Windows Privilege Escalation Guide
https://ift.tt/2EVH96s
Submitted September 12, 2018 at 05:33PM by ericnyamu
via reddit https://ift.tt/2QlX9kp
https://ift.tt/2EVH96s
Submitted September 12, 2018 at 05:33PM by ericnyamu
via reddit https://ift.tt/2QlX9kp
Researcher finds vulnerability enabling disclosure of Intel ME encryption keys
https://ift.tt/2QjGiyy
Submitted September 12, 2018 at 06:46PM by alexlash
via reddit https://ift.tt/2Nabkes
https://ift.tt/2QjGiyy
Submitted September 12, 2018 at 06:46PM by alexlash
via reddit https://ift.tt/2Nabkes
Ptsecurity
Positive Technologies researcher finds vulnerability enabling disclosure of Intel ME encryption keys
Image credit: Unsplash Intel has issued a patch in response to a serious vulnerability in Intel ME firmware discovered by Positive Tec...
CVE-2018-5240: Symantec Management Agent (Altiris) Privilege Escalation
https://ift.tt/2x6Qe5F
Submitted September 12, 2018 at 10:34PM by eth_
via reddit https://ift.tt/2COK0xA
https://ift.tt/2x6Qe5F
Submitted September 12, 2018 at 10:34PM by eth_
via reddit https://ift.tt/2COK0xA
Nettitude Labs
CVE-2018-5240: Symantec Management Agent (Altiris) Privilege Escalation
During a recent red team exercise, we discovered a vulnerability within the latest versions of the Symantec Management Agent (Altiris), that allowed us to escalate our privileges. Overview When the…
DFLabs’ No-Script Automation Tool (NAT) is a new free tool that helps incident responders collect live forensic data.
The No-Script Automation Tool (NAT) was designed to solve the complexity and management issues surrounding noscripting multiple tools via batch files or other noscripting languages for Windows systems. NAT allows users to run sets of pre-defined and pre-verified tools based on user specified input, pre-defined commands and system properties such as architecture and Windows version.Downloadhttps://github.com/dflabs/NAT
Submitted September 12, 2018 at 07:48PM by GeekSikhSecurity
via reddit https://ift.tt/2NB0sFP
The No-Script Automation Tool (NAT) was designed to solve the complexity and management issues surrounding noscripting multiple tools via batch files or other noscripting languages for Windows systems. NAT allows users to run sets of pre-defined and pre-verified tools based on user specified input, pre-defined commands and system properties such as architecture and Windows version.Downloadhttps://github.com/dflabs/NAT
Submitted September 12, 2018 at 07:48PM by GeekSikhSecurity
via reddit https://ift.tt/2NB0sFP
GitHub
dflabs/NAT
No-Script Automation Tool. Contribute to dflabs/NAT development by creating an account on GitHub.
How long to crack this PW given the info provided
https://ift.tt/2CQrK6Y
Submitted September 13, 2018 at 03:49AM by gregtwelve
via reddit https://ift.tt/2p365Pl
https://ift.tt/2CQrK6Y
Submitted September 13, 2018 at 03:49AM by gregtwelve
via reddit https://ift.tt/2p365Pl
reddit
r/privacy - ISP wants me to keep my default password on my router/modem. Are default router/modem passwords good enough?
3 votes and 6 comments so far on Reddit
NSD DNS Server Tutorial: alternative to BIND for zone hosting and slaving
https://ift.tt/1NwDQMm
Submitted September 13, 2018 at 03:22AM by unquietwiki
via reddit https://ift.tt/2MpwPTk
https://ift.tt/1NwDQMm
Submitted September 13, 2018 at 03:22AM by unquietwiki
via reddit https://ift.tt/2MpwPTk
Feedify Compromised. Magecart noscript potentially on over 4000 websites.
https://ift.tt/2N83P7V
Submitted September 13, 2018 at 11:17AM by le-quack
via reddit https://ift.tt/2x8VlmL
https://ift.tt/2N83P7V
Submitted September 13, 2018 at 11:17AM by le-quack
via reddit https://ift.tt/2x8VlmL
BleepingComputer
Feedify Hacked with Magecart Information Stealing Script
A noscript used by the customer engagement service Feedify has been hacked to include the malicious MageCart noscript. MageCart is malicious code used by attackers to steal credit card details and other information from e-commerce sites when a user submits a…
Low-cost USB Rubber Ducky pen-test tool for $3 using Digispark and Duck2Spark
https://ift.tt/2p5jlmc
Submitted September 13, 2018 at 02:24PM by vasiliborodin
via reddit https://ift.tt/2N8d4VE
https://ift.tt/2p5jlmc
Submitted September 13, 2018 at 02:24PM by vasiliborodin
via reddit https://ift.tt/2N8d4VE
Medium
Low-cost USB Rubber Ducky pen-test tool for $3 using Digispark and Duck2Spark
It’s a story as old as time: some hacker sees nice hardware pen-testing tool, hacker recoils in horror at the price of said tool, hacker…
Vulmon - Vulnerability / Exploit Search Engine with Vulnerability Intelligence
https://vulmon.com
Submitted September 13, 2018 at 04:07PM by drodrouw
via reddit https://ift.tt/2p5vxU0
https://vulmon.com
Submitted September 13, 2018 at 04:07PM by drodrouw
via reddit https://ift.tt/2p5vxU0
Vulmon
Vulmon - Vulnerability Intelligence Search Engine
Vulmon is a vulnerability and exploit search engine with vulnerability intelligence features.
Fast, Furious and Insecure: Passive Keyless Entry and Start in Modern Supercars
https://ift.tt/2CH2LD7
Submitted September 13, 2018 at 06:10PM by redbit2020
via reddit https://ift.tt/2MufOHL
https://ift.tt/2CH2LD7
Submitted September 13, 2018 at 06:10PM by redbit2020
via reddit https://ift.tt/2MufOHL
www.esat.kuleuven.be
Fast, Furious and Insecure: Passive Keyless Entry and Start in Modern Supercars
High-end vehicles are often equipped with a Passive Keyless Entry and Start (PKES) system. These PKES systems allow to unlock and start the vehicle based on the physical proximity of a paired key
twa: A tiny web auditor with strong opinions
https://ift.tt/2Nd1IQb
Submitted September 13, 2018 at 05:41PM by yossarian_flew_away
via reddit https://ift.tt/2Oes0hd
https://ift.tt/2Nd1IQb
Submitted September 13, 2018 at 05:41PM by yossarian_flew_away
via reddit https://ift.tt/2Oes0hd
GitHub
woodruffw/twa
A tiny web auditor with strong opinions. Contribute to woodruffw/twa development by creating an account on GitHub.
New cold boot attack affects almost all modern computers.
https://ift.tt/2MqBfJJ
Submitted September 13, 2018 at 10:28PM by le-quack
via reddit https://ift.tt/2CQAWbi
https://ift.tt/2MqBfJJ
Submitted September 13, 2018 at 10:28PM by le-quack
via reddit https://ift.tt/2CQAWbi
F-Secure Blog
The Chilling Reality of Cold Boot Attacks - F-Secure Blog
What do you do when you finish working with your laptop? Do you turn it off? Put it to sleep? Just close the lid and walk away? Many people might not realize that what they do when leaving their laptop unattended, even a laptop with full disk encryption,…
Remote Code Execution in Alpine Linux
https://ift.tt/2x8YK4e
Submitted September 14, 2018 at 12:39AM by justicz
via reddit https://ift.tt/2MuiDZ0
https://ift.tt/2x8YK4e
Submitted September 14, 2018 at 12:39AM by justicz
via reddit https://ift.tt/2MuiDZ0
justi.cz
Remote Code Execution in Alpine Linux
tl;dr I found several bugs in apk, the default package manager for Alpine Linux. Alpine is a really lightweight distro that is very commonly used with Docker...
How to Make a Malicious USB and How to trick the victim to use it.
https://ift.tt/2QnDccS
Submitted September 14, 2018 at 02:46AM by ATTACKERSA
via reddit https://ift.tt/2p4QkHt
https://ift.tt/2QnDccS
Submitted September 14, 2018 at 02:46AM by ATTACKERSA
via reddit https://ift.tt/2p4QkHt
Cyber Wizard
How to Make a Malicious USB and How to trick the victim to use it.
THIS VIDEO IS FOR EDUCATIONAL PURPOSES ONLY. IF ORDINARY CITIZENS UNDERSTAND HOW ONE MAY CIRCUMVENT THEIR SECURITY THEN THEY HAVE THE CHANCE TO PROTECT AGAINST SUCH SECURITY BREACHES. I TAKE NO RES…
FOX News Live streams YouTube Live stream of hurricane. Person using computer switches to email app, exposing a username and password in plain text to nation! Wonder if anyone else noticed.
https://ift.tt/2x8ADmT
Submitted September 14, 2018 at 03:29AM by balroneon
via reddit https://ift.tt/2NEWewV
https://ift.tt/2x8ADmT
Submitted September 14, 2018 at 03:29AM by balroneon
via reddit https://ift.tt/2NEWewV
reddit
r/netsec - FOX News Live streams YouTube Live stream of hurricane. Person using computer switches to email app, exposing a username…
40 votes and 4 comments so far on Reddit
XSS and LFI in Facebook for Android
https://ift.tt/2x2Ldfk
Submitted September 14, 2018 at 06:28PM by albinowax
via reddit https://ift.tt/2N96Gxf
https://ift.tt/2x2Ldfk
Submitted September 14, 2018 at 06:28PM by albinowax
via reddit https://ift.tt/2N96Gxf
ash-king.co.uk
Ashley King - Making the Facebook app more secure - $8500 bounty
Ash King - Hacking for fun and profit
Introducing Security Check: Instantly assess the security posture of your websites and web applications
https://ift.tt/2p7gnO9
Submitted September 14, 2018 at 08:31PM by iamcoolc
via reddit https://ift.tt/2xhFvWk
https://ift.tt/2p7gnO9
Submitted September 14, 2018 at 08:31PM by iamcoolc
via reddit https://ift.tt/2xhFvWk
Templarbit Inc.
Introducing Security Check: Instantly assess the security posture of your websites and web applications
As companies continuously spin up more internet-facing software...
Malicious Command Execution via bash-completion (CVE-2018-7738)
https://ift.tt/2p9f4OS
Submitted September 14, 2018 at 08:29PM by pocorgtfoftw
via reddit https://ift.tt/2pe8erz
https://ift.tt/2p9f4OS
Submitted September 14, 2018 at 08:29PM by pocorgtfoftw
via reddit https://ift.tt/2pe8erz
reddit
r/netsec - Malicious Command Execution via bash-completion (CVE-2018-7738)
1 vote and 0 comments so far on Reddit
Introducing AuthHeaderUpdater - a Burp extension to update authorization headers
https://ift.tt/2N9XUyW
Submitted September 14, 2018 at 10:15PM by bitscraper
via reddit https://ift.tt/2Or7cDy
https://ift.tt/2N9XUyW
Submitted September 14, 2018 at 10:15PM by bitscraper
via reddit https://ift.tt/2Or7cDy
I hack things.
Update JWT Authorization Headers in Burp Suite using AuthHeaderUpdater
We have released a new Burp extension to better handle JWT Authorization tokens during scans.
Protecting Mozilla’s GitHub Repositories from Malicious Modification
https://ift.tt/2NBXvor
Submitted September 14, 2018 at 09:42PM by jvehent
via reddit https://ift.tt/2NLZnen
https://ift.tt/2NBXvor
Submitted September 14, 2018 at 09:42PM by jvehent
via reddit https://ift.tt/2NLZnen
Mozilla Security Blog
Protecting Mozilla’s GitHub Repositories from Malicious Modification
At Mozilla, we’ve been working to ensure our repositories hosted on GitHub are protected from malicious modification. As the recent Gentoo incident demonstrated, such attacks ...
Wannamine cryptominer that uses EternalBlue still active
https://ift.tt/2p7w9bT
Submitted September 15, 2018 at 02:19AM by EvanConover
via reddit https://ift.tt/2xfmvHX
https://ift.tt/2p7w9bT
Submitted September 15, 2018 at 02:19AM by EvanConover
via reddit https://ift.tt/2xfmvHX
Cybereason
Wannamine cryptominer that uses EternalBlue still active
The Wannamine cryptominer, which uses the EternalBlue exploits, is still active although a patch that fixes these well-known vulnerabilities was released last March.