SharPyShell - tiny and obfuscated ASP.NET webshell for C# web applications
https://ift.tt/2UqJCtf
Submitted March 11, 2019 at 04:10AM by splinter_code
via reddit https://ift.tt/2SVeP6r
https://ift.tt/2UqJCtf
Submitted March 11, 2019 at 04:10AM by splinter_code
via reddit https://ift.tt/2SVeP6r
GitHub
antonioCoco/SharPyShell
SharPyShell - tiny and obfuscated ASP.NET webshell for C# web applications - antonioCoco/SharPyShell
Inserting arbitrary files into Google Earth Studio Projects Archives
https://ift.tt/2SXTDN4
Submitted March 11, 2019 at 04:06AM by ThomasCZ
via reddit https://ift.tt/2Cg3us4
https://ift.tt/2SXTDN4
Submitted March 11, 2019 at 04:06AM by ThomasCZ
via reddit https://ift.tt/2Cg3us4
Thomas Orlita's blog
Inserting arbitrary files into Google Earth Projects Archives - Thomas Orlita's blog
Thanks to multiple combined vulnerabilities we are able to insert arbitrary files into anyone's Google Earth Studio Projects Archive.
MouseJack: From Mouse to Shell - Part 2 - Fixed Mice and JackIt + SILENTTRINITY = Defender Bypass
https://ift.tt/2Hq0aOz
Submitted March 11, 2019 at 03:36AM by InfoSecJim
via reddit https://ift.tt/2J4T7NB
https://ift.tt/2Hq0aOz
Submitted March 11, 2019 at 03:36AM by InfoSecJim
via reddit https://ift.tt/2J4T7NB
Jim Wilbur's Blog
MouseJack: From Mouse to Shell - Part 2
MouseJack was publicly disclosed in 2016 & an exploit was later released named JackIt. Part 2 explains how to use SILENTTRINTIY + JackIt to bypass Defender.
sec4dev 2019 slides & videos
https://sec4dev.io/2019
Submitted March 11, 2019 at 08:02AM by ninoseki
via reddit https://ift.tt/2TpNFcW
https://sec4dev.io/2019
Submitted March 11, 2019 at 08:02AM by ninoseki
via reddit https://ift.tt/2TpNFcW
sec4dev
sec4dev – the security Conference & Bootcamp for developers. Let's make security a first-class citizen in software development!
The sec4dev Conference & Bootcamp is a Vienna-based security event which targets one very specific group: people involved in software…
The sec4dev Conference & Bootcamp is a Vienna-based security event which targets one very specific group: people involved in software…
21-Year Old Tech Entrepreneur claims “I am the World’s First Trillionaire”
https://ift.tt/2EOXEyx
Submitted March 11, 2019 at 11:58AM by Alexandra7352
via reddit https://ift.tt/2TFzKif
https://ift.tt/2EOXEyx
Submitted March 11, 2019 at 11:58AM by Alexandra7352
via reddit https://ift.tt/2TFzKif
Medium
I am the World’s First Trillionaire
Last year you may have heard the news that I would soon become the world’s first trillionaire. I was being modest at the time because I…
AnchorWatch - A Rogue Device Detection Script for Windows with Email Alerts. I wrote a PowerShell noscript that scans subnet(s) every X minutes and sends email alerts on each discovery.
https://ift.tt/2SV9vA8
Submitted March 11, 2019 at 02:52PM by i_rsX
via reddit https://ift.tt/2XQtJib
https://ift.tt/2SV9vA8
Submitted March 11, 2019 at 02:52PM by i_rsX
via reddit https://ift.tt/2XQtJib
GitHub
GitHub - iamrootsh3ll/AnchorWatch: A Rogue Device Detection Script with Email Alerts Functionality for Windows Subsystem
A Rogue Device Detection Script with Email Alerts Functionality for Windows Subsystem - GitHub - iamrootsh3ll/AnchorWatch: A Rogue Device Detection Script with Email Alerts Functionality for Window...
The National Vulnerability Database (NVD) is one of the most valuable resources available in the fight to keep our software products safe. Here's the NVD Explained
https://ift.tt/2XONLcO
Submitted March 11, 2019 at 04:23PM by c3a1r1
via reddit https://ift.tt/2HcH8fi
https://ift.tt/2XONLcO
Submitted March 11, 2019 at 04:23PM by c3a1r1
via reddit https://ift.tt/2HcH8fi
Whitesourcesoftware
The National Vulnerability Database Explained
The National Vulnerability Database is the leading resource for software vulnerabilities. We break down what you need to know to make the most of it.
"If you want, I can store the encrypted password." - A Password-Storage Field Study with Freelance Developers [PDF]
https://ift.tt/2NSgdpL
Submitted March 11, 2019 at 06:10PM by maisels
via reddit https://ift.tt/2VROAjb
https://ift.tt/2NSgdpL
Submitted March 11, 2019 at 06:10PM by maisels
via reddit https://ift.tt/2VROAjb
How to Discover Unprotected MongoDB and Elasticsearch Databases
https://ift.tt/2Ceo0cD
Submitted March 11, 2019 at 07:58PM by atomlib_com
via reddit https://ift.tt/2TCwcxp
https://ift.tt/2Ceo0cD
Submitted March 11, 2019 at 07:58PM by atomlib_com
via reddit https://ift.tt/2TCwcxp
Habr
How to Discover MongoDB and Elasticsearch Open Databases
Some time ago among security researchers, it was very “fashionable” to find improperly configured AWS cloud storages with various kinds of confidential inf...
Pandora's Box: Another New Way to Leak All Your Sensitive Data
https://ift.tt/2VPPIDS
Submitted March 11, 2019 at 08:07PM by ok_bye_now_
via reddit https://ift.tt/2UxaTdE
https://ift.tt/2VPPIDS
Submitted March 11, 2019 at 08:07PM by ok_bye_now_
via reddit https://ift.tt/2UxaTdE
Adversis
Pandora's Box: Another New Way to Leak All Your Sensitive Data
We discovered hundreds of thousands of documents and terabytes of data exposed across hundreds of customers…
c0c0n XII CFP is now Open | Closing Date - 12 May 2019
https://ift.tt/2CajRX1
Submitted March 11, 2019 at 09:57PM by pr4jwal
via reddit https://ift.tt/2TEP4f8
https://ift.tt/2CajRX1
Submitted March 11, 2019 at 09:57PM by pr4jwal
via reddit https://ift.tt/2TEP4f8
is-ra.org
CFP Closing Date - 12 May 2019 | c0c0n 12 | Hacking and Cyber Security Briefing
Building an Office macro to spoof parent processes and command line arguments
https://ift.tt/2NVpf54
Submitted March 12, 2019 at 04:22AM by thorn42
via reddit https://ift.tt/2F6Cn4F
https://ift.tt/2NVpf54
Submitted March 12, 2019 at 04:22AM by thorn42
via reddit https://ift.tt/2F6Cn4F
Christophe Tafani-Dereeper
Building an Office macro to spoof parent processes and command line arguments - Christophe Tafani-Dereeper
Most modern EDR solutions use behavioral detection, allowing to detect malware based on how it behaves instead of solely using static indicators of compromise (IoC) like file hashes or domain names. In this post, I give a VBA implementation of two techniques…
Using Firefox webextensions as c2 client
https://ift.tt/2NZTfNd
Submitted March 12, 2019 at 05:46AM by mthbernardes
via reddit https://ift.tt/2TCIt4U
https://ift.tt/2NZTfNd
Submitted March 12, 2019 at 05:46AM by mthbernardes
via reddit https://ift.tt/2TCIt4U
mthbernardes.github.io
Gambler - Hacking and other stuffs
Posts about hacking, coding and other stuffs
F5 Networks Acquires NGINX For $670 Million
https://ift.tt/2NXVPmZ
Submitted March 12, 2019 at 01:07PM by Dormidera
via reddit https://ift.tt/2VRVrZQ
https://ift.tt/2NXVPmZ
Submitted March 12, 2019 at 01:07PM by Dormidera
via reddit https://ift.tt/2VRVrZQ
TechCrunch
F5 acquires NGINX for $670M to move into open-source, multi-cloud services
Multi-cloud architecture is a huge trend in enterprise, and today F5 made a big move to bring its own business closer to it. The company, which provides cloud and security application services, announced that it has acquired NGINX, the commercial company…
Silencing Cylance: A Case Study in Modern EDRs
https://ift.tt/2TsHB3o
Submitted March 12, 2019 at 03:24PM by dmchell
via reddit https://ift.tt/2ETXplJ
https://ift.tt/2TsHB3o
Submitted March 12, 2019 at 03:24PM by dmchell
via reddit https://ift.tt/2ETXplJ
www.mdsec.co.uk
Silencing Cylance: A Case Study in Modern EDRs – MDSec
Citrix Systems Breached 'for 10 Years by Iran,' Claims Unknown Infosec Firm - Security Boulevard
https://ift.tt/2NXWiFI
Submitted March 12, 2019 at 06:01PM by ilamont
via reddit https://ift.tt/2VUO3Nh
https://ift.tt/2NXWiFI
Submitted March 12, 2019 at 06:01PM by ilamont
via reddit https://ift.tt/2VUO3Nh
Security Boulevard
Citrix Systems Breached 'for 10 Years by Iran,' Claims Unknown Infosec Firm - Security Boulevard
Citrix Systems’ networks were infested with hackers, who stole terabytes of data. So says a security service provider who nobody’s heard of.
BountyHQ - Pre-compiled Bug Bounty Recon Datasets
https://ift.tt/2Ut4sbD
Submitted March 12, 2019 at 05:41PM by _pdp_
via reddit https://ift.tt/2UtyEmN
https://ift.tt/2Ut4sbD
Submitted March 12, 2019 at 05:41PM by _pdp_
via reddit https://ift.tt/2UtyEmN
reddit
r/netsec - BountyHQ - Pre-compiled Bug Bounty Recon Datasets
0 votes and 0 comments so far on Reddit
Blind Cross-Site noscripting to RCE in Cerberus FTP version 9 and 10
https://ift.tt/2Cr0mtN
Submitted March 12, 2019 at 05:36PM by ggisz
via reddit https://ift.tt/2Cjg226
https://ift.tt/2Cr0mtN
Submitted March 12, 2019 at 05:36PM by ggisz
via reddit https://ift.tt/2Cjg226
Security Uncut
Blind Cross-Site noscripting to RCE in Cerberus FTP version 9 and 10
Penetration Testing Active Directory, Part II
https://ift.tt/2Hg0srU
Submitted March 12, 2019 at 06:44PM by Hausec
via reddit https://ift.tt/2Ht8cWX
https://ift.tt/2Hg0srU
Submitted March 12, 2019 at 06:44PM by Hausec
via reddit https://ift.tt/2Ht8cWX
root@Hausec
Penetration Testing Active Directory, Part II
In the previous article, I obtained credentials to the domain three different ways. For most of this part of the series, I will use the rsmith user credentials, as they are low-level, forcing us to…
Orc - post-exploitation tool for Linux (written in Bash)
https://ift.tt/2O08p53
Submitted March 12, 2019 at 07:52PM by zipcloak
via reddit https://ift.tt/2F7IJRi
https://ift.tt/2O08p53
Submitted March 12, 2019 at 07:52PM by zipcloak
via reddit https://ift.tt/2F7IJRi
GitHub
zMarch/Orc
Orc is a post-exploitation framework for Linux written in Bash - zMarch/Orc
Exploiting CVE-2018-1335: command injection in Apache Tika
https://ift.tt/2XXdkIu
Submitted March 12, 2019 at 08:40PM by hackers_and_builders
via reddit https://ift.tt/2EZ7G03
https://ift.tt/2XXdkIu
Submitted March 12, 2019 at 08:40PM by hackers_and_builders
via reddit https://ift.tt/2EZ7G03
Rhino Security Labs
Exploiting CVE-2018-1335: Command Injection in Apache Tika
A walk-through of steps taken to go from an undisclosed CVE for a command injection vulnerability in the Apache tika-server to a complete exploit.