Evading Anomaly-Based NIDS with Empire
https://ift.tt/2KOVEXL
Submitted August 13, 2018 at 08:09PM by utku1337
via reddit https://ift.tt/2OApIcd
https://ift.tt/2KOVEXL
Submitted August 13, 2018 at 08:09PM by utku1337
via reddit https://ift.tt/2OApIcd
Utkusen
Evading Anomaly-Based NIDS with Empire
In DEF CON 26, I gave a speech about this topic on Packet Hacking Village, and demonstrated my tool (firstorder) in Demo Labs. I got very good feedbacks for my idea, however some people seem to be confused about all these. So I want to explain everything…
Disabling OkHttp’s SSL Pinning on Android Apps
https://ift.tt/2nyOVrN
Submitted August 13, 2018 at 08:42PM by jamaican420guy
via reddit https://ift.tt/2w4GmJk
https://ift.tt/2nyOVrN
Submitted August 13, 2018 at 08:42PM by jamaican420guy
via reddit https://ift.tt/2w4GmJk
Medium
Disabling OkHttp’s SSL Pinning on Android Apps
Your target has an Android application and you want to walk through their API to check for server-side vulnerabilities. You configure the…
A guide to Machine Learning for NetSec (Application Security)
https://ift.tt/2MdVDlW
Submitted August 13, 2018 at 10:42PM by isityoupaul
via reddit https://ift.tt/2OAMJM9
https://ift.tt/2MdVDlW
Submitted August 13, 2018 at 10:42PM by isityoupaul
via reddit https://ift.tt/2OAMJM9
Templarbit Inc.
A guide to Machine Learning for Application Security
Machine Learning is definitely not the magic bullet it is...
Endpoint Security Self-Protection on MacOS
https://ift.tt/2MidBmF
Submitted August 13, 2018 at 10:29PM by dmchell
via reddit https://ift.tt/2nDbonz
https://ift.tt/2MidBmF
Submitted August 13, 2018 at 10:29PM by dmchell
via reddit https://ift.tt/2nDbonz
reddit
r/netsec - Endpoint Security Self-Protection on MacOS
1 vote and 0 comments so far on Reddit
A guide to Machine Learning for Application Security
https://ift.tt/2MpHGk2
Submitted August 14, 2018 at 12:56AM by iamcoolc
via reddit https://ift.tt/2nDBaYR
https://ift.tt/2MpHGk2
Submitted August 14, 2018 at 12:56AM by iamcoolc
via reddit https://ift.tt/2nDBaYR
Templarbit Inc.
A guide to Machine Learning for Application Security
Machine Learning is definitely not the magic bullet it is...
The Dangers of Key Reuse: Practical Attacks on IPsec IKE
https://ift.tt/2MhjGjS
Submitted August 14, 2018 at 03:18AM by campuscodi
via reddit https://ift.tt/2BaEe8E
https://ift.tt/2MhjGjS
Submitted August 14, 2018 at 03:18AM by campuscodi
via reddit https://ift.tt/2BaEe8E
This new attack is described is a recently published research paper ennoscriptd "The Dangers of Key Reuse: Practical Attacks on IPsec IKE," set to be presented at the 27th Usenix Security Symposium later this week in Baltimore, USA. From the paper's abstract:
https://ift.tt/2MFWEiY
Submitted August 14, 2018 at 03:52AM by longevitytech
via reddit https://ift.tt/2OzrRET
https://ift.tt/2MFWEiY
Submitted August 14, 2018 at 03:52AM by longevitytech
via reddit https://ift.tt/2OzrRET
Longevity Technology
Cisco Patches Its Operating Systems Against New IKE Crypto Attack
Cisco, one of the world's largest vendor of networking equipment, released security updates today to patch a vulnerability in the IOS and IOS XE operating syste
Free Stock Photos for your Projects
https://ift.tt/2vGCONN
Submitted August 14, 2018 at 06:54AM by professorhase
via reddit https://ift.tt/2P5u2Ry
https://ift.tt/2vGCONN
Submitted August 14, 2018 at 06:54AM by professorhase
via reddit https://ift.tt/2P5u2Ry
Motosha
food Archives - Motosha
Real free high quality stock photos for commercial and private use! From selected professional photographers. Simple download without registration, without obligations. Best quality and 100% Free.
JSON endpoints without tokens don’t leak; they whisper
https://ift.tt/2B9Mnu3
Submitted August 14, 2018 at 06:46PM by albinowax
via reddit https://ift.tt/2P72FXq
https://ift.tt/2B9Mnu3
Submitted August 14, 2018 at 06:46PM by albinowax
via reddit https://ift.tt/2P72FXq
Medium
JSON endpoints without tokens doesn’t leak they whisper
Exploiting interesting feature in HTML5 https://developer.mozilla.org/en-US/docs/Web/API/Resource_Timing_API/Using_the_Resource_Timing_API…
Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution
https://ift.tt/2MJ36Wl
Submitted August 14, 2018 at 10:41PM by u0000
via reddit https://ift.tt/2Mn4XmQ
https://ift.tt/2MJ36Wl
Submitted August 14, 2018 at 10:41PM by u0000
via reddit https://ift.tt/2Mn4XmQ
reddit
r/netsec - Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution
7 votes and 1 comment so far on Reddit
Multi-Factor Mixup: Who Were You Again? Exploiting Microsoft ADFS MFA integration
https://ift.tt/2MmRZFv
Submitted August 14, 2018 at 10:56PM by overflowingInt
via reddit https://ift.tt/2OyvRpa
https://ift.tt/2MmRZFv
Submitted August 14, 2018 at 10:56PM by overflowingInt
via reddit https://ift.tt/2OyvRpa
Okta
Multi-Factor Mixup: Who Were You Again?
Summary:
hideNsneak - enabling obfuscation of attack infrastructure through DevOps
https://ift.tt/2Jkz2xH
Submitted August 15, 2018 at 12:33AM by karmicSec
via reddit https://ift.tt/2BcPG3L
https://ift.tt/2Jkz2xH
Submitted August 15, 2018 at 12:33AM by karmicSec
via reddit https://ift.tt/2BcPG3L
GitHub
rmikehodges/hideNsneak
hideNsneak - a CLI for ephemeral penetration testing
Playback - a TLS 1.3 story
https://ift.tt/2OBJNih
Submitted August 15, 2018 at 04:54AM by vamediah
via reddit https://ift.tt/2KRVhfk
https://ift.tt/2OBJNih
Submitted August 15, 2018 at 04:54AM by vamediah
via reddit https://ift.tt/2KRVhfk
Linux kernel: CVE-2017-18344: arbitrary-read vulnerability in the timer subsystem
https://ift.tt/2LKMf98
Submitted August 15, 2018 at 04:41AM by thebrachy
via reddit https://ift.tt/2P8wQgM
https://ift.tt/2LKMf98
Submitted August 15, 2018 at 04:41AM by thebrachy
via reddit https://ift.tt/2P8wQgM
seclists.org
oss-sec: Linux kernel: CVE-2017-18344: arbitrary-read vulnerability in the timer subsystem
August 2018 .NET Framework Security and Quality Rollup
https://ift.tt/2MJi5PT
Submitted August 15, 2018 at 04:33AM by jdrch
via reddit https://ift.tt/2BbsmDj
https://ift.tt/2MJi5PT
Submitted August 15, 2018 at 04:33AM by jdrch
via reddit https://ift.tt/2BbsmDj
Microsoft
August 2018 .NET Framework Security and Quality Rollup
A first-hand look from the .NET engineering teams
L1 Terminal Fault / CVE-2018-3615 , CVE-2018-3620,CVE-2018-3646 / INTEL-SA-00161
https://ift.tt/2MqlgPB
Submitted August 15, 2018 at 05:26AM by jdrch
via reddit https://ift.tt/2MplMNW
https://ift.tt/2MqlgPB
Submitted August 15, 2018 at 05:26AM by jdrch
via reddit https://ift.tt/2MplMNW
reddit
r/netsec - L1 Terminal Fault / CVE-2018-3615 , CVE-2018-3620,CVE-2018-3646 / INTEL-SA-00161
1 vote and 0 comments so far on Reddit
CVE-2018-8302: Getting code execution on Microsoft Exchange through a .NET BinaryFormatter Deserialization vulnerability.
https://ift.tt/2KSIvNI
Submitted August 15, 2018 at 07:12AM by RedmondSecGnome
via reddit https://ift.tt/2nFNs2U
https://ift.tt/2KSIvNI
Submitted August 15, 2018 at 07:12AM by RedmondSecGnome
via reddit https://ift.tt/2nFNs2U
Zero Day Initiative
Voicemail Vandalism: Getting Remote Code Execution on Microsoft Exchange Server
We recently received a bug report with an intriguing denoscription: “A non-privileged Exchange user can run arbitrary code as "NT AUTHORITY\SYSTEM" in the Exchange Server through a .NET BinaryFormatter Deserialization vulnerability.” It definitely caught…
Phone Call to XXE via Interactive Voice Response
https://ift.tt/2Pat1I3
Submitted August 15, 2018 at 07:09AM by sxcurity
via reddit https://ift.tt/2MPPGrP
https://ift.tt/2Pat1I3
Submitted August 15, 2018 at 07:09AM by sxcurity
via reddit https://ift.tt/2MPPGrP
HackerOne
cdl published a vulnerability from ██████ on HackerOne: Phone Call...
| Summary |
|--|
> ████ is vulnerable to XXE due to the processing of DTDs
| Denoscription |
|--|
> *"VoiceXML (VXML) is a digital document standard for specifying interactive media and voice...
|--|
> ████ is vulnerable to XXE due to the processing of DTDs
| Denoscription |
|--|
> *"VoiceXML (VXML) is a digital document standard for specifying interactive media and voice...
Australian Govt releases draft laws targeting encryption
https://ift.tt/2MsouC8
Submitted August 15, 2018 at 09:26AM by StewPoll
via reddit https://ift.tt/2MKDNmB
https://ift.tt/2MsouC8
Submitted August 15, 2018 at 09:26AM by StewPoll
via reddit https://ift.tt/2MKDNmB
Account takeover due to blind MongoDB injection
https://ift.tt/2MO3FhG
Submitted August 15, 2018 at 07:58PM by albinowax
via reddit https://ift.tt/2nGfziJ
https://ift.tt/2MO3FhG
Submitted August 15, 2018 at 07:58PM by albinowax
via reddit https://ift.tt/2nGfziJ
HackerOne
Node.js third-party modules disclosed on HackerOne: [flintcms]...
I would like to report a privilege escalation vulnerability in flintcms.
It allows to reset a known user password, extract its password reset token and reset its password to then access the...
It allows to reset a known user password, extract its password reset token and reset its password to then access the...
hideNsneak - An Attack Infrastructure Obfuscation Framework
https://ift.tt/2Jkz2xH
Submitted August 15, 2018 at 08:41PM by karmicSec
via reddit https://ift.tt/2MOTmtR
https://ift.tt/2Jkz2xH
Submitted August 15, 2018 at 08:41PM by karmicSec
via reddit https://ift.tt/2MOTmtR
GitHub
rmikehodges/hideNsneak
hideNsneak - a CLI for ephemeral penetration testing