Detecting Use of SandboxEscaper's "MsiAdvertiseProduct" 0-day PoC
http://bit.ly/2CyTRoZ
Submitted December 26, 2018 at 05:19PM by pe3zx
via reddit http://bit.ly/2Sro3YV
http://bit.ly/2CyTRoZ
Submitted December 26, 2018 at 05:19PM by pe3zx
via reddit http://bit.ly/2Sro3YV
i-secure Co, Ltd.
Detecting Use of SandboxEscaper's "MsiAdvertiseProduct" 0-day PoC - Bangkok, Thailand | i-secure Co, Ltd.
Briefly Introduction to the Vulnerability On December 19, 2018, SandboxEscaper released details about another zero-day vulnerability in Microsoft Windows with PoC. This vulnerability, if successfully attack, can be used to bypass restricted DACL of files…
5 Industries Most at Risk of Data Breaches
http://bit.ly/2AcW9Zm
Submitted December 26, 2018 at 09:31PM by RyanTmthn
via reddit http://bit.ly/2LABy5L
http://bit.ly/2AcW9Zm
Submitted December 26, 2018 at 09:31PM by RyanTmthn
via reddit http://bit.ly/2LABy5L
Ekransystem
5 Industries Most at Risk of Data Breaches
Any company possessing sensitive data is under threat of being breached. Hackers can obtain any personal information, from names to heart rate data.
20000 routers LiveBox leaks Wifi credentials
http://bit.ly/2Rfz1mN
Submitted December 26, 2018 at 09:53PM by Dormidera
via reddit http://bit.ly/2GDTy0h
http://bit.ly/2Rfz1mN
Submitted December 26, 2018 at 09:53PM by Dormidera
via reddit http://bit.ly/2GDTy0h
1024Megas
20.000 routers Orange Livebox exponen SSID y contraseña WiFi
Tutoriales, guías, noticias... Entradas variadas sobre el mundo de la Ciberseguridad, hacking ético, RaspberryPi, IoT y el mundo TI en general.
radius-audit - A RADIUS authentication server audit tool for 802.1x
http://bit.ly/2SlWj7U
Submitted December 26, 2018 at 10:40PM by guedou
via reddit http://bit.ly/2rX9K2C
http://bit.ly/2SlWj7U
Submitted December 26, 2018 at 10:40PM by guedou
via reddit http://bit.ly/2rX9K2C
GitHub
ANSSI-FR/audit-radius
A RADIUS authentication server audit tool. Contribute to ANSSI-FR/audit-radius development by creating an account on GitHub.
Preliminary SQL Injection (Part 2)
http://bit.ly/2rTA1yF
Submitted December 27, 2018 at 12:18AM by ImVendetta
via reddit http://bit.ly/2AixnXJ
http://bit.ly/2rTA1yF
Submitted December 27, 2018 at 12:18AM by ImVendetta
via reddit http://bit.ly/2AixnXJ
reddit
r/netsec - Preliminary SQL Injection (Part 2)
1 vote and 0 comments so far on Reddit
Internet Explorer has a vulnerabilty and it's already being exploited!
http://bit.ly/2AhyB5N
Submitted December 27, 2018 at 04:26PM by jpjourno
via reddit http://bit.ly/2CAQ4HD
http://bit.ly/2AhyB5N
Submitted December 27, 2018 at 04:26PM by jpjourno
via reddit http://bit.ly/2CAQ4HD
Centre de Seguretat de la Informació de Catalunya
Arbitrary code execution in Internet Explorer
Guardzilla IoT Video Camera Hard-Coded Credentials (CVE-2018-5560)
http://bit.ly/2Q5Z3UL
Submitted December 27, 2018 at 07:58PM by INIT_6
via reddit http://bit.ly/2TbLRQd
http://bit.ly/2Q5Z3UL
Submitted December 27, 2018 at 07:58PM by INIT_6
via reddit http://bit.ly/2TbLRQd
reddit
r/netsec - Guardzilla IoT Video Camera Hard-Coded Credentials (CVE-2018-5560)
24 votes and 2 comments so far on Reddit
Using breach data for insight into simple incident prevention methods.
http://bit.ly/2VdrHXZ
Submitted December 27, 2018 at 07:52PM by ericalexander303
via reddit http://bit.ly/2CCabW8
http://bit.ly/2VdrHXZ
Submitted December 27, 2018 at 07:52PM by ericalexander303
via reddit http://bit.ly/2CCabW8
reddit
r/netsec - Using breach data for insight into simple incident prevention methods.
10 votes and 0 comments so far on Reddit
OSINT Resources for 2019
http://bit.ly/2AkymqF
Submitted December 28, 2018 at 07:52PM by smicallef
via reddit http://bit.ly/2SmxZmc
http://bit.ly/2AkymqF
Submitted December 28, 2018 at 07:52PM by smicallef
via reddit http://bit.ly/2SmxZmc
Medium
OSINT Resources for 2019
Let’s take a look at some essential OSINT resources plus recent developments in the areas of data, tooling, content and community.
More vulnerabilities in Guardzilla IoT Video Camera (CVE-2018-18600, CVE-2018-18601, CVE-2018-18602)
http://bit.ly/2VgJxJv
Submitted December 28, 2018 at 09:20PM by jaymzu
via reddit http://bit.ly/2Ro687W
http://bit.ly/2VgJxJv
Submitted December 28, 2018 at 09:20PM by jaymzu
via reddit http://bit.ly/2Ro687W
Bitdefender Labs
IoT Report: Major Flaws in Guardzilla Cameras Allow Remote Hijack...
Vulnerabilities in indoor security camera allows remote compromise and device takeover The commodification of IoT devices has paved the way to the smart home... #guardzilla #iot #vulnerability
First Sednit UEFI Rootkit Unveiled
http://bit.ly/2LBPxrS
Submitted December 29, 2018 at 01:22AM by maze-le
via reddit http://bit.ly/2ETr9BG
http://bit.ly/2LBPxrS
Submitted December 29, 2018 at 01:22AM by maze-le
via reddit http://bit.ly/2ETr9BG
media.ccc.de
First Sednit UEFI Rootkit Unveiled
UEFI rootkits have been researched and discussed heavily in the past few years, but sparse evidence has been presented of real campaigns ...
BYOB (Build Your Own Botnet) v0.5 Released with New Crypto Miner Module
http://bit.ly/2StkZLx
Submitted December 30, 2018 at 12:00AM by PoonSafari
via reddit http://bit.ly/2LDpfWh
http://bit.ly/2StkZLx
Submitted December 30, 2018 at 12:00AM by PoonSafari
via reddit http://bit.ly/2LDpfWh
GitHub
malwaredllc/byob
BYOB (Build Your Own Botnet). Contribute to malwaredllc/byob development by creating an account on GitHub.
Buffer Overflow Practical Examples , Hexadecimal values and Environment Variables !
http://bit.ly/2StGHzk
Submitted December 30, 2018 at 05:13AM by Ahm3d_H3sham
via reddit http://bit.ly/2VkXBBN
http://bit.ly/2StGHzk
Submitted December 30, 2018 at 05:13AM by Ahm3d_H3sham
via reddit http://bit.ly/2VkXBBN
0xRick Owned Root !
Buffer Overflow Practical Examples , Hexadecimal values and Environment Variables ! - Protostar Stack1 , Stack2
Introduction So last week I talked about bufferoverflows and solved Protostar Stack0. Today I’m gonna solve Stack1 and Stack2, they are not different from Stack0 in their objective which is changing a variable’s value , but they are different in the way of…
Attack disables infrastructure of shared production platform for various US newspapers including Los Angles Times
https://lat.ms/2QdwYeB
Submitted December 30, 2018 at 10:23AM by two0nine
via reddit http://bit.ly/2LEQwYq
https://lat.ms/2QdwYeB
Submitted December 30, 2018 at 10:23AM by two0nine
via reddit http://bit.ly/2LEQwYq
latimes.com
Suspected malware attack causes major Los Angeles Times newspaper delivery interruptions
A major computer breakdown prevented distribution of the Saturday edition of the Los Angeles Times to many subscribers.
CenturyLink 911 outage was caused by a single network card sending bad packets
http://bit.ly/2SsQZ2q
Submitted December 30, 2018 at 07:42PM by yesnoornext
via reddit http://bit.ly/2Q7vbrj
http://bit.ly/2SsQZ2q
Submitted December 30, 2018 at 07:42PM by yesnoornext
via reddit http://bit.ly/2Q7vbrj
threader.app
A thread written by @GossiTheDog
CenturyLink is 6 hours into a 15 location outage of its External Cloud Network https://t.co/LOzcEXx6gE
Malware may have thwarted printing of Tribune Publishing newspapers
https://nbcnews.to/2VeHCFs
Submitted December 30, 2018 at 07:42PM by hacktvist
via reddit http://bit.ly/2Vmu7U2
https://nbcnews.to/2VeHCFs
Submitted December 30, 2018 at 07:42PM by hacktvist
via reddit http://bit.ly/2Vmu7U2
NBC News
Malware may have thwarted printing of Tribune Publishing newspapers
"It’s likely that the issues will affect the process of printing and delivering the Sunday newspapers as well," the Los Angeles Times said in a statement.
Another 0Day for Windows published by @SandBoxEscaper (Overwriting Files with Arbitrary Data)
http://bit.ly/2EWJGfF
Submitted December 31, 2018 at 12:55PM by Dormidera
via reddit http://bit.ly/2VrBDgK
http://bit.ly/2EWJGfF
Submitted December 31, 2018 at 12:55PM by Dormidera
via reddit http://bit.ly/2VrBDgK
BleepingComputer
Windows Zero-Day Bug Allows Overwriting Files with Arbitrary Data
A security researcher has disclosed exploit code for a fourth zero-day vulnerability in Windows operating system in just as many months. The bug enables overwriting a target file with arbitrary data.
Fuzzing Like It’s 1989
http://bit.ly/2Ss9hAR
Submitted December 31, 2018 at 09:54PM by yossarian_flew_away
via reddit http://bit.ly/2s45UVn
http://bit.ly/2Ss9hAR
Submitted December 31, 2018 at 09:54PM by yossarian_flew_away
via reddit http://bit.ly/2s45UVn
Trail of Bits Blog
Fuzzing Like It’s 1989
With 2019 a day away, let’s reflect on the past to see how we can improve. Yes, let’s take a long look back 30 years and reflect on the original fuzzing paper, An Empirical Study of the Reliability…
A Review of my Bug Hunting Journey
http://bit.ly/2R0LxaC
Submitted December 31, 2018 at 10:04PM by kongwenbin
via reddit http://bit.ly/2GOoUkU
http://bit.ly/2R0LxaC
Submitted December 31, 2018 at 10:04PM by kongwenbin
via reddit http://bit.ly/2GOoUkU
My Learning Journey
A Review of my Bug Hunting Journey
A review of my bug hunting journey so far, from when I started, to the point where I made it into the Top 200 bug hunters on Bugcrowd after two years.
Code release: unCaptcha2 - Defeating Google's ReCaptcha with 91% accuracy (works on latest)
http://bit.ly/2SrlXrK
Submitted December 31, 2018 at 10:53PM by Correcthorse121
via reddit http://bit.ly/2AkVAwv
http://bit.ly/2SrlXrK
Submitted December 31, 2018 at 10:53PM by Correcthorse121
via reddit http://bit.ly/2AkVAwv
GitHub
ecthros/uncaptcha2
defeating the latest version of ReCaptcha with 91% accuracy - ecthros/uncaptcha2
The /r/netsec Monthly Discussion Thread - January 2019
OverviewQuestions regarding netsec and discussion related directly to netsec are welcome here.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on /r/netsec.As always, the content & discussion guidelines should also be observed on /r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted January 01, 2019 at 10:06AM by AutoModerator
via reddit http://bit.ly/2F0EecA
OverviewQuestions regarding netsec and discussion related directly to netsec are welcome here.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on /r/netsec.As always, the content & discussion guidelines should also be observed on /r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted January 01, 2019 at 10:06AM by AutoModerator
via reddit http://bit.ly/2F0EecA
Reddit
Technical Information Security Content & Discussion
/r/netsec is a community-curated aggregator of technical information security content. Our mission is to extract signal from the noise — to provide value to security practitioners, students, researchers, and hackers everywhere.