Posts about hacking, coding and other stuffs

Multi-cloud architecture is a huge trend in enterprise, and today F5 made a big move to bring its own business closer to it. The company, which provides cloud and security application services, announced that it has acquired NGINX, the commercial company…

Citrix Systems’ networks were infested with hackers, who stole terabytes of data. So says a security service provider who nobody’s heard of.

0 votes and 0 comments so far on Reddit

In the previous article, I obtained credentials to the domain three different ways. For most of this part of the series, I will use the rsmith user credentials, as they are low-level, forcing us to…

Orc is a post-exploitation framework for Linux written in Bash - zMarch/Orc

A walk-through of steps taken to go from an undisclosed CVE for a command injection vulnerability in the Apache tika-server to a complete exploit.

We’ve heard that the coinhive site will be closed and we analyzed 3.1 billion web sites and found sites that host CoinHive malware. We focused on javanoscript files that contain ‘coinhive’ in HTML headers. These websites were cached by some sources in December…

The Cybereason research team observed a new campaign involving Ursnif in the beginning of 2019 attacking users in Japan across multiple customer environments. This Ursnif variant has enhanced stealing modules focused on taking data from mail clients and email…

0 votes and 1 comment so far on Reddit

This article will briefly explain methods behind the mobile malware unpacking. It will be focusing on Anubis since it is the latest trending malware for almost a year now. Actors use dropper applications as their primary method of distribution. Droppers find…

0 votes and 0 comments so far on Reddit

Achieving full R\W primitive with CVE-2019-0539

0 votes and 1 comment so far on Reddit

#FSoS (False Sens of Security). L'exemple du déverrouillage d’un Galaxy S10 au moyen d’une simple photo de son détenteur est utile pour démontrer que la "sécurité", dans les faits, c'est la prise en compte de tout un ensemble de nuances.

Zimbra is well known for its signature email product, Zimbra Collaboration Suite. Putting client-side vulnerabilities aside, Zimbra seems to...

TL;DR In this post, we explore the adoption of Linux hardening schemes across five popular distributions by examining their out-of-the-box properties. For each distribution, we analyzed its default kernel configuration, … Read of "Millions of Binaries Later:…

Docker container for creating the phishing sites using Blackeye - vishnudxb/docker-blackeye