Fragmented SQL Injection Attacks – The Solution
https://ift.tt/2rbfZPF
Submitted November 29, 2018 at 10:41PM by ziyahanalbeniz
via reddit https://ift.tt/2FLoXxn
https://ift.tt/2rbfZPF
Submitted November 29, 2018 at 10:41PM by ziyahanalbeniz
via reddit https://ift.tt/2FLoXxn
Netsparker
Fragmented SQL Injection Attacks – The Solution
In this blog post, we discuss the research on Fragmented SQL Injection where the hackers control two entry points in the same context in order to bypass the authentication form. Our security researcher looks at the importance of single quotes and the solution…
Hunting with ꓘamerka 2.0 aka FIST (Flickr, Instagram, Shodan, Twitter)
https://ift.tt/2E4VZXM
Submitted November 29, 2018 at 11:29PM by Mysterii8
via reddit https://ift.tt/2TXbpSA
https://ift.tt/2E4VZXM
Submitted November 29, 2018 at 11:29PM by Mysterii8
via reddit https://ift.tt/2TXbpSA
Medium
Hunting with ꓘamerka 2.0 aka FIST (Flickr, Instagram, Shodan, Twitter)
TL;DR ꓘamerka has new cool features, right now you can search for Flickr and Instagram photos, printers and cameras from Shodan and…
Pervasive Brazilian financial malware targets bank customers in Latin America and Europe
https://ift.tt/2Rs9YKg
Submitted November 30, 2018 at 12:06AM by Eliad-Cybereason
via reddit https://ift.tt/2TTK9Em
https://ift.tt/2Rs9YKg
Submitted November 30, 2018 at 12:06AM by Eliad-Cybereason
via reddit https://ift.tt/2TTK9Em
Cybereason
Pervasive Brazilian financial malware targets bank customers in Latin America and Europe
Cybereason’s Nocturnus team mapped out the multi-stage malware distribution infrastructure behind Brazilian financial malware and found that Brazilian-made malware have become pervasive and target over 60 banks in nearly a dozen countries throughout Latin…
GitHub - quarantyne/quarantyne: Modern Web Firewall: stop account takeovers, weak passwords, cloud IPs, DoS attacks, disposable emails
https://ift.tt/2Pkv1jM
Submitted November 30, 2018 at 12:46AM by SoldierGarrison
via reddit https://ift.tt/2FOn5nC
https://ift.tt/2Pkv1jM
Submitted November 30, 2018 at 12:46AM by SoldierGarrison
via reddit https://ift.tt/2FOn5nC
GitHub
quarantyne/quarantyne
Modern Web Firewall: stop account takeovers, weak passwords, cloud IPs, DoS attacks, disposable emails - quarantyne/quarantyne
VulnHub - Vulnix CTF Walkthrough
https://ift.tt/2SkcLVR
Submitted November 30, 2018 at 03:31AM by kindredsec
via reddit https://ift.tt/2zzztSI
https://ift.tt/2SkcLVR
Submitted November 30, 2018 at 03:31AM by kindredsec
via reddit https://ift.tt/2zzztSI
Kindred Security
VulnHub – Vulnix Write-up
Vulnhub Page: Vulnix is a super old machine (from around 2012) that has a pretty sizable amount of exploitation paths, especially for Privilege Escalation. Since the machine is an Ubuntu 12.04 mach…
Source Code Disclosure in Facebook via Ads API
https://ift.tt/2TYZ1kU
Submitted November 30, 2018 at 07:55AM by payloadartist
via reddit https://ift.tt/2AyWN2O
https://ift.tt/2TYZ1kU
Submitted November 30, 2018 at 07:55AM by payloadartist
via reddit https://ift.tt/2AyWN2O
reddit
r/netsec - Source Code Disclosure in Facebook via Ads API
1 vote and 0 comments so far on Reddit
Metadata Endpoints of Various Cloud Services for Fuzzing for SSRF
https://ift.tt/2TYmXVq
Submitted November 30, 2018 at 07:52AM by payloadartist
via reddit https://ift.tt/2AyWNQm
https://ift.tt/2TYmXVq
Submitted November 30, 2018 at 07:52AM by payloadartist
via reddit https://ift.tt/2AyWNQm
Gist
Cloud Metadata Dictionary useful for SSRF Testing
Cloud Metadata Dictionary useful for SSRF Testing - cloud_metadata.txt
Passive-ish Reconnaissance using OSINT: Part I
https://ift.tt/2AydVFZ
Submitted November 30, 2018 at 07:40AM by payloadartist
via reddit https://ift.tt/2TX7MvR
https://ift.tt/2AydVFZ
Submitted November 30, 2018 at 07:40AM by payloadartist
via reddit https://ift.tt/2TX7MvR
Secjuice.com
Passive Reconnaissance Using OSINT
This article explores the basics of OSINT from a reconnaissance perspective, in which we map out the entire public facing infrastructure of a target.
Netflix Information Security: Preventing Credential Compromise in AWS
https://ift.tt/2raRPFf
Submitted November 30, 2018 at 10:57AM by digicat
via reddit https://ift.tt/2RkharD
https://ift.tt/2raRPFf
Submitted November 30, 2018 at 10:57AM by digicat
via reddit https://ift.tt/2RkharD
Medium
Netflix Information Security: Preventing Credential Compromise in AWS
by Will Bengtson
[TOOL] Scrooge McEtherface - Ethereum smart contract auto-looter
https://ift.tt/2rfWKV7
Submitted November 30, 2018 at 02:05PM by berndtzl
via reddit https://ift.tt/2rfWNAh
https://ift.tt/2rfWKV7
Submitted November 30, 2018 at 02:05PM by berndtzl
via reddit https://ift.tt/2rfWNAh
Medium
Automated Smart Contract Exploitation and Looting
In my previous article I showed that Mythril Classic can discover non-trivial vulnerabilities in Ethereum smart contracts and compute the…
UK NCSC discloses their equities process
https://ift.tt/2RnzQGY
Submitted November 30, 2018 at 03:20PM by handmadeby
via reddit https://ift.tt/2AycXcI
https://ift.tt/2RnzQGY
Submitted November 30, 2018 at 03:20PM by handmadeby
via reddit https://ift.tt/2AycXcI
www.ncsc.gov.uk
Equities process
Dr Ian Levy talks about the risks and benefits of disclosing vulnerabilities and explains how the GCHQ Equities Process works.
Modern web application bugs [video]
https://youtu.be/tqFqN8A7waQ
Submitted November 30, 2018 at 04:29PM by albinowax
via reddit https://ift.tt/2zAk6cI
https://youtu.be/tqFqN8A7waQ
Submitted November 30, 2018 at 04:29PM by albinowax
via reddit https://ift.tt/2zAk6cI
YouTube
Modern web application bugs - Erlend Oftedal
With the emerging popularity of bug bounty programs, lesser known and even brand new vulnerability classes are gaining popularity. This talk will give a walk...
fuzz.txt - potentially dangerous files for dirbusting
https://ift.tt/2Jbsi59
Submitted November 30, 2018 at 04:01PM by i_bo0om
via reddit https://ift.tt/2FOry9D
https://ift.tt/2Jbsi59
Submitted November 30, 2018 at 04:01PM by i_bo0om
via reddit https://ift.tt/2FOry9D
GitHub
Bo0oM/fuzz.txt
Potentially dangerous files. Contribute to Bo0oM/fuzz.txt development by creating an account on GitHub.
Marriott hack hits 500 million guests
https://ift.tt/2zvm7qI
Submitted November 30, 2018 at 06:12PM by Koko0404
via reddit https://ift.tt/2Pa8Sk8
https://ift.tt/2zvm7qI
Submitted November 30, 2018 at 06:12PM by Koko0404
via reddit https://ift.tt/2Pa8Sk8
BBC News
Marriott hack hits 500 million guests
The hotel chain says details of up to 500 million guests may have been accessed in a database breach.
Marriott discloses massive data breach affecting up to 500 million guests
https://ift.tt/2Sg1VA6
Submitted November 30, 2018 at 08:50PM by apol0
via reddit https://ift.tt/2FT172H
https://ift.tt/2Sg1VA6
Submitted November 30, 2018 at 08:50PM by apol0
via reddit https://ift.tt/2FT172H
reddit
r/AskNetsec - Marriott discloses massive data breach affecting up to 500 million guests
2 votes and 1 comment so far on Reddit
X-Post DCOMrade - Automating the enumeration of DCOM applications • r/netsecstudents
https://ift.tt/2zABk9V
Submitted November 30, 2018 at 03:50PM by b4waking
via reddit https://ift.tt/2FSfDYs
https://ift.tt/2zABk9V
Submitted November 30, 2018 at 03:50PM by b4waking
via reddit https://ift.tt/2FSfDYs
reddit
r/netsecstudents - DCOMrade - Automating the enumeration of DCOM applications
2 votes and 0 comments so far on Reddit
Threat modeling OpenID Connect, OAuth 2.0 for beginners
Part 1: https://medium.com/devopslinks/threat-modeling-openid-connect-oauth-2-0-for-beginners-using-owasp-threat-dragon-part-1-b9e396fd7af9Part 2: https://medium.com/devopslinks/threat-modeling-openid-connect-oauth-2-0-for-beginners-using-owasp-threat-dragon-part-2-4efb27c609ceBeginners friendly threat model using OWASP threat dragon.
Submitted November 29, 2018 at 02:48PM by tahmed11
via reddit https://ift.tt/2rgdP1r
Part 1: https://medium.com/devopslinks/threat-modeling-openid-connect-oauth-2-0-for-beginners-using-owasp-threat-dragon-part-1-b9e396fd7af9Part 2: https://medium.com/devopslinks/threat-modeling-openid-connect-oauth-2-0-for-beginners-using-owasp-threat-dragon-part-2-4efb27c609ceBeginners friendly threat model using OWASP threat dragon.
Submitted November 29, 2018 at 02:48PM by tahmed11
via reddit https://ift.tt/2rgdP1r
Medium
Threat modeling OpenID Connect, OAuth 2.0 for beginners using OWASP Threat Dragon [Part 1]
You are reading this post because you probably came across Oauth and OpenID Connect at some point in time and tried to make sense out of…
USN-3831-1: Ghostnoscript vulnerabilities
https://ift.tt/2Q2l4sJ
Submitted December 01, 2018 at 02:00AM by jdrch
via reddit https://ift.tt/2E4Lzaz
https://ift.tt/2Q2l4sJ
Submitted December 01, 2018 at 02:00AM by jdrch
via reddit https://ift.tt/2E4Lzaz
Ubuntu
USN-3831-1: Ghostnoscript vulnerabilities | Ubuntu security notices
It was discovered that Ghostnoscript contained multiple security issues. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code…
Injecting Code into Windows Protected Processes by Abusing COM Features
https://ift.tt/2QtVSdZ
Submitted December 01, 2018 at 02:05AM by tiraniddo
via reddit https://ift.tt/2FQlxtl
https://ift.tt/2QtVSdZ
Submitted December 01, 2018 at 02:05AM by tiraniddo
via reddit https://ift.tt/2FQlxtl
reddit
r/netsec - Injecting Code into Windows Protected Processes by Abusing COM Features
1 vote and 1 comment so far on Reddit
The /r/netsec Monthly Discussion Thread - December 2018
OverviewQuestions regarding netsec and discussion related directly to netsec are welcome here.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on /r/netsec.As always, the content & discussion guidelines should also be observed on /r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted December 01, 2018 at 10:06AM by AutoModerator
via reddit https://ift.tt/2PborZ2
OverviewQuestions regarding netsec and discussion related directly to netsec are welcome here.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on /r/netsec.As always, the content & discussion guidelines should also be observed on /r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted December 01, 2018 at 10:06AM by AutoModerator
via reddit https://ift.tt/2PborZ2
Reddit
Technical Information Security Content & Discussion
/r/netsec is a community-curated aggregator of technical information security content. Our mission is to extract signal from the noise — to provide value to security practitioners, students, researchers, and hackers everywhere.
Writeup: postMessage Vulnerability to Stealing User's Session Cookies
https://ift.tt/2KKRuSx
Submitted December 01, 2018 at 12:02PM by payloadartist
via reddit https://ift.tt/2BKPs25
https://ift.tt/2KKRuSx
Submitted December 01, 2018 at 12:02PM by payloadartist
via reddit https://ift.tt/2BKPs25
Medium
Exploiting post message to steal and replace user’s cookies
.