ShadowHammer MAC Address List
https://ift.tt/2TDRTsQ
Submitted March 29, 2019 at 04:48PM by ga-vu
via reddit https://ift.tt/2uE7X3v
https://ift.tt/2TDRTsQ
Submitted March 29, 2019 at 04:48PM by ga-vu
via reddit https://ift.tt/2uE7X3v
Skylightcyber
Skylight Cyber | Unleash The Hash
Get the [almost] full list of MAC addresses that were targeted in the ASUS breach, and share our pain in the short story of extracting them.
An in-depth analysis of Magecart skimming noscripts
https://ift.tt/2TJ1Fdg
Submitted March 29, 2019 at 06:54PM by ThisIsLibra
via reddit https://ift.tt/2WwVvyu
https://ift.tt/2TJ1Fdg
Submitted March 29, 2019 at 06:54PM by ThisIsLibra
via reddit https://ift.tt/2WwVvyu
reddit
r/netsec - An in-depth analysis of Magecart skimming noscripts
0 votes and 0 comments so far on Reddit
Intel VISA: Through the Rabbit Hole
https://ift.tt/2V4KJza
Submitted March 29, 2019 at 09:13PM by Pokaw0
via reddit https://ift.tt/2Ovt3KA
https://ift.tt/2V4KJza
Submitted March 29, 2019 at 09:13PM by Pokaw0
via reddit https://ift.tt/2Ovt3KA
Blackhat
Black Hat Asia 2019
Vulncode-DB - A vulnerable code database | Security Research
https://ift.tt/2FNVQGD
Submitted March 29, 2019 at 10:29PM by phisch90
via reddit https://ift.tt/2U2aDr3
https://ift.tt/2FNVQGD
Submitted March 29, 2019 at 10:29PM by phisch90
via reddit https://ift.tt/2U2aDr3
reddit
r/netsec - Vulncode-DB - A vulnerable code database | Security Research
0 votes and 0 comments so far on Reddit
8,000+ Cisco RV320/RV325 routers are leaking their entire configuration file, including admin credentials, to the public internet.
https://ift.tt/2U5yFl1
Submitted March 30, 2019 at 01:34AM by bad_packets
via reddit https://ift.tt/2YsQnNI
https://ift.tt/2U5yFl1
Submitted March 30, 2019 at 01:34AM by bad_packets
via reddit https://ift.tt/2YsQnNI
badpackets.net
Over 9,000 Cisco RV320/RV325 routers are vulnerable to CVE-2019-1653
On Friday, January 25, 2019, our honeypots detected opportunistic scanning activity from multiple hosts targeting Cisco Small Business RV320 and RV325 routers. A vulnerability exists in these routers that allow remote unauthenticated information disclosure…
New TLS Padding Oracle Scanner (padcheck)
https://ift.tt/2U32P8q
Submitted March 30, 2019 at 04:43AM by KernelJay
via reddit https://ift.tt/2OzAErz
https://ift.tt/2U32P8q
Submitted March 30, 2019 at 04:43AM by KernelJay
via reddit https://ift.tt/2OzAErz
GitHub
Tripwire/padcheck
TLS CBC Padding Oracle Checker. Contribute to Tripwire/padcheck development by creating an account on GitHub.
Hack The Box - Curling Write-up by 0xRick
https://ift.tt/2V1iHol
Submitted March 30, 2019 at 08:36PM by Ahm3d_H3sham
via reddit https://ift.tt/2CJiA9W
https://ift.tt/2V1iHol
Submitted March 30, 2019 at 08:36PM by Ahm3d_H3sham
via reddit https://ift.tt/2CJiA9W
0xRick Owned Root !
Hack The Box - Curling
Quick Summary Hey guys today Curling retired and here is my write-up about it. I had a lot of fun doing this box as it was easy and simple. Also it was straightforward , no rabbit holes and such things. It’s a linux box and its ip is 10.10.10.150 I added…
Vulnserver LTER SEH Continued (Part 2)
https://ift.tt/2UcPKJ5
Submitted March 30, 2019 at 09:05PM by doylersec
via reddit https://ift.tt/2HP9JaV
https://ift.tt/2UcPKJ5
Submitted March 30, 2019 at 09:05PM by doylersec
via reddit https://ift.tt/2HP9JaV
doyler.net
Vulnserver LTER SEH Continued (Part 2) | doyler.net
This post will conclude my Vulnserver LTER SEH exploit. Vulnserver LTER SEH - Part 2 If you haven't read Part 1 yet, then I recommend you start there. That said, I last left off with a newly generated reverse shell … Continue reading →
PoC || GTFO 0x19 (Github Mirror)
https://ift.tt/2WBMjZT
Submitted March 30, 2019 at 11:32PM by netsecfriends
via reddit https://ift.tt/2HOq1Rc
https://ift.tt/2WBMjZT
Submitted March 30, 2019 at 11:32PM by netsecfriends
via reddit https://ift.tt/2HOq1Rc
GitHub
pocorgtfo/README.md at master · angea/pocorgtfo
a "Proof of Concept or GTFO" mirror with extra article index, direct links and clean PDFs. - pocorgtfo/README.md at master · angea/pocorgtfo
Exodus: New Android Spyware Made in Italy
https://ift.tt/2U5VdSz
Submitted March 31, 2019 at 01:40PM by fo0
via reddit https://ift.tt/2OAoLlf
https://ift.tt/2U5VdSz
Submitted March 31, 2019 at 01:40PM by fo0
via reddit https://ift.tt/2OAoLlf
Kubernetes (kubectl) directory traversal vulnerability due to insufficient fix - CVE-2019-1002101
https://ift.tt/2I7WJMC
Submitted March 31, 2019 at 02:02PM by reddit_read_today
via reddit https://ift.tt/2U5rlpy
https://ift.tt/2I7WJMC
Submitted March 31, 2019 at 02:02PM by reddit_read_today
via reddit https://ift.tt/2U5rlpy
Twistlock
Disclosing a directory traversal vulnerability in Kubernetes copy - CVE-2019-1002101 | Twistlock
Preface On March 4, I reported a security vulnerability in kubectl to the Kubernetes and OpenShift security teams, which was assigned CVE-2019-1002101. This post explains the discovery process, the vulnerability details and its impact and exploitation methods.…
CommandoVM - a fully customized, Windows-based security distribution for penetration testing and red teaming
https://ift.tt/2YyHHpe
Submitted March 31, 2019 at 02:49PM by Titokhan
via reddit https://ift.tt/2WCggsz
https://ift.tt/2YyHHpe
Submitted March 31, 2019 at 02:49PM by Titokhan
via reddit https://ift.tt/2WCggsz
GitHub
fireeye/commando-vm
Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@fireeye.com - fireeye/commando-vm
The Journey to Try Harder: TJNull’s Preparation Guide for PWK/OSCP
https://ift.tt/2CLZkZf
Submitted March 31, 2019 at 08:44PM by xaocuc
via reddit https://ift.tt/2uzq1vO
https://ift.tt/2CLZkZf
Submitted March 31, 2019 at 08:44PM by xaocuc
via reddit https://ift.tt/2uzq1vO
NetSec Focus
The Journey to Try Harder: TJNull’s Preparation Guide for PWK/OSCP
Table of Contents: Overview Dedication A Word of Warning! Section 1: Getting Comfortable with Kali Linux Section 2: Essential Tools in Kali Section 3: Passive Reconnaissance Section 4: Active Reconnaissance Section 5: Vulnerability Scanning Section 6: Buffer…
A Trinity of Shellcode, AES & Go - @syscall59
https://ift.tt/2FLqznI
Submitted March 31, 2019 at 10:18PM by h41zum
via reddit https://ift.tt/2Uje7F0
https://ift.tt/2FLqznI
Submitted March 31, 2019 at 10:18PM by h41zum
via reddit https://ift.tt/2Uje7F0
Medium
A Trinity of Shellcode, AES & Go
Writing a shellcode AES crypter using Go
Blue ATT&CK: Mapping your blue team to ATT&CK
https://ift.tt/2uCDvXD
Submitted March 31, 2019 at 11:45PM by digicat
via reddit https://ift.tt/2HRzJlL
https://ift.tt/2uCDvXD
Submitted March 31, 2019 at 11:45PM by digicat
via reddit https://ift.tt/2HRzJlL
reddit
r/blueteamsec - Blue ATT&CK: Mapping your blue team to ATT&CK
0 votes and 1 comment so far on Reddit
The /r/netsec Monthly Discussion Thread - April 2019
OverviewQuestions regarding netsec and discussion related directly to netsec are welcome here.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on /r/netsec.As always, the content & discussion guidelines should also be observed on /r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted April 01, 2019 at 10:06AM by AutoModerator
via reddit https://ift.tt/2JVf9TC
OverviewQuestions regarding netsec and discussion related directly to netsec are welcome here.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on /r/netsec.As always, the content & discussion guidelines should also be observed on /r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted April 01, 2019 at 10:06AM by AutoModerator
via reddit https://ift.tt/2JVf9TC
Reddit
Technical Information Security Content & Discussion
/r/netsec is a community-curated aggregator of technical information security content. Our mission is to extract signal from the noise — to provide value to security practitioners, students, researchers, and hackers everywhere.
Exploiting signed bootloaders to circumvent UEFI Secure Boot
https://ift.tt/2FTi0Hx
Submitted April 01, 2019 at 04:27PM by atomlib_com
via reddit https://ift.tt/2TPXCf2
https://ift.tt/2FTi0Hx
Submitted April 01, 2019 at 04:27PM by atomlib_com
via reddit https://ift.tt/2TPXCf2
Habr
Exploiting signed bootloaders to circumvent UEFI Secure Boot
Modern PC motherboards' firmware follow UEFI specification since 2010. In 2013, a new technology called Secure Boot appeared, intended to prevent bootkits from...
Exploiting signed bootloaders to circumvent UEFI Secure Boot
https://ift.tt/2Vc2LzQ
Submitted April 01, 2019 at 03:57PM by ValdikSS
via reddit https://ift.tt/2TPw4Xv
https://ift.tt/2Vc2LzQ
Submitted April 01, 2019 at 03:57PM by ValdikSS
via reddit https://ift.tt/2TPw4Xv
Habr
Exploiting signed bootloaders to circumvent UEFI Secure Boot
Modern PC motherboards' firmware follow UEFI specification since 2010. In 2013, a new technology called Secure Boot appeared, intended to prevent bootkits from...
Security alert: pipdig insecure, DDoSing competitors
https://ift.tt/2UtfMYJ
Submitted April 01, 2019 at 02:55PM by hacktvist
via reddit https://ift.tt/2YymI5M
https://ift.tt/2UtfMYJ
Submitted April 01, 2019 at 02:55PM by hacktvist
via reddit https://ift.tt/2YymI5M
Jem - UK blogger
Security alert: pipdig insecure, DDoSing competitors - Jem - UK blogger
I love WordPress. I make my living from it. It’s no exaggeration to say that developing WordPress websites has changed my life: it provides me with an income that pays my mortgage and feeds my babies. However, every now and again something happens in the……
Hack yourself into Tomorrowland! #BugBounty #intigriti
https://ift.tt/2FNEnyX
Submitted April 01, 2019 at 05:42PM by SirDevastator
via reddit https://ift.tt/2WEGA5E
https://ift.tt/2FNEnyX
Submitted April 01, 2019 at 05:42PM by SirDevastator
via reddit https://ift.tt/2WEGA5E
Intigriti
intigriti - ethical hacking and managed bug bounty platform
intigriti provides an ethical hacking and bug bounty platform to identify and tackle vulnerabilities. Our bug bounty programs facilitate to test online security through using crowd security researchers with a strong focus on Europe
GitHub - righettod/poc-graphql: Research on GraphQL from an AppSec point of view.
https://ift.tt/2OCuMxP
Submitted April 01, 2019 at 05:22PM by Mempodipper
via reddit https://ift.tt/2FO7Skv
https://ift.tt/2OCuMxP
Submitted April 01, 2019 at 05:22PM by Mempodipper
via reddit https://ift.tt/2FO7Skv
GitHub
righettod/poc-graphql
Research on GraphQL from an AppSec point of view. Contribute to righettod/poc-graphql development by creating an account on GitHub.