Bypassing Duo Two-Factor Authentication (Fail Open)
https://ift.tt/2LYtTAU
Submitted September 26, 2018 at 10:18PM by ericnyamu
via reddit https://ift.tt/2xEq9vN
https://ift.tt/2LYtTAU
Submitted September 26, 2018 at 10:18PM by ericnyamu
via reddit https://ift.tt/2xEq9vN
www.n00py.io
Bypassing Duo Two-Factor Authentication (Fail Open)
Often times while performing penetration tests it may be helpful to connect to a system via the Remote Desktop Protocol (RDP). I typically use rdesktop or xfreerdp to connect to host once I have obtained credentials to do all sorts of things such as use Active…
Using “magic” DNS-resolutions to track suspicious domains
https://ift.tt/2Q8yEpS
Submitted September 26, 2018 at 10:18PM by ericnyamu
via reddit https://ift.tt/2DzkwEK
https://ift.tt/2Q8yEpS
Submitted September 26, 2018 at 10:18PM by ericnyamu
via reddit https://ift.tt/2DzkwEK
Gaining Shell using Server Side Template Injection (SSTI)
https://ift.tt/2LkNarY
Submitted September 26, 2018 at 10:16PM by ericnyamu
via reddit https://ift.tt/2xI29rK
https://ift.tt/2LkNarY
Submitted September 26, 2018 at 10:16PM by ericnyamu
via reddit https://ift.tt/2xI29rK
Medium
Gaining Shell using Server Side Template Injection (SSTI)
This post is about Server Side Template Injection (SSTI) and a brief walkthrough of how it can be leverage to get a shell on the server…
A cache invalidation bug in Linux memory management
https://ift.tt/2N3LXpM
Submitted September 26, 2018 at 11:38PM by ga-vu
via reddit https://ift.tt/2N4e6Nh
https://ift.tt/2N3LXpM
Submitted September 26, 2018 at 11:38PM by ga-vu
via reddit https://ift.tt/2N4e6Nh
Blogspot
A cache invalidation bug in Linux memory management
Posted by Jann Horn, Google Project Zero This blogpost describes a way to exploit a Linux kernel bug (CVE-2018-17182) that exists since...
Android Banker found on Google Play with 10K+ installs stole over 10,000 Euros [infection video included]
https://ift.tt/2QWdNYh
Submitted September 27, 2018 at 02:37AM by lukasstefanko
via reddit https://ift.tt/2N5hnvZ
https://ift.tt/2QWdNYh
Submitted September 27, 2018 at 02:37AM by lukasstefanko
via reddit https://ift.tt/2N5hnvZ
Vibing Your Way Through an Enterprise: How Attackers are Becoming More Sneaky
https://github.com/Tylous/Vibe
Submitted September 27, 2018 at 07:32AM by tylous
via reddit https://ift.tt/2xGukas
https://github.com/Tylous/Vibe
Submitted September 27, 2018 at 07:32AM by tylous
via reddit https://ift.tt/2xGukas
GitHub
GitHub - Tylous/Vibe: A framework for stealthy domain reconnaissance
A framework for stealthy domain reconnaissance. Contribute to Tylous/Vibe development by creating an account on GitHub.
ESET researchers discover LoJax, the first-ever UEFI rootkit detected in a cyberattack
https://ift.tt/2DIFWj0
Submitted September 27, 2018 at 05:05PM by DonManuel
via reddit https://ift.tt/2zzF6Rb
https://ift.tt/2DIFWj0
Submitted September 27, 2018 at 05:05PM by DonManuel
via reddit https://ift.tt/2zzF6Rb
Ghostbuster: Detecting the Presence of Hidden Eavesdroppers [pdf]
https://ift.tt/2OT3nHm
Submitted September 27, 2018 at 08:32PM by QuirkySpiceBush
via reddit https://ift.tt/2IlVFTF
https://ift.tt/2OT3nHm
Submitted September 27, 2018 at 08:32PM by QuirkySpiceBush
via reddit https://ift.tt/2IlVFTF
AppLocker CLM Bypass via COM
https://ift.tt/2zA7F0X
Submitted September 27, 2018 at 08:29PM by dmchell
via reddit https://ift.tt/2Io09cc
https://ift.tt/2zA7F0X
Submitted September 27, 2018 at 08:29PM by dmchell
via reddit https://ift.tt/2Io09cc
iOS 12 Jailbreak
https://ift.tt/2Q9ZG07
Submitted September 27, 2018 at 09:12PM by 0v3rl04d
via reddit https://ift.tt/2IkyXLI
https://ift.tt/2Q9ZG07
Submitted September 27, 2018 at 09:12PM by 0v3rl04d
via reddit https://ift.tt/2IkyXLI
Evad3rs
iOS 12 Jailbreak Untethered via Pandora Jailbreak iOS 12 Tool.
Mimikatz bypass for Credential Guard on latest Win10 released live at Microsoft conf
https://ift.tt/2DBh6RT
Submitted September 27, 2018 at 10:30PM by xylogx
via reddit https://ift.tt/2zAt6Pu
https://ift.tt/2DBh6RT
Submitted September 27, 2018 at 10:30PM by xylogx
via reddit https://ift.tt/2zAt6Pu
GitHub
gentilkiwi/mimikatz
A little tool to play with Windows security. Contribute to gentilkiwi/mimikatz development by creating an account on GitHub.
Upgrade Your SSH Key to Ed25519
https://ift.tt/2LwuR3K
Submitted September 28, 2018 at 02:24AM by unquietwiki
via reddit https://ift.tt/2xQ4joo
https://ift.tt/2LwuR3K
Submitted September 28, 2018 at 02:24AM by unquietwiki
via reddit https://ift.tt/2xQ4joo
Risan’s Blog
Upgrade Your SSH Key to Ed25519
When is the last time you created your SSH key? If you’re still using RSA with key-size less than 2048 bits long, It’s time for an upgrade!
How recon helped in finding a Jenkins instance from where I leveraged to perform RCE!
https://ift.tt/2DKlZZ8
Submitted September 28, 2018 at 07:49AM by security_blogs
via reddit https://ift.tt/2xHiop0
https://ift.tt/2DKlZZ8
Submitted September 28, 2018 at 07:49AM by security_blogs
via reddit https://ift.tt/2xHiop0
Medium
#BugBounty — From finding Jenkins instance to Command Execution.Secure your Jenkins Instance!
Hi Guys,
LPE on Linux - vmacache_flush_all() bug
https://ift.tt/2xKKoIu
Submitted September 28, 2018 at 02:39PM by 0v3rl04d
via reddit https://ift.tt/2zBjyDW
https://ift.tt/2xKKoIu
Submitted September 28, 2018 at 02:39PM by 0v3rl04d
via reddit https://ift.tt/2zBjyDW
reddit
r/netsec - LPE on Linux - vmacache_flush_all() bug
3 votes and 0 comments so far on Reddit
Facebook Network Breach Impacts Up to 50 Million Users
https://ift.tt/2OjeQ5L
Submitted September 28, 2018 at 10:24PM by steakmane
via reddit https://ift.tt/2QiGH3D
https://ift.tt/2OjeQ5L
Submitted September 28, 2018 at 10:24PM by steakmane
via reddit https://ift.tt/2QiGH3D
Nytimes
Facebook Security Breach Exposes Accounts of 50 Million Users
The attack added to the company’s woes as it contends with fallout from its role in a Russian disinformation campaign.
IC3 Issues Alert on RDP Exploitation
https://ift.tt/2Qg31ee
Submitted September 28, 2018 at 10:02PM by jwarren116
via reddit https://ift.tt/2xKCYVD
https://ift.tt/2Qg31ee
Submitted September 28, 2018 at 10:02PM by jwarren116
via reddit https://ift.tt/2xKCYVD
www.us-cert.gov
IC3 Issues Alert on RDP Exploitation | US-CERT
The Internet Crime Complaint Center (IC3), in collaboration with DHS and the Federal Bureau of Investigation, has released an alert on cyber threat actors maliciously using legitimate remote administration tools, such as Remote Desktop Protocol (RDP). Threat…
Twenty years of Escaping the Java Sandbox (Phrack Paper)
https://ift.tt/2zDlQCr
Submitted September 28, 2018 at 11:19PM by overflowingInt
via reddit https://ift.tt/2R4KB18
https://ift.tt/2zDlQCr
Submitted September 28, 2018 at 11:19PM by overflowingInt
via reddit https://ift.tt/2R4KB18
phrack.org
.:: Phrack Magazine ::.
Phrack staff website.
50 million Facebook accounts owned
https://ift.tt/2zDmUXf
Submitted September 29, 2018 at 06:13AM by 1-o_o-1
via reddit https://ift.tt/2OYnOTp
https://ift.tt/2zDmUXf
Submitted September 29, 2018 at 06:13AM by 1-o_o-1
via reddit https://ift.tt/2OYnOTp
reddit
r/netsec - 50 million Facebook accounts owned
12 votes and 1 comment so far on Reddit
Auditing Bitbucket Server Data for Credentials in AWS
https://ift.tt/2QjyVqh
Submitted September 29, 2018 at 03:40AM by Kayjaywt
via reddit https://ift.tt/2NKVbwa
https://ift.tt/2QjyVqh
Submitted September 29, 2018 at 03:40AM by Kayjaywt
via reddit https://ift.tt/2NKVbwa
Sourced
Auditing Bitbucket Server Data for Credentials in AWS - Sourced
The godfather of crypto has a plan to keep digital payments and messages private
https://ift.tt/2OCvZ7n
Submitted September 29, 2018 at 07:41PM by PRIVACYx05i4shUl
via reddit https://ift.tt/2xHb3pB
https://ift.tt/2OCvZ7n
Submitted September 29, 2018 at 07:41PM by PRIVACYx05i4shUl
via reddit https://ift.tt/2xHb3pB
Quartz
The godfather of crypto has a plan to keep digital payments and messages private
As more payments take place online through apps, David Chaum warns that a rich trove of personal data is ripe for exploitation.
The World’s Most Popular Coding Language Happens to be Most Hackers’ Weapon of Choice
https://ift.tt/2y2ouzF
Submitted September 30, 2018 at 01:13PM by whitehattracker
via reddit https://ift.tt/2xPYurU
https://ift.tt/2y2ouzF
Submitted September 30, 2018 at 01:13PM by whitehattracker
via reddit https://ift.tt/2xPYurU
Blog | Imperva
The World's Most Popular Coding Language Happens to be Most Hackers' Weapon of Choice – Blog | Imperva
Python will soon be the world’s most prevalent coding language. That’s quite a statement, but if you look at its simplicity, flexibility and the relative ease with which folks pick it up, it’s not hard to see why.