Modern web application bugs [video]
https://youtu.be/tqFqN8A7waQ
Submitted November 30, 2018 at 04:29PM by albinowax
via reddit https://ift.tt/2zAk6cI
https://youtu.be/tqFqN8A7waQ
Submitted November 30, 2018 at 04:29PM by albinowax
via reddit https://ift.tt/2zAk6cI
YouTube
Modern web application bugs - Erlend Oftedal
With the emerging popularity of bug bounty programs, lesser known and even brand new vulnerability classes are gaining popularity. This talk will give a walk...
fuzz.txt - potentially dangerous files for dirbusting
https://ift.tt/2Jbsi59
Submitted November 30, 2018 at 04:01PM by i_bo0om
via reddit https://ift.tt/2FOry9D
https://ift.tt/2Jbsi59
Submitted November 30, 2018 at 04:01PM by i_bo0om
via reddit https://ift.tt/2FOry9D
GitHub
Bo0oM/fuzz.txt
Potentially dangerous files. Contribute to Bo0oM/fuzz.txt development by creating an account on GitHub.
Marriott hack hits 500 million guests
https://ift.tt/2zvm7qI
Submitted November 30, 2018 at 06:12PM by Koko0404
via reddit https://ift.tt/2Pa8Sk8
https://ift.tt/2zvm7qI
Submitted November 30, 2018 at 06:12PM by Koko0404
via reddit https://ift.tt/2Pa8Sk8
BBC News
Marriott hack hits 500 million guests
The hotel chain says details of up to 500 million guests may have been accessed in a database breach.
Marriott discloses massive data breach affecting up to 500 million guests
https://ift.tt/2Sg1VA6
Submitted November 30, 2018 at 08:50PM by apol0
via reddit https://ift.tt/2FT172H
https://ift.tt/2Sg1VA6
Submitted November 30, 2018 at 08:50PM by apol0
via reddit https://ift.tt/2FT172H
reddit
r/AskNetsec - Marriott discloses massive data breach affecting up to 500 million guests
2 votes and 1 comment so far on Reddit
X-Post DCOMrade - Automating the enumeration of DCOM applications • r/netsecstudents
https://ift.tt/2zABk9V
Submitted November 30, 2018 at 03:50PM by b4waking
via reddit https://ift.tt/2FSfDYs
https://ift.tt/2zABk9V
Submitted November 30, 2018 at 03:50PM by b4waking
via reddit https://ift.tt/2FSfDYs
reddit
r/netsecstudents - DCOMrade - Automating the enumeration of DCOM applications
2 votes and 0 comments so far on Reddit
Threat modeling OpenID Connect, OAuth 2.0 for beginners
Part 1: https://medium.com/devopslinks/threat-modeling-openid-connect-oauth-2-0-for-beginners-using-owasp-threat-dragon-part-1-b9e396fd7af9Part 2: https://medium.com/devopslinks/threat-modeling-openid-connect-oauth-2-0-for-beginners-using-owasp-threat-dragon-part-2-4efb27c609ceBeginners friendly threat model using OWASP threat dragon.
Submitted November 29, 2018 at 02:48PM by tahmed11
via reddit https://ift.tt/2rgdP1r
Part 1: https://medium.com/devopslinks/threat-modeling-openid-connect-oauth-2-0-for-beginners-using-owasp-threat-dragon-part-1-b9e396fd7af9Part 2: https://medium.com/devopslinks/threat-modeling-openid-connect-oauth-2-0-for-beginners-using-owasp-threat-dragon-part-2-4efb27c609ceBeginners friendly threat model using OWASP threat dragon.
Submitted November 29, 2018 at 02:48PM by tahmed11
via reddit https://ift.tt/2rgdP1r
Medium
Threat modeling OpenID Connect, OAuth 2.0 for beginners using OWASP Threat Dragon [Part 1]
You are reading this post because you probably came across Oauth and OpenID Connect at some point in time and tried to make sense out of…
USN-3831-1: Ghostnoscript vulnerabilities
https://ift.tt/2Q2l4sJ
Submitted December 01, 2018 at 02:00AM by jdrch
via reddit https://ift.tt/2E4Lzaz
https://ift.tt/2Q2l4sJ
Submitted December 01, 2018 at 02:00AM by jdrch
via reddit https://ift.tt/2E4Lzaz
Ubuntu
USN-3831-1: Ghostnoscript vulnerabilities | Ubuntu security notices
It was discovered that Ghostnoscript contained multiple security issues. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code…
Injecting Code into Windows Protected Processes by Abusing COM Features
https://ift.tt/2QtVSdZ
Submitted December 01, 2018 at 02:05AM by tiraniddo
via reddit https://ift.tt/2FQlxtl
https://ift.tt/2QtVSdZ
Submitted December 01, 2018 at 02:05AM by tiraniddo
via reddit https://ift.tt/2FQlxtl
reddit
r/netsec - Injecting Code into Windows Protected Processes by Abusing COM Features
1 vote and 1 comment so far on Reddit
The /r/netsec Monthly Discussion Thread - December 2018
OverviewQuestions regarding netsec and discussion related directly to netsec are welcome here.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on /r/netsec.As always, the content & discussion guidelines should also be observed on /r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted December 01, 2018 at 10:06AM by AutoModerator
via reddit https://ift.tt/2PborZ2
OverviewQuestions regarding netsec and discussion related directly to netsec are welcome here.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on /r/netsec.As always, the content & discussion guidelines should also be observed on /r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted December 01, 2018 at 10:06AM by AutoModerator
via reddit https://ift.tt/2PborZ2
Reddit
Technical Information Security Content & Discussion
/r/netsec is a community-curated aggregator of technical information security content. Our mission is to extract signal from the noise — to provide value to security practitioners, students, researchers, and hackers everywhere.
Writeup: postMessage Vulnerability to Stealing User's Session Cookies
https://ift.tt/2KKRuSx
Submitted December 01, 2018 at 12:02PM by payloadartist
via reddit https://ift.tt/2BKPs25
https://ift.tt/2KKRuSx
Submitted December 01, 2018 at 12:02PM by payloadartist
via reddit https://ift.tt/2BKPs25
Medium
Exploiting post message to steal and replace user’s cookies
.
Top Hacking Simulator Games Every Aspiring Hacker Should Play
https://ift.tt/2Cyno2n
Submitted December 01, 2018 at 12:23PM by alexCyber
via reddit https://ift.tt/2U30WoE
https://ift.tt/2Cyno2n
Submitted December 01, 2018 at 12:23PM by alexCyber
via reddit https://ift.tt/2U30WoE
Hack Ware News
Top Hacking Simulator Games Every Aspiring Hacker Should Play - Hack Ware News
Top Hacking Simulator Games Every Aspiring Hacker Should Play, hacking games, hacking simulator game, hack simulator, hacking simulation games
Writeup: How I managed to get an @Google.com email address, bypassing their previous patch!
https://ift.tt/2RyfRVW
Submitted December 01, 2018 at 03:55PM by payloadartist
via reddit https://ift.tt/2Q9Es7f
https://ift.tt/2RyfRVW
Submitted December 01, 2018 at 03:55PM by payloadartist
via reddit https://ift.tt/2Q9Es7f
Development Security Downloads Education | Andmp
How I managed to get an @Google.com email address, bypassing their previous patch!
How I managed to get a Google organisation email, bypassing their previous patch! Ticket trick, and Issue Tracker Patch Bypass.
The 9 Lives of Bleichenbacher's CAT: New Cache ATtacks on TLS Implementations
https://ift.tt/2zCaZbL
Submitted December 01, 2018 at 06:24PM by digicat
via reddit https://ift.tt/2KP8l6U
https://ift.tt/2zCaZbL
Submitted December 01, 2018 at 06:24PM by digicat
via reddit https://ift.tt/2KP8l6U
Using google translator as a proxy to a reverse shell.
https://ift.tt/2Pg1BPM
Submitted December 02, 2018 at 05:39AM by mthbernardes
via reddit https://ift.tt/2zAwoSG
https://ift.tt/2Pg1BPM
Submitted December 02, 2018 at 05:39AM by mthbernardes
via reddit https://ift.tt/2zAwoSG
GitHub
mthbernardes/GTRS
GTRS - Google Translator Reverse Shell. Contribute to mthbernardes/GTRS development by creating an account on GitHub.
Burp Extension: Virtual Host Payload Generator
https://ift.tt/2QuUebY
Submitted December 02, 2018 at 11:31AM by payloadartist
via reddit https://ift.tt/2BJNs9Z
https://ift.tt/2QuUebY
Submitted December 02, 2018 at 11:31AM by payloadartist
via reddit https://ift.tt/2BJNs9Z
GitHub
righettod/virtualhost-payload-generator
BURP extension providing a set of values for the HTTP request "Host" header for the "BURP Intruder" in order to abuse virtual host resolution. - righettod/virtualhost-payload-ge...
Extending Fuzzing with Burp by Fast
https://ift.tt/2EbaTf9
Submitted December 02, 2018 at 01:22PM by payloadartist
via reddit https://ift.tt/2zFb2mS
https://ift.tt/2EbaTf9
Submitted December 02, 2018 at 01:22PM by payloadartist
via reddit https://ift.tt/2zFb2mS
Wallarm
Extending fuzzing with Burp by FAST
I love Burp Suite, like really. It’s the most convenient tool to visualize what’s happening with apps, how requests look like and to test…
$9400 bounty for XS-Searching Google’s bug tracker to find vulnerable source code
https://ift.tt/2ORtGwL
Submitted December 02, 2018 at 09:24PM by s14ve
via reddit https://ift.tt/2PgvwaG
https://ift.tt/2ORtGwL
Submitted December 02, 2018 at 09:24PM by s14ve
via reddit https://ift.tt/2PgvwaG
Medium
XS-Searching Google’s bug tracker to find out vulnerable source code
Or how side-channel timing attacks aren’t that impractical
The PewDiePie printer hack
https://ift.tt/2FUrPrE
Submitted December 02, 2018 at 08:45PM by yesnoornext
via reddit https://ift.tt/2AG4C6Q
https://ift.tt/2FUrPrE
Submitted December 02, 2018 at 08:45PM by yesnoornext
via reddit https://ift.tt/2AG4C6Q
threader.app
A thread written by @HackerGiraffe
Here is how the entire #pewdiepie printer hack went down:
1. I was bored after playing Destiny 2 for a continous 4 hours, and decided I wanted to hack something. So I thought of any vulnerable protocols I could find on shodan
(1/)
1. I was bored after playing Destiny 2 for a continous 4 hours, and decided I wanted to hack something. So I thought of any vulnerable protocols I could find on shodan
(1/)
IDN Homograph Attack on Facebook Messenger and Whatsapp
https://ift.tt/2P4VZIi
Submitted December 03, 2018 at 08:03AM by payloadartist
via reddit https://ift.tt/2zDmyiA
https://ift.tt/2P4VZIi
Submitted December 03, 2018 at 08:03AM by payloadartist
via reddit https://ift.tt/2zDmyiA
Medium
Homograph attack on Facebook Messenger and WhatsApp
Hello,
Top Five Ways The Red Team breached the External Perimeter
https://ift.tt/2pBRVoT
Submitted December 03, 2018 at 07:54AM by payloadartist
via reddit https://ift.tt/2rjm2lv
https://ift.tt/2pBRVoT
Submitted December 03, 2018 at 07:54AM by payloadartist
via reddit https://ift.tt/2rjm2lv
Medium
Top Five Ways the Red Team breached the External Perimeter
I have been performing “red team” breach assessments for many years. Often the goal is penetrating an external network, and gaining access…
Intro to NFC Payment Relay Attacks
https://ift.tt/2Rr9x2z
Submitted December 03, 2018 at 01:22PM by digicat
via reddit https://ift.tt/2FSAMld
https://ift.tt/2Rr9x2z
Submitted December 03, 2018 at 01:22PM by digicat
via reddit https://ift.tt/2FSAMld
Salvador Mendoza
Intro to NFC Payment Relay Attacks
DisclaimerThis is a simple intro to relay attacks using NFC payment data. I will add different types of relays during next year.IntroA NFC payment relay is an attack that could be described as extr…