Docker Container Escape PoC (CVE-2019-5736)
http://bit.ly/2N8CTBE
Submitted February 16, 2019 at 02:27AM by RedTerminalSession
via reddit http://bit.ly/2DGhStD
http://bit.ly/2N8CTBE
Submitted February 16, 2019 at 02:27AM by RedTerminalSession
via reddit http://bit.ly/2DGhStD
GitHub
Frichetten/CVE-2019-5736-PoC
PoC for CVE-2019-5736. Contribute to Frichetten/CVE-2019-5736-PoC development by creating an account on GitHub.
Medical Exploitation: You Are Now Diabetic
http://bit.ly/2GLKq88
Submitted February 16, 2019 at 02:48AM by faisalt
via reddit http://bit.ly/2tnh9IW
http://bit.ly/2GLKq88
Submitted February 16, 2019 at 02:48AM by faisalt
via reddit http://bit.ly/2tnh9IW
Depthsecurity
Medical Exploitation: You Are Now Diabetic
A few months ago, our CTO and hacker-in-chief, Jake Reynolds, bought a glucometer online along with all the necessary stuff to make it work. He thought it would make for an interesting project, as res
EngelKey - TOTP Hardware Token
http://bit.ly/2STurLM
Submitted February 16, 2019 at 06:17AM by Sid_Engel
via reddit http://bit.ly/2X5CBjy
http://bit.ly/2STurLM
Submitted February 16, 2019 at 06:17AM by Sid_Engel
via reddit http://bit.ly/2X5CBjy
reddit
r/2fa - EngelKey - TOTP Hardware Token
2 votes and 4 comments so far on Reddit
BitMitigate: A Rather Pleasant Alternative to Cloudflare
http://bit.ly/2N6jm4J
Submitted February 16, 2019 at 06:12AM by smartertechMS
via reddit http://bit.ly/2IcauM2
http://bit.ly/2N6jm4J
Submitted February 16, 2019 at 06:12AM by smartertechMS
via reddit http://bit.ly/2IcauM2
Epik Blog
Epik announces acquisition of BitMitigate.com
Epik.com is pleased to announce the completion of the acquisition of BitMitigate.com, a fast-growing innovator in the area of Content Delivery, Denial of Service protection, DNS resiliency and Virtual Private Networking.
Unveiling Amazon S3 bucket names
http://bit.ly/2DIPirv
Submitted February 16, 2019 at 05:51AM by localh0t
via reddit http://bit.ly/2IfJLOB
http://bit.ly/2DIPirv
Submitted February 16, 2019 at 05:51AM by localh0t
via reddit http://bit.ly/2IfJLOB
Medium
Unveiling Amazon S3 bucket names
Introduction
Hack The Box - Giddy Write-up by 0xRick
http://bit.ly/2SYo7Te
Submitted February 16, 2019 at 08:10PM by Ahm3d_H3sham
via reddit http://bit.ly/2N8HZ0E
http://bit.ly/2SYo7Te
Submitted February 16, 2019 at 08:10PM by Ahm3d_H3sham
via reddit http://bit.ly/2N8HZ0E
0xRick Owned Root !
Hack The Box - Giddy
Quick Summary Hey guys today Giddy retired and this is my write-up. Giddy was a nice windows box , This box had a nice sqli vulnerability which we will use to steal ntlm hashes and login , Then the privilege escalation was a Local Privilege Escalation vulnerability…
BlueHatIL 2019 Slides/Videos
http://bit.ly/2EdgEaG
Submitted February 16, 2019 at 08:07PM by campuscodi
via reddit http://bit.ly/2N7W1zw
http://bit.ly/2EdgEaG
Submitted February 16, 2019 at 08:07PM by campuscodi
via reddit http://bit.ly/2N7W1zw
reddit
r/netsec - BlueHatIL 2019 Slides/Videos
1 vote and 0 comments so far on Reddit
REST-ler: Automatic Intelligent REST API Fuzzing
http://bit.ly/2N8Wx0g
Submitted February 16, 2019 at 11:26PM by sudo-chmod-777
via reddit http://bit.ly/2GtRZkA
http://bit.ly/2N8Wx0g
Submitted February 16, 2019 at 11:26PM by sudo-chmod-777
via reddit http://bit.ly/2GtRZkA
Illegal streams, decrypting m3u8's, and building a better stream experience
http://bit.ly/2SXjw3N
Submitted February 17, 2019 at 07:32AM by JonLuca
via reddit http://bit.ly/2NhoWl3
http://bit.ly/2SXjw3N
Submitted February 17, 2019 at 07:32AM by JonLuca
via reddit http://bit.ly/2NhoWl3
JonLuca’s Blog
Illegal streams, decrypting m3u8’s, and building a better stream experience
Having not lived in the US for the majority of my life, I often needed to rely on illegal streams to watch America sports games. The experience on these streams is, to say the least, extremely poor. Most have some sort of crypto miner running in the background…
Latest Ursnif Trojan Campaign Highlights Need to Improve Anti-Phishing Defenses
http://bit.ly/2IwrOf9
Submitted February 17, 2019 at 11:51AM by kotmana456
via reddit http://bit.ly/2Gtpaol
http://bit.ly/2IwrOf9
Submitted February 17, 2019 at 11:51AM by kotmana456
via reddit http://bit.ly/2Gtpaol
SpamTitan
Latest Ursnif Trojan Campaign Highlights Need to Improve Anti-Phishing Defenses - SpamTitan
A new Ursnif Trojan campaign has been detected that uses a new variant of the malware which uses fileless techniques to avoid detection. In addition to the banking Trojan, GandCrab ransomware is also downloaded.
Tracking the trackers. Draw connections between noscripts and domains on website.
http://bit.ly/2GIMXA9
Submitted February 17, 2019 at 07:08PM by Mysterii8
via reddit http://bit.ly/2EdqklN
http://bit.ly/2GIMXA9
Submitted February 17, 2019 at 07:08PM by Mysterii8
via reddit http://bit.ly/2EdqklN
Medium
Tracking the trackers. Draw connections between noscripts and domains on website.
TL;DR
Build JA3 fingerprint mappings with Bro-Sysmon
https://sforce.co/2I82Imm
Submitted February 17, 2019 at 09:17PM by neslog
via reddit http://bit.ly/2BE132r
https://sforce.co/2I82Imm
Submitted February 17, 2019 at 09:17PM by neslog
via reddit http://bit.ly/2BE132r
Salesforce Engineering
How to Test Bro-Sysmon
How to stand up an environment to test Bro-Sysmon
Electrohunt Part 1: Hunting for the phishing campaigns on the Electrum network
http://bit.ly/2Ih2jhD
Submitted February 18, 2019 at 02:56AM by iphelix
via reddit http://bit.ly/2tpakqt
http://bit.ly/2Ih2jhD
Submitted February 18, 2019 at 02:56AM by iphelix
via reddit http://bit.ly/2tpakqt
The Coinbase Blog
Electrohunt Part 1: Hunting for the phishing campaigns on the Electrum network
Coinbase Blockchain Security Engineer, Peter Kacherginsky, tracks phishing campaigns on the Electrum network.
Blockchain Digital Identity Management | Empowering Individual Data Ownership
https://www.linkedin.com/feed/update/urn:li:activity:6502151319514636288
Submitted February 18, 2019 at 02:49PM by Anubhav-Singh
via reddit https://www.reddit.com/r/netsec/comments/arvfqg/blockchain_digital_identity_management_empowering/?utm_source=ifttt
https://www.linkedin.com/feed/update/urn:li:activity:6502151319514636288
Submitted February 18, 2019 at 02:49PM by Anubhav-Singh
via reddit https://www.reddit.com/r/netsec/comments/arvfqg/blockchain_digital_identity_management_empowering/?utm_source=ifttt
Linkedin
Blockchainoodles on LinkedIn: "Along with numerous other benefits, digital identity management with blockchain can enable us to…
February 15, 2019: Blockchainoodles posted an article on LinkedIn
CVE-2019-8372: Local Privilege Elevation in LG Device Manager. Tutorial on auditing kernel drivers and token stealing via arbitrary read/write primitives.
http://bit.ly/2SZbBD2
Submitted February 18, 2019 at 09:04PM by xVIoct
via reddit http://bit.ly/2Se3m1G
http://bit.ly/2SZbBD2
Submitted February 18, 2019 at 09:04PM by xVIoct
via reddit http://bit.ly/2Se3m1G
Phishing by Venezuelan government puts activists and internet users at risk, uses DNS injection
http://bit.ly/2GUdXwm
Submitted February 18, 2019 at 01:53AM by andresazp
via reddit http://bit.ly/2tsOBy0
http://bit.ly/2GUdXwm
Submitted February 18, 2019 at 01:53AM by andresazp
via reddit http://bit.ly/2tsOBy0
Vesinfiltro
Phishing by Venezuelan government puts activists at risk.
Report: voluntariosxvenezuela.com, a site to register humanitarian aid volunteers, has suffered a state-sponsored phishing campaign empowered by DNS injection.
Security vulnerabilities discovered in MiniUPnP
http://bit.ly/2BEZsta
Submitted February 18, 2019 at 09:25PM by ShinjuIoT
via reddit http://bit.ly/2V2PB7F
http://bit.ly/2BEZsta
Submitted February 18, 2019 at 09:25PM by ShinjuIoT
via reddit http://bit.ly/2V2PB7F
VDOO
Security Issues Discovered in MiniUPnP
VDOO research team found and responsibly disclosed vulnerabilities in MiniUPnP
Multiple attack vectors against GPS trackers - security and privacy issues
Interesting paper dealing with GPS trackers covering different attack scenariosabstract: Pierre Barre, Chaouki Kasmi, Eiman Al Shehhi (Submitted on 14 Feb 2019)Tracking expensive goods and/or targeted individuals with high-tech devices has been of high interest for the last 30 years. More recently, other use cases such as parents tracking their children have become popular. One primary functionality of these devices has been the collection of GPS coordinates of the location of the trackers, and to send these to remote servers through a cellular modem and a SIM card. Reviewing existing devices, it has been observed that beyond simple GPS trackers many devices intend to enclose additional features such as microphones, cameras, or Wi-Fi interfaces enabling advanced spying activities. In this study, we propose to describe the methodology applied to evaluate the security level of GPS trackers with different capabilities. Several security flaws have been discovered during our security assessment highlighting the need of a proper hardening of these devices when used in critical environments.
https://arxiv.org/abs/1902.05318
Submitted February 16, 2019 at 11:27PM by ernoego
via reddit http://bit.ly/2IktNCR
Interesting paper dealing with GPS trackers covering different attack scenariosabstract: Pierre Barre, Chaouki Kasmi, Eiman Al Shehhi (Submitted on 14 Feb 2019)Tracking expensive goods and/or targeted individuals with high-tech devices has been of high interest for the last 30 years. More recently, other use cases such as parents tracking their children have become popular. One primary functionality of these devices has been the collection of GPS coordinates of the location of the trackers, and to send these to remote servers through a cellular modem and a SIM card. Reviewing existing devices, it has been observed that beyond simple GPS trackers many devices intend to enclose additional features such as microphones, cameras, or Wi-Fi interfaces enabling advanced spying activities. In this study, we propose to describe the methodology applied to evaluate the security level of GPS trackers with different capabilities. Several security flaws have been discovered during our security assessment highlighting the need of a proper hardening of these devices when used in critical environments.
https://arxiv.org/abs/1902.05318
Submitted February 16, 2019 at 11:27PM by ernoego
via reddit http://bit.ly/2IktNCR
arXiv.org
Spy the little Spies - Security and Privacy issues of Smart GPS trackers
Tracking expensive goods and/or targeted individuals with high-tech devices has been of high interest for the last 30 years. More recently, other use cases such as parents tracking their children...
WireGuard for macOS
http://bit.ly/2X8lYDB
Submitted February 18, 2019 at 10:47PM by jackasstacular
via reddit http://bit.ly/2SSzr3t
http://bit.ly/2X8lYDB
Submitted February 18, 2019 at 10:47PM by jackasstacular
via reddit http://bit.ly/2SSzr3t
reddit
r/netsec - WireGuard for macOS
2 votes and 1 comment so far on Reddit
Azure AD Connect for Red Teamers
http://bit.ly/2Xa32Ex
Submitted February 18, 2019 at 11:33PM by 0xdea
via reddit http://bit.ly/2NbpQ2e
http://bit.ly/2Xa32Ex
Submitted February 18, 2019 at 11:33PM by 0xdea
via reddit http://bit.ly/2NbpQ2e
XPN InfoSec Blog
Azure AD Connect for Red Teamers
With clients increasingly relying on cloud services from Azure, one of the technologies that has been my radar for a while is Azure AD. For those who have not had the opportunity to work with this, the concept is simple, by extending authentication beyond…
ROP-ing on Aarch64
http://bit.ly/2NbyqOu
Submitted February 19, 2019 at 01:26AM by ret2got
via reddit http://bit.ly/2GU3y49
http://bit.ly/2NbyqOu
Submitted February 19, 2019 at 01:26AM by ret2got
via reddit http://bit.ly/2GU3y49
reddit
r/netsec - ROP-ing on Aarch64
4 votes and 0 comments so far on Reddit