Netsec – Telegram
Netsec
@RNetsec
7.48K subscribers
22.5K links
This channel posts the feed from r/netsec.
For any suggestions dm @streaak
Donate to keep the bot running https://www.paypal.me/akhilgv
Download Telegram
About
Blog
Apps
Platform
Join
Netsec
7.48K subscribers
Netsec
Free root access in PolicyKit for UIDs > INT_MAX
https://ift.tt/2PbTSCh

Submitted December 05, 2018 at 09:10AM by fridsun
via reddit https://ift.tt/2rlFxdi
GitHub
unprivileged users with UID > INT_MAX can successfully execute any systemctl command #11026
Unprivileged users with UID > INT_MAX can execute any systemctl command due pkttyagent aborting with an assertion at https://github.com/freedesktop/polkit/blob/8c1bc8a/src/programs/pkttyagent.c#L156. systemd version the issue has been se...
225 views
Netsec
Billion Laugh Attack in sites google com
https://ift.tt/2rnVNKs

Submitted December 05, 2018 at 08:02PM by asanso
via reddit https://ift.tt/2KWjbIe
Intothesymmetry
Billion Laugh Attack in https://sites.google.com
tl;dr https://sites.google.com suffered from a Billion Laugh Attack vulnerability that made the containerized environment to crash with a si...
210 views
Netsec
Red and blue team tooling for AD joined UNIX boxes
https://ift.tt/2UifXmn

Submitted December 05, 2018 at 08:51PM by timb_machine
via reddit https://ift.tt/2BSJOuE
GitHub
portcullislabs/linikatz
linikatz is a tool to attack AD on UNIX. Contribute to portcullislabs/linikatz development by creating an account on GitHub.
218 views
Netsec
Uberducky - turn your Ubertooth into a wireless USB Rubber Ducky triggered via BLE
https://ift.tt/2QdOpAh

Submitted December 05, 2018 at 10:08PM by mpeg4codec
via reddit https://ift.tt/2KWwXKW
blog.ice9.us
Uberducky - a wireless USB Rubber Ducky triggered via BLE
I'm excited to announce a new tool: Uberducky , a wireless USB Rubber Ducky that can be triggered via BLE. If you have an Ubertooth One I ...
241 views
Netsec
GitHub Desktop RCE (OSX)
https://ift.tt/2AR93Mc

Submitted December 06, 2018 at 12:23AM by sxcurity
via reddit https://ift.tt/2UlB6Mu
pwning.re
GitHub Desktop RCE (OSX) - André Baptista
André Baptista - Reverse engineer, exploitation researcher and bug bounty hunter.
222 views
Netsec
Snoop on 3G and 5G using usrp B210
https://ift.tt/2APRpIG

Submitted December 06, 2018 at 01:13AM by redbit2020
via reddit https://ift.tt/2rm3lNX
reddit
r/RTLSDR - Snoop on 3G and 5G using usrp B210
27 votes and 3 comments so far on Reddit
326 views
Netsec
PoC For Recent Adobe Flash ZeroDay (CVE-2018-15982) | @smgoreli
https://ift.tt/2UhysaF

Submitted December 06, 2018 at 05:49AM by Hemlck
via reddit https://ift.tt/2PoqdG6
GitHub
smgorelik/Windows-RCE-exploits
The exploit samples database is a repository for **RCE** (remote code execution) exploits and Proof-of-Concepts for **WINDOWS**, the samples are uploaded for education purposes for red and blue tea...
241 views
Netsec
PrestaShop Back Office Remote Code Execution (CVE-2018-19126)
https://ift.tt/2zK83tI

Submitted December 06, 2018 at 09:32PM by fariskhi
via reddit https://ift.tt/2L4dPuA
GitHub
farisv/PrestaShop-CVE-2018-19126
PrestaShop (1.6.x <= 1.6.1.23 or 1.7.x <= 1.7.4.4.) Back Office Remote Code Execution (CVE-2018-19126) - farisv/PrestaShop-CVE-2018-19126
205 views
Netsec
Pwning JBoss Seam 2 like a boss
https://ift.tt/2Uldt6Z

Submitted December 06, 2018 at 09:11PM by bsilvascores
via reddit https://ift.tt/2PkpdTy
Medium
Pwning JBoss Seam 2 like a boss
I haven’t been writing for a long time, so I finally decided to write about a cool (old) story with JBoss.
213 views
Netsec
HTTPS in the real world
https://ift.tt/2zSpZlZ

Submitted December 06, 2018 at 08:48PM by businesstrout
via reddit https://ift.tt/2rn6tsP
Robert Heaton
HTTPS in the real world | Robert Heaton
In cryptography, trust is mathematically provable. Everything else is just faith.
197 views
Netsec
Implementation of the OWASP Mobile TOP 10 methodology for testing Android applications
https://ift.tt/2REiB4j

Submitted December 06, 2018 at 10:56PM by _vavkamil_
via reddit https://ift.tt/2QgsLM0
hub.hacken.io
Implementation of the OWASP Mobile TOP 10 methodology for testing Android applications
Mobile devices are subject to numerous security discussions. We at Hacken decided to address the OWASP Mobile TOP 10 methodology in order to demonstrate the process of conducting vulnerability analysis for mobile applications.
198 views
Netsec
Automating Data Flow Diagram Management with Terraform
https://ift.tt/2zOumyb

Submitted December 07, 2018 at 12:15AM by hammertime00
via reddit https://ift.tt/2zKhF7w
The View from Marqeta
Threat Models at the Speed of DevOps
Automating Data Flow Diagram Management with Terraform
207 views
Netsec
XSS to XXE in PrinceXML v10 and below
https://ift.tt/2zKzyDs

Submitted December 07, 2018 at 01:28AM by sxcurity
via reddit https://ift.tt/2SsDEXw
www.corben.io
XSS to XXE in Prince v10 and below (CVE-2018-19858)
Introduction:
This is a vulnerability I found while participating in a bug-bounty program earlier this year. It affects Prince, a software that converts “HTML, XHTML, or one of the many XML-based document formats” to PDF.
201 views
Netsec
Kubernetes PoC exploit for CVE-2018-1002105.
I created a Proof-of-Concept exploit for the Kubernetes bug that was published recently. You can find it here: https://github.com/evict/poc_CVE-2018-1002105.It requires the exec permission on at least one pod. The payload dumps the contents of the etcd pod.

Submitted December 06, 2018 at 08:21PM by _evict
via reddit https://ift.tt/2EheTuj
GitHub
GitHub - evict/poc_CVE-2018-1002105: PoC for CVE-2018-1002105.
PoC for CVE-2018-1002105. Contribute to evict/poc_CVE-2018-1002105 development by creating an account on GitHub.
207 views
Netsec
France might be losing its first big information war
https://ift.tt/2L15Nm9

Submitted December 07, 2018 at 04:44AM by liotier
via reddit https://ift.tt/2Pl9ROE
Just another infosec blog type of thing
France might be losing its first big information war
Foreign propagandists are getting a strong foothold in France, and the traditional media can’t fight it
215 views
Netsec
aclpwn.py: Active Directory ACL exploitation with BloodHound
https://ift.tt/2RCQvXl

Submitted December 07, 2018 at 02:07PM by digicat
via reddit https://ift.tt/2RHBhjx
GitHub
fox-it/aclpwn.py
Active Directory ACL exploitation with BloodHound. Contribute to fox-it/aclpwn.py development by creating an account on GitHub.
218 views
Netsec
Facebook engineers discovered technique of adding read call log/SMS permissions during an app update without notifying the user. Was used in a production release (x-post /r/programming)
https://ift.tt/2Qlnti7

Submitted December 07, 2018 at 04:07PM by nakilon
via reddit https://ift.tt/2PtEQbu
reddit
r/netsec - Facebook engineers discovered technique of adding read call log/SMS permissions during an app update without notifying…
3 votes and 1 comment so far on Reddit
205 views
Netsec
PHP Malware Examination Part 2
https://ift.tt/2BWHTFq

Submitted December 07, 2018 at 03:16PM by phpsystems
via reddit https://ift.tt/2B0JiJc
blog.manchestergreyhats.co.uk
PHP Malware Examination Part 2
216 views
Netsec
Remote code execution with EL injection
https://ift.tt/2G4EPey

Submitted December 07, 2018 at 04:59PM by geekadi
via reddit https://ift.tt/2L2O0Lg
Betterhacker
RCE in Hubspot with EL injection in HubL
This is the story of how I was able to get remote code execution on Hubspot 's servers by exploiting a vulnerability in  HubL expression la...
226 views
Netsec
AndroidProjectCreator release (version 1.0-stable)
https://ift.tt/2Qk2c8q

Submitted December 07, 2018 at 06:44PM by ThisIsLibra
via reddit https://ift.tt/2PnHwal
223 views
Netsec
How to steal Ethers: scanning for vulnerable smart contracts
https://ift.tt/2G2vELq

Submitted December 07, 2018 at 09:03PM by palkeo
via reddit https://ift.tt/2BXV9JX
reddit
r/netsec - How to steal Ethers: scanning for vulnerable smart contracts
2 votes and 0 comments so far on Reddit
238 views