcYdVJ
Medium
#BugBounty — @Paytm Customer Information is at risk — India’s largest digital wallet company
Hi Guys,
Twittersploit - RAT that uses Twitter Direct Messaging for C2
https://ift.tt/2vCLjZv
Submitted August 05, 2018 at 07:29PM by drstarskymrhutch
via reddit https://ift.tt/2M5nxzy
https://ift.tt/2vCLjZv
Submitted August 05, 2018 at 07:29PM by drstarskymrhutch
via reddit https://ift.tt/2M5nxzy
Sociosploit
Twitter Remote Access Trojan (Twittersploit) | SocioSploit
TL;DR Summary Developed a malware sample that leverages Twitter direct messaging as a channel for command and control. Background Web Service Command and Control Have recently been structuring a lot of my penetration testing efforts around the MITRE ATT&CK…
Padding Oracle attack against Telegram Passport
https://ift.tt/2KzfExO
Submitted August 05, 2018 at 09:56PM by th3zero
via reddit https://ift.tt/2LVBhxO
https://ift.tt/2KzfExO
Submitted August 05, 2018 at 09:56PM by th3zero
via reddit https://ift.tt/2LVBhxO
pequalsnp-team.github.io
Padding Oracle attack against Telegram Passport
Team Page
Capturing NetNTLM Hashes with Office [DOT] XML Documents
https://ift.tt/2vi8lpn
Submitted August 05, 2018 at 10:16PM by TechLord2
via reddit https://ift.tt/2nbrggS
https://ift.tt/2vi8lpn
Submitted August 05, 2018 at 10:16PM by TechLord2
via reddit https://ift.tt/2nbrggS
| bohops |
Capturing NetNTLM Hashes with Office [DOT] XML Documents
TL;DR An Office XML (.xml) document can call a remote XSL stylesheet over SMB. If this occurs against an attacker controlled server, the net-NTLM authentication hash (challenge/response) of that u…
Chaff Bugs: Deterring Attackers by Making Software Buggier
https://ift.tt/2LKcnRs
Submitted August 06, 2018 at 01:10PM by NotASmurfAccount
via reddit https://ift.tt/2vKGj5o
https://ift.tt/2LKcnRs
Submitted August 06, 2018 at 01:10PM by NotASmurfAccount
via reddit https://ift.tt/2vKGj5o
Bashark - UNIX post exploitation toolkit
https://ift.tt/2vo9Wtz
Submitted August 06, 2018 at 04:44PM by _____WINTERMUTE_____
via reddit https://ift.tt/2MjoLUY
https://ift.tt/2vo9Wtz
Submitted August 06, 2018 at 04:44PM by _____WINTERMUTE_____
via reddit https://ift.tt/2MjoLUY
GitHub
TheSecondSun/Bashark
Contribute to Bashark development by creating an account on GitHub.
The SSH management TO-DOs list
https://ift.tt/2vouD8T
Submitted August 06, 2018 at 06:18PM by kiarash-irandoust
via reddit https://ift.tt/2ALJShr
https://ift.tt/2vouD8T
Submitted August 06, 2018 at 06:18PM by kiarash-irandoust
via reddit https://ift.tt/2ALJShr
ITNEXT
The SSH management TO-DOs list – ITNEXT
At work, most of our virtual machines run Linux. Being able to SSH into our servers in order to develop, automate, or troubleshoot…
PASM - Linux assembler/disassembler based on Rasm2
https://ift.tt/2KBT7Aa
Submitted August 06, 2018 at 08:31PM by _____WINTERMUTE_____
via reddit https://ift.tt/2M10tSN
https://ift.tt/2KBT7Aa
Submitted August 06, 2018 at 08:31PM by _____WINTERMUTE_____
via reddit https://ift.tt/2M10tSN
GitHub
TheSecondSun/PASM
Contribute to PASM development by creating an account on GitHub.
I built a bug bounty site for free and open source software
https://ift.tt/2LTef9H
Submitted August 06, 2018 at 10:09PM by justicz
via reddit https://ift.tt/2nhGL7m
https://ift.tt/2LTef9H
Submitted August 06, 2018 at 10:09PM by justicz
via reddit https://ift.tt/2nhGL7m
justi.cz
BountyGraph: Crowdfunded Bug Bounties and Security Audits
Bug bounties and dependencies
How to set up and automate Let‘s Encrypt wildcard certificate with Certbot
https://ift.tt/2vGW79e
Submitted August 06, 2018 at 11:41PM by TheNiiku
via reddit https://ift.tt/2vGX41i
https://ift.tt/2vGW79e
Submitted August 06, 2018 at 11:41PM by TheNiiku
via reddit https://ift.tt/2vGX41i
Vulnerability Note VU#962459 - Linux Kernel TCP implementation vulnerable to Denial of Service
https://ift.tt/2OaKGOo
Submitted August 06, 2018 at 11:36PM by gonzopancho
via reddit https://ift.tt/2vn6YWb
https://ift.tt/2OaKGOo
Submitted August 06, 2018 at 11:36PM by gonzopancho
via reddit https://ift.tt/2vn6YWb
www.kb.cert.org
Vulnerability Note VU#962459 - Linux Kernel TCP implementation vulnerable to Denial of Service
The Linux kernel, versions 4.9+, is vulnerable to denial of service conditions with low rates of specially modified packets.
UBoat HTTP - A POC HTTP Botnet designed to replicate a full weaponised commercial botnet
https://ift.tt/2OJTNHf
Submitted August 07, 2018 at 12:57AM by timeupyet
via reddit https://ift.tt/2vpI6gH
https://ift.tt/2OJTNHf
Submitted August 07, 2018 at 12:57AM by timeupyet
via reddit https://ift.tt/2vpI6gH
GitHub
Souhardya/UBoat
UBoat - HTTP Botnet Project
Koadic: LoL Malware Meets Python-Based Command and Control (C2) Server
https://ift.tt/2AKjAvL
Submitted August 07, 2018 at 02:51AM by vasiliborodin
via reddit https://ift.tt/2vmnbes
https://ift.tt/2AKjAvL
Submitted August 07, 2018 at 02:51AM by vasiliborodin
via reddit https://ift.tt/2vmnbes
Varonis Blog
Koadic: LoL Malware Meets Python-Based Command and Control (C2) Server, Part I
In my epic series on Windows binaries that have dual uses– talkin’ to you rundll32 and mshta — I showed how hackers can stealthy download and launch remote noscript-based malware. I also mentioned that pen testers have been actively exploring the living-off…
Technical Walkthrough for the new attack on WPA/WPA2 using PMKID
https://ift.tt/2njsmHE
Submitted August 07, 2018 at 04:27AM by wootock
via reddit https://ift.tt/2vN4FeO
https://ift.tt/2njsmHE
Submitted August 07, 2018 at 04:27AM by wootock
via reddit https://ift.tt/2vN4FeO
Medium
Response to
In this short blog, I will walk you through the process of obtaining a valid PMKID packet, and converting those frames of data to hashcat…
Security Advisory Regarding Crestron TSW-XX60 Touch Panel Devices
https://ift.tt/2njrbrI
Submitted August 07, 2018 at 04:01AM by shogunlab
via reddit https://ift.tt/2Oj0leW
https://ift.tt/2njrbrI
Submitted August 07, 2018 at 04:01AM by shogunlab
via reddit https://ift.tt/2Oj0leW
Security Compass
Security Advisory Regarding Crestron TSW-XX60 Touch Panel Devices
Crestron produces touchscreen devices, such as the TSW-XX60 series, which can be used to schedule meeting rooms in corporate offices.
Implementing a Trusted Third-Party System for Secure Shell
https://ift.tt/2MaEQPY
Submitted August 07, 2018 at 04:59PM by kavanutz
via reddit https://ift.tt/2nglBWS
https://ift.tt/2MaEQPY
Submitted August 07, 2018 at 04:59PM by kavanutz
via reddit https://ift.tt/2nglBWS
How I gained commit access to Homebrew in 30 minutes
https://ift.tt/2OR46t6
Submitted August 07, 2018 at 07:48PM by ejholmes
via reddit https://ift.tt/2Mrpfbv
https://ift.tt/2OR46t6
Submitted August 07, 2018 at 07:48PM by ejholmes
via reddit https://ift.tt/2Mrpfbv
Medium
How I gained commit access to Homebrew in 30 minutes
This issue was publicly disclosed on the Homebrew blog at https://brew.sh/2018/08/05/security-incident-disclosure/
How I gained commit access to Homebrew in 30 minutes
https://ift.tt/2OR46t6
Submitted August 08, 2018 at 12:46AM by Chris911
via reddit https://ift.tt/2OgTmmI
https://ift.tt/2OR46t6
Submitted August 08, 2018 at 12:46AM by Chris911
via reddit https://ift.tt/2OgTmmI
Medium
How I gained commit access to Homebrew in 30 minutes
This issue was publicly disclosed on the Homebrew blog at https://brew.sh/2018/08/05/security-incident-disclosure/
Step: A New Open Source "Swiss Army Knife" for Zero Trust Security
https://ift.tt/2vLYLum
Submitted August 08, 2018 at 03:25AM by mjmalone
via reddit https://ift.tt/2AQWh3H
https://ift.tt/2vLYLum
Submitted August 08, 2018 at 03:25AM by mjmalone
via reddit https://ift.tt/2AQWh3H
Smallstep
Step: A New Zero Trust Swiss Army Knife from Smallstep
The way most software systems are secured today is fundamentally flawed. They rely on “perimeter” security: a firewall guarding access to a protected network. Inside the perimeter traffic is mostly trusted. This paradigm relies on assumptions that nobody…
92 percent of enterprises struggle to integrate security into DevOps
https://ift.tt/2MooJed
Submitted August 08, 2018 at 03:54AM by suf0x
via reddit https://ift.tt/2MrrLi6
https://ift.tt/2MooJed
Submitted August 08, 2018 at 03:54AM by suf0x
via reddit https://ift.tt/2MrrLi6
BetaNews
92 percent of enterprises struggle to integrate security into DevOps
A large majority of organizations are struggling to implement security into their DevOps processes, despite saying they want to do so, according to a new report. The study commissioned by applicati…