Recently Patched Drupal RCE Flaw Discovered Actively Exploited in the Wild
https://ift.tt/2Vp6Akz
Submitted February 27, 2019 at 02:59PM by ashique789
via reddit https://ift.tt/2ViW6mM
https://ift.tt/2Vp6Akz
Submitted February 27, 2019 at 02:59PM by ashique789
via reddit https://ift.tt/2ViW6mM
SecureReading
Recently Patched Drupal RCE Flaw Discovered Actively Exploited in the Wild | SecureReading
Threat actors have already started exploiting recently patched Drupal RCE flaw (CVE-2019-6340) to deliver cryptocurrency miners
SHAREit Multiple Vulnerabilities Enable Unrestricted Access to Adjacent Devices’ Files
https://ift.tt/2H7QBDJ
Submitted February 27, 2019 at 06:27PM by Titokhan
via reddit https://ift.tt/2Nv71r2
https://ift.tt/2H7QBDJ
Submitted February 27, 2019 at 06:27PM by Titokhan
via reddit https://ift.tt/2Nv71r2
Redforce
SHAREit Multiple Vulnerabilities Enable Unrestricted Access to Adjacent Devices’ Files
Two recently discovered vulnerabilities affecting SHAREit Android application
Recently Patched Drupal RCE Flaw Discovered Actively Exploited in the Wild
https://ift.tt/2Vp6Akz
Submitted February 27, 2019 at 07:23PM by ashique789
via reddit https://ift.tt/2EB2ws2
https://ift.tt/2Vp6Akz
Submitted February 27, 2019 at 07:23PM by ashique789
via reddit https://ift.tt/2EB2ws2
SecureReading
Recently Patched Drupal RCE Flaw Discovered Actively Exploited in the Wild | SecureReading
Threat actors have already started exploiting recently patched Drupal RCE flaw (CVE-2019-6340) to deliver cryptocurrency miners
CVE-2019-6977: imagecolormatch() OOB Heap Write Exploit
https://ift.tt/2TidyKP
Submitted February 27, 2019 at 07:18PM by cfambionics
via reddit https://ift.tt/2TePokF
https://ift.tt/2TidyKP
Submitted February 27, 2019 at 07:18PM by cfambionics
via reddit https://ift.tt/2TePokF
GitHub
cfreal/exploits
Some of my exploits. Contribute to cfreal/exploits development by creating an account on GitHub.
Leaking company secrets through your testing infrastructure
https://ift.tt/2BX4yAY
Submitted February 27, 2019 at 09:25PM by JonLuca
via reddit https://ift.tt/2tEQiIu
https://ift.tt/2BX4yAY
Submitted February 27, 2019 at 09:25PM by JonLuca
via reddit https://ift.tt/2tEQiIu
JonLuca’s Blog
Experiments, growth engineering, and exposing company secrets through your API: Part 1
JonLuca’s Blog - A blog about tech, programming, and information
Top 10 web hacking techniques of 2018: The Final Verdict
https://portswigger.net/blog/top-10-web-hacking-techniques-of-2018
Submitted February 27, 2019 at 09:20PM by Fugitif
via reddit https://ift.tt/2H5aBH9
https://portswigger.net/blog/top-10-web-hacking-techniques-of-2018
Submitted February 27, 2019 at 09:20PM by Fugitif
via reddit https://ift.tt/2H5aBH9
PortSwigger Research
Top 10 web hacking techniques of 2018
The results are in! After an impressive 59 nominations followed by a community vote to pick 15 finalists, a panel consisting of myself and noted researchers Nicolas Grégoire, Soroush Dalili and Filede
A Minimal Drupal Honeypot
https://ift.tt/2UbANnd
Submitted February 28, 2019 at 10:16AM by d1str0
via reddit https://ift.tt/2Ny3gB7
https://ift.tt/2UbANnd
Submitted February 28, 2019 at 10:16AM by d1str0
via reddit https://ift.tt/2Ny3gB7
GitHub
d1str0/Drupot
Drupal Honeypot. Contribute to d1str0/Drupot development by creating an account on GitHub.
Some issues with google data security
https://www.dashdevs.com/blog/how-google-сan-help-you-to-steal-somebodies-personal-data/
Submitted February 28, 2019 at 12:01PM by dashdevs
via reddit https://ift.tt/2SxzblY
https://www.dashdevs.com/blog/how-google-сan-help-you-to-steal-somebodies-personal-data/
Submitted February 28, 2019 at 12:01PM by dashdevs
via reddit https://ift.tt/2SxzblY
How Google Can Help You to Steal Somebody's Personal Data
A real-life story from our experience of configuring the G-Suit for the company and how it ended in us unintentionally stealing personal data.
Emotet dropper analysis including server sided PHP code
https://ift.tt/2Tr3nng
Submitted February 28, 2019 at 04:52PM by ThisIsLibra
via reddit https://ift.tt/2tJzMHg
https://ift.tt/2Tr3nng
Submitted February 28, 2019 at 04:52PM by ThisIsLibra
via reddit https://ift.tt/2tJzMHg
reddit
r/netsec - Emotet dropper analysis including server sided PHP code
0 votes and 0 comments so far on Reddit
Siemens PLC JTAG Pinout Reverse Engineering (Reverse Engineering Architecture and Pinout of Custom ASICS)
https://ift.tt/2Had0Aj
Submitted February 28, 2019 at 08:09PM by dionas
via reddit https://ift.tt/2H7AQN8
https://ift.tt/2Had0Aj
Submitted February 28, 2019 at 08:09PM by dionas
via reddit https://ift.tt/2H7AQN8
SEC Consult
Reverse Engineering Architecture and Pinout of Custom ASICs - SEC Consult
Learn about the process of initial reverse engineering the pinout of unknown ASICs by using moderate methods. The two described ICs are good examples out of many industry-solutions and have been chosen to demonstrate how design decisions from vendors are…
Top 5 leading bug bounty platforms by now
https://ift.tt/2EiiVAl
Submitted February 28, 2019 at 08:22PM by KeyDutch
via reddit https://ift.tt/2TpGZdW
https://ift.tt/2EiiVAl
Submitted February 28, 2019 at 08:22PM by KeyDutch
via reddit https://ift.tt/2TpGZdW
Htbridge
Five of the Top Bug Bounty Platforms
Bug bounties are a form of results-based outsourced code checking. It is a cost-efficient and effective method of crowdsourcing a company’s code analysis, while paying only for results.
Thinking outside of the password manager box
https://ift.tt/2Eo7ZkL
Submitted March 01, 2019 at 12:48AM by zulln
via reddit https://ift.tt/2Tl0nc7
https://ift.tt/2Eo7ZkL
Submitted March 01, 2019 at 12:48AM by zulln
via reddit https://ift.tt/2Tl0nc7
Detectify Labs
Thinking outside of the password manager box
AltFS provides a virtual file system, over non-file artifacts, to demonstrate hidden storage techniques.
https://ift.tt/2SyoArc
Submitted March 01, 2019 at 03:16AM by ikotler
via reddit https://ift.tt/2IHcsUR
https://ift.tt/2SyoArc
Submitted March 01, 2019 at 03:16AM by ikotler
via reddit https://ift.tt/2IHcsUR
GitHub
SafeBreach-Labs/AltFS
The Alternative Fileless File System. Contribute to SafeBreach-Labs/AltFS development by creating an account on GitHub.
Detecting PowerShell Empire using the tools from the Sysinternals suite.
https://ift.tt/2SwCg5T
Submitted March 01, 2019 at 03:15AM by digicat
via reddit https://ift.tt/2EE8Lva
https://ift.tt/2SwCg5T
Submitted March 01, 2019 at 03:15AM by digicat
via reddit https://ift.tt/2EE8Lva
reddit
r/netsec - Detecting PowerShell Empire using the tools from the Sysinternals suite.
0 votes and 0 comments so far on Reddit
Wireshark 3.0.0 Released!
https://ift.tt/2VmUecI
Submitted March 01, 2019 at 02:41AM by CaptMeelo
via reddit https://ift.tt/2EE0048
https://ift.tt/2VmUecI
Submitted March 01, 2019 at 02:41AM by CaptMeelo
via reddit https://ift.tt/2EE0048
reddit
r/netsec - Wireshark 3.0.0 Released!
0 votes and 13 comments so far on Reddit
Broken cryptographic trust model for provider distribution
https://ift.tt/2IHwyhP
Submitted March 01, 2019 at 10:47AM by _conn
via reddit https://ift.tt/2TqN61G
https://ift.tt/2IHwyhP
Submitted March 01, 2019 at 10:47AM by _conn
via reddit https://ift.tt/2TqN61G
reddit
r/Terraform - Broken cryptographic trust model for provider distribution
0 votes and 1 comment so far on Reddit
The /r/netsec Monthly Discussion Thread - March 2019
OverviewQuestions regarding netsec and discussion related directly to netsec are welcome here.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on /r/netsec.As always, the content & discussion guidelines should also be observed on /r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted March 01, 2019 at 10:06AM by AutoModerator
via reddit https://ift.tt/2Nzf4D6
OverviewQuestions regarding netsec and discussion related directly to netsec are welcome here.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on /r/netsec.As always, the content & discussion guidelines should also be observed on /r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted March 01, 2019 at 10:06AM by AutoModerator
via reddit https://ift.tt/2Nzf4D6
Reddit
Technical Information Security Content & Discussion
/r/netsec is a community-curated aggregator of technical information security content. Our mission is to extract signal from the noise — to provide value to security practitioners, students, researchers, and hackers everywhere.
Horizontal Privilege Escalation in Quora leading to User Account Compromise
https://ift.tt/2Xx8Fgc
Submitted March 01, 2019 at 12:01PM by payloadartist
via reddit https://ift.tt/2SvzaPv
https://ift.tt/2Xx8Fgc
Submitted March 01, 2019 at 12:01PM by payloadartist
via reddit https://ift.tt/2SvzaPv
SpyClub
Horizontal Privilege Escalation on Quora which can compromise all users on Quora
Hey, I am SpyD3r(@TarunkantG) and in this blog, I will be discussing the bug I have found in Quora which can compromise all users on Quora due to Horizontal Privilege Escalation. I worked more than
Abusing Docker API: Sockets
https://ift.tt/2SyOTgI
Submitted March 01, 2019 at 11:57AM by payloadartist
via reddit https://ift.tt/2XtVbSx
https://ift.tt/2SyOTgI
Submitted March 01, 2019 at 11:57AM by payloadartist
via reddit https://ift.tt/2XtVbSx
Attackresearch
Abusing Docker API | Socket
Notes on abusing open Docker sockets This wont cover breaking out of docker containers Ports: usually 2375 & 2376 but can be anything ...
Decrypting credentials.xml in Jenkins
https://ift.tt/2El3cAx
Submitted March 01, 2019 at 11:56AM by payloadartist
via reddit https://ift.tt/2SvzdLb
https://ift.tt/2El3cAx
Submitted March 01, 2019 at 11:56AM by payloadartist
via reddit https://ift.tt/2SvzdLb
Attackresearch
Jenkins - decrypting credentials.xml
If you find yourself on a Jenkins box with noscript console access you can decrypt the saved passwords in credentials.xml in the following way...
Analyzing a Windows DHCP Server Bug (CVE-2019-0626) - MalwareTech
https://ift.tt/2TqfnFC
Submitted March 01, 2019 at 02:12PM by payloadartist
via reddit https://ift.tt/2Tl3WiF
https://ift.tt/2TqfnFC
Submitted March 01, 2019 at 02:12PM by payloadartist
via reddit https://ift.tt/2Tl3WiF
MalwareTech
Analyzing a Windows DHCP Server Bug (CVE-2019-0626) - MalwareTech
Reverse engineering the latest Microsoft patch in order to extract and exploit a recently patched vulnerability in the Windows Server DHCP service.