XSS and LFI in Facebook for Android
https://ift.tt/2x2Ldfk
Submitted September 14, 2018 at 06:28PM by albinowax
via reddit https://ift.tt/2N96Gxf
https://ift.tt/2x2Ldfk
Submitted September 14, 2018 at 06:28PM by albinowax
via reddit https://ift.tt/2N96Gxf
ash-king.co.uk
Ashley King - Making the Facebook app more secure - $8500 bounty
Ash King - Hacking for fun and profit
Introducing Security Check: Instantly assess the security posture of your websites and web applications
https://ift.tt/2p7gnO9
Submitted September 14, 2018 at 08:31PM by iamcoolc
via reddit https://ift.tt/2xhFvWk
https://ift.tt/2p7gnO9
Submitted September 14, 2018 at 08:31PM by iamcoolc
via reddit https://ift.tt/2xhFvWk
Templarbit Inc.
Introducing Security Check: Instantly assess the security posture of your websites and web applications
As companies continuously spin up more internet-facing software...
Malicious Command Execution via bash-completion (CVE-2018-7738)
https://ift.tt/2p9f4OS
Submitted September 14, 2018 at 08:29PM by pocorgtfoftw
via reddit https://ift.tt/2pe8erz
https://ift.tt/2p9f4OS
Submitted September 14, 2018 at 08:29PM by pocorgtfoftw
via reddit https://ift.tt/2pe8erz
reddit
r/netsec - Malicious Command Execution via bash-completion (CVE-2018-7738)
1 vote and 0 comments so far on Reddit
Introducing AuthHeaderUpdater - a Burp extension to update authorization headers
https://ift.tt/2N9XUyW
Submitted September 14, 2018 at 10:15PM by bitscraper
via reddit https://ift.tt/2Or7cDy
https://ift.tt/2N9XUyW
Submitted September 14, 2018 at 10:15PM by bitscraper
via reddit https://ift.tt/2Or7cDy
I hack things.
Update JWT Authorization Headers in Burp Suite using AuthHeaderUpdater
We have released a new Burp extension to better handle JWT Authorization tokens during scans.
Protecting Mozilla’s GitHub Repositories from Malicious Modification
https://ift.tt/2NBXvor
Submitted September 14, 2018 at 09:42PM by jvehent
via reddit https://ift.tt/2NLZnen
https://ift.tt/2NBXvor
Submitted September 14, 2018 at 09:42PM by jvehent
via reddit https://ift.tt/2NLZnen
Mozilla Security Blog
Protecting Mozilla’s GitHub Repositories from Malicious Modification
At Mozilla, we’ve been working to ensure our repositories hosted on GitHub are protected from malicious modification. As the recent Gentoo incident demonstrated, such attacks ...
Wannamine cryptominer that uses EternalBlue still active
https://ift.tt/2p7w9bT
Submitted September 15, 2018 at 02:19AM by EvanConover
via reddit https://ift.tt/2xfmvHX
https://ift.tt/2p7w9bT
Submitted September 15, 2018 at 02:19AM by EvanConover
via reddit https://ift.tt/2xfmvHX
Cybereason
Wannamine cryptominer that uses EternalBlue still active
The Wannamine cryptominer, which uses the EternalBlue exploits, is still active although a patch that fixes these well-known vulnerabilities was released last March.
IOT Security by Sawan Bhan | Sawan Bhan | LinkedIn
https://ift.tt/2xeMa4a
Submitted September 15, 2018 at 01:27PM by DefensiveSec
via reddit https://ift.tt/2MwRiFT
https://ift.tt/2xeMa4a
Submitted September 15, 2018 at 01:27PM by DefensiveSec
via reddit https://ift.tt/2MwRiFT
Linkedin
IOT Security by Sawan Bhan
"IoT devices could be referred to objects which can be connected and which can communicate via a platform called Internet. These things are found
How to force restart any iOS device with just CSS? 💣
https://ift.tt/2p9oD08
Submitted September 15, 2018 at 08:24PM by pwnsdxpw
via reddit https://ift.tt/2NOlMrm
https://ift.tt/2p9oD08
Submitted September 15, 2018 at 08:24PM by pwnsdxpw
via reddit https://ift.tt/2NOlMrm
Gist
Safari Ripper ☠️ (Original tweet: https://twitter.com/pwnsdx/status/1040944750973595649, try it: https://cdn.rawgit.com/pwnsdx…
Safari Ripper ☠️ (Original tweet: https://twitter.com/pwnsdx/status/1040944750973595649, try it: https://cdn.rawgit.com/pwnsdx/ce64de2760996a6c432f06d612e33aea/raw/23f2faa0aadb4babbfd228c8bb32a26a8...
Global scan of websites for open .git folders
https://ift.tt/2NuIH7G
Submitted September 15, 2018 at 10:10PM by xtreak
via reddit https://ift.tt/2xic9qN
https://ift.tt/2NuIH7G
Submitted September 15, 2018 at 10:10PM by xtreak
via reddit https://ift.tt/2xic9qN
lynt.cz
Global scan: exposed .git
I made a huge scan for the unintentionally exposed .git repositories - found hundreds of thousands sites.
Three C-Words of Web App Security: Part 1 – CORS
https://ift.tt/2Mp3PM3
Submitted September 16, 2018 at 12:51AM by bitscraper
via reddit https://ift.tt/2MzMLSN
https://ift.tt/2Mp3PM3
Submitted September 16, 2018 at 12:51AM by bitscraper
via reddit https://ift.tt/2MzMLSN
Remote Mac Exploitation Via Custom URL Schemes
https://ift.tt/2wvNyPw
Submitted September 16, 2018 at 12:50AM by bitscraper
via reddit https://ift.tt/2Mzzfij
https://ift.tt/2wvNyPw
Submitted September 16, 2018 at 12:50AM by bitscraper
via reddit https://ift.tt/2Mzzfij
Wasabi: a dynamic analysis framework for WebAssembly
https://ift.tt/2PXpXzo
Submitted September 16, 2018 at 12:49AM by bitscraper
via reddit https://ift.tt/2MxHTOc
https://ift.tt/2PXpXzo
Submitted September 16, 2018 at 12:49AM by bitscraper
via reddit https://ift.tt/2MxHTOc
Scaling AFL to a 256 thread machine
https://ift.tt/2xjyzbS
Submitted September 17, 2018 at 08:29AM by dwndwn
via reddit https://ift.tt/2NiDT9G
https://ift.tt/2xjyzbS
Submitted September 17, 2018 at 08:29AM by dwndwn
via reddit https://ift.tt/2NiDT9G
Gamozo Labs Blog
Scaling AFL to a 256 thread machine
I blog about random things security, everything is broken, nothing scales, shared memory models are flawed.
Global scan: exposed .git
https://ift.tt/2NuIH7G
Submitted September 17, 2018 at 05:34PM by thms0
via reddit https://ift.tt/2NIae9l
https://ift.tt/2NuIH7G
Submitted September 17, 2018 at 05:34PM by thms0
via reddit https://ift.tt/2NIae9l
lynt.cz
Global scan: exposed .git
I made a huge scan for the unintentionally exposed .git repositories - found hundreds of thousands sites.
XSS Vulnerabilities in Multiple iFrame Busters Affecting Top Tier Sites
https://ift.tt/2NNM2Cu
Submitted September 18, 2018 at 04:29AM by rwestergren
via reddit https://ift.tt/2QAVh7s
https://ift.tt/2NNM2Cu
Submitted September 18, 2018 at 04:29AM by rwestergren
via reddit https://ift.tt/2QAVh7s
Randy Westergren
XSS Vulnerabilities in Multiple iFrame Busters Affecting Top Tier Sites - Randy Westergren
For those unfamiliar with modern advertising tech, iFrame Busters are HTML files hosted on publisher sites which allow ad creatives to extend outside of their standard boundaries. These expandable creatives are typically easy to identify on a site — usually…
Safari Crash - a small HTML DoS exploit kit aimed at mobile browsers
https://ift.tt/2NOdiRc
Submitted September 18, 2018 at 02:08PM by _____WINTERMUTE_____
via reddit https://ift.tt/2D4Oyji
https://ift.tt/2NOdiRc
Submitted September 18, 2018 at 02:08PM by _____WINTERMUTE_____
via reddit https://ift.tt/2D4Oyji
GitHub
TheSecondSun/Safari-Crash
Small HTML DoS exploit kit aimed at mobile browsers that allows rapid deployment and testing - TheSecondSun/Safari-Crash
Application Security Market 2025 Major Key Players – High-Tech Bridge, Fasoo, Contrast Security, HPE, Qualys, IBM Corporation, Rapid7, Whitehat Security, Pradeo and Veracode
https://ift.tt/2xutjBE
Submitted September 18, 2018 at 04:55PM by KeyDutch
via reddit https://ift.tt/2QDuMyd
https://ift.tt/2xutjBE
Submitted September 18, 2018 at 04:55PM by KeyDutch
via reddit https://ift.tt/2QDuMyd
Hunting mobile devices endpoints - the RF and the hard way
https://ift.tt/2PIxPUD
Submitted September 18, 2018 at 08:02PM by mabote
via reddit https://ift.tt/2D9D1zv
https://ift.tt/2PIxPUD
Submitted September 18, 2018 at 08:02PM by mabote
via reddit https://ift.tt/2D9D1zv
Analysis of iOS user heap from an exploiter point of view
https://ift.tt/2Djur1h
Submitted September 18, 2018 at 08:00PM by mabote
via reddit https://ift.tt/2NQCAhw
https://ift.tt/2Djur1h
Submitted September 18, 2018 at 08:00PM by mabote
via reddit https://ift.tt/2NQCAhw
HIDE AND SEEK: Tracking NSO Group’s Pegasus Spyware to Operations in 45 Countries
https://ift.tt/2PI04mn
Submitted September 18, 2018 at 10:08PM by EvanConover
via reddit https://ift.tt/2Ov641w
https://ift.tt/2PI04mn
Submitted September 18, 2018 at 10:08PM by EvanConover
via reddit https://ift.tt/2Ov641w
The Citizen Lab
HIDE AND SEEK: Tracking NSO Group’s Pegasus Spyware to Operations in 45 Countries - The Citizen Lab
In this post, we develop new Internet scanning techniques to identify 45 countries in which operators of NSO Group’s Pegasus spyware may be conducting operations.
Ransombile: Yet another reason to ditch SMS
https://ift.tt/2pgBbD0
Submitted September 18, 2018 at 09:56PM by _yowie_
via reddit https://ift.tt/2xjVKTF
https://ift.tt/2pgBbD0
Submitted September 18, 2018 at 09:56PM by _yowie_
via reddit https://ift.tt/2xjVKTF
Martin Vigo
Ransombile: Yet another reason to ditch SMS - Martin Vigo
Ransombile is a tool that can be used in different scenarios to compromise someone’s digital life when having phisical access to a locked mobile device