Microsoft Bug Bounty | MSRC
https://ift.tt/2QezF0u
Submitted September 09, 2018 at 09:36PM by shehackspurple
via reddit https://ift.tt/2wUP2mM
https://ift.tt/2QezF0u
Submitted September 09, 2018 at 09:36PM by shehackspurple
via reddit https://ift.tt/2wUP2mM
Microsoft
Microsoft Identity Bounty | MSRC
Vulnerability reports on Identity services, including Microsoft Account, Azure Active Directory, or select OpenID standards.
How to use Google's CSP Evaluator to bypass CSP
https://ift.tt/2NAkIaM
Submitted September 10, 2018 at 12:24AM by ThomasCZ
via reddit https://ift.tt/2Mf02Qx
https://ift.tt/2NAkIaM
Submitted September 10, 2018 at 12:24AM by ThomasCZ
via reddit https://ift.tt/2Mf02Qx
Thomas Orlita's blog
How to use Google's CSP Evaluator to bypass CSP - Thomas Orlita's blog
You know that feeling when you discovered an XSS only to find out there’s an active CSP that blocks execution of any noscripts? If you want it to work on all browsers, not just IE (which doesn’t support CSP), there’s still a chance to bypass it! Use Google’s…
Every Question Tells a Story – Mitigating Ransomware Using the Rapid Cyberattack Assessment Tool: Part 1
https://ift.tt/2p0nJTT
Submitted September 10, 2018 at 09:52AM by jdrch
via reddit https://ift.tt/2MfToJP
https://ift.tt/2p0nJTT
Submitted September 10, 2018 at 09:52AM by jdrch
via reddit https://ift.tt/2MfToJP
Multi-exploit Mirai and Gafgyt Target Apache Struts, SonicWall
https://ift.tt/2NolfMT
Submitted September 10, 2018 at 11:46AM by thingsec
via reddit https://ift.tt/2x1vTyR
https://ift.tt/2NolfMT
Submitted September 10, 2018 at 11:46AM by thingsec
via reddit https://ift.tt/2x1vTyR
Palo Alto Networks Blog
Multi-exploit IoT/Linux Botnets Mirai and Gafgyt Target Apache Struts, SonicWall - Palo Alto Networks Blog
Unit 42 has uncovered new variants of the well-known IoT botnets Mirai and Gafgyt.
falkervisor (C version), a hypervisor for fuzzing
https://ift.tt/2wVNnNW
Submitted September 10, 2018 at 12:29PM by gamozolabs
via reddit https://ift.tt/2N1OsxI
https://ift.tt/2wVNnNW
Submitted September 10, 2018 at 12:29PM by gamozolabs
via reddit https://ift.tt/2N1OsxI
GitHub
gamozolabs/falkervisor_grilled_cheese
Contribute to gamozolabs/falkervisor_grilled_cheese development by creating an account on GitHub.
Evilginx 2.1 - 2FA Phishing - The First Post-Release Update
https://ift.tt/2CBf1VK
Submitted September 10, 2018 at 02:02PM by kgretzky
via reddit https://ift.tt/2QgmVqd
https://ift.tt/2CBf1VK
Submitted September 10, 2018 at 02:02PM by kgretzky
via reddit https://ift.tt/2QgmVqd
Serverless Red Team Infrastructure
https://ift.tt/2QiO7V6
Submitted September 10, 2018 at 04:03PM by dmchell
via reddit https://ift.tt/2oSupmC
https://ift.tt/2QiO7V6
Submitted September 10, 2018 at 04:03PM by dmchell
via reddit https://ift.tt/2oSupmC
Analysis of Malware That Leverages the Recent ALPC Zero-day Vulnerability
https://ift.tt/2CnVXtY
Submitted September 10, 2018 at 12:22PM by CyberBullets
via reddit https://ift.tt/2CDm3ch
https://ift.tt/2CnVXtY
Submitted September 10, 2018 at 12:22PM by CyberBullets
via reddit https://ift.tt/2CDm3ch
WeLiveSecurity
PowerPool malware exploits zero-day vulnerability
Malware from a newly uncovered group PowerPool has been exploiting zero-day vulnerability in the wild, only two days after its disclosure. The vulnerability affects Microsoft Windows OSes from Windows 7 to Windows 10 and in particular, the ALPC function,…
First-Party Isolation in Firefox and what breaks if you enable it
https://ift.tt/2JRz3dQ
Submitted September 10, 2018 at 06:25PM by sasizza
via reddit https://ift.tt/2O6iSeu
https://ift.tt/2JRz3dQ
Submitted September 10, 2018 at 06:25PM by sasizza
via reddit https://ift.tt/2O6iSeu
Ctrl blog
What is First-Party Isolation in Firefox and what breaks if you enabled it
Instead of modifying and blocking page contents; Firefox optionally lets users modifies the browser to become harder to track across websites.
Chrome/Chromium now considers "www" to be a "trivial" subdomain and no longer shows it in the address bar.
https://ift.tt/CsbsCo
Submitted September 10, 2018 at 08:39PM by CodeBlock
via reddit https://ift.tt/2O0REWx
https://ift.tt/CsbsCo
Submitted September 10, 2018 at 08:39PM by CodeBlock
via reddit https://ift.tt/2O0REWx
reddit
r/netsec - Chrome/Chromium now considers "www" to be a "trivial" subdomain and no longer shows it in the address bar.
5 votes and 3 comments so far on Reddit
Key Managers and Key Stores
https://ift.tt/2x0F0ja
Submitted September 10, 2018 at 10:22PM by amazedballer
via reddit https://ift.tt/2oYjyrj
https://ift.tt/2x0F0ja
Submitted September 10, 2018 at 10:22PM by amazedballer
via reddit https://ift.tt/2oYjyrj
reddit
r/netsec - Key Managers and Key Stores
1 vote and 0 comments so far on Reddit
Analysis of Unpatched Advantech Webaccess RCE
https://ift.tt/2wYQTHl
Submitted September 10, 2018 at 10:16PM by chicksdigthelongrun
via reddit https://ift.tt/2Mhk2SI
https://ift.tt/2wYQTHl
Submitted September 10, 2018 at 10:16PM by chicksdigthelongrun
via reddit https://ift.tt/2Mhk2SI
Medium
Advantech WebAccess Unpatched RCE
Author: Chris Lyne
Exposing Private Domains via Certificate Transparency Logs [tool release]
https://ift.tt/2CxETBy
Submitted September 10, 2018 at 11:27PM by mpeg4codec
via reddit https://ift.tt/2Qkj0J0
https://ift.tt/2CxETBy
Submitted September 10, 2018 at 11:27PM by mpeg4codec
via reddit https://ift.tt/2Qkj0J0
Chris408
Certificate Transparency logs and how they are a gold mine to Bug Hunters
What is CT? Certificate Transparency (CT) is an experimental IETF standard. The goal of CT is to allow the public to audit which certificates were created by Certificate Authorities (CA). TLS has a weakness that comes from the large list of CAs that your…
local host discovery in browser
https://ift.tt/2x1VVSC
Submitted September 11, 2018 at 03:04AM by rain5
via reddit https://ift.tt/2Nqm7AD
https://ift.tt/2x1VVSC
Submitted September 11, 2018 at 03:04AM by rain5
via reddit https://ift.tt/2Nqm7AD
reddit
r/netsec - local host discovery in browser
3 votes and 2 comments so far on Reddit
Slides & presentation of "Unpacking the non-unpackable" (anti-static analytic new ELF packer) in R2CON2018
https://ift.tt/2MgZr0U
Submitted September 11, 2018 at 03:02AM by mmd0xFF
via reddit https://ift.tt/2NwAkfm
https://ift.tt/2MgZr0U
Submitted September 11, 2018 at 03:02AM by mmd0xFF
via reddit https://ift.tt/2NwAkfm
reddit
r/LinuxMalware - About my presentation of: "Unpacking the non-unpackable" (an ELF new packer) in R2CON2018
1 vote and 0 comments so far on Reddit
Spoofing DNS with fragments
https://ift.tt/2CP0Ooi
Submitted September 11, 2018 at 04:42AM by nykzhang
via reddit https://ift.tt/2O2cuVE
https://ift.tt/2CP0Ooi
Submitted September 11, 2018 at 04:42AM by nykzhang
via reddit https://ift.tt/2O2cuVE
PowerDNS Blog
Spoofing DNS with fragments
With some care, it turns out to be possible to spoof fake DNS responses using fragmented datagrams. While preparing a presentation for XS4ALL back in 2009, I found out how this could be done, but I…
India’s citizen biometric registry Aadhaar Software Hacked, ID Database Compromised, Experts Confirm
https://ift.tt/2CFbyoQ
Submitted September 11, 2018 at 10:54AM by lordatlas
via reddit https://ift.tt/2NA8RsU
https://ift.tt/2CFbyoQ
Submitted September 11, 2018 at 10:54AM by lordatlas
via reddit https://ift.tt/2NA8RsU
HuffPost India
UIDAI’s Aadhaar Software Hacked, ID Database Compromised, Experts Confirm
Skilled hackers disabled security features of Aadhaar enrolment software, circulated hack on Whatsapp
Sploitus.com - Exploits & Tools Search Engine
https://sploitus.com
Submitted September 11, 2018 at 02:43PM by i_bo0om
via reddit https://ift.tt/2MjgijM
https://sploitus.com
Submitted September 11, 2018 at 02:43PM by i_bo0om
via reddit https://ift.tt/2MjgijM
Sploitus
💀 Sploitus | Exploits & Tools Search Engine
Sploitus is a convenient central place for identifying the newest exploits and finding attacks that exploit known vulnerabilities. The search engine is also a good resource for finding security and vulnerability discovery tools.
A practical guide to testing the security of Amazon Web Services (Part 1: AWS S3)
https://ift.tt/2N1EbS5
Submitted September 11, 2018 at 08:12PM by albinowax
via reddit https://ift.tt/2MmvzQE
https://ift.tt/2N1EbS5
Submitted September 11, 2018 at 08:12PM by albinowax
via reddit https://ift.tt/2MmvzQE
Mindedsecurity
A practical guide to testing the security of Amazon Web Services (Part 1: AWS S3)
Back in the days, the word Amazon used to refer to over half of earth's rainforests. While this is still true, it isn't what most people ...
The anatomy of a .NET malware dropper - a detailed blog post about reverse engineering .NET malware
https://ift.tt/2NzqYPG
Submitted September 11, 2018 at 08:10PM by 0xAmit
via reddit https://ift.tt/2MkGOcr
https://ift.tt/2NzqYPG
Submitted September 11, 2018 at 08:10PM by 0xAmit
via reddit https://ift.tt/2MkGOcr
Cybereason
The anatomy of a .NET malware dropper
Attackers don't need sophisticated tools to create effective malware. Basic tools work just fine. Case in point: Cybereason researchers discovered a .NET dropper/crypter. Here's how they reverse engineered it.
Gamifiying Binary Exploitation Through Next Generation Wargames
https://ift.tt/2Qmxlo5
Submitted September 11, 2018 at 09:37PM by gaasedelen
via reddit https://ift.tt/2O9Dwuo
https://ift.tt/2Qmxlo5
Submitted September 11, 2018 at 09:37PM by gaasedelen
via reddit https://ift.tt/2O9Dwuo
Ret2 Systems Blog
Scaling up Binary Exploitation Education
The shortage of proficient cyber operators in a world now dependent on connectivity and information has left nations scrambling to build capabilities in a vo...