Source Code Disclosure in Facebook via Ads API
https://ift.tt/2TYZ1kU
Submitted November 30, 2018 at 07:55AM by payloadartist
via reddit https://ift.tt/2AyWN2O
https://ift.tt/2TYZ1kU
Submitted November 30, 2018 at 07:55AM by payloadartist
via reddit https://ift.tt/2AyWN2O
reddit
r/netsec - Source Code Disclosure in Facebook via Ads API
1 vote and 0 comments so far on Reddit
Metadata Endpoints of Various Cloud Services for Fuzzing for SSRF
https://ift.tt/2TYmXVq
Submitted November 30, 2018 at 07:52AM by payloadartist
via reddit https://ift.tt/2AyWNQm
https://ift.tt/2TYmXVq
Submitted November 30, 2018 at 07:52AM by payloadartist
via reddit https://ift.tt/2AyWNQm
Gist
Cloud Metadata Dictionary useful for SSRF Testing
Cloud Metadata Dictionary useful for SSRF Testing - cloud_metadata.txt
Passive-ish Reconnaissance using OSINT: Part I
https://ift.tt/2AydVFZ
Submitted November 30, 2018 at 07:40AM by payloadartist
via reddit https://ift.tt/2TX7MvR
https://ift.tt/2AydVFZ
Submitted November 30, 2018 at 07:40AM by payloadartist
via reddit https://ift.tt/2TX7MvR
Secjuice.com
Passive Reconnaissance Using OSINT
This article explores the basics of OSINT from a reconnaissance perspective, in which we map out the entire public facing infrastructure of a target.
Netflix Information Security: Preventing Credential Compromise in AWS
https://ift.tt/2raRPFf
Submitted November 30, 2018 at 10:57AM by digicat
via reddit https://ift.tt/2RkharD
https://ift.tt/2raRPFf
Submitted November 30, 2018 at 10:57AM by digicat
via reddit https://ift.tt/2RkharD
Medium
Netflix Information Security: Preventing Credential Compromise in AWS
by Will Bengtson
[TOOL] Scrooge McEtherface - Ethereum smart contract auto-looter
https://ift.tt/2rfWKV7
Submitted November 30, 2018 at 02:05PM by berndtzl
via reddit https://ift.tt/2rfWNAh
https://ift.tt/2rfWKV7
Submitted November 30, 2018 at 02:05PM by berndtzl
via reddit https://ift.tt/2rfWNAh
Medium
Automated Smart Contract Exploitation and Looting
In my previous article I showed that Mythril Classic can discover non-trivial vulnerabilities in Ethereum smart contracts and compute the…
UK NCSC discloses their equities process
https://ift.tt/2RnzQGY
Submitted November 30, 2018 at 03:20PM by handmadeby
via reddit https://ift.tt/2AycXcI
https://ift.tt/2RnzQGY
Submitted November 30, 2018 at 03:20PM by handmadeby
via reddit https://ift.tt/2AycXcI
www.ncsc.gov.uk
Equities process
Dr Ian Levy talks about the risks and benefits of disclosing vulnerabilities and explains how the GCHQ Equities Process works.
Modern web application bugs [video]
https://youtu.be/tqFqN8A7waQ
Submitted November 30, 2018 at 04:29PM by albinowax
via reddit https://ift.tt/2zAk6cI
https://youtu.be/tqFqN8A7waQ
Submitted November 30, 2018 at 04:29PM by albinowax
via reddit https://ift.tt/2zAk6cI
YouTube
Modern web application bugs - Erlend Oftedal
With the emerging popularity of bug bounty programs, lesser known and even brand new vulnerability classes are gaining popularity. This talk will give a walk...
fuzz.txt - potentially dangerous files for dirbusting
https://ift.tt/2Jbsi59
Submitted November 30, 2018 at 04:01PM by i_bo0om
via reddit https://ift.tt/2FOry9D
https://ift.tt/2Jbsi59
Submitted November 30, 2018 at 04:01PM by i_bo0om
via reddit https://ift.tt/2FOry9D
GitHub
Bo0oM/fuzz.txt
Potentially dangerous files. Contribute to Bo0oM/fuzz.txt development by creating an account on GitHub.
Marriott hack hits 500 million guests
https://ift.tt/2zvm7qI
Submitted November 30, 2018 at 06:12PM by Koko0404
via reddit https://ift.tt/2Pa8Sk8
https://ift.tt/2zvm7qI
Submitted November 30, 2018 at 06:12PM by Koko0404
via reddit https://ift.tt/2Pa8Sk8
BBC News
Marriott hack hits 500 million guests
The hotel chain says details of up to 500 million guests may have been accessed in a database breach.
Marriott discloses massive data breach affecting up to 500 million guests
https://ift.tt/2Sg1VA6
Submitted November 30, 2018 at 08:50PM by apol0
via reddit https://ift.tt/2FT172H
https://ift.tt/2Sg1VA6
Submitted November 30, 2018 at 08:50PM by apol0
via reddit https://ift.tt/2FT172H
reddit
r/AskNetsec - Marriott discloses massive data breach affecting up to 500 million guests
2 votes and 1 comment so far on Reddit
X-Post DCOMrade - Automating the enumeration of DCOM applications • r/netsecstudents
https://ift.tt/2zABk9V
Submitted November 30, 2018 at 03:50PM by b4waking
via reddit https://ift.tt/2FSfDYs
https://ift.tt/2zABk9V
Submitted November 30, 2018 at 03:50PM by b4waking
via reddit https://ift.tt/2FSfDYs
reddit
r/netsecstudents - DCOMrade - Automating the enumeration of DCOM applications
2 votes and 0 comments so far on Reddit
Threat modeling OpenID Connect, OAuth 2.0 for beginners
Part 1: https://medium.com/devopslinks/threat-modeling-openid-connect-oauth-2-0-for-beginners-using-owasp-threat-dragon-part-1-b9e396fd7af9Part 2: https://medium.com/devopslinks/threat-modeling-openid-connect-oauth-2-0-for-beginners-using-owasp-threat-dragon-part-2-4efb27c609ceBeginners friendly threat model using OWASP threat dragon.
Submitted November 29, 2018 at 02:48PM by tahmed11
via reddit https://ift.tt/2rgdP1r
Part 1: https://medium.com/devopslinks/threat-modeling-openid-connect-oauth-2-0-for-beginners-using-owasp-threat-dragon-part-1-b9e396fd7af9Part 2: https://medium.com/devopslinks/threat-modeling-openid-connect-oauth-2-0-for-beginners-using-owasp-threat-dragon-part-2-4efb27c609ceBeginners friendly threat model using OWASP threat dragon.
Submitted November 29, 2018 at 02:48PM by tahmed11
via reddit https://ift.tt/2rgdP1r
Medium
Threat modeling OpenID Connect, OAuth 2.0 for beginners using OWASP Threat Dragon [Part 1]
You are reading this post because you probably came across Oauth and OpenID Connect at some point in time and tried to make sense out of…
USN-3831-1: Ghostnoscript vulnerabilities
https://ift.tt/2Q2l4sJ
Submitted December 01, 2018 at 02:00AM by jdrch
via reddit https://ift.tt/2E4Lzaz
https://ift.tt/2Q2l4sJ
Submitted December 01, 2018 at 02:00AM by jdrch
via reddit https://ift.tt/2E4Lzaz
Ubuntu
USN-3831-1: Ghostnoscript vulnerabilities | Ubuntu security notices
It was discovered that Ghostnoscript contained multiple security issues. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code…
Injecting Code into Windows Protected Processes by Abusing COM Features
https://ift.tt/2QtVSdZ
Submitted December 01, 2018 at 02:05AM by tiraniddo
via reddit https://ift.tt/2FQlxtl
https://ift.tt/2QtVSdZ
Submitted December 01, 2018 at 02:05AM by tiraniddo
via reddit https://ift.tt/2FQlxtl
reddit
r/netsec - Injecting Code into Windows Protected Processes by Abusing COM Features
1 vote and 1 comment so far on Reddit
The /r/netsec Monthly Discussion Thread - December 2018
OverviewQuestions regarding netsec and discussion related directly to netsec are welcome here.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on /r/netsec.As always, the content & discussion guidelines should also be observed on /r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted December 01, 2018 at 10:06AM by AutoModerator
via reddit https://ift.tt/2PborZ2
OverviewQuestions regarding netsec and discussion related directly to netsec are welcome here.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on /r/netsec.As always, the content & discussion guidelines should also be observed on /r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted December 01, 2018 at 10:06AM by AutoModerator
via reddit https://ift.tt/2PborZ2
Reddit
Technical Information Security Content & Discussion
/r/netsec is a community-curated aggregator of technical information security content. Our mission is to extract signal from the noise — to provide value to security practitioners, students, researchers, and hackers everywhere.
Writeup: postMessage Vulnerability to Stealing User's Session Cookies
https://ift.tt/2KKRuSx
Submitted December 01, 2018 at 12:02PM by payloadartist
via reddit https://ift.tt/2BKPs25
https://ift.tt/2KKRuSx
Submitted December 01, 2018 at 12:02PM by payloadartist
via reddit https://ift.tt/2BKPs25
Medium
Exploiting post message to steal and replace user’s cookies
.
Top Hacking Simulator Games Every Aspiring Hacker Should Play
https://ift.tt/2Cyno2n
Submitted December 01, 2018 at 12:23PM by alexCyber
via reddit https://ift.tt/2U30WoE
https://ift.tt/2Cyno2n
Submitted December 01, 2018 at 12:23PM by alexCyber
via reddit https://ift.tt/2U30WoE
Hack Ware News
Top Hacking Simulator Games Every Aspiring Hacker Should Play - Hack Ware News
Top Hacking Simulator Games Every Aspiring Hacker Should Play, hacking games, hacking simulator game, hack simulator, hacking simulation games
Writeup: How I managed to get an @Google.com email address, bypassing their previous patch!
https://ift.tt/2RyfRVW
Submitted December 01, 2018 at 03:55PM by payloadartist
via reddit https://ift.tt/2Q9Es7f
https://ift.tt/2RyfRVW
Submitted December 01, 2018 at 03:55PM by payloadartist
via reddit https://ift.tt/2Q9Es7f
Development Security Downloads Education | Andmp
How I managed to get an @Google.com email address, bypassing their previous patch!
How I managed to get a Google organisation email, bypassing their previous patch! Ticket trick, and Issue Tracker Patch Bypass.
The 9 Lives of Bleichenbacher's CAT: New Cache ATtacks on TLS Implementations
https://ift.tt/2zCaZbL
Submitted December 01, 2018 at 06:24PM by digicat
via reddit https://ift.tt/2KP8l6U
https://ift.tt/2zCaZbL
Submitted December 01, 2018 at 06:24PM by digicat
via reddit https://ift.tt/2KP8l6U
Using google translator as a proxy to a reverse shell.
https://ift.tt/2Pg1BPM
Submitted December 02, 2018 at 05:39AM by mthbernardes
via reddit https://ift.tt/2zAwoSG
https://ift.tt/2Pg1BPM
Submitted December 02, 2018 at 05:39AM by mthbernardes
via reddit https://ift.tt/2zAwoSG
GitHub
mthbernardes/GTRS
GTRS - Google Translator Reverse Shell. Contribute to mthbernardes/GTRS development by creating an account on GitHub.
Burp Extension: Virtual Host Payload Generator
https://ift.tt/2QuUebY
Submitted December 02, 2018 at 11:31AM by payloadartist
via reddit https://ift.tt/2BJNs9Z
https://ift.tt/2QuUebY
Submitted December 02, 2018 at 11:31AM by payloadartist
via reddit https://ift.tt/2BJNs9Z
GitHub
righettod/virtualhost-payload-generator
BURP extension providing a set of values for the HTTP request "Host" header for the "BURP Intruder" in order to abuse virtual host resolution. - righettod/virtualhost-payload-ge...