Firework - Leveraging Microsoft Workspaces in a Penetration Test
https://ift.tt/2PmbnR2
Submitted August 30, 2018 at 08:58PM by greenwolf247
via reddit https://ift.tt/2MCTYGW
https://ift.tt/2PmbnR2
Submitted August 30, 2018 at 08:58PM by greenwolf247
via reddit https://ift.tt/2MCTYGW
Trustwave
Firework: Leveraging Microsoft Workspaces in a Penetration Test
Overview WCX files can be used to configure a Microsoft Workplace on a system with a couple of clicks. The enrollment process could disclose credentials in the form of a NetNTLM hash. Authentication will either take place automatically on older...
Building the security operations center of tomorrow—harnessing the law of data gravity
https://ift.tt/2LFhDBa
Submitted August 30, 2018 at 09:46PM by myinnerbanjo
via reddit https://ift.tt/2PPfHcz
https://ift.tt/2LFhDBa
Submitted August 30, 2018 at 09:46PM by myinnerbanjo
via reddit https://ift.tt/2PPfHcz
Microsoft Security Blog
Building the security operations center of tomorrow—harnessing the law of data gravity | Microsoft Security Blog
How can we build the SOC of tomorrow? By respecting the law of data gravity. If we can perform security analytics close to where the data already is, we can increase the speed of response.
0patch beats Microsoft to patching Windows 10 task scheduler 0-day vulnerability
https://ift.tt/2PkBLum
Submitted August 30, 2018 at 09:27PM by wehavetogobackmorty
via reddit https://ift.tt/2okGBwq
https://ift.tt/2PkBLum
Submitted August 30, 2018 at 09:27PM by wehavetogobackmorty
via reddit https://ift.tt/2okGBwq
BetaNews
0patch beats Microsoft to patching Windows 10 task scheduler 0-day vulnerability
Just 24 hours after a zero-day bug in Windows task scheduler was revealed by @SandboxExplorer on Twitter, the vulnerability has been patched. While Microsoft said it would “proactively update…
Vulnhub - Lampiao walkthrough
https://ift.tt/2PiFdWE
Submitted August 30, 2018 at 10:21PM by nishaanthguna
via reddit https://ift.tt/2NagxlP
https://ift.tt/2PiFdWE
Submitted August 30, 2018 at 10:21PM by nishaanthguna
via reddit https://ift.tt/2NagxlP
GitHub
gameFace22/vulnhub-walkthrough
Contribute to gameFace22/vulnhub-walkthrough development by creating an account on GitHub.
CVE-2018-8284: Bypassing Workflows Protection Mechanisms - Remote Code Execution on SharePoint
https://ift.tt/2LCBcdi
Submitted August 31, 2018 at 12:28AM by digicat
via reddit https://ift.tt/2ooGxvq
https://ift.tt/2LCBcdi
Submitted August 31, 2018 at 12:28AM by digicat
via reddit https://ift.tt/2ooGxvq
reddit
r/netsec - CVE-2018-8284: Bypassing Workflows Protection Mechanisms - Remote Code Execution on SharePoint
2 votes and 0 comments so far on Reddit
So Google starts to support The FIDO U2F 2FA, but only after offering their own branded Dongle. It is made in China Too.
https://ift.tt/2BZWW3l
Submitted August 31, 2018 at 02:38AM by LinearFluid
via reddit https://ift.tt/2MGtCn6
https://ift.tt/2BZWW3l
Submitted August 31, 2018 at 02:38AM by LinearFluid
via reddit https://ift.tt/2MGtCn6
reddit
r/sysadmin - So Google starts to support The FIDO U2F 2FA, but only after offering their own branded Dongle. It is made in China…
3 votes and 0 comments so far on Reddit
Differential Malware Analysis: An Example | NVISO Labs
https://ift.tt/2LIQInL
Submitted August 31, 2018 at 01:59PM by daanraman
via reddit https://ift.tt/2wAndyX
https://ift.tt/2LIQInL
Submitted August 31, 2018 at 01:59PM by daanraman
via reddit https://ift.tt/2wAndyX
NVISO Labs
Differential Malware Analysis: An Example
There are many ways to analyze malware. In this blog post, we illustrate a typical analysis method: comparing an unknown sample with a known sample, to determine if the unknown sample is malicious …
SonarSnoop: Active Acoustic Side-Channel Attacks
https://ift.tt/2Ca3LPA
Submitted August 31, 2018 at 03:09PM by Natanael_L
via reddit https://ift.tt/2NAPFs1
https://ift.tt/2Ca3LPA
Submitted August 31, 2018 at 03:09PM by Natanael_L
via reddit https://ift.tt/2NAPFs1
How We Micropatched a Publicly Dropped 0day in Task Scheduler (CVE-UNKNOWN)
https://ift.tt/2wuffIy
Submitted August 31, 2018 at 07:01PM by 0patch
via reddit https://ift.tt/2PnQFjB
https://ift.tt/2wuffIy
Submitted August 31, 2018 at 07:01PM by 0patch
via reddit https://ift.tt/2PnQFjB
0Patch
How We Micropatched a Publicly Dropped 0day in Task Scheduler (CVE-UNKNOWN)
Being Who You Are Can be a Bad Thing if You're a System Service by Mitja Kolsek, the 0patch Team Earlier this week security researc...
How We Micropatched a Publicly Dropped 0day in Task Scheduler (CVE-UNKNOWN)
https://ift.tt/2wuffIy
Submitted August 31, 2018 at 07:01PM by 0patch
via reddit https://ift.tt/2PnQFjB
https://ift.tt/2wuffIy
Submitted August 31, 2018 at 07:01PM by 0patch
via reddit https://ift.tt/2PnQFjB
0Patch
How We Micropatched a Publicly Dropped 0day in Task Scheduler (CVE-UNKNOWN)
Being Who You Are Can be a Bad Thing if You're a System Service by Mitja Kolsek, the 0patch Team Earlier this week security researc...
JSON Deserialization Memory Corruption Vulnerabilities on Android
https://ift.tt/2NyDonN
Submitted September 01, 2018 at 12:48AM by marketingversprite
via reddit https://ift.tt/2PRQgHg
https://ift.tt/2NyDonN
Submitted September 01, 2018 at 12:48AM by marketingversprite
via reddit https://ift.tt/2PRQgHg
VerSprite | Integrated Security Services and Consulting
JSON Deserialization Memory Corruption Vulnerabilities on Android
VerSprite's cybersecurity research team analyzes JSON Deserialization Memory Corruption Vulnerabilities on Android. Stay tuned for the rest of the series.
Playing With the New Burp Suite REST API
https://ift.tt/2wvXsAR
Submitted September 01, 2018 at 01:15AM by powershelltutorials
via reddit https://ift.tt/2N5YPiZ
https://ift.tt/2wvXsAR
Submitted September 01, 2018 at 01:15AM by powershelltutorials
via reddit https://ift.tt/2N5YPiZ
Pentest Geek
Playing With the New Burp Suite REST API - Pentest Geek
One of the coolest new features released in the recent beta version of Burp Suite is the introduction of a REST API. I blogged about the UI and some other feature enhancements earlier this week. Today I want to talk a little bit about a command-line Ruby…
Out of Band Exploitation (OOB) CheatSheet by NotSoSecure
https://ift.tt/2N7bSAI
Submitted September 01, 2018 at 02:20AM by anantshri
via reddit https://ift.tt/2PUoo5h
https://ift.tt/2N7bSAI
Submitted September 01, 2018 at 02:20AM by anantshri
via reddit https://ift.tt/2PUoo5h
NotSoSecure
Out of Band Exploitation (OOB) CheatSheet - NotSoSecure
This Cheatsheet covers large number of detection & exploitation scenarios around Out of Band Exploitation Techniques. Primarily targetting DNS and ICMP.
Microsoft introduces AI solution to detect mobile bank fraud in less than two seconds
https://ift.tt/2N7wGYT
Submitted September 01, 2018 at 02:08AM by myinnerbanjo
via reddit https://ift.tt/2NBxMct
https://ift.tt/2N7wGYT
Submitted September 01, 2018 at 02:08AM by myinnerbanjo
via reddit https://ift.tt/2NBxMct
Neowin
Microsoft introduces AI solution to detect mobile bank fraud in less than two seconds
In a new solution guide, Microsoft has explained how to create an Azure-based solution to detect mobile bank fraud within two seconds, helping mitigate fraudulent transactions and SIM swap attacks.
Pwned Together: Hacking dev.to
https://ift.tt/2wvruEJ
Submitted September 01, 2018 at 02:58AM by Anyny0
via reddit https://ift.tt/2MJCxo7
https://ift.tt/2wvruEJ
Submitted September 01, 2018 at 02:58AM by Anyny0
via reddit https://ift.tt/2MJCxo7
The Practical Dev
Pwned Together: Hacking dev.to
How I found a vulnerability in the application, and how you can too!
CFP opened for the first iteration of THREAT CON
https://ift.tt/2LK03Mr
Submitted September 01, 2018 at 08:37AM by nyoface
via reddit https://ift.tt/2MIqneU
https://ift.tt/2LK03Mr
Submitted September 01, 2018 at 08:37AM by nyoface
via reddit https://ift.tt/2MIqneU
reddit
r/netsec - CFP opened for the first iteration of THREAT CON
1 vote and 0 comments so far on Reddit
Remote Mac Exploitation Via Custom URL Schemes
https://ift.tt/2wvNyPw
Submitted September 01, 2018 at 09:28PM by rspeed
via reddit https://ift.tt/2PmjJIe
https://ift.tt/2wvNyPw
Submitted September 01, 2018 at 09:28PM by rspeed
via reddit https://ift.tt/2PmjJIe
reddit
Remote Mac Exploitation Via Custom URL Schemes • r/netsec
1 points and 1 comments so far on reddit
Synesthesia: Detecting Screen Content via Remote Acoustic Side Channels
https://ift.tt/2wgbqWo
Submitted September 02, 2018 at 01:27AM by dezzion
via reddit https://ift.tt/2owgPp2
https://ift.tt/2wgbqWo
Submitted September 02, 2018 at 01:27AM by dezzion
via reddit https://ift.tt/2owgPp2
ACID Server VM Walkthrough
https://ift.tt/2uiTl8o
Submitted September 02, 2018 at 08:52AM by fireh7nter
via reddit https://ift.tt/2C7Ek18
https://ift.tt/2uiTl8o
Submitted September 02, 2018 at 08:52AM by fireh7nter
via reddit https://ift.tt/2C7Ek18
Secure Your Digital Life
ACID Server VM Walkthrough | Secure Your Digital Life
Acid Server is a web based vulnerable virtual machine which was designed like a CTF (Catch The Flag) for pentesters. If you are interested in web based exploits, then you are in a right place. The denoscription of ACID Server in Vulnhub is as follows : Welcome…
Collection of Botnet Source Codes for Educational Purpose (PoC) Only
https://ift.tt/2LOlE6q
Submitted September 02, 2018 at 02:10PM by Prav123
via reddit https://ift.tt/2LQzCo2
https://ift.tt/2LOlE6q
Submitted September 02, 2018 at 02:10PM by Prav123
via reddit https://ift.tt/2LQzCo2
GitHub
maestron/botnets
This is a collection of #botnet source codes, unorganized. For EDUCATIONAL PURPOSES ONLY - maestron/botnets
Uninitialized Bash variable to bypass WAF, tested on CloudFlare WAF and ModSecurity OWASP CRS
https://ift.tt/2PSWVB7
Submitted September 02, 2018 at 07:23PM by theMiddleBlue
via reddit https://ift.tt/2PuNg2n
https://ift.tt/2PSWVB7
Submitted September 02, 2018 at 07:23PM by theMiddleBlue
via reddit https://ift.tt/2PuNg2n
Secjuice.com
Web Application Firewall (WAF) Evasion Techniques #3
Join security researcher theMiddle and learn how to use an uninitialized Bash variable to bypass WAF regex based filters and pattern matching.