Xipology — Exploiting DNS caching as a covert channel / carrier
https://ift.tt/2PXundl
Submitted November 27, 2018 at 04:16AM by midael
via reddit https://ift.tt/2r4ZULB
https://ift.tt/2PXundl
Submitted November 27, 2018 at 04:16AM by midael
via reddit https://ift.tt/2r4ZULB
Medium
Xipology (⅓) — Exploiting DNS caching as a carrier
This is our story of exploiting caching Domain Name System (DNS) servers to break network segregation.
With Zen 2 on the way, the AMD Platform Security Processor should be addressed.
https://ift.tt/2r2PMD4
Submitted November 27, 2018 at 03:49PM by up-sky-7
via reddit https://ift.tt/2Q2mmnC
https://ift.tt/2r2PMD4
Submitted November 27, 2018 at 03:49PM by up-sky-7
via reddit https://ift.tt/2Q2mmnC
reddit
r/Amd - With Zen 2 on the way, the AMD Platform Security Processor should be addressed.
901 votes and 138 comments so far on Reddit
Debian alert DLA-1594-1 (xml-security-c)
https://ift.tt/2FILwCJ
Submitted November 27, 2018 at 08:53PM by jdrch
via reddit https://ift.tt/2P6EcAb
https://ift.tt/2FILwCJ
Submitted November 27, 2018 at 08:53PM by jdrch
via reddit https://ift.tt/2P6EcAb
reddit
r/netsec - Debian alert DLA-1594-1 (xml-security-c)
0 votes and 0 comments so far on Reddit
Debian alert DLA-1596-1 (squid3)
https://ift.tt/2r6B9P1
Submitted November 27, 2018 at 08:52PM by jdrch
via reddit https://ift.tt/2zthhKt
https://ift.tt/2r6B9P1
Submitted November 27, 2018 at 08:52PM by jdrch
via reddit https://ift.tt/2zthhKt
reddit
r/netsec - Debian alert DLA-1596-1 (squid3)
0 votes and 0 comments so far on Reddit
Debian alert DSA-4344-1 (roundcube)
https://ift.tt/2FSYiPo
Submitted November 27, 2018 at 08:52PM by jdrch
via reddit https://ift.tt/2P3axrK
https://ift.tt/2FSYiPo
Submitted November 27, 2018 at 08:52PM by jdrch
via reddit https://ift.tt/2P3axrK
reddit
r/netsec - Debian alert DSA-4344-1 (roundcube)
0 votes and 0 comments so far on Reddit
Debian alert DLA-1593-1 (phpbb3)
https://ift.tt/2r6BbX9
Submitted November 27, 2018 at 08:50PM by jdrch
via reddit https://ift.tt/2zrSiqO
https://ift.tt/2r6BbX9
Submitted November 27, 2018 at 08:50PM by jdrch
via reddit https://ift.tt/2zrSiqO
reddit
r/netsec - Debian alert DLA-1593-1 (phpbb3)
0 votes and 0 comments so far on Reddit
Debian alert DLA-1588-1 (icecast2)
https://ift.tt/2FSYjTs
Submitted November 27, 2018 at 08:49PM by jdrch
via reddit https://ift.tt/2P7HEed
https://ift.tt/2FSYjTs
Submitted November 27, 2018 at 08:49PM by jdrch
via reddit https://ift.tt/2P7HEed
reddit
r/netsec - Debian alert DLA-1588-1 (icecast2)
0 votes and 0 comments so far on Reddit
Debian alert DLA-1589-1 (icecast2)
https://ift.tt/2r9LD0c
Submitted November 27, 2018 at 08:49PM by jdrch
via reddit https://ift.tt/2P3tESv
https://ift.tt/2r9LD0c
Submitted November 27, 2018 at 08:49PM by jdrch
via reddit https://ift.tt/2P3tESv
reddit
r/netsec - Debian alert DLA-1589-1 (icecast2)
0 votes and 0 comments so far on Reddit
Debian alert DLA-1595-1 (gnuplot5)
https://ift.tt/2FSYluy
Submitted November 27, 2018 at 08:48PM by jdrch
via reddit https://ift.tt/2zteP6J
https://ift.tt/2FSYluy
Submitted November 27, 2018 at 08:48PM by jdrch
via reddit https://ift.tt/2zteP6J
reddit
r/netsec - Debian alert DLA-1595-1 (gnuplot5)
0 votes and 0 comments so far on Reddit
USN-3826-1: QEMU vulnerabilities
https://ift.tt/2DK6vT8
Submitted November 27, 2018 at 08:47PM by jdrch
via reddit https://ift.tt/2P5MkkG
https://ift.tt/2DK6vT8
Submitted November 27, 2018 at 08:47PM by jdrch
via reddit https://ift.tt/2P5MkkG
Ubuntu
USN-3826-1: QEMU vulnerabilities | Ubuntu security notices
Daniel Shapira and Arash Tohidi discovered that QEMU incorrectly handled NE2000 device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2018-10839)
It was discovered that QEMU incorrectly…
It was discovered that QEMU incorrectly…
SIEMENS PATCHES MAJOR FIREWALL FLAW, OTHER VULNERABILITIES
https://ift.tt/2RflZCH
Submitted November 27, 2018 at 08:05PM by UnixLinuxPro
via reddit https://ift.tt/2P5ItnI
https://ift.tt/2RflZCH
Submitted November 27, 2018 at 08:05PM by UnixLinuxPro
via reddit https://ift.tt/2P5ItnI
TechGenix
Siemens patches major firewall flaw, other vulnerabilities
German conglomerate Siemens has been busy trying to close several gaps in its security infrastructure caused by critical vulnerabilities.
PLC Bug Hunt: A Team Building Activity
https://ift.tt/2QkZRJK
Submitted November 27, 2018 at 07:57PM by chicksdigthelongrun
via reddit https://ift.tt/2QgOv9N
https://ift.tt/2QkZRJK
Submitted November 27, 2018 at 07:57PM by chicksdigthelongrun
via reddit https://ift.tt/2QgOv9N
Medium
PLC Bug Hunt
A Team Building Activity
Exposing the Public IPs of Tor Services Through SSL Certificates
https://ift.tt/2DNvvsD
Submitted November 27, 2018 at 10:09PM by ziyahanalbeniz
via reddit https://ift.tt/2E0Kyjv
https://ift.tt/2DNvvsD
Submitted November 27, 2018 at 10:09PM by ziyahanalbeniz
via reddit https://ift.tt/2E0Kyjv
Netsparker
Exposing the Public IPs of Tor Services Through SSL Certificates
This blog post explains how the Tor network, selected for anonymity, can actually be used to discover users' IP addresses due to an incorrect SSL configuration. It includes examples, screenshots and recommendations for further reading.
Exploiting developer infrastructure is insanely easy
https://ift.tt/2DWyKig
Submitted November 27, 2018 at 11:11PM by ihsw
via reddit https://ift.tt/2Ro64SE
https://ift.tt/2DWyKig
Submitted November 27, 2018 at 11:11PM by ihsw
via reddit https://ift.tt/2Ro64SE
Medium
Exploiting developer infrastructure is insanely easy
How an npm package was taken over to infect mobile apps and steal bitcoins.
I couldn't find any XSS reverse shell exploits... so I made one
https://ift.tt/2RizIbP
Submitted November 27, 2018 at 11:41AM by skedar46
via reddit https://ift.tt/2TN6ALo
https://ift.tt/2RizIbP
Submitted November 27, 2018 at 11:41AM by skedar46
via reddit https://ift.tt/2TN6ALo
GitHub
raz-varren/xsshell
An XSS reverse shell framework. Contribute to raz-varren/xsshell development by creating an account on GitHub.
Vulnhub - LAMPSecurity's CTF4 Walkthrough
https://ift.tt/2Q02ils
Submitted November 28, 2018 at 01:57AM by 0xCAL3
via reddit https://ift.tt/2Ql53NS
https://ift.tt/2Q02ils
Submitted November 28, 2018 at 01:57AM by 0xCAL3
via reddit https://ift.tt/2Ql53NS
BebopSecurity
LAMPSecurity: CTF4 Walkthrough
A complete boot2root walkthrough of LAMPSecurity's 4th CTF challenge.
Trape - People tracker on the Internet: OSINT analysis and research tool
https://ift.tt/2BvT2Nm
Submitted November 28, 2018 at 01:34AM by DrinkMoreCodeMore
via reddit https://ift.tt/2DKqzox
https://ift.tt/2BvT2Nm
Submitted November 28, 2018 at 01:34AM by DrinkMoreCodeMore
via reddit https://ift.tt/2DKqzox
GitHub
jofpin/trape
People tracker on the Internet: OSINT analysis and research tool by Jose Pino - jofpin/trape
Event-stream vulnerability explained
https://ift.tt/2FLFotw
Submitted November 28, 2018 at 05:57AM by root_trainingwheels
via reddit https://ift.tt/2QhGamf
https://ift.tt/2FLFotw
Submitted November 28, 2018 at 05:57AM by root_trainingwheels
via reddit https://ift.tt/2QhGamf
reddit
r/netsec - Event-stream vulnerability explained
1 vote and 0 comments so far on Reddit
Service that tracks every IP mass scanning/attacking the Internet
https://ift.tt/2DZAhV1
Submitted November 28, 2018 at 10:41AM by andrew_balls
via reddit https://ift.tt/2ra4b05
https://ift.tt/2DZAhV1
Submitted November 28, 2018 at 10:41AM by andrew_balls
via reddit https://ift.tt/2ra4b05
reddit
r/netsec - Service that tracks every IP mass scanning/attacking the Internet
4 votes and 1 comment so far on Reddit
Sennheiser apps installed root cert then leaks private keys
https://ift.tt/2DM5hqy
Submitted November 28, 2018 at 12:50PM by le-quack
via reddit https://ift.tt/2Qm6JXj
https://ift.tt/2DM5hqy
Submitted November 28, 2018 at 12:50PM by le-quack
via reddit https://ift.tt/2Qm6JXj
reddit
r/netsec - Sennheiser apps installed root cert then leaks private keys
5 votes and 1 comment so far on Reddit
Interactive serial sci-fi book with some Info-Sec challenges
https://ift.tt/2Q2NG55
Submitted November 28, 2018 at 05:04PM by SpecificBridge
via reddit https://ift.tt/2RlCwVq
https://ift.tt/2Q2NG55
Submitted November 28, 2018 at 05:04PM by SpecificBridge
via reddit https://ift.tt/2RlCwVq