Tracking 20,000 skiers and listening to their walkie talkie chats!
https://ift.tt/2Ev1IUl
Submitted March 05, 2019 at 03:48AM by almonie
via reddit https://ift.tt/2XDm6vh
https://ift.tt/2Ev1IUl
Submitted March 05, 2019 at 03:48AM by almonie
via reddit https://ift.tt/2XDm6vh
Pentestpartners
Hacking ski helmet audio | Pen Test Partners
I love snow sports, and I also like my tunes, so purchasing the Outdoor Tech CHIPS smart headphones was a no-brainer. They fit into audio-equipped helmets and
MouseJack: From Mouse to Shell - Part 1 - This blog post describes what is MouseJack, what to do if you are affected, and how to get a reverse shell using JackIt and Unicorn
https://ift.tt/2UjWzVZ
Submitted March 05, 2019 at 03:41AM by InfoSecJim
via reddit https://ift.tt/2SEec12
https://ift.tt/2UjWzVZ
Submitted March 05, 2019 at 03:41AM by InfoSecJim
via reddit https://ift.tt/2SEec12
Jim Wilbur's Blog
MouseJack: From Mouse to Shell - Part 1
MouseJack was publicly disclosed February 23rd 2016 and in 2017 an exploit for this vulnerability was released named JackIt.
Combining NTLM Relaying and Kerberos delegation
https://ift.tt/2H0lhaC
Submitted March 05, 2019 at 08:14AM by got_nations
via reddit https://ift.tt/2EAxBuy
https://ift.tt/2H0lhaC
Submitted March 05, 2019 at 08:14AM by got_nations
via reddit https://ift.tt/2EAxBuy
dirkjanm.io
The worst of both worlds: Combining NTLM Relaying and Kerberos delegation
After my in-depth post last month about unconstrained delegation, this post will discuss a different type of Kerberos delegation: resource-based constrained delegation. The content in this post is based on Elad Shamir’s Kerberos research and combined with…
Automated/declarative "pen testing as code"
https://ift.tt/2Tsi75H
Submitted March 05, 2019 at 12:47PM by DeviantJuiceBox
via reddit https://ift.tt/2XFDejR
https://ift.tt/2Tsi75H
Submitted March 05, 2019 at 12:47PM by DeviantJuiceBox
via reddit https://ift.tt/2XFDejR
reddit
r/blackhat - Automated/declarative "pen testing as code"
24 votes and 6 comments so far on Reddit
Facebook exploit – Confirm website visitor identities
https://ift.tt/2XDsh2z
Submitted March 05, 2019 at 02:38PM by TomAnthony
via reddit https://ift.tt/2HeL3Yc
https://ift.tt/2XDsh2z
Submitted March 05, 2019 at 02:38PM by TomAnthony
via reddit https://ift.tt/2HeL3Yc
www.tomanthony.co.uk
Facebook Information Leak - Webpages can confirm a user's ID
I discovered a Facebook bug which allows me to identify whether a visitor is logged in to a specific Facebook account. It can check hundreds of identities per second.
Windows 7 may insecurely load Dynamic Link Libraries (CVE-2019-5921)
https://ift.tt/2HgNAAY
Submitted March 05, 2019 at 05:27PM by Dormidera
via reddit https://ift.tt/2C3FKr4
https://ift.tt/2HgNAAY
Submitted March 05, 2019 at 05:27PM by Dormidera
via reddit https://ift.tt/2C3FKr4
jvn.jp
JVN#69181574: Windows 7 may insecurely load Dynamic Link Libraries
Japan Vulnerability Notes
Preview Pain: Malware Triggers in Outlook Preview Without User Opening Word Document
https://ift.tt/2SnmNVx
Submitted March 05, 2019 at 04:18PM by RedPacketSecurity
via reddit https://ift.tt/2BZpdVd
https://ift.tt/2SnmNVx
Submitted March 05, 2019 at 04:18PM by RedPacketSecurity
via reddit https://ift.tt/2BZpdVd
Bromium
Preview Pane: Malware launches in preview without opening MS Word doc
New malware triggers from preview pane, without the user opening the Microsoft Word document. Bromium VP Engineering unravels the threat in the blog.
Windows 7 may insecurely load Dynamic Link Libraries (CVE-2019-5921)
https://ift.tt/2HgNAAY
Submitted March 05, 2019 at 05:27PM by Dormidera
via reddit https://ift.tt/2C3FKr4
https://ift.tt/2HgNAAY
Submitted March 05, 2019 at 05:27PM by Dormidera
via reddit https://ift.tt/2C3FKr4
jvn.jp
JVN#69181574: Windows 7 may insecurely load Dynamic Link Libraries
Japan Vulnerability Notes
Speculative Load Hazards Boost Rowhammer and Cache Attacks (PDF)
https://ift.tt/2C3R4n4
Submitted March 05, 2019 at 07:31PM by visionviper
via reddit https://ift.tt/2EPKOBn
https://ift.tt/2C3R4n4
Submitted March 05, 2019 at 07:31PM by visionviper
via reddit https://ift.tt/2EPKOBn
Great Scott! Timing Attack Demo for the Everyday Webdev
https://ift.tt/2ITW1oB
Submitted March 05, 2019 at 07:45PM by abaldwin7302
via reddit https://ift.tt/2TfDaJp
https://ift.tt/2ITW1oB
Submitted March 05, 2019 at 07:45PM by abaldwin7302
via reddit https://ift.tt/2TfDaJp
Simple Thread
Great Scott! Timing Attack Demo for the Everyday Webdev - Simple Thread
A timing attack isn't the most % exciting attack vector for a web app, but there are still enough effective cases. Here's some suggestions on preventing them.
Automated Phishing Email Tool
https://ift.tt/2C718f5
Submitted March 05, 2019 at 09:50PM by IAintShootinMister
via reddit https://ift.tt/2NKi8MJ
https://ift.tt/2C718f5
Submitted March 05, 2019 at 09:50PM by IAintShootinMister
via reddit https://ift.tt/2NKi8MJ
reddit
r/HowToHack - Automated Phishing Email Tool
0 votes and 0 comments so far on Reddit
Auditing Github Repo Wikis
https://ift.tt/2C3tRBG
Submitted March 05, 2019 at 10:33PM by iphelix
via reddit https://ift.tt/2Ui9eIJ
https://ift.tt/2C3tRBG
Submitted March 05, 2019 at 10:33PM by iphelix
via reddit https://ift.tt/2Ui9eIJ
Smeegesec
Auditing GitHub Repo Wikis for Fun and Profit
Download github-wiki-auditor.py here The types of issues you see when managing a bug bounty program vary widely, but every now and then a...
Penetration Testing Active Directory, Part I
https://ift.tt/2VFuWqE
Submitted March 06, 2019 at 12:56AM by Hausec
via reddit https://ift.tt/2EN5IAP
https://ift.tt/2VFuWqE
Submitted March 06, 2019 at 12:56AM by Hausec
via reddit https://ift.tt/2EN5IAP
root@Hausec
Penetration Testing Active Directory, Part I
I’ve had several customers come to me before a pentest and say they think they’re in a good shape because their vulnerability scan shows no critical vulnerabilities and that they’…
Finding and exploiting CVE-2018–7445 (unauthenticated RCE in MikroTik’s RouterOS SMB)
https://ift.tt/2tR6mXP
Submitted March 06, 2019 at 02:18AM by maximilianov
via reddit https://ift.tt/2VFr9cN
https://ift.tt/2tR6mXP
Submitted March 06, 2019 at 02:18AM by maximilianov
via reddit https://ift.tt/2VFr9cN
Medium
Finding and exploiting CVE-2018–7445 (unauthenticated RCE in MikroTik’s RouterOS SMB)
Unauthenticated RCE in MikroTik’s RouterOS SMB
Privilege Escalation in Quora, which can compromise all users on Quora
https://ift.tt/2Xx8Fgc
Submitted March 06, 2019 at 01:30AM by tarunkant
via reddit https://ift.tt/2XFsvGj
https://ift.tt/2Xx8Fgc
Submitted March 06, 2019 at 01:30AM by tarunkant
via reddit https://ift.tt/2XFsvGj
SpyClub
Horizontal Privilege Escalation on Quora which can compromise all users on Quora
Hey, I am SpyD3r(@TarunkantG) and in this blog, I will be discussing the bug I have found in Quora which can compromise all users on Quora due to Horizontal Privilege Escalation. I worked more than
Quick Guide - wardriving with kismet, gps and google earth
https://ift.tt/2ENw99x
Submitted March 06, 2019 at 03:55AM by smittix
via reddit https://ift.tt/2UnNMlF
https://ift.tt/2ENw99x
Submitted March 06, 2019 at 03:55AM by smittix
via reddit https://ift.tt/2UnNMlF
Stealing the Network
Wardriving with Kismet, GPS and Google Earth.
Wardriving Wardriving was once a really popular sport, I myself loved mapping new areas with my trusty Orinco Gold Card. I’m not sure how popular it is these days but I thought I’d writ…
Ghidra Public Release
https://ghidra-sre.org
Submitted March 06, 2019 at 11:40AM by secaggr
via reddit https://ift.tt/2TDWFuB
https://ghidra-sre.org
Submitted March 06, 2019 at 11:40AM by secaggr
via reddit https://ift.tt/2TDWFuB
reddit
r/netsec - Ghidra Public Release
0 votes and 0 comments so far on Reddit
9 Digital Identity Trends That Will Make or Break Businesses in 2019
https://ift.tt/2NJneZG
Submitted March 06, 2019 at 12:08PM by iamjohnlenn
via reddit https://ift.tt/2TANJ8Y
https://ift.tt/2NJneZG
Submitted March 06, 2019 at 12:08PM by iamjohnlenn
via reddit https://ift.tt/2TANJ8Y
Hacker Noon
9 Digital Identity Trends That Will Make or Break Businesses in 2019
Digital identity can make or break a business in several areas. Here are the top 9 digital identity trends that brands or businesses need…
Captive Portal: The Definitive Guide [2019]
https://ift.tt/2TzvwbX
Submitted March 06, 2019 at 04:28PM by i_rsX
via reddit https://ift.tt/2IUwSK8
https://ift.tt/2TzvwbX
Submitted March 06, 2019 at 04:28PM by i_rsX
via reddit https://ift.tt/2IUwSK8
rootsh3ll
Captive Portal: The Definitive Guide
This is the most comprehensive guide to Captive Portals on the planet. If you want to leverage WiFi Captive Portals for improving your Business, you’ll love this guide.
Digital Forensics Tips&Tricks: How to Find Active VPN Connection in the Memory Dump
https://ift.tt/2SMI8Il
Submitted March 06, 2019 at 07:28PM by atomlib_com
via reddit https://ift.tt/2Ti11rL
https://ift.tt/2SMI8Il
Submitted March 06, 2019 at 07:28PM by atomlib_com
via reddit https://ift.tt/2Ti11rL
Habr
Digital Forensics Tips&Tricks: How to Find Active VPN Connection in the Memory Dump
Sometimes you can meet a case when a cyber-attacker uses VPN to establish a reliable channel between C2 server and infected IT-infrastructure. And, as Threat...
PXE Dust: Finding a Vulnerability in Windows Servers Deployment Services - Check Point Research
https://ift.tt/2EHZYr7
Submitted March 06, 2019 at 08:09PM by Omer_Gull
via reddit https://ift.tt/2UrSXBq
https://ift.tt/2EHZYr7
Submitted March 06, 2019 at 08:09PM by Omer_Gull
via reddit https://ift.tt/2UrSXBq
Check Point Research
PXE Dust: Finding a Vulnerability in Windows Servers Deployment Services - Check Point Research
Research By: Omer Gull Introduction Many large organizations use Windows Deployment Services (WDS) to install customized operating systems on new machines in the network. The Windows Deployment Services is usually, by its nature, accessible to anyone connected…