GitHub - righettod/poc-graphql: Research on GraphQL from an AppSec point of view.
https://ift.tt/2OCuMxP
Submitted April 01, 2019 at 05:22PM by Mempodipper
via reddit https://ift.tt/2FO7Skv
https://ift.tt/2OCuMxP
Submitted April 01, 2019 at 05:22PM by Mempodipper
via reddit https://ift.tt/2FO7Skv
GitHub
righettod/poc-graphql
Research on GraphQL from an AppSec point of view. Contribute to righettod/poc-graphql development by creating an account on GitHub.
MI5 agent caught selling Huawei exploits on Russian hacker forums
https://ift.tt/2WDAe6t
Submitted April 01, 2019 at 06:42PM by bigjew222
via reddit https://ift.tt/2uIVPhH
https://ift.tt/2WDAe6t
Submitted April 01, 2019 at 06:42PM by bigjew222
via reddit https://ift.tt/2uIVPhH
reddit
r/netsec - MI5 agent caught selling Huawei exploits on Russian hacker forums
0 votes and 0 comments so far on Reddit
How I hacked modern Vending Machines
https://ift.tt/2Oosfuj
Submitted April 01, 2019 at 08:12PM by HenrySeldon
via reddit https://ift.tt/2TMa6oe
https://ift.tt/2Oosfuj
Submitted April 01, 2019 at 08:12PM by HenrySeldon
via reddit https://ift.tt/2TMa6oe
Hacker Noon
How I hacked modern Vending Machines
“Hitting and kicking” the bundled App of their widest European distribution company.
How To Secure Apache From Clickjack attack using X-Frame-Options
https://ift.tt/2CNjYIF
Submitted April 01, 2019 at 09:16PM by lokendra15
via reddit https://ift.tt/2Um4q8M
https://ift.tt/2CNjYIF
Submitted April 01, 2019 at 09:16PM by lokendra15
via reddit https://ift.tt/2Um4q8M
Tutorials24x7
How To Secure Apache From Clickjack attack using X-Frame-Options
Explains the way to secure websites and web-based applications from Clickjacking hosted on Apache HTTP Server using the Header option X-Frame-Options.
What you see is not what you get: when homographs attack (full-chain homograph attack in Signal, Telegram and Tor Browser)
https://ift.tt/2CMdxpe
Submitted April 01, 2019 at 09:13PM by juliocesarfort
via reddit https://ift.tt/2JXXESs
https://ift.tt/2CMdxpe
Submitted April 01, 2019 at 09:13PM by juliocesarfort
via reddit https://ift.tt/2JXXESs
reddit
r/netsec - What you see is not what you get: when homographs attack (full-chain homograph attack in Signal, Telegram and Tor Browser)
0 votes and 0 comments so far on Reddit
One of our users requested a behind-the-scenes look at the ProtonVPN team in action. Our team answered.
https://ift.tt/2CPtnzd
Submitted April 01, 2019 at 11:43PM by ProtonMail
via reddit https://ift.tt/2UaKoyv
https://ift.tt/2CPtnzd
Submitted April 01, 2019 at 11:43PM by ProtonMail
via reddit https://ift.tt/2UaKoyv
reddit
r/ProtonVPN - One of our users requested a behind-the-scenes look at the ProtonVPN team in action. Our team answered.
39 votes and 4 comments so far on Reddit
[Tool] FireProx: Rotate IP addresses with every web request using an AWS API Gateway proxy
https://ift.tt/2I6N0WT
Submitted April 02, 2019 at 04:03AM by ustayready
via reddit https://ift.tt/2uFK1wI
https://ift.tt/2I6N0WT
Submitted April 02, 2019 at 04:03AM by ustayready
via reddit https://ift.tt/2uFK1wI
GitHub
ustayready/fireprox
AWS API Gateway management tool for creating on the fly HTTP pass-through proxies for unique IP rotation - ustayready/fireprox
Time protection: The missing OS abstraction
https://ift.tt/2VactTl
Submitted April 02, 2019 at 06:18AM by Gallus
via reddit https://ift.tt/2UnoZl8
https://ift.tt/2VactTl
Submitted April 02, 2019 at 06:18AM by Gallus
via reddit https://ift.tt/2UnoZl8
reddit
r/netsec - Time protection: The missing OS abstraction
0 votes and 0 comments so far on Reddit
Modmob – Using cheap tools and tricks to attack mobile devices in practice [pdf]
https://ift.tt/2JXjHbU
Submitted April 02, 2019 at 11:31AM by Gallus
via reddit https://ift.tt/2Uq8Hb8
https://ift.tt/2JXjHbU
Submitted April 02, 2019 at 11:31AM by Gallus
via reddit https://ift.tt/2Uq8Hb8
DNS Ping Scans via Open Resolvers
https://ift.tt/2Vjqf5O
Submitted April 02, 2019 at 11:12AM by hdmdh
via reddit https://ift.tt/2JYf1CS
https://ift.tt/2Vjqf5O
Submitted April 02, 2019 at 11:12AM by hdmdh
via reddit https://ift.tt/2JYf1CS
Critical Research
DNS Ping Scans via Open Resolvers
Our last post covered some of the ways that Rumble gathers information from DNS services.
While working on the tracer implementation, we identified a trick that other folks might find it useful. It turns out that most DNS resolvers
do not filter the address…
While working on the tracer implementation, we identified a trick that other folks might find it useful. It turns out that most DNS resolvers
do not filter the address…
ADB, Docker, And GHIDRA
https://ift.tt/2HTopG0
Submitted April 02, 2019 at 02:47PM by lawandordercandidate
via reddit https://ift.tt/2TS9Wvf
https://ift.tt/2HTopG0
Submitted April 02, 2019 at 02:47PM by lawandordercandidate
via reddit https://ift.tt/2TS9Wvf
menz-o-matic.com
ADB, Docker, And GHIDRA
Running GHIDRA inside a Docker container with Hearthstone APK file loaded.
Circumventing SSL Pinning in obfuscated apps with OkHttp
https://ift.tt/2uCKhgd
Submitted April 02, 2019 at 04:49PM by daanraman
via reddit https://ift.tt/2WIieYF
https://ift.tt/2uCKhgd
Submitted April 02, 2019 at 04:49PM by daanraman
via reddit https://ift.tt/2WIieYF
NVISO Labs
Circumventing SSL Pinning in obfuscated apps with OkHttp
TL;DR – There are many Android SSL pinning bypass noscripts available for Frida. However, those don’t always work on obfuscated applications. If the application uses OkHttp, there’s…
FileZilla 'fzsftp' Untrusted Search Path - Write-Up and Video PoC
https://ift.tt/2K02HC4
Submitted April 02, 2019 at 07:20PM by lynerc
via reddit https://ift.tt/2UszyDr
https://ift.tt/2K02HC4
Submitted April 02, 2019 at 07:20PM by lynerc
via reddit https://ift.tt/2UszyDr
Medium
FileZilla Untrusted Search Path
Targeting the user with a rogue binary
clong/DetectionLab: Vagrant & Packer noscripts to build a lab environment complete with security tooling and logging best practices
https://ift.tt/2yhynYw
Submitted April 02, 2019 at 08:41PM by digicat
via reddit https://ift.tt/2TOTts2
https://ift.tt/2yhynYw
Submitted April 02, 2019 at 08:41PM by digicat
via reddit https://ift.tt/2TOTts2
GitHub
GitHub - clong/DetectionLab: Automate the creation of a lab environment complete with security tooling and logging best practices
Automate the creation of a lab environment complete with security tooling and logging best practices - clong/DetectionLab
Apache HTTP Server privilege escalation from modules' noscripts (CVE-2019-0211)
https://ift.tt/2YRtyDM
Submitted April 02, 2019 at 10:19PM by 0xdea
via reddit https://ift.tt/2Veh46I
https://ift.tt/2YRtyDM
Submitted April 02, 2019 at 10:19PM by 0xdea
via reddit https://ift.tt/2Veh46I
httpd.apache.org
httpd 2.4 vulnerabilities - The Apache HTTP Server Project
Web Security Academy — Free Online Training by Portswigger
https://ift.tt/2UuGpMw
Submitted April 02, 2019 at 10:17PM by 0xdea
via reddit https://ift.tt/2CQlHN4
https://ift.tt/2UuGpMw
Submitted April 02, 2019 at 10:17PM by 0xdea
via reddit https://ift.tt/2CQlHN4
portswigger.net
Web Security Academy: Free Online Training from PortSwigger
The Web Security Academy is a free online training center for web application security, brought to you by PortSwigger. Create an account to get started.
Splitting atoms in XNU
https://ift.tt/2uDuOfN
Submitted April 02, 2019 at 07:22AM by QuirkySpiceBush
via reddit https://ift.tt/2Ic4xgJ
https://ift.tt/2uDuOfN
Submitted April 02, 2019 at 07:22AM by QuirkySpiceBush
via reddit https://ift.tt/2Ic4xgJ
reddit
Splitting atoms in XNU
Posted in r/netsec by u/QuirkySpiceBush • 9 points and 0 comments
GitHub - GoMet: Multi-platform implant written in Golang. TCP forwarding, socks5, tunneling, shell, download, exec
https://ift.tt/2YDDKjb
Submitted April 02, 2019 at 01:22AM by mimah35
via reddit https://ift.tt/2uEOAHI
https://ift.tt/2YDDKjb
Submitted April 02, 2019 at 01:22AM by mimah35
via reddit https://ift.tt/2uEOAHI
BSides Houston 2019 Call For Paper is Open
https://ift.tt/2FIjfsQ
Submitted April 02, 2019 at 11:17PM by Extremite
via reddit https://ift.tt/2I6IBU4
https://ift.tt/2FIjfsQ
Submitted April 02, 2019 at 11:17PM by Extremite
via reddit https://ift.tt/2I6IBU4
Introducing: KatzKatz a python tool to parse text files containing output from Mimikatz
https://ift.tt/2CPOvWa
Submitted April 03, 2019 at 12:24AM by GelosSnake
via reddit https://ift.tt/2OKojBa
https://ift.tt/2CPOvWa
Submitted April 03, 2019 at 12:24AM by GelosSnake
via reddit https://ift.tt/2OKojBa
GitHub
GitHub - xFreed0m/KatzKatz: Python3 noscript to parse txt files containing Mimikatz output
Python3 noscript to parse txt files containing Mimikatz output - GitHub - xFreed0m/KatzKatz: Python3 noscript to parse txt files containing Mimikatz output
Wizard Labs - Devlife Write-up by 0xRick
https://ift.tt/2VdQhrl
Submitted April 03, 2019 at 12:17AM by Ahm3d_H3sham
via reddit https://ift.tt/2FTqxv9
https://ift.tt/2VdQhrl
Submitted April 03, 2019 at 12:17AM by Ahm3d_H3sham
via reddit https://ift.tt/2FTqxv9
0xRick Owned Root !
Wizard Labs - Devlife
Quick Summary Hey guys this is my write-up about Devlife from Wizard Labs which is their second box to retire. Just like dummy it’s another easy box (Difficulty : 2/10) , It’s a linux box and its ip is 10.1.1.20 so let’s jump right in ! Nmap We will start…