Uninitialized Bash variable to bypass WAF, tested on CloudFlare WAF and ModSecurity OWASP CRS
https://ift.tt/2PSWVB7
Submitted September 02, 2018 at 07:23PM by theMiddleBlue
via reddit https://ift.tt/2PuNg2n
https://ift.tt/2PSWVB7
Submitted September 02, 2018 at 07:23PM by theMiddleBlue
via reddit https://ift.tt/2PuNg2n
Secjuice.com
Web Application Firewall (WAF) Evasion Techniques #3
Join security researcher theMiddle and learn how to use an uninitialized Bash variable to bypass WAF regex based filters and pattern matching.
House panel rips CVE contracting and oversight policies
https://ift.tt/2BU9OrG
Submitted September 02, 2018 at 08:43PM by dokuhebi
via reddit https://ift.tt/2CaJE3Z
https://ift.tt/2BU9OrG
Submitted September 02, 2018 at 08:43PM by dokuhebi
via reddit https://ift.tt/2CaJE3Z
Cyberscoop
House panel rips CVE contracting and oversight policies - CyberScoop
The industry-wide program for documenting hardware and software vulnerabilities suffers from fluctuating funding and insufficient oversight, according to the House Energy and Commerce Committee.
Exposing Signal & Dust Messaging Applications.
https://ift.tt/2LPRtQU
Submitted September 03, 2018 at 12:51AM by DonnieFielding
via reddit https://ift.tt/2Ncz2Wu
https://ift.tt/2LPRtQU
Submitted September 03, 2018 at 12:51AM by DonnieFielding
via reddit https://ift.tt/2Ncz2Wu
Medium
Messengers’ Terms of Service: Signal and Dust
As part of the “Data Rights” series, today we decided to consider products that are more interesting in terms of privacy and user…
Active Directory Leaks via Azure
https://ift.tt/2NGlIXG
Submitted September 03, 2018 at 02:11PM by CyberBullets
via reddit https://ift.tt/2N9zEw3
https://ift.tt/2NGlIXG
Submitted September 03, 2018 at 02:11PM by CyberBullets
via reddit https://ift.tt/2N9zEw3
Black Hills Information Security
Red Teaming Microsoft: Part 1 - Active Directory Leaks via Azure - Black Hills Information Security
Mike Felch// With so many Microsoft technologies, services, integrations, applications, and configurations it can create a great deal of difficulty just to manage everything. Now imagine trying to secure an environment that goes well beyond the perimeter.…
Reverse Engineering The Medium Android App And Making All Stories In It Free
https://ift.tt/2Na9bP4
Submitted September 03, 2018 at 08:06PM by HUCK45
via reddit https://ift.tt/2PxmZAy
https://ift.tt/2Na9bP4
Submitted September 03, 2018 at 08:06PM by HUCK45
via reddit https://ift.tt/2PxmZAy
Hacker Noon
Reverse Engineering The Medium App (and making all stories in it free)
Last week I realized it’s been a year since my last post here.
Probably the most outrageous recruitment process I've ever came across
https://ift.tt/2CerLkL
Submitted September 03, 2018 at 11:52PM by b93b3de72036584e4054
via reddit https://ift.tt/2NeLy7U
https://ift.tt/2CerLkL
Submitted September 03, 2018 at 11:52PM by b93b3de72036584e4054
via reddit https://ift.tt/2NeLy7U
A Pentesting Company | Fluid Attacks
Careers | A Pentesting Company | Fluid Attacks
Fluid Attacks is always looking for young talents with a passion for programming and Information Technology. This page is meant to inform everyone interested in being part of the Fluid Attacks team about the selection process and the various stages that it…
PoC of how someone can grab db settings from config files, if they are edited in Vim on a server (for example, if an admin user edits WordPress' wp-config.php file, an attacker can just download the .swp file and get the credentials)
https://ift.tt/2CeG8pd
Submitted September 04, 2018 at 12:59AM by web_dev_etc
via reddit https://ift.tt/2LTIERw
https://ift.tt/2CeG8pd
Submitted September 04, 2018 at 12:59AM by web_dev_etc
via reddit https://ift.tt/2LTIERw
How I did not get a shell
https://ift.tt/2wjChRv
Submitted September 03, 2018 at 10:13PM by eqarmada2
via reddit https://ift.tt/2MHBjtk
https://ift.tt/2wjChRv
Submitted September 03, 2018 at 10:13PM by eqarmada2
via reddit https://ift.tt/2MHBjtk
Protection: Defending Assets, Information & Yourself in the Modern Age
https://ift.tt/2NLcMQP
Submitted September 04, 2018 at 09:27AM by darksim905
via reddit https://ift.tt/2LQN5MQ
https://ift.tt/2NLcMQP
Submitted September 04, 2018 at 09:27AM by darksim905
via reddit https://ift.tt/2LQN5MQ
reddit
r/netsec - Protection: Defending Assets, Information & Yourself in the Modern Age
3 votes and 1 comment so far on Reddit
Multiple Vulnerabilities on Kerui Endoscope Camera
https://ift.tt/2NRfZOs
Submitted September 04, 2018 at 02:49PM by utku1337
via reddit https://ift.tt/2Crhm5B
https://ift.tt/2NRfZOs
Submitted September 04, 2018 at 02:49PM by utku1337
via reddit https://ift.tt/2Crhm5B
Utkusen
Multiple Vulnerabilities on Kerui Endoscope Camera
Recently, I bought a device named Kerui Endoscope Camera (Model:YPC99) from Aliexpress. It’s a very popular device which is sold more than 5000 via different stores.
The package contains: Endoscope camera, Wifi device and a small user manual
Problem 1…
The package contains: Endoscope camera, Wifi device and a small user manual
Problem 1…
XIP - IP addresses mutation
https://ift.tt/2wGPcNF
Submitted September 04, 2018 at 04:54PM by Nitr4x
via reddit https://ift.tt/2Q4NAWG
https://ift.tt/2wGPcNF
Submitted September 04, 2018 at 04:54PM by Nitr4x
via reddit https://ift.tt/2Q4NAWG
Using AWS Account ID’s for IAM User Enumeration
https://ift.tt/2CfX4vF
Submitted September 04, 2018 at 06:53PM by hackers_and_builders
via reddit https://ift.tt/2oBFzfo
https://ift.tt/2CfX4vF
Submitted September 04, 2018 at 06:53PM by hackers_and_builders
via reddit https://ift.tt/2oBFzfo
Fuzzing Counter-Strike: Global Offensive maps files with AFL
https://ift.tt/2PBxMcX
Submitted September 04, 2018 at 08:01PM by 0x4a616e
via reddit https://ift.tt/2LVhSrZ
https://ift.tt/2PBxMcX
Submitted September 04, 2018 at 08:01PM by 0x4a616e
via reddit https://ift.tt/2LVhSrZ
reddit
r/netsec - Fuzzing Counter-Strike: Global Offensive maps files with AFL
20 votes and 1 comment so far on Reddit
Discovering misconfigured Tor sites exposing themselves via public IPs (Spanish)
https://ift.tt/2wIhs2f
Submitted September 04, 2018 at 10:19PM by le-quack
via reddit https://ift.tt/2LWMKbp
https://ift.tt/2wIhs2f
Submitted September 04, 2018 at 10:19PM by le-quack
via reddit https://ift.tt/2LWMKbp
TekCrispy
IP's públicas de Tor son expuestas mediante certificados SSL
Por medio de una mala configuración del servidor es posible encontrar la IP pública de cualquier sitio web oculto con Tor.
0wned - Code execution via Python package installation
https://ift.tt/2Q2fJxJ
Submitted September 04, 2018 at 09:58PM by Schwag
via reddit https://ift.tt/2LWypLW
https://ift.tt/2Q2fJxJ
Submitted September 04, 2018 at 09:58PM by Schwag
via reddit https://ift.tt/2LWypLW
GitHub
mschwager/0wned
Code execution via Python package installation. Contribute to mschwager/0wned development by creating an account on GitHub.
JSON Deserialization Memory Corruption Vulnerabilities on Android
https://ift.tt/2NyDonN
Submitted September 05, 2018 at 12:47AM by marketingversprite
via reddit https://ift.tt/2ChiZCu
https://ift.tt/2NyDonN
Submitted September 05, 2018 at 12:47AM by marketingversprite
via reddit https://ift.tt/2ChiZCu
VerSprite | Integrated Security Services and Consulting
JSON Deserialization Memory Corruption Vulnerabilities on Android
VerSprite's cybersecurity research team analyzes JSON Deserialization Memory Corruption Vulnerabilities on Android. Stay tuned for the rest of the series.
Credential Stealer - MEGA Chrome Extension version 3.39.4
https://ift.tt/2oEKs7J
Submitted September 05, 2018 at 01:34AM by Roflnor
via reddit https://ift.tt/2MQ3OW5
https://ift.tt/2oEKs7J
Submitted September 05, 2018 at 01:34AM by Roflnor
via reddit https://ift.tt/2MQ3OW5
reddit
r/Monero - Don't use MEGA Chrome Extension version 3.39.4
94 votes and 29 comments so far on Reddit
Create a Hypervisor From Scratch (Parts 1 &2)
https://ift.tt/2NOJD70
Submitted September 05, 2018 at 03:12AM by PeterG45
via reddit https://ift.tt/2MKBGTX
https://ift.tt/2NOJD70
Submitted September 05, 2018 at 03:12AM by PeterG45
via reddit https://ift.tt/2MKBGTX
Sina & Shahriar's Blog
Hypervisor From Scratch – Part 2: Entering VMX Operation - Sina & Shahriar's Blog
In this section, we will learn about Detect Hypervisor Support for our processor, then we simply config the basic stuff to Enable VMX and Loading our VMCS in the last of this, we look at Interacting with our VMM from User-Mode.
x64 Inline Assembly in Windows Driver Kit
https://ift.tt/2NOTQ3z
Submitted September 05, 2018 at 03:10AM by PeterG45
via reddit https://ift.tt/2NndBlX
https://ift.tt/2NOTQ3z
Submitted September 05, 2018 at 03:10AM by PeterG45
via reddit https://ift.tt/2NndBlX
Sina & Shahriar's Blog
x64 Inline Assembly in Windows Driver Kit - Sina & Shahriar's Blog
In this post, you will learn how to create an x64 inline assembly project in Windows Driver Kit. As you know Microsoft remove _asm from its compilers.
Hacking the RPi Cam Web Interface
https://ift.tt/2LWQyJK
Submitted September 05, 2018 at 07:55AM by Inter4567
via reddit https://ift.tt/2M096bU
https://ift.tt/2LWQyJK
Submitted September 05, 2018 at 07:55AM by Inter4567
via reddit https://ift.tt/2M096bU
Reigningshells
Hacking The RPi Cam Web Interface
In my spare time, I like to poke around on different open and closed source projects and look for vulnerabilities. Recently, I turned m...
Which Vulnerabilities Are Being Exploited by Attackers
https://ift.tt/2LIbm7C
Submitted September 05, 2018 at 12:41PM by CyberBullets
via reddit https://ift.tt/2wJTh3F
https://ift.tt/2LIbm7C
Submitted September 05, 2018 at 12:41PM by CyberBullets
via reddit https://ift.tt/2wJTh3F
Rapid7 Blog
Common Vulnerabilities Exploited in Attacks and Penetration Tests
Software vulnerabilities are at the core of pen testing—and our "Under the Hoodie" report provides insights and advice one can only get in the trenches.