WordPress 5.1 CSRF to RCE
https://ift.tt/2T7NkH6
Submitted March 13, 2019 at 07:25PM by albinowax
via reddit https://ift.tt/2Uv7a0h
https://ift.tt/2T7NkH6
Submitted March 13, 2019 at 07:25PM by albinowax
via reddit https://ift.tt/2Uv7a0h
reddit
r/netsec - WordPress 5.1 CSRF to RCE
0 votes and 1 comment so far on Reddit
Smartphones, il est temps d'adopter une approche holistique de la sécurité
https://ift.tt/2HvjsSH
Submitted March 13, 2019 at 08:14PM by KeyDutch
via reddit https://ift.tt/2VWcKsT
https://ift.tt/2HvjsSH
Submitted March 13, 2019 at 08:14PM by KeyDutch
via reddit https://ift.tt/2VWcKsT
Linkedin
Smartphones, il est temps d'adopter une approche holistique de la sécurité
#FSoS (False Sens of Security). L'exemple du déverrouillage d’un Galaxy S10 au moyen d’une simple photo de son détenteur est utile pour démontrer que la "sécurité", dans les faits, c'est la prise en compte de tout un ensemble de nuances.
A Saga of Code Executions on Zimbra
https://ift.tt/2Hw5VdF
Submitted March 13, 2019 at 09:18PM by albinowax
via reddit https://ift.tt/2J8izlq
https://ift.tt/2Hw5VdF
Submitted March 13, 2019 at 09:18PM by albinowax
via reddit https://ift.tt/2J8izlq
Tint0
A Saga of Code Executions on Zimbra
Zimbra is well known for its signature email product, Zimbra Collaboration Suite. Putting client-side vulnerabilities aside, Zimbra seems to...
Millions of Binaries Later: a Look Into Linux Hardening in the Wild
https://ift.tt/2TjSVhv
Submitted March 13, 2019 at 09:08PM by eberkut
via reddit https://ift.tt/2XW2ItJ
https://ift.tt/2TjSVhv
Submitted March 13, 2019 at 09:08PM by eberkut
via reddit https://ift.tt/2XW2ItJ
Capsule8
Millions of Binaries Later: a Look Into Linux Hardening in the Wild • Capsule8
TL;DR In this post, we explore the adoption of Linux hardening schemes across five popular distributions by examining their out-of-the-box properties. For each distribution, we analyzed its default kernel configuration, … Read of "Millions of Binaries Later:…
Docker container for creating the phishing sites using Blackeye
https://ift.tt/2HuE5OY
Submitted March 14, 2019 at 12:20AM by vishnudxb
via reddit https://ift.tt/2Hjdllc
https://ift.tt/2HuE5OY
Submitted March 14, 2019 at 12:20AM by vishnudxb
via reddit https://ift.tt/2Hjdllc
GitHub
vishnudxb/docker-blackeye
Docker container for creating the phishing sites using Blackeye - vishnudxb/docker-blackeye
Extracting BitLocker keys from a TPM
https://ift.tt/2Uz4U8n
Submitted March 14, 2019 at 04:04AM by fuckup1337
via reddit https://ift.tt/2F8xS9z
https://ift.tt/2Uz4U8n
Submitted March 14, 2019 at 04:04AM by fuckup1337
via reddit https://ift.tt/2F8xS9z
reddit
r/netsec - Extracting BitLocker keys from a TPM
0 votes and 1 comment so far on Reddit
Amazon CloudWatch suspicious behavior 2019
https://ift.tt/2Falsye
Submitted March 14, 2019 at 01:43PM by gorblefork
via reddit https://ift.tt/2THEiVz
https://ift.tt/2Falsye
Submitted March 14, 2019 at 01:43PM by gorblefork
via reddit https://ift.tt/2THEiVz
reddit
r/aws - Amazon CloudWatch suspicious behavior 2019
0 votes and 3 comments so far on Reddit
More than 300 plugins could be used to exploit Wordpress Phar injection
https://ift.tt/2Jbwpna
Submitted March 14, 2019 at 02:27PM by shin2903
via reddit https://ift.tt/2O58d4u
https://ift.tt/2Jbwpna
Submitted March 14, 2019 at 02:27PM by shin2903
via reddit https://ift.tt/2O58d4u
CyStack Security Blog
Further attack surface of Wordpress PHAR injection
SummaryIn August 2018, Sam Thomas presented a new vulnerability of Wordpress at Black Hat USA 2018. The PHP object injection vulnerability is not new, but the way attacker can trigger this error is worth mentioning. In this article, I will go over the detail…
SimBad: A Rogue Adware Campaign On Google Play
https://ift.tt/2UAnNHO
Submitted March 14, 2019 at 04:12PM by Titokhan
via reddit https://ift.tt/2u7MnUQ
https://ift.tt/2UAnNHO
Submitted March 14, 2019 at 04:12PM by Titokhan
via reddit https://ift.tt/2u7MnUQ
Check Point Research
SimBad: A Rogue Adware Campaign On Google Play - Check Point Research
Research by: Elena Root and Andrey Polkovnichenko Check Point researchers from the Mobile Threat Team have discovered a new adware campaign on the Google Play Store. This particular strain of Adware was found in 206 applications, and the combined download…
Generic Windows 7,8,10 SMEP, KASLR & DEP Bypass Using the Page Table's Self-reference Entry
https://ift.tt/2XZP9Ju
Submitted March 14, 2019 at 07:50PM by scalys7
via reddit https://ift.tt/2Co5j6p
https://ift.tt/2XZP9Ju
Submitted March 14, 2019 at 07:50PM by scalys7
via reddit https://ift.tt/2Co5j6p
GitHub
scalys7/Privilege-Escalation-Framework
Privilege Escilation training project, with an emphasis on the distinction between vulnerability research & it's exposure and exploitation methods(which are CVE-independent.) - scalys7/Priv...
pypykatz agent
https://ift.tt/2O1Y8p0
Submitted March 15, 2019 at 12:31AM by fuckup1337
via reddit https://ift.tt/2TLBZAK
https://ift.tt/2O1Y8p0
Submitted March 15, 2019 at 12:31AM by fuckup1337
via reddit https://ift.tt/2TLBZAK
GitHub
skelsec/pypykatz_agent_dn
Pypykatz agent implemented in .NET. Contribute to skelsec/pypykatz_agent_dn development by creating an account on GitHub.
pypykatz Server
https://ift.tt/2O4bdhL
Submitted March 15, 2019 at 12:30AM by fuckup1337
via reddit https://ift.tt/2JcEtUL
https://ift.tt/2O4bdhL
Submitted March 15, 2019 at 12:30AM by fuckup1337
via reddit https://ift.tt/2JcEtUL
GitHub
skelsec/pypykatz_server
Pypykatz server. Contribute to skelsec/pypykatz_server development by creating an account on GitHub.
Never miss a single call for papers for security conferences!
http://cfptime.org
Submitted March 15, 2019 at 12:20AM by PaulSec
via reddit https://ift.tt/2T6YjjZ
http://cfptime.org
Submitted March 15, 2019 at 12:20AM by PaulSec
via reddit https://ift.tt/2T6YjjZ
reddit
r/netsec - Never miss a single call for papers for security conferences!
0 votes and 0 comments so far on Reddit
Pypykatz Server - With this you won't need to run mimikatz/pypykatz on the target machine, only a tiny agent (13kB) that takes the info from the server on what parts of the lsass process to read.
https://ift.tt/2O4bdhL
Submitted March 15, 2019 at 01:44AM by fuckup1337
via reddit https://ift.tt/2UC2OEH
https://ift.tt/2O4bdhL
Submitted March 15, 2019 at 01:44AM by fuckup1337
via reddit https://ift.tt/2UC2OEH
GitHub
skelsec/pypykatz_server
Pypykatz server. Contribute to skelsec/pypykatz_server development by creating an account on GitHub.
Email-Enum: Check if an email is registered on mainstream websites!
https://ift.tt/2O6tMSe
Submitted March 15, 2019 at 02:34AM by Banqu
via reddit https://ift.tt/2CfasxF
https://ift.tt/2O6tMSe
Submitted March 15, 2019 at 02:34AM by Banqu
via reddit https://ift.tt/2CfasxF
GitHub
Frint0/email-enum
Email-Enum searches mainstream websites and tells you if an email is registered! - Frint0/email-enum
The Definitive 2019 Guide to Cryptographic Key Sizes and Algorithm Recommendations
https://ift.tt/2JrszGP
Submitted March 15, 2019 at 04:36AM by sarciszewski
via reddit https://ift.tt/2Y2kJGu
https://ift.tt/2JrszGP
Submitted March 15, 2019 at 04:36AM by sarciszewski
via reddit https://ift.tt/2Y2kJGu
Paragonie
The Definitive 2019 Guide to Cryptographic Key Sizes and Algorithm Recommendations - Paragon Initiative Enterprises Blog
A simple, accessible recommendation for key sizes and recommended algorithms for various cryptographic algorithms.
GEARBEST HACK: Hundreds of Thousands Affected Daily by Huge Data Breach
https://ift.tt/2CnelAw
Submitted March 15, 2019 at 04:18PM by Dormidera
via reddit https://ift.tt/2T4bxOo
https://ift.tt/2CnelAw
Submitted March 15, 2019 at 04:18PM by Dormidera
via reddit https://ift.tt/2T4bxOo
vpnMentor
Report - Gearbest Hack: Hundreds of Thousands Affected Daily by Huge Data Breach
Led by Noam Rotem, a well-known white hat hacker and activist, VPNMentor’s research team discovered a major security breach in Gearbest. With hundreds ...
AndroidProjectCreator 1.2-stable release notes: more user feedback and support for the JEB3 decompiler!
https://ift.tt/2Hlt2rU
Submitted March 15, 2019 at 06:30PM by ThisIsLibra
via reddit https://ift.tt/2W1mMZM
https://ift.tt/2Hlt2rU
Submitted March 15, 2019 at 06:30PM by ThisIsLibra
via reddit https://ift.tt/2W1mMZM
reddit
r/netsec - AndroidProjectCreator 1.2-stable release notes: more user feedback and support for the JEB3 decompiler!
0 votes and 0 comments so far on Reddit
DNS and The Bit 0x20
https://ift.tt/2Y1QRdp
Submitted March 15, 2019 at 09:10PM by xaocuc
via reddit https://ift.tt/2T4Gh1G
https://ift.tt/2Y1QRdp
Submitted March 15, 2019 at 09:10PM by xaocuc
via reddit https://ift.tt/2T4Gh1G
Hypothetical Me
DNS and The Bit 0x20 – Hypothetical Me
Short note on a clever hack that makes everyones DNS just a bit more secure.
Citrix Got Hacked
https://ift.tt/2TLjEnv
Submitted March 15, 2019 at 11:59PM by chexss
via reddit https://ift.tt/2XTLFZ4
https://ift.tt/2TLjEnv
Submitted March 15, 2019 at 11:59PM by chexss
via reddit https://ift.tt/2XTLFZ4
LinkedIn Hank
https://ift.tt/1sxqmMI
Submitted March 16, 2019 at 12:43AM by Xidium426
via reddit https://ift.tt/2Ob6Otu
https://ift.tt/1sxqmMI
Submitted March 16, 2019 at 12:43AM by Xidium426
via reddit https://ift.tt/2Ob6Otu
Motherboard
Another Day, Another Hack: 117 Million LinkedIn Emails And Passwords
Four years later, the 2012 LinkedIn breach just got way worse.