Exploiting OGNL Injection in Apache Struts
https://ift.tt/2Y1t1OU
Submitted March 18, 2019 at 02:44PM by nytrorst
via reddit https://ift.tt/2Fk2g15
https://ift.tt/2Y1t1OU
Submitted March 18, 2019 at 02:44PM by nytrorst
via reddit https://ift.tt/2Fk2g15
Pentest-Tools.com Blog
Exploiting OGNL Injection in Apache Struts
OGNL Injection attack explained. Learn to exploit OGNL Injection in Apache Struts
Top three tips for safeguarding your network when deploying IoT
https://ift.tt/2Oasshi
Submitted March 18, 2019 at 06:56PM by TheJCOEco
via reddit https://ift.tt/2O9GXSH
https://ift.tt/2Oasshi
Submitted March 18, 2019 at 06:56PM by TheJCOEco
via reddit https://ift.tt/2O9GXSH
Techerati
Top three tips for safeguarding your network when deploying IoT - Techerati
Many of the security vulnerabilities inherent to deploying IoT can be mitigated by utilising a SDP, parallel networks and encouraging collaboration.
Popular mouse Logitech M185 vulnerable to MouseJacking keystroke injections attack
https://ift.tt/2TGpJSK
Submitted March 18, 2019 at 08:10PM by s0pas
via reddit https://ift.tt/2Odmxbc
https://ift.tt/2TGpJSK
Submitted March 18, 2019 at 08:10PM by s0pas
via reddit https://ift.tt/2Odmxbc
Davidsopas
Popular wireless Logitech mouse vulnerable to keystroke injection | David Sopas - Web Security Researcher
One of the things that keeps me on the security path is the opportunity to learn new things each day. After seing the new update on Bettercap - which supports
CVE-2018-17057: yet another phar deserialization in TCPDF
https://ift.tt/2ucPPOk
Submitted March 17, 2019 at 11:14PM by polict
via reddit https://ift.tt/2TghMyK
https://ift.tt/2ucPPOk
Submitted March 17, 2019 at 11:14PM by polict
via reddit https://ift.tt/2TghMyK
polict.net
CVE-2018-17057
In TCPDF <= 6.2.19 it is possible to exploit a PHP Object Injection via malicious HTML code and potentially achieve Remote Code Execution (RCE).
PasteBin Treasure Hunter - DumpMon replacement
https://ift.tt/2FiaVjs
Submitted March 19, 2019 at 12:57AM by mjanmohammad
via reddit https://ift.tt/2HEN2Fq
https://ift.tt/2FiaVjs
Submitted March 19, 2019 at 12:57AM by mjanmohammad
via reddit https://ift.tt/2HEN2Fq
reddit
r/netsec - PasteBin Treasure Hunter - DumpMon replacement
0 votes and 1 comment so far on Reddit
Education and Science Giant Elsevier Left Users’ Passwords Exposed Online
https://ift.tt/2Od2ZDO
Submitted March 19, 2019 at 12:02AM by jeffrossisfat
via reddit https://ift.tt/2TKwiUs
https://ift.tt/2Od2ZDO
Submitted March 19, 2019 at 12:02AM by jeffrossisfat
via reddit https://ift.tt/2TKwiUs
Motherboard
Education and Science Giant Elsevier Left Users’ Passwords Exposed Online
Due a to a misconfigured server, a researcher found a constant stream of Elsevier users’ passwords.
IPv666 v0.3.0 is out now, with a cool 155,144% improved address discovery rate
Hey /r/netsec!My buddy and I have been hard at work improving our IPv666 tool kit. We just released a new version with a massively improved address prediction model and some cool fanning out strategies for finding adjacent IP addresses from initial "landing points" in the scanning process.We'd love your feedback! We've got a number of future improvements slotted but it's mostly coming from our own thoughts at this point!New code can be found in the v0.3.0 release:https://github.com/lavalamp-/ipv666/releases/tag/v0.3.0
Submitted March 18, 2019 at 10:35PM by but_im_made_of_lava
via reddit https://ift.tt/2OdIirB
Hey /r/netsec!My buddy and I have been hard at work improving our IPv666 tool kit. We just released a new version with a massively improved address prediction model and some cool fanning out strategies for finding adjacent IP addresses from initial "landing points" in the scanning process.We'd love your feedback! We've got a number of future improvements slotted but it's mostly coming from our own thoughts at this point!New code can be found in the v0.3.0 release:https://github.com/lavalamp-/ipv666/releases/tag/v0.3.0
Submitted March 18, 2019 at 10:35PM by but_im_made_of_lava
via reddit https://ift.tt/2OdIirB
GitHub
lavalamp-/ipv666
Golang IPv6 address enumeration. Contribute to lavalamp-/ipv666 development by creating an account on GitHub.
Hamburglar: collect useful information from urls, directories, and files - yara and regex capable
https://ift.tt/2mjIRTI
Submitted March 19, 2019 at 03:37AM by amusciano
via reddit https://ift.tt/2Y7Xuv4
https://ift.tt/2mjIRTI
Submitted March 19, 2019 at 03:37AM by amusciano
via reddit https://ift.tt/2Y7Xuv4
GitHub
needmorecowbell/Hamburglar
Hamburglar -- collect useful information from urls, directories, and files - needmorecowbell/Hamburglar
GitHub - jesusprubio/awesome-nodejs-pentest: Delightful Node.js packages useful for penetration testing, exploiting, reverse engineer, cryptography ...
https://ift.tt/2SYFEXw
Submitted March 19, 2019 at 03:24AM by jesusprubio
via reddit https://ift.tt/2HqsfGc
https://ift.tt/2SYFEXw
Submitted March 19, 2019 at 03:24AM by jesusprubio
via reddit https://ift.tt/2HqsfGc
GitHub
jesusprubio/awesome-nodejs-pentest
☠️ Delightful Node.js packages useful for penetration testing, exploiting, reverse engineer, cryptography ... - jesusprubio/awesome-nodejs-pentest
Monsters in the Middleboxes: Introducing Two New Tools for Detecting HTTPS Interception
https://ift.tt/2TYScm0
Submitted March 19, 2019 at 04:31AM by Pokaw0
via reddit https://ift.tt/2uenK96
https://ift.tt/2TYScm0
Submitted March 19, 2019 at 04:31AM by Pokaw0
via reddit https://ift.tt/2uenK96
The Cloudflare Blog
Monsters in the Middleboxes: Introducing Two New Tools for Detecting HTTPS Interception
The practice of HTTPS interception continues to be commonplace on the Internet. This blog post discusses types of monster-in-the-middle devices and software, and how to detect them.
Writing a Custom Shellcode Encoder
https://ift.tt/2FkrmN4
Submitted March 19, 2019 at 06:13AM by h41zum
via reddit https://ift.tt/2TJwF1G
https://ift.tt/2FkrmN4
Submitted March 19, 2019 at 06:13AM by h41zum
via reddit https://ift.tt/2TJwF1G
Medium
Writing a Custom Shellcode Encoder
An example of how to write a custom encoder and decoder in plain assembly.
Discovering a zero day and getting code execution on Mozilla's AWS Network
https://ift.tt/2TNEYcE
Submitted March 19, 2019 at 06:12AM by Mempodipper
via reddit https://ift.tt/2FchRyn
https://ift.tt/2TNEYcE
Submitted March 19, 2019 at 06:12AM by Mempodipper
via reddit https://ift.tt/2FchRyn
reddit
r/netsec - Discovering a zero day and getting code execution on Mozilla's AWS Network
0 votes and 0 comments so far on Reddit
WhoAreThey - enum org and personal social profiles
https://ift.tt/2JnpE1I
Submitted March 19, 2019 at 03:40PM by _pdp_
via reddit https://ift.tt/2UEIAdy
https://ift.tt/2JnpE1I
Submitted March 19, 2019 at 03:40PM by _pdp_
via reddit https://ift.tt/2UEIAdy
GitHub
pownjs/pown-whoarethey
Contribute to pownjs/pown-whoarethey development by creating an account on GitHub.
Command & Control Tool: Pupy
https://ift.tt/2Y6EvRr
Submitted March 19, 2019 at 04:28PM by xaocuc
via reddit https://ift.tt/2JlWCPT
https://ift.tt/2Y6EvRr
Submitted March 19, 2019 at 04:28PM by xaocuc
via reddit https://ift.tt/2JlWCPT
Hacking Articles
Command & Control Tool: Pupy
In this article, we will learn to exploit Windows, Linux and Android with pupy command and control tool. Table of Content : Introduction Installation Windows Exploitation Windows Post Exploitation Linux Exploitation Linux Post Exploitation Android Exploitation…
Digital Forensics Tips&Tricks: How to Detect an Intruder-driven Group Policy Changes
https://ift.tt/2CpjQ1S
Submitted March 19, 2019 at 06:22PM by atomlib_com
via reddit https://ift.tt/2Fn0mg2
https://ift.tt/2CpjQ1S
Submitted March 19, 2019 at 06:22PM by atomlib_com
via reddit https://ift.tt/2Fn0mg2
Habr
Digital Forensics Tips&Tricks: How to Detect an Intruder-driven Group Policy Changes
First of all let's remember a standart group policy precedence: Local — Site — Domain — Organisation Unit (LSDOU). From less specific level to more specific. It...
Appraisals, Kibana & Hardening — Exposing 20,000 Property Appraisal Records, Then Making our own ELK Stack About Unsecured ELK Stacks
https://ift.tt/2Crrvga
Submitted March 19, 2019 at 06:37PM by elliott954
via reddit https://ift.tt/2HuBxB6
https://ift.tt/2Crrvga
Submitted March 19, 2019 at 06:37PM by elliott954
via reddit https://ift.tt/2HuBxB6
Medium
Appraisals, Kibana & Hardening — Exposing 20,000 Property Appraisal Records, Then Making our own Secured ELK Stack about Unsecured…
So, I have a deep love when it comes down to Kibana personally. Since I started using it around 2 years ago since the start of my job I…
How malvertiser "VeryMal" abused Firebase to conceal and smuggle their payload.
https://ift.tt/2Fcze2a
Submitted March 19, 2019 at 08:04PM by eliya_confiant
via reddit https://ift.tt/2Jn6Was
https://ift.tt/2Fcze2a
Submitted March 19, 2019 at 08:04PM by eliya_confiant
via reddit https://ift.tt/2Jn6Was
Confiant
Shlayer Purveyor VeryMal Renounces Steganography In Favor Of Google Firebase As Malvertisers Shift Towards Subtle Payloads
On January 23rd, we published a detailed report in collaboration with Malwarebytes concerning a prolific and persistent malvertiser that…
A peek inside the Nuki Smart Lock
https://ift.tt/2VP08nj
Submitted March 19, 2019 at 09:09PM by picomputerclub
via reddit https://ift.tt/2uozQNf
https://ift.tt/2VP08nj
Submitted March 19, 2019 at 09:09PM by picomputerclub
via reddit https://ift.tt/2uozQNf
314159.xyz
A peek inside the Nuki Smart Lock
Nuki provides an electronic smart lock that integrates with existing keys and cylinders by simply being mount on top of them. It offers Bluetooth connectivity and can be accessed online with the help of a bridge device which connects to the local wireless…
Ransomware Fighter Lives in Fear for his Life
https://ift.tt/2TOMVhE
Submitted March 19, 2019 at 10:02PM by ilamont
via reddit https://ift.tt/2TgSUXx
https://ift.tt/2TOMVhE
Submitted March 19, 2019 at 10:02PM by ilamont
via reddit https://ift.tt/2TgSUXx
Security Boulevard
Ransomware Fighter Lives in Fear for his Life - Security Boulevard
Ransomware cracker Fabian Wosar lives in hiding because of the threats and abuse he receives from those whose code he cracks.
Development of a new Windows 10 KASLR Bypass (in One WinDBG Command)
https://ift.tt/2ThcfrN
Submitted March 19, 2019 at 10:42PM by got_nations
via reddit https://ift.tt/2HBqcPZ
https://ift.tt/2ThcfrN
Submitted March 19, 2019 at 10:42PM by got_nations
via reddit https://ift.tt/2HBqcPZ
Offensive-Security
Development of a new Windows 10 KASLR Bypass (in One WinDBG Command)
Over the last five years, there has been a massive increase related to security research into Window kernel exploitation and during this same time period, Microsoft have also mitigated multiple exploitation techniques. While a steady stream of kernel exploitation…
IPv6 unmasking via UPnP
https://ift.tt/2FblCEh
Submitted March 20, 2019 at 01:28AM by gquere
via reddit https://ift.tt/2ukEsnb
https://ift.tt/2FblCEh
Submitted March 20, 2019 at 01:28AM by gquere
via reddit https://ift.tt/2ukEsnb
Cisco Talos Blog
IPv6 unmasking via UPnP
Talos intelligence and world-class threat research team better protects you and your organization against known and emerging cybersecurity threats.