Google Home (in)Security: Unauthenticated Google Home API with all sorts of fun uses
https://ift.tt/2OV5MoZ
Submitted October 31, 2018 at 02:57AM by Syonyk
via reddit https://ift.tt/2EPjXaj
https://ift.tt/2OV5MoZ
Submitted October 31, 2018 at 02:57AM by Syonyk
via reddit https://ift.tt/2EPjXaj
JerryGamblin.com
Google Home (in)Security
TL;DR: An undocumented API in Google home devices is easily exploitable. This command will reboot any on your local network: nmap –open -p 8008 192.168.1.0/24 | awk ‘/is up/ {print up};…
Project Dribble: hacking Wi-Fi with cached JavaScript
https://ift.tt/2Oia0lo
Submitted October 31, 2018 at 02:25AM by rhaidiz
via reddit https://ift.tt/2zdfx7j
https://ift.tt/2Oia0lo
Submitted October 31, 2018 at 02:25AM by rhaidiz
via reddit https://ift.tt/2zdfx7j
Federico De Meo
Project Dribble: hacking Wi-Fi with cached JavaScript
@font-face { font-family: "Harry"; src: url(/fonts/hp.ttf) format("truetype"); } I’ve been meaning to work on this little project for quite some time, but life got in the way and I was always t
Isolated Networks in the Cloud – it's possible
https://ift.tt/2GXbrSH
Submitted October 31, 2018 at 09:37AM by midael
via reddit https://ift.tt/2qk6nSl
https://ift.tt/2GXbrSH
Submitted October 31, 2018 at 09:37AM by midael
via reddit https://ift.tt/2qk6nSl
Medium
Isolated Networks in the Cloud
After a recent roadmapping session, it seemed like a good idea to research network isolation in cloud environments. We chose to test AWS…
I wrote a simple 'rogue device' scanner that uses ping sweeps/nmap to intermittently scan a subnet and log any new hosts. Feedback is welcome!
https://ift.tt/2qlHaHg
Submitted October 31, 2018 at 09:10AM by jbob133
via reddit https://ift.tt/2EUieAK
https://ift.tt/2qlHaHg
Submitted October 31, 2018 at 09:10AM by jbob133
via reddit https://ift.tt/2EUieAK
GitHub
Th3J0kr/A-Simple-Rogue-Device-Scanner
A simple python program that ping sweeps your network at a certain interval and logs new devices. - Th3J0kr/A-Simple-Rogue-Device-Scanner
Emotet Awakens With New Campaign of Mass Email Exfiltration using the Outlook Messaging API
https://ift.tt/2Q2Su69
Submitted October 31, 2018 at 09:08AM by not_2sec4u
via reddit https://ift.tt/2ABrq8S
https://ift.tt/2Q2Su69
Submitted October 31, 2018 at 09:08AM by not_2sec4u
via reddit https://ift.tt/2ABrq8S
Kryptoslogic
Emotet Awakens With New Campaign of Mass Email Exfiltration
The Emotet malware family just raised the stakes by adding email exfiltration to its arsenal, thereby escalating its capabilities to cyber espionage. While i...
Trivial Exploit for X.org Server Local Privilege Escalation
https://ift.tt/2qiiq2y
Submitted October 31, 2018 at 09:00AM by raincan
via reddit https://ift.tt/2EQN11p
https://ift.tt/2qiiq2y
Submitted October 31, 2018 at 09:00AM by raincan
via reddit https://ift.tt/2EQN11p
Tenable®
Tweetable Exploit for X.org Server Local Privilege Escalation
A researcher has published a local privilege escalation exploit that fits in a single tweet for xorg-x11-server. Vendors are rolling out fixes and mitigation advice.
Kernel RCE caused by buffer overflow in Apple's ICMP packet-handling code (CVE-2018-4407)
https://ift.tt/2Js6dkO
Submitted October 31, 2018 at 08:14AM by EzequielTBH
via reddit https://ift.tt/2DenCNy
https://ift.tt/2Js6dkO
Submitted October 31, 2018 at 08:14AM by EzequielTBH
via reddit https://ift.tt/2DenCNy
Lgtm
Kernel RCE caused by buffer overflow in Apple's ICMP packet-handling code (CVE-2018-4407)
The networking implementation in iOS and macOS contained a heap buffer overflow, which could be triggered by sending a malicious packet to the device. No user interaction was required. This post explains how it was found using QL.
Bloom filter patent
https://ift.tt/2ACUgFX
Submitted October 31, 2018 at 03:10PM by timoh
via reddit https://ift.tt/2P26oco
https://ift.tt/2ACUgFX
Submitted October 31, 2018 at 03:10PM by timoh
via reddit https://ift.tt/2P26oco
[RFC] group entropy for hiding lookup initiator in a distributed hash tables
https://ift.tt/2zg74QB
Submitted October 31, 2018 at 04:49PM by gpestana
via reddit https://ift.tt/2qkC6CQ
https://ift.tt/2zg74QB
Submitted October 31, 2018 at 04:49PM by gpestana
via reddit https://ift.tt/2qkC6CQ
reddit
r/Rad_Decentralization - [RFC] group entropy for hiding lookup initiator in a distributed hash tables
2 votes and 1 comment so far on Reddit
Analyzing the root DNSSEC key rollover
https://ift.tt/2P4ZqUg
Submitted October 31, 2018 at 05:30PM by pimterry
via reddit https://ift.tt/2ADlAEf
https://ift.tt/2P4ZqUg
Submitted October 31, 2018 at 05:30PM by pimterry
via reddit https://ift.tt/2ADlAEf
reddit
r/netsec - Analyzing the root DNSSEC key rollover
1 vote and 0 comments so far on Reddit
JNDIAT - Penetration testing tool that tests the security of Weblogic servers through T3 protocol
https://ift.tt/2Js9Rer
Submitted October 31, 2018 at 07:52PM by HeadProfessional
via reddit https://ift.tt/2DdhHYV
https://ift.tt/2Js9Rer
Submitted October 31, 2018 at 07:52PM by HeadProfessional
via reddit https://ift.tt/2DdhHYV
GitHub
quentinhardy/jndiat
JNDI Attacking Tool. Contribute to quentinhardy/jndiat development by creating an account on GitHub.
Triage Planning: What Can Security Teams Learn From First Responders? - Red Canary
https://ift.tt/2JqUaE9
Submitted October 31, 2018 at 07:38PM by fireh7nter
via reddit https://ift.tt/2DfRrxf
https://ift.tt/2JqUaE9
Submitted October 31, 2018 at 07:38PM by fireh7nter
via reddit https://ift.tt/2DfRrxf
Red Canary
Triage Planning: What Can Security Teams Learn From First Responders? - Red Canary
See how our CIRT fought a flare-up in Emotet infections by taking a step back from the mass of alerts to devise a proactive triage strategy.
Jok3r - Network and Web Pentest Framework
https://ift.tt/2OhGCM2
Submitted October 31, 2018 at 08:16PM by HeadProfessional
via reddit https://ift.tt/2yQJSt9
https://ift.tt/2OhGCM2
Submitted October 31, 2018 at 08:16PM by HeadProfessional
via reddit https://ift.tt/2yQJSt9
GitHub
koutto/jok3r
Jok3r - Network and Web Pentest Framework. Contribute to koutto/jok3r development by creating an account on GitHub.
The 90s Called, and They Want Their Hacks Back: Memoirs of an Amateur Hacker.
https://ift.tt/2NPzztS
Submitted October 31, 2018 at 08:09PM by xenexfor
via reddit https://ift.tt/2yQJTxd
https://ift.tt/2NPzztS
Submitted October 31, 2018 at 08:09PM by xenexfor
via reddit https://ift.tt/2yQJTxd
Medium
Memoirs of an Amateur Hacker
Macs during the ’90s were awesome. So easy to use, so graphical, so insecure.
CVE-2018-9411: New critical vulnerability in multiple high-privileged Android services
https://ift.tt/2qjqSyJ
Submitted October 31, 2018 at 10:05PM by domen_puncer
via reddit https://ift.tt/2QaOjFt
https://ift.tt/2qjqSyJ
Submitted October 31, 2018 at 10:05PM by domen_puncer
via reddit https://ift.tt/2QaOjFt
Zimperium Mobile Security Blog
CVE-2018-9411: New critical vulnerability in multiple high-privileged Android services | Zimperium Mobile Security Blog
As part of our platform research in Zimperium zLabs, I have recently discloseda a critical vulnerability affecting multiple high-privileged Android services to Google. Google designated it as CVE-2018-9411 and patched it in the July security update (2018…
LightSpeed, a race for an iOS/MacOS sandbox escape
https://ift.tt/2yIMGbp
Submitted October 31, 2018 at 10:40PM by mabote
via reddit https://ift.tt/2Js0uv2
https://ift.tt/2yIMGbp
Submitted October 31, 2018 at 10:40PM by mabote
via reddit https://ift.tt/2Js0uv2
reddit
r/netsec - LightSpeed, a race for an iOS/MacOS sandbox escape
4 votes and 0 comments so far on Reddit
Facebook Business Takeover
https://ift.tt/2Sth6GQ
Submitted November 01, 2018 at 12:11AM by mangojangofett
via reddit https://ift.tt/2DeDVcZ
https://ift.tt/2Sth6GQ
Submitted November 01, 2018 at 12:11AM by mangojangofett
via reddit https://ift.tt/2DeDVcZ
The /r/netsec Monthly Discussion Thread - November 2018
OverviewQuestions regarding netsec and discussion related directly to netsec are welcome here.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on /r/netsec.As always, the content & discussion guidelines should also be observed on /r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted November 01, 2018 at 10:06AM by AutoModerator
via reddit https://ift.tt/2Qalkl8
OverviewQuestions regarding netsec and discussion related directly to netsec are welcome here.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on /r/netsec.As always, the content & discussion guidelines should also be observed on /r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted November 01, 2018 at 10:06AM by AutoModerator
via reddit https://ift.tt/2Qalkl8
Reddit
Technical Information Security Content & Discussion
/r/netsec is a community-curated aggregator of technical information security content. Our mission is to extract signal from the noise — to provide value to security practitioners, students, researchers, and hackers everywhere.
Using ActiveDirectory module for Domain Enumeration from PowerShell Constrained Language Mode
https://ift.tt/2JsAqQu
Submitted November 01, 2018 at 09:37AM by SamratAsh0k
via reddit https://ift.tt/2Ddmutm
https://ift.tt/2JsAqQu
Submitted November 01, 2018 at 09:37AM by SamratAsh0k
via reddit https://ift.tt/2Ddmutm
Labofapenetrationtester
Using ActiveDirectory module for Domain Enumeration from PowerShell Constrained Language Mode
Home of Nikhil SamratAshok Mittal. Posts about Red Teaming, Offensive PowerShell, Active Directory and Pen Testing.
Trickbot Shows Off New Trick: Password Grabber Module
https://ift.tt/2qmv3K3
Submitted November 01, 2018 at 08:17PM by EvanConover
via reddit https://ift.tt/2OYXnRk
https://ift.tt/2qmv3K3
Submitted November 01, 2018 at 08:17PM by EvanConover
via reddit https://ift.tt/2OYXnRk
Trendmicro
Trickbot Shows Off New Trick: Password Grabber Module - TrendLabs Security Intelligence Blog
Trickbot (detected by Trend Micro as TSPY_TRICKBOT.THOIBEAI) now has a password grabber module that steals access from several applications and browsers.
Cisco Security: Zero-day in SIP inspection engine of ASA 9.4+ and FTD 6.0+ software.
https://ift.tt/2F6EQ1d
Submitted November 01, 2018 at 09:08PM by QuirkySpiceBush
via reddit https://ift.tt/2EWrILU
https://ift.tt/2F6EQ1d
Submitted November 01, 2018 at 09:08PM by QuirkySpiceBush
via reddit https://ift.tt/2EWrILU
Cisco
Cisco Security Threat and Vulnerability Intelligence
The Cisco Security portal provides actionable intelligence for security threats and vulnerabilities in Cisco products and services and third-party products.