Hack The Box - Carrier write-up by 0xRick
https://ift.tt/2CoLhsr
Submitted March 16, 2019 at 07:54PM by Ahm3d_H3sham
via reddit https://ift.tt/2UF9qSK
https://ift.tt/2CoLhsr
Submitted March 16, 2019 at 07:54PM by Ahm3d_H3sham
via reddit https://ift.tt/2UF9qSK
0xRick Owned Root !
Hack The Box - Carrier
Quick Summary Hey guys today Carrier retired and here is my write-up about it. User on this box wasn’t hard to get , but for root it’s a different thing because we will go through some networking tricks and we will perform an attack called bgp hijacking.…
PowerHub: Transfer PowerShell modules and binaries and execute them in-memory while bypassing endpoint protection and application whitelisting
https://ift.tt/2Y4ZKDl
Submitted March 16, 2019 at 09:05PM by 0xfffffg
via reddit https://ift.tt/2u9GZAH
https://ift.tt/2Y4ZKDl
Submitted March 16, 2019 at 09:05PM by 0xfffffg
via reddit https://ift.tt/2u9GZAH
GitHub
AdrianVollmer/PowerHub
A web application to transfer PowerShell modules, executables, snippets and files - AdrianVollmer/PowerHub
Analysis of some Metasploit network payloads (Linux/x64)
https://ift.tt/2TTjuui
Submitted March 16, 2019 at 11:11PM by h41zum
via reddit https://ift.tt/2TTpNhj
https://ift.tt/2TTjuui
Submitted March 16, 2019 at 11:11PM by h41zum
via reddit https://ift.tt/2TTpNhj
Medium
Analysis of some Metasploit network payloads (Linux/x64)
3 msfvenom payloads under the microscope
Know Your [roots]#
https://ift.tt/2W5DzuS
Submitted March 16, 2019 at 11:05PM by Bowserjklol
via reddit https://ift.tt/2Hqk4db
https://ift.tt/2W5DzuS
Submitted March 16, 2019 at 11:05PM by Bowserjklol
via reddit https://ift.tt/2Hqk4db
Codecatoctin
Know Your [roots]#
After recently wrapping up Forshaw's awesome Attacking Network Protocols , it felt like a good time to take a break from the purely technic...
Electronic tools used by car thieves
https://ift.tt/2J5sDeZ
Submitted March 16, 2019 at 10:24PM by mycall
via reddit https://ift.tt/2Y3kET2
https://ift.tt/2J5sDeZ
Submitted March 16, 2019 at 10:24PM by mycall
via reddit https://ift.tt/2Y3kET2
Punch Newspapers
Electronic tools used by car thieves
Kunle Shonaike Developments in vehicle security over recent years have made it increasingly difficult for thieves to steal vehicles by conventional means and this has led to thieves using burglary...
Bypass MaxScales DB Firewall for MySQL/MariaDB
https://ift.tt/2OaXPIz
Submitted March 17, 2019 at 12:09AM by TarqDirtyToMe
via reddit https://ift.tt/2HCZe9y
https://ift.tt/2OaXPIz
Submitted March 17, 2019 at 12:09AM by TarqDirtyToMe
via reddit https://ift.tt/2HCZe9y
Christopher Tarquini's Blog
Bypassing MaxScale's Firewall and Masking Rules
Learn how to bypass MaxScale's Firewall and Masking filters using SQL comments
Nemesida WAF Free for DEB/RHEL, good signature database and minimum of False Positives
https://ift.tt/2FgAbru
Submitted March 17, 2019 at 03:32AM by romanovroman
via reddit https://ift.tt/2F7bxrS
https://ift.tt/2FgAbru
Submitted March 17, 2019 at 03:32AM by romanovroman
via reddit https://ift.tt/2F7bxrS
Nemesida WAF - complex site protection system with machine learning
Nemesida WAF Free
«Nemesida WAF» Free provides the base security level of web-applications and API. «Nemesida WAF» Free has simple installation and exploitation, doesn’t have high requirements to hardware resources.
Fileless UAC Bypass in Windows Store Binary
https://ift.tt/2FdOk7k
Submitted March 17, 2019 at 05:34AM by IUsedToBeACave
via reddit https://ift.tt/2CndsYE
https://ift.tt/2FdOk7k
Submitted March 17, 2019 at 05:34AM by IUsedToBeACave
via reddit https://ift.tt/2CndsYE
Active Cyber
Fileless UAC Bypass in Windows Store Binary
Based on the increased interest in User Account Control (UAC) bypass research as of late, we've decided to read more on the subject and attempt to identify some sort of a pattern which ultimately led...
Subdomain Bruteforce for Windows
https://ift.tt/2TF7rBi
Submitted March 17, 2019 at 07:12AM by endless
via reddit https://ift.tt/2O8AiYN
https://ift.tt/2TF7rBi
Submitted March 17, 2019 at 07:12AM by endless
via reddit https://ift.tt/2O8AiYN
GitHub
visualbasic6/subdomain-bruteforce
a subdomain brute forcing tool for windows. Contribute to visualbasic6/subdomain-bruteforce development by creating an account on GitHub.
APK Utilities - a collection of noscript to modify Android APK files
https://ift.tt/2FinhZS
Submitted March 17, 2019 at 07:39PM by virb3
via reddit https://ift.tt/2FhZ85M
https://ift.tt/2FinhZS
Submitted March 17, 2019 at 07:39PM by virb3
via reddit https://ift.tt/2FhZ85M
GitHub
GitHub - ViRb3/apk-utilities: 🛠 Tools and noscripts to manipulate Android APKs
🛠 Tools and noscripts to manipulate Android APKs. Contribute to ViRb3/apk-utilities development by creating an account on GitHub.
Common Web Application Threats
https://ift.tt/2NTYEp5
Submitted March 17, 2019 at 08:49PM by lokendra15
via reddit https://ift.tt/2ubkBH0
https://ift.tt/2NTYEp5
Submitted March 17, 2019 at 08:49PM by lokendra15
via reddit https://ift.tt/2ubkBH0
TechnoLush
Common Web Application Threats
Lists the most common web application threats
Python for Reverse Engineering #1: ELF Binaries
https://ift.tt/2Y4xpN7
Submitted March 17, 2019 at 09:29PM by Icyphox
via reddit https://ift.tt/2Y2c2Mx
https://ift.tt/2Y4xpN7
Submitted March 17, 2019 at 09:29PM by Icyphox
via reddit https://ift.tt/2Y2c2Mx
Medium
Python for Reverse Engineering #1: ELF Binaries
Building your own disassembly tooling for — that’s right — fun and profit
Secure Registration Flow
https://ift.tt/2JkaLNJ
Submitted March 17, 2019 at 10:34PM by lokendra15
via reddit https://ift.tt/2F8FYxS
https://ift.tt/2JkaLNJ
Submitted March 17, 2019 at 10:34PM by lokendra15
via reddit https://ift.tt/2F8FYxS
TechnoLush
Secure Registration Flow
A flowchart explaining the implementation of secure registration using the combination of username, email, and mobile number.
RCE in Slanger 0.6.0, a Ruby implementation of Pusher
https://ift.tt/2Jmnu2c
Submitted March 18, 2019 at 12:18PM by honoki
via reddit https://ift.tt/2JlfrCL
https://ift.tt/2Jmnu2c
Submitted March 18, 2019 at 12:18PM by honoki
via reddit https://ift.tt/2JlfrCL
Honoki
RCE in Slanger, a Ruby implementation of Pusher
While researching a web application last February, I learned about Slanger, an open source server implementation of Pusher. In this post I describe the discovery of a critical RCE vulnerability in …
Exploiting OGNL Injection in Apache Struts
https://ift.tt/2Y1t1OU
Submitted March 18, 2019 at 02:44PM by nytrorst
via reddit https://ift.tt/2Fk2g15
https://ift.tt/2Y1t1OU
Submitted March 18, 2019 at 02:44PM by nytrorst
via reddit https://ift.tt/2Fk2g15
Pentest-Tools.com Blog
Exploiting OGNL Injection in Apache Struts
OGNL Injection attack explained. Learn to exploit OGNL Injection in Apache Struts
Top three tips for safeguarding your network when deploying IoT
https://ift.tt/2Oasshi
Submitted March 18, 2019 at 06:56PM by TheJCOEco
via reddit https://ift.tt/2O9GXSH
https://ift.tt/2Oasshi
Submitted March 18, 2019 at 06:56PM by TheJCOEco
via reddit https://ift.tt/2O9GXSH
Techerati
Top three tips for safeguarding your network when deploying IoT - Techerati
Many of the security vulnerabilities inherent to deploying IoT can be mitigated by utilising a SDP, parallel networks and encouraging collaboration.
Popular mouse Logitech M185 vulnerable to MouseJacking keystroke injections attack
https://ift.tt/2TGpJSK
Submitted March 18, 2019 at 08:10PM by s0pas
via reddit https://ift.tt/2Odmxbc
https://ift.tt/2TGpJSK
Submitted March 18, 2019 at 08:10PM by s0pas
via reddit https://ift.tt/2Odmxbc
Davidsopas
Popular wireless Logitech mouse vulnerable to keystroke injection | David Sopas - Web Security Researcher
One of the things that keeps me on the security path is the opportunity to learn new things each day. After seing the new update on Bettercap - which supports
CVE-2018-17057: yet another phar deserialization in TCPDF
https://ift.tt/2ucPPOk
Submitted March 17, 2019 at 11:14PM by polict
via reddit https://ift.tt/2TghMyK
https://ift.tt/2ucPPOk
Submitted March 17, 2019 at 11:14PM by polict
via reddit https://ift.tt/2TghMyK
polict.net
CVE-2018-17057
In TCPDF <= 6.2.19 it is possible to exploit a PHP Object Injection via malicious HTML code and potentially achieve Remote Code Execution (RCE).
PasteBin Treasure Hunter - DumpMon replacement
https://ift.tt/2FiaVjs
Submitted March 19, 2019 at 12:57AM by mjanmohammad
via reddit https://ift.tt/2HEN2Fq
https://ift.tt/2FiaVjs
Submitted March 19, 2019 at 12:57AM by mjanmohammad
via reddit https://ift.tt/2HEN2Fq
reddit
r/netsec - PasteBin Treasure Hunter - DumpMon replacement
0 votes and 1 comment so far on Reddit
Education and Science Giant Elsevier Left Users’ Passwords Exposed Online
https://ift.tt/2Od2ZDO
Submitted March 19, 2019 at 12:02AM by jeffrossisfat
via reddit https://ift.tt/2TKwiUs
https://ift.tt/2Od2ZDO
Submitted March 19, 2019 at 12:02AM by jeffrossisfat
via reddit https://ift.tt/2TKwiUs
Motherboard
Education and Science Giant Elsevier Left Users’ Passwords Exposed Online
Due a to a misconfigured server, a researcher found a constant stream of Elsevier users’ passwords.
IPv666 v0.3.0 is out now, with a cool 155,144% improved address discovery rate
Hey /r/netsec!My buddy and I have been hard at work improving our IPv666 tool kit. We just released a new version with a massively improved address prediction model and some cool fanning out strategies for finding adjacent IP addresses from initial "landing points" in the scanning process.We'd love your feedback! We've got a number of future improvements slotted but it's mostly coming from our own thoughts at this point!New code can be found in the v0.3.0 release:https://github.com/lavalamp-/ipv666/releases/tag/v0.3.0
Submitted March 18, 2019 at 10:35PM by but_im_made_of_lava
via reddit https://ift.tt/2OdIirB
Hey /r/netsec!My buddy and I have been hard at work improving our IPv666 tool kit. We just released a new version with a massively improved address prediction model and some cool fanning out strategies for finding adjacent IP addresses from initial "landing points" in the scanning process.We'd love your feedback! We've got a number of future improvements slotted but it's mostly coming from our own thoughts at this point!New code can be found in the v0.3.0 release:https://github.com/lavalamp-/ipv666/releases/tag/v0.3.0
Submitted March 18, 2019 at 10:35PM by but_im_made_of_lava
via reddit https://ift.tt/2OdIirB
GitHub
lavalamp-/ipv666
Golang IPv6 address enumeration. Contribute to lavalamp-/ipv666 development by creating an account on GitHub.