I wrote a few short blog posts about T-pot, a multi-honeypot platform and the data i got from three honeypots in different parts of the world.
https://ift.tt/2NXpo6t
Submitted October 23, 2018 at 03:22PM by nexxic
via reddit https://ift.tt/2ApRsfr
https://ift.tt/2NXpo6t
Submitted October 23, 2018 at 03:22PM by nexxic
via reddit https://ift.tt/2ApRsfr
Northsec Security Blog
Introduction to T-Pot - The all in one honeypot
Using honeypots to gather information and analyse the state of security on the Internet.we have all probably heard of the internet referred to as the new wild wild west, and you always read about new attacks, and bigger and bigger DDoS attacks flooding our…
The MSRD3X40 patch debacle
https://ift.tt/2Pqfo7b
Submitted October 23, 2018 at 05:10PM by yuhong
via reddit https://ift.tt/2S93v7L
https://ift.tt/2Pqfo7b
Submitted October 23, 2018 at 05:10PM by yuhong
via reddit https://ift.tt/2S93v7L
0Patch
Patching, Re-Patching and Meta-Patching the Jet Database Engine RCE (CVE-2018-8423)
Flawed Patches Will Always Happen, But We Can Change How They Get Fixed by Mitja Kolsek, the 0patch Team TL;DR: Microsoft patched CV...
A Loophole in the Firewall
https://ift.tt/2R7rwul
Submitted October 23, 2018 at 08:13PM by cyberpunkych
via reddit https://ift.tt/2PoKZtz
https://ift.tt/2R7rwul
Submitted October 23, 2018 at 08:13PM by cyberpunkych
via reddit https://ift.tt/2PoKZtz
FBK CyberSecurity
A Loophole in the Firewall
When the Internet access is firewalled, but you badly need to transfer data, DNS tunneling comes to the rescue. Even at the strictest settings, DNS queriescan sometimes be allowed, and we can use this by responding to them from our server on the other side.…
Amazon S3: How an ISP Exposed Administrative System Credentials
https://ift.tt/2CxVEuY
Submitted October 24, 2018 at 01:05AM by 33c3wegwerf
via reddit https://ift.tt/2yqYb7i
https://ift.tt/2CxVEuY
Submitted October 24, 2018 at 01:05AM by 33c3wegwerf
via reddit https://ift.tt/2yqYb7i
Upguard
Out of Pocket: How an ISP Exposed Administrative System Credentials
ISPs do more than provide internet service for individual customers-- they can also act as part of US critical infrastructure. See how one ISP exposed their administrative and root passwords to the public.
DEFCON 26 Talk Recordings are now up!
https://www.youtube.com/playlist?list=PL9fPq3eQfaaD0cf5c7wkzMoj2kifzGO4U
Submitted October 23, 2018 at 08:10PM by thel3l
via reddit https://ift.tt/2PPapND
https://www.youtube.com/playlist?list=PL9fPq3eQfaaD0cf5c7wkzMoj2kifzGO4U
Submitted October 23, 2018 at 08:10PM by thel3l
via reddit https://ift.tt/2PPapND
YouTube
DEF CON 26
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
OSINT WITH RECON-NG
https://ift.tt/2JgK5d2
Submitted October 24, 2018 at 01:34AM by ka1nsha
via reddit https://ift.tt/2D0iFHU
https://ift.tt/2JgK5d2
Submitted October 24, 2018 at 01:34AM by ka1nsha
via reddit https://ift.tt/2D0iFHU
PRISMA CSI
OSINT with Recon-ng • PRISMA CSI
One of these tools is Recon-ng, an OSINT gathering tool written in Python. For users conversant with Metasploit, using Recon-ng can be a walk in the park because of their striking similarities both in structure and interface appearance.
jQuery-File-Upload <= 9.x Remote Code Execution (ImageMagick/Ghostnoscript)
https://ift.tt/2D05W85
Submitted October 24, 2018 at 11:17AM by Ambulong
via reddit https://ift.tt/2PhlcTS
https://ift.tt/2D05W85
Submitted October 24, 2018 at 11:17AM by Ambulong
via reddit https://ift.tt/2PhlcTS
Vulnspy Blog
jQuery-File-Upload <= 9.x Remote Code Execution (with ImageMagick/Ghostnoscript)
Author: @Ambulong jQuery-File-Upload is the second most starred jQuery project on GitHub, after the jQuery framework itself. The project was recently reported to have a three-year-old arbitrary file u
Embedding Meterpreter in Android APK
https://ift.tt/2ykIxKR
Submitted October 24, 2018 at 01:10PM by CyberBullets
via reddit https://ift.tt/2R66LPI
https://ift.tt/2ykIxKR
Submitted October 24, 2018 at 01:10PM by CyberBullets
via reddit https://ift.tt/2R66LPI
Black Hills Information Security
Embedding Meterpreter in Android APK - Black Hills Information Security
Joff Thyer// Mobile is everywhere these days. So many applications in our daily life are being migrated towards a cloud deployment whereby the front end technology is back to the days of thin clients. As the pendulum swings yet again, our thin client can…
FreeRTOS TCP/IP Stack Vulnerabilities Put A Wide Range of Devices at Risk of Compromise
https://ift.tt/2yNlpnB
Submitted October 24, 2018 at 02:44PM by IamNullByte
via reddit https://ift.tt/2OJPQWG
https://ift.tt/2yNlpnB
Submitted October 24, 2018 at 02:44PM by IamNullByte
via reddit https://ift.tt/2OJPQWG
Zimperium Mobile Security Blog
FreeRTOS TCP/IP Stack Vulnerabilities Put A Wide Range of Devices at Risk of Compromise: From Smart Homes to Critical Infrastructure…
Researchers: Ori Karliner (@oriHCX) Relevant Operating Systems: FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), AWS FreeRTOS up to V1.3.1, WHIS OpenRTOS and SafeRTOS (With WHIS Connect middleware TCP/IP components) . CVE List: As a part of our ongoing IoT platform…
Multiple 0days used by Magecart
https://ift.tt/2q6EnS5
Submitted October 24, 2018 at 03:01PM by dtdn
via reddit https://ift.tt/2EECzty
https://ift.tt/2q6EnS5
Submitted October 24, 2018 at 03:01PM by dtdn
via reddit https://ift.tt/2EECzty
Command and Control via DNS over HTTPS (DoH) for Cobalt Strike
https://ift.tt/2EEbIhm
Submitted October 24, 2018 at 06:59PM by ratfmuser
via reddit https://ift.tt/2EF2Urq
https://ift.tt/2EEbIhm
Submitted October 24, 2018 at 06:59PM by ratfmuser
via reddit https://ift.tt/2EF2Urq
GitHub
SpiderLabs/DoHC2
DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). - SpiderLabs/DoHC2
HoneyProcs: Going beyond honeyfiles for Deception on Endpoints
Deploying detection solutions on an endpoint host comes with constraints - limited availability of CPU, memory, disk and other resources, stability constraints, policy adherence and restrictions, the need to be non-intrusive to the user, the host OS and other applications on the host.In response to this, we present HoneyProcs, a new deception methodology (patent pending) and an all user space method that extends existing deception honeypot technology on endpoint hosts. HoneyProcs complements existing deception technology by using forged, controlled decoy processes to catch info stealers, Banking Trojans, rootkits and other generic malware, and it does so by exploiting a common trait exhibited by these malwares - code injection.By limiting its inspection footprint to only these decoy processes, HoneyProcs effectively addresses efficacy and performance concerns that otherwise constrain endpoint deployments. Throughout this article, we further explain how the reduced and targeted inspection footprint can be leveraged to turn HoneyProcs into an intelligence gathering toolkit that can be used to write automated signatures for other antivirus and detection solutions to remediate infections on the system.https://forums.juniper.net/t5/Threat-Research/HoneyProcs-Going-Beyond-Honeyfiles-for-Deception-on-Endpoints/ba-p/385830
Submitted October 24, 2018 at 03:28PM by anoopsaldanha
via reddit https://ift.tt/2yZ0A8U
Deploying detection solutions on an endpoint host comes with constraints - limited availability of CPU, memory, disk and other resources, stability constraints, policy adherence and restrictions, the need to be non-intrusive to the user, the host OS and other applications on the host.In response to this, we present HoneyProcs, a new deception methodology (patent pending) and an all user space method that extends existing deception honeypot technology on endpoint hosts. HoneyProcs complements existing deception technology by using forged, controlled decoy processes to catch info stealers, Banking Trojans, rootkits and other generic malware, and it does so by exploiting a common trait exhibited by these malwares - code injection.By limiting its inspection footprint to only these decoy processes, HoneyProcs effectively addresses efficacy and performance concerns that otherwise constrain endpoint deployments. Throughout this article, we further explain how the reduced and targeted inspection footprint can be leveraged to turn HoneyProcs into an intelligence gathering toolkit that can be used to write automated signatures for other antivirus and detection solutions to remediate infections on the system.https://forums.juniper.net/t5/Threat-Research/HoneyProcs-Going-Beyond-Honeyfiles-for-Deception-on-Endpoints/ba-p/385830
Submitted October 24, 2018 at 03:28PM by anoopsaldanha
via reddit https://ift.tt/2yZ0A8U
PhishAPI Tool - Rapid Deployment of Fake Sites and Maldocs with Notifications!
https://ift.tt/2ECXddE
Submitted October 24, 2018 at 11:49AM by IndySecMan
via reddit https://ift.tt/2ScoyWS
https://ift.tt/2ECXddE
Submitted October 24, 2018 at 11:49AM by IndySecMan
via reddit https://ift.tt/2ScoyWS
Blogspot
PhishAPI Tool - Rapid Deployment of Fake Sites and Maldocs with Notifications!
Intro / TL;DR Hey InfoSec Community! As the penetration testing lead, I got tired of setting up and tearing down environments each time...
Reverse Engineering ESP8266 Firmware (Part 1)
https://ift.tt/2PgAnNa
Submitted October 24, 2018 at 05:22PM by BoredPentester
via reddit https://ift.tt/2SconLc
https://ift.tt/2PgAnNa
Submitted October 24, 2018 at 05:22PM by BoredPentester
via reddit https://ift.tt/2SconLc
HoneyProcs : Going Beyond Honeyfiles for Deception on Endpoints
https://ift.tt/2R7uAGX
Submitted October 24, 2018 at 09:31PM by anoopsaldanha
via reddit https://ift.tt/2OLVw2p
https://ift.tt/2R7uAGX
Submitted October 24, 2018 at 09:31PM by anoopsaldanha
via reddit https://ift.tt/2OLVw2p
forums.juniper.net
HoneyProcs : Going Beyond Honeyfiles for Deception on Endpoints
Co-Author: Abhijit Mohanta Deploying detection solutions on an endpoint host comes with constraints - limited availability of CPU, memory, disk and other resources, stability constraints, policy adherence and restrictions, the need to be non-intrusive…
WebExec - an authenticated RCE vulnerability in Cisco WebEx client
Hey all,During a pentest a couple months back, me and my coworker (/u/jeffmcjunkin) stumbled upon an 0-day in Cisco WebEx. It's neat because it's a remote code execution vulnerability in a client-side app due to bad ACLs.We wrote a high level doc about it, and also a deep dive into why it works.You can also find Nmap noscripts to check for it (already pushed to svn) as well as Metasploit modules to exploit it (in a metasploit fork) linked from there.I thought you guys would be interested! Please patch!
Submitted October 24, 2018 at 09:56PM by iagox86
via reddit https://ift.tt/2O2m0HJ
Hey all,During a pentest a couple months back, me and my coworker (/u/jeffmcjunkin) stumbled upon an 0-day in Cisco WebEx. It's neat because it's a remote code execution vulnerability in a client-side app due to bad ACLs.We wrote a high level doc about it, and also a deep dive into why it works.You can also find Nmap noscripts to check for it (already pushed to svn) as well as Metasploit modules to exploit it (in a metasploit fork) linked from there.I thought you guys would be interested! Please patch!
Submitted October 24, 2018 at 09:56PM by iagox86
via reddit https://ift.tt/2O2m0HJ
reddit
r/netsec - WebExec - an authenticated RCE vulnerability in Cisco WebEx client
3 votes and 0 comments so far on Reddit
Nessus 8.0 released
https://ift.tt/2yvtgqj
Submitted October 24, 2018 at 11:14PM by Neo-Bubba
via reddit https://ift.tt/2D0gRP6
https://ift.tt/2yvtgqj
Submitted October 24, 2018 at 11:14PM by Neo-Bubba
via reddit https://ift.tt/2D0gRP6
reddit
r/AskNetsec - Nessus 8.0 released
1 vote and 1 comment so far on Reddit
Mac malware intercepts encrypted web traffic for ad injection
https://ift.tt/2EHmNhz
Submitted October 25, 2018 at 01:43AM by EvanConover
via reddit https://ift.tt/2AqgTgM
https://ift.tt/2EHmNhz
Submitted October 25, 2018 at 01:43AM by EvanConover
via reddit https://ift.tt/2AqgTgM
Malwarebytes
Mac malware intercepts encrypted web traffic for ad injection
New Mac malware has been found that intercepts encrypted traffic for the purpose of injecting ads into web pages. But could this adware be used for more devious purposes in the future?
Windows 2000 SP servicing history
https://ift.tt/2EKoHye
Submitted October 25, 2018 at 01:22AM by yuhong
via reddit https://ift.tt/2q9WXJi
https://ift.tt/2EKoHye
Submitted October 25, 2018 at 01:22AM by yuhong
via reddit https://ift.tt/2q9WXJi
Blogspot
Windows 2000 SP servicing history
March 2003: MS03-007 released with only the ntdll.dll file, and there was a problem on Windows 2000 SP2 with certain versions of ntoskrnl.ex...
National Cybersecurity Awareness Month
https://ift.tt/2PTWIgq
Submitted October 25, 2018 at 04:23AM by longevitytech
via reddit https://ift.tt/2PQ2QXe
https://ift.tt/2PTWIgq
Submitted October 25, 2018 at 04:23AM by longevitytech
via reddit https://ift.tt/2PQ2QXe
Longevity Technology
National Cybersecurity Awareness Month
Security compliance is a legal concern for organizations in many industries today. Regulatory standards like PCI DSS, HIPAA, and ISO 27001 prescribe recommendations for protecting data and improving info security management in the enterprise.
HSTS Preload
https://ift.tt/2q63zbw
Submitted October 25, 2018 at 06:03AM by darkhorn
via reddit https://ift.tt/2PfyVuz
https://ift.tt/2q63zbw
Submitted October 25, 2018 at 06:03AM by darkhorn
via reddit https://ift.tt/2PfyVuz