Not A Security Boundary: Breaking Forest Trusts
https://ift.tt/2P74faw
Submitted November 29, 2018 at 12:21AM by checky
via reddit https://ift.tt/2zupYo6
https://ift.tt/2P74faw
Submitted November 29, 2018 at 12:21AM by checky
via reddit https://ift.tt/2zupYo6
Posts By SpecterOps Team Members
Not A Security Boundary: Breaking Forest Trusts
For years Microsoft has stated that the forest was the security boundary in Active Directory. For example, Microsoft’s “What Are Domains and Forests?” document (last updated in 2014) has a “Forests…
Changed your GitHub username? Hackers can easily gain access to your account on several devtool sites
https://ift.tt/2FNViDI
Submitted November 29, 2018 at 12:37AM by machete143
via reddit https://ift.tt/2DSIqtc
https://ift.tt/2FNViDI
Submitted November 29, 2018 at 12:37AM by machete143
via reddit https://ift.tt/2DSIqtc
reddit
r/netsec - Changed your GitHub username? Hackers can easily gain access to your account on several devtool sites
0 votes and 0 comments so far on Reddit
Why Australian Internet Laws Are Going from Bad to Worse
https://ift.tt/2r8RVNB
Submitted November 29, 2018 at 12:37AM by Pinchbeck_67
via reddit https://ift.tt/2QneRqx
https://ift.tt/2r8RVNB
Submitted November 29, 2018 at 12:37AM by Pinchbeck_67
via reddit https://ift.tt/2QneRqx
Surfshark
Why Australian Internet Laws Are Going from Bad to Worse - Surfshark
While Australia is considered to be a democratic country, its extreme new internet laws raise concerns about the potential dangers of growing online surveillance and censorship.
BLH - A much neglected Attack Vector
https://ift.tt/2wtNgrM
Submitted November 29, 2018 at 08:06AM by payloadartist
via reddit https://ift.tt/2zuGUuB
https://ift.tt/2wtNgrM
Submitted November 29, 2018 at 08:06AM by payloadartist
via reddit https://ift.tt/2zuGUuB
Medium
AWS Slurp Github Takeover
Slurp is a tool used by information security professionals to enumerate AWS S3 buckets.
Stealing Webpages Rendered on Your Browser by Exploiting GPU Vulnerabilities
https://ift.tt/2Sov3p1
Submitted November 29, 2018 at 08:04AM by Hemlck
via reddit https://ift.tt/2E0yfUF
https://ift.tt/2Sov3p1
Submitted November 29, 2018 at 08:04AM by Hemlck
via reddit https://ift.tt/2E0yfUF
USN-3830-1: OpenJDK regression
https://ift.tt/2KCU2ly
Submitted November 29, 2018 at 07:40AM by jdrch
via reddit https://ift.tt/2zvRocZ
https://ift.tt/2KCU2ly
Submitted November 29, 2018 at 07:40AM by jdrch
via reddit https://ift.tt/2zvRocZ
Ubuntu
USN-3830-1: OpenJDK regression | Ubuntu security notices
USN-3804-1 fixed vulnerabilities in OpenJDK. Unfortunately, that update introduced a regression when validating JAR files that prevented Java applications from finding classes in some situations. This update fixes the problem.
We apologize for the inconvenience.
We apologize for the inconvenience.
Debian alert DLA-1598-1 (ghostnoscript)
https://ift.tt/2Q2Vxzq
Submitted November 29, 2018 at 07:39AM by jdrch
via reddit https://ift.tt/2P7ElTX
https://ift.tt/2Q2Vxzq
Submitted November 29, 2018 at 07:39AM by jdrch
via reddit https://ift.tt/2P7ElTX
reddit
r/netsec - Debian alert DLA-1598-1 (ghostnoscript)
0 votes and 0 comments so far on Reddit
Finding Exposed ES instances Using Shodan
https://ift.tt/2AuSwgJ
Submitted November 29, 2018 at 08:54AM by payloadartist
via reddit https://ift.tt/2TTQW0T
https://ift.tt/2AuSwgJ
Submitted November 29, 2018 at 08:54AM by payloadartist
via reddit https://ift.tt/2TTQW0T
HackenProof Blog
New Data Breach exposes 57 million records - HackenProof Blog
A massive 73 GB data breach was discovered during a security audit of publicly available servers with the Shodan search engine. Read more in our blog post.
Cross posting here as a commenter suggested.
https://ift.tt/2AuSx4h
Submitted November 29, 2018 at 08:50AM by chababster
via reddit https://ift.tt/2TU8Al5
https://ift.tt/2AuSx4h
Submitted November 29, 2018 at 08:50AM by chababster
via reddit https://ift.tt/2TU8Al5
reddit
r/cybersecurity - Phishing research
1 vote and 2 comments so far on Reddit
Escalating SSRF in a Vulnerable Jira Instance to RCE via Docker Engine API
https://ift.tt/2FKCe9m
Submitted November 29, 2018 at 11:13AM by payloadartist
via reddit https://ift.tt/2RmiiLo
https://ift.tt/2FKCe9m
Submitted November 29, 2018 at 11:13AM by payloadartist
via reddit https://ift.tt/2RmiiLo
Development Security Downloads Education | Andmp
Escalating SSRF in a Vulnerable Jira Instance to RCE via Docker Engine API
Download PDF books study material Regular updates on education Tips on money making through Adsense and affiliate programmes and tricks
Huawei Experiences a Major Blow as New Zealand Bans It For Security Reasons
https://ift.tt/2P3mSMF
Submitted November 29, 2018 at 05:03PM by nagishiv0
via reddit https://ift.tt/2zzCum5
https://ift.tt/2P3mSMF
Submitted November 29, 2018 at 05:03PM by nagishiv0
via reddit https://ift.tt/2zzCum5
reddit
r/netsec - Huawei Experiences a Major Blow as New Zealand Bans It For Security Reasons
16 votes and 0 comments so far on Reddit
Leveraging Gradle Plugin wildcard versions for remote code execution
https://ift.tt/2SgAOVx
Submitted November 29, 2018 at 08:11PM by Fido488
via reddit https://ift.tt/2TW3tkj
https://ift.tt/2SgAOVx
Submitted November 29, 2018 at 08:11PM by Fido488
via reddit https://ift.tt/2TW3tkj
Medium
Leveraging Gradle Plugin wildcard versions for remote code execution
Exploit allowed any Gradle Plugin on the Gradle Plugin Portal to have it’s artifact coordinates hijacked by a malicious actor.
Hacking keyboards using QMK
https://ift.tt/2r93rZe
Submitted November 29, 2018 at 07:57PM by mthbernardes
via reddit https://ift.tt/2KH7KE9
https://ift.tt/2r93rZe
Submitted November 29, 2018 at 07:57PM by mthbernardes
via reddit https://ift.tt/2KH7KE9
GitHub
mthbernardes/QMKhuehuebr
Trying to hack into keyboards. Contribute to mthbernardes/QMKhuehuebr development by creating an account on GitHub.
Tyton - Kernel-Mode Rootkit Hunter
https://ift.tt/2FX5gD0
Submitted November 29, 2018 at 07:54PM by ImZugzwang
via reddit https://ift.tt/2BGnhBk
https://ift.tt/2FX5gD0
Submitted November 29, 2018 at 07:54PM by ImZugzwang
via reddit https://ift.tt/2BGnhBk
GitHub
nbulischeck/tyton
Kernel-Mode Rootkit Hunter. Contribute to nbulischeck/tyton development by creating an account on GitHub.
ekoparty 2018 videos (English/Spanish)
https://www.youtube.com/playlist?list=PLaIv9WEAzYZPwyGTRZV85NSGaEe3EbJQ9
Submitted November 29, 2018 at 09:44PM by albinowax
via reddit https://ift.tt/2DQJZrH
https://www.youtube.com/playlist?list=PLaIv9WEAzYZPwyGTRZV85NSGaEe3EbJQ9
Submitted November 29, 2018 at 09:44PM by albinowax
via reddit https://ift.tt/2DQJZrH
YouTube
ekoparty 14 (2018) - YouTube
How to create the perfect anonymizing botnet by abusing UPnP features — and without any infection
https://ift.tt/2SkqBr0
Submitted November 29, 2018 at 10:56PM by anotherinfosecdude
via reddit https://ift.tt/2QmdbxB
https://ift.tt/2SkqBr0
Submitted November 29, 2018 at 10:56PM by anotherinfosecdude
via reddit https://ift.tt/2QmdbxB
Just another infosec blog type of thing
Hiding Through a Maze of IoT Devices
How to create the perfect anonymizing botnet by abusing UPnP features — and without any infection
Fragmented SQL Injection Attacks – The Solution
https://ift.tt/2rbfZPF
Submitted November 29, 2018 at 10:41PM by ziyahanalbeniz
via reddit https://ift.tt/2FLoXxn
https://ift.tt/2rbfZPF
Submitted November 29, 2018 at 10:41PM by ziyahanalbeniz
via reddit https://ift.tt/2FLoXxn
Netsparker
Fragmented SQL Injection Attacks – The Solution
In this blog post, we discuss the research on Fragmented SQL Injection where the hackers control two entry points in the same context in order to bypass the authentication form. Our security researcher looks at the importance of single quotes and the solution…
Hunting with ꓘamerka 2.0 aka FIST (Flickr, Instagram, Shodan, Twitter)
https://ift.tt/2E4VZXM
Submitted November 29, 2018 at 11:29PM by Mysterii8
via reddit https://ift.tt/2TXbpSA
https://ift.tt/2E4VZXM
Submitted November 29, 2018 at 11:29PM by Mysterii8
via reddit https://ift.tt/2TXbpSA
Medium
Hunting with ꓘamerka 2.0 aka FIST (Flickr, Instagram, Shodan, Twitter)
TL;DR ꓘamerka has new cool features, right now you can search for Flickr and Instagram photos, printers and cameras from Shodan and…
Pervasive Brazilian financial malware targets bank customers in Latin America and Europe
https://ift.tt/2Rs9YKg
Submitted November 30, 2018 at 12:06AM by Eliad-Cybereason
via reddit https://ift.tt/2TTK9Em
https://ift.tt/2Rs9YKg
Submitted November 30, 2018 at 12:06AM by Eliad-Cybereason
via reddit https://ift.tt/2TTK9Em
Cybereason
Pervasive Brazilian financial malware targets bank customers in Latin America and Europe
Cybereason’s Nocturnus team mapped out the multi-stage malware distribution infrastructure behind Brazilian financial malware and found that Brazilian-made malware have become pervasive and target over 60 banks in nearly a dozen countries throughout Latin…
GitHub - quarantyne/quarantyne: Modern Web Firewall: stop account takeovers, weak passwords, cloud IPs, DoS attacks, disposable emails
https://ift.tt/2Pkv1jM
Submitted November 30, 2018 at 12:46AM by SoldierGarrison
via reddit https://ift.tt/2FOn5nC
https://ift.tt/2Pkv1jM
Submitted November 30, 2018 at 12:46AM by SoldierGarrison
via reddit https://ift.tt/2FOn5nC
GitHub
quarantyne/quarantyne
Modern Web Firewall: stop account takeovers, weak passwords, cloud IPs, DoS attacks, disposable emails - quarantyne/quarantyne
VulnHub - Vulnix CTF Walkthrough
https://ift.tt/2SkcLVR
Submitted November 30, 2018 at 03:31AM by kindredsec
via reddit https://ift.tt/2zzztSI
https://ift.tt/2SkcLVR
Submitted November 30, 2018 at 03:31AM by kindredsec
via reddit https://ift.tt/2zzztSI
Kindred Security
VulnHub – Vulnix Write-up
Vulnhub Page: Vulnix is a super old machine (from around 2012) that has a pretty sizable amount of exploitation paths, especially for Privilege Escalation. Since the machine is an Ubuntu 12.04 mach…