CVE-2018-8302: Getting code execution on Microsoft Exchange through a .NET BinaryFormatter Deserialization vulnerability.
https://ift.tt/2KSIvNI
Submitted August 15, 2018 at 07:12AM by RedmondSecGnome
via reddit https://ift.tt/2nFNs2U
https://ift.tt/2KSIvNI
Submitted August 15, 2018 at 07:12AM by RedmondSecGnome
via reddit https://ift.tt/2nFNs2U
Zero Day Initiative
Voicemail Vandalism: Getting Remote Code Execution on Microsoft Exchange Server
We recently received a bug report with an intriguing denoscription: “A non-privileged Exchange user can run arbitrary code as "NT AUTHORITY\SYSTEM" in the Exchange Server through a .NET BinaryFormatter Deserialization vulnerability.” It definitely caught…
Phone Call to XXE via Interactive Voice Response
https://ift.tt/2Pat1I3
Submitted August 15, 2018 at 07:09AM by sxcurity
via reddit https://ift.tt/2MPPGrP
https://ift.tt/2Pat1I3
Submitted August 15, 2018 at 07:09AM by sxcurity
via reddit https://ift.tt/2MPPGrP
HackerOne
cdl published a vulnerability from ██████ on HackerOne: Phone Call...
| Summary |
|--|
> ████ is vulnerable to XXE due to the processing of DTDs
| Denoscription |
|--|
> *"VoiceXML (VXML) is a digital document standard for specifying interactive media and voice...
|--|
> ████ is vulnerable to XXE due to the processing of DTDs
| Denoscription |
|--|
> *"VoiceXML (VXML) is a digital document standard for specifying interactive media and voice...
Australian Govt releases draft laws targeting encryption
https://ift.tt/2MsouC8
Submitted August 15, 2018 at 09:26AM by StewPoll
via reddit https://ift.tt/2MKDNmB
https://ift.tt/2MsouC8
Submitted August 15, 2018 at 09:26AM by StewPoll
via reddit https://ift.tt/2MKDNmB
Account takeover due to blind MongoDB injection
https://ift.tt/2MO3FhG
Submitted August 15, 2018 at 07:58PM by albinowax
via reddit https://ift.tt/2nGfziJ
https://ift.tt/2MO3FhG
Submitted August 15, 2018 at 07:58PM by albinowax
via reddit https://ift.tt/2nGfziJ
HackerOne
Node.js third-party modules disclosed on HackerOne: [flintcms]...
I would like to report a privilege escalation vulnerability in flintcms.
It allows to reset a known user password, extract its password reset token and reset its password to then access the...
It allows to reset a known user password, extract its password reset token and reset its password to then access the...
hideNsneak - An Attack Infrastructure Obfuscation Framework
https://ift.tt/2Jkz2xH
Submitted August 15, 2018 at 08:41PM by karmicSec
via reddit https://ift.tt/2MOTmtR
https://ift.tt/2Jkz2xH
Submitted August 15, 2018 at 08:41PM by karmicSec
via reddit https://ift.tt/2MOTmtR
GitHub
rmikehodges/hideNsneak
hideNsneak - a CLI for ephemeral penetration testing
hideNsneak - Automate, Manage, and Configure Your Attack Infrastructure with Cloud Solutions to Save Time and Evade Detection
https://ift.tt/2Jkz2xH
Submitted August 15, 2018 at 09:03PM by karmicSec
via reddit https://ift.tt/2MM3lQt
https://ift.tt/2Jkz2xH
Submitted August 15, 2018 at 09:03PM by karmicSec
via reddit https://ift.tt/2MM3lQt
GitHub
rmikehodges/hideNsneak
hideNsneak - a CLI for ephemeral penetration testing
PHAR Deserialization - A New PHP Exploitation Technique
https://ift.tt/2Bm85ey
Submitted August 15, 2018 at 09:39PM by martinbdz
via reddit https://ift.tt/2BbcLUr
https://ift.tt/2Bm85ey
Submitted August 15, 2018 at 09:39PM by martinbdz
via reddit https://ift.tt/2BbcLUr
Announcing Gopherus: Generate Gopher payload for exploiting SSRF and lead to RCE, on SSRF vulnerable sites
I've written this tool for MySQL, FastCGI, Memcached, Redis, Zabbix, SMTP servers.A detailed denoscription can be found here: https://github.com/tarunkant/Gopherusblog post on the same: https://spyclub.tech/2018/blog-on-gopherus/
Submitted August 15, 2018 at 09:10PM by tarunkant
via reddit https://ift.tt/2vSRJoz
I've written this tool for MySQL, FastCGI, Memcached, Redis, Zabbix, SMTP servers.A detailed denoscription can be found here: https://github.com/tarunkant/Gopherusblog post on the same: https://spyclub.tech/2018/blog-on-gopherus/
Submitted August 15, 2018 at 09:10PM by tarunkant
via reddit https://ift.tt/2vSRJoz
GitHub
tarunkant/Gopherus
This tool generates gopher link for exploiting SSRF and gaining RCE in various servers - tarunkant/Gopherus
Analysing CVE-2018-13417 for files, hashes and shells
https://ift.tt/2KXacF0
Submitted August 15, 2018 at 09:52PM by r3b00tu53r
via reddit https://ift.tt/2KUv4gc
https://ift.tt/2KXacF0
Submitted August 15, 2018 at 09:52PM by r3b00tu53r
via reddit https://ift.tt/2KUv4gc
in.security Cyber Security Services
Analysing CVE-2018-13417 for files, hashes and shells | in.security Cyber Security Services
CVE-2018-13417 was released this August that disclosed an out-of-band XXE vulnerability in the SSDP/UPnP functionality of the XML parsing engine in the popular Vuze Bittorrent client
Password and Credential Management in 2018 - State of the art security for the most valuable secrets
https://ift.tt/2ML1gEh
Submitted August 15, 2018 at 01:48PM by fharw
via reddit https://ift.tt/2ODErCZ
https://ift.tt/2ML1gEh
Submitted August 15, 2018 at 01:48PM by fharw
via reddit https://ift.tt/2ODErCZ
Medium
Password and Credential Management in 2018 🔒
State of the art security for the most valuable secrets
Decided to write a proper guide for WP malware removal. Hopefully it can be helpful if someone comes to you with such issue.
https://ift.tt/2OE4dXX
Submitted August 16, 2018 at 02:18AM by ded1cated
via reddit https://ift.tt/2vLzLUN
https://ift.tt/2OE4dXX
Submitted August 16, 2018 at 02:18AM by ded1cated
via reddit https://ift.tt/2vLzLUN
WebARX
Comprehensive WordPress Malware Removal Guide
Complete step-by-step technical tutorial for WordPress malware removal. Remove WordPress malware, backdoors, SEO Injection, htaccess hack and learn how to remove WordPress site from google blacklist. Extra tips for making the site secure! Everything in one…
A cr4cking g00d time – walkthrough (password cracking CTF answers)
https://ift.tt/2vOdNQT
Submitted August 16, 2018 at 07:23PM by Griffnut
via reddit https://ift.tt/2PbtKsJ
https://ift.tt/2vOdNQT
Submitted August 16, 2018 at 07:23PM by Griffnut
via reddit https://ift.tt/2PbtKsJ
in.security Cyber Security Services
A cr4cking g00d time - walkthrough | in.security Cyber Security Services
It's been a few weeks since we released A cr4cking g00d time and we'd first like to thank everyone who gave it a go. We've received great feedback and are very pleased to hear that people have attained new levels of password cracking-fu in the process
British and Canadian Governments Accidentally Exposed Passwords and Security Plans to the Entire Internet
https://ift.tt/2MWlyuU
Submitted August 17, 2018 at 12:12AM by KushagraX
via reddit https://ift.tt/2MipBFn
https://ift.tt/2MWlyuU
Submitted August 17, 2018 at 12:12AM by KushagraX
via reddit https://ift.tt/2MipBFn
The Intercept
British and Canadian Governments Accidentally Exposed Passwords and Security Plans to the Entire Internet
On Trello, a project management site, the governments posted credentials for servers and domain names and even some emails and code.
Welcome to the New Order: A DEF CON 2018 Retrospective by PPP
https://ift.tt/2wdw21y
Submitted August 17, 2018 at 12:36AM by centinibroninthesky
via reddit https://ift.tt/2Phqhca
https://ift.tt/2wdw21y
Submitted August 17, 2018 at 12:36AM by centinibroninthesky
via reddit https://ift.tt/2Phqhca
dttw.tech
Down to the Wire
Down to the Wire is a collaborative project hosted by a group of students across the country. Topics range from hardware to software to security.
OpenSSH Username Enumeration
https://ift.tt/2MuzmQ0
Submitted August 17, 2018 at 02:17AM by 0x4a616e
via reddit https://ift.tt/2Btw1wD
https://ift.tt/2MuzmQ0
Submitted August 17, 2018 at 02:17AM by 0x4a616e
via reddit https://ift.tt/2Btw1wD
seclists.org
oss-sec: OpenSSH Username Enumeration
Vulnerable Out of the Box: An Evaluation of Android Carrier Devices
https://ift.tt/2Bg2MNr
Submitted August 17, 2018 at 01:53AM by vamediah
via reddit https://ift.tt/2Bop7s6
https://ift.tt/2Bg2MNr
Submitted August 17, 2018 at 01:53AM by vamediah
via reddit https://ift.tt/2Bop7s6
Detecting database leaks through record poisoning
https://ift.tt/2nIL8Iz
Submitted August 17, 2018 at 03:55AM by paFarb
via reddit https://ift.tt/2L0dmYs
https://ift.tt/2nIL8Iz
Submitted August 17, 2018 at 03:55AM by paFarb
via reddit https://ift.tt/2L0dmYs
Cossacklabs
Cossack Labs / Poison Records in Acra – Database Honeypots for Intrusion Detection
Database protection tool for detection of suspicious behaviour created by Cossack Labs
Vulnerability hunting with Semmle QL, part 1
https://ift.tt/2L0nQae
Submitted August 17, 2018 at 06:07AM by thebrachy
via reddit https://ift.tt/2vMxF7e
https://ift.tt/2L0nQae
Submitted August 17, 2018 at 06:07AM by thebrachy
via reddit https://ift.tt/2vMxF7e
reddit
r/netsec - Vulnerability hunting with Semmle QL, part 1
2 votes and 0 comments so far on Reddit
Cookie Decrypter for Burp Suite
https://ift.tt/2MkgXWX
Submitted August 17, 2018 at 07:21AM by IamJacksLackOf
via reddit https://ift.tt/2w5bmZu
https://ift.tt/2MkgXWX
Submitted August 17, 2018 at 07:21AM by IamJacksLackOf
via reddit https://ift.tt/2w5bmZu
GitLab
TechnoTame / cookie-decrypter
File Operation Induced Unserialization via the “phar://” Stream Wrapper
https://ift.tt/2OIr70b?
Submitted August 17, 2018 at 03:41PM by ga-vu
via reddit https://ift.tt/2MUlYBG
https://ift.tt/2OIr70b?
Submitted August 17, 2018 at 03:41PM by ga-vu
via reddit https://ift.tt/2MUlYBG
Commercial Cryptographic Key Management in 2018
https://ift.tt/2Mmsgy0
Submitted August 17, 2018 at 11:37AM by undercomm
via reddit https://ift.tt/2MQiy2W
https://ift.tt/2Mmsgy0
Submitted August 17, 2018 at 11:37AM by undercomm
via reddit https://ift.tt/2MQiy2W
Malgregator
Commercial Cryptographic Key Management in 2018
Modern key management in a large organization is primarily described by bureaucratic procedures and compliance requirements due to...