Apple’s App-Site Association - The New robots.txt
http://bit.ly/2ULhPra
Submitted April 12, 2019 at 07:43PM by digicat
via reddit http://bit.ly/2VDKKug
http://bit.ly/2ULhPra
Submitted April 12, 2019 at 07:43PM by digicat
via reddit http://bit.ly/2VDKKug
ThreatIngestor: a flexible, config-driven framework for harvesting/managing threat intelligence.
http://bit.ly/2U95sRe
Submitted April 12, 2019 at 08:22PM by amusciano
via reddit http://bit.ly/2P7jdPn
http://bit.ly/2U95sRe
Submitted April 12, 2019 at 08:22PM by amusciano
via reddit http://bit.ly/2P7jdPn
GitHub
InQuest/ThreatIngestor
Extract and aggregate threat intelligence. Contribute to InQuest/ThreatIngestor development by creating an account on GitHub.
Credential stuffing attack - Gather information about leaked emails from Pastebin.
http://bit.ly/2P4ZMXH
Submitted April 13, 2019 at 12:09AM by Mysterii8
via reddit http://bit.ly/2VKGlGc
http://bit.ly/2P4ZMXH
Submitted April 13, 2019 at 12:09AM by Mysterii8
via reddit http://bit.ly/2VKGlGc
Medium
Advanced credential stuffing with PEPE
Collect info about email addresses from Pastebin dumps.
VirusTotal for Investigators
http://bit.ly/2KvvEWF
Submitted April 13, 2019 at 11:25AM by digicat
via reddit http://bit.ly/2PbWX7e
http://bit.ly/2KvvEWF
Submitted April 13, 2019 at 11:25AM by digicat
via reddit http://bit.ly/2PbWX7e
reddit
r/netsec - VirusTotal for Investigators
0 votes and 0 comments so far on Reddit
Hack The Box - Redcross Writeup by 0xdf
http://bit.ly/2X6Ccwj
Submitted April 13, 2019 at 08:54PM by Ipp
via reddit http://bit.ly/2VNPWvX
http://bit.ly/2X6Ccwj
Submitted April 13, 2019 at 08:54PM by Ipp
via reddit http://bit.ly/2VNPWvX
0xdf hacks stuff
HTB: RedCross
RedCross was a maze, with a lot to look at and multiple paths at each stage. I’ll start by enumerating a website, and showing two different ways to get a cookie to use to gain access to the admin panel. Then, I’ll get a shell on the box as penelope, either…
Hack The Box - RedCross write-up by 0xRick
http://bit.ly/2Iizdh7
Submitted April 13, 2019 at 08:54PM by Ahm3d_H3sham
via reddit http://bit.ly/2DfCtFU
http://bit.ly/2Iizdh7
Submitted April 13, 2019 at 08:54PM by Ahm3d_H3sham
via reddit http://bit.ly/2DfCtFU
0xRick Owned Root !
Hack The Box - RedCross
Quick Summary Hey guys today RedCross retired and here is my write-up about it. To get an initial shell on this box there are two ways , first one is to exploit an authenticated RCE which gives you a shell as www-data , then escalate to root. The second way…
New linux privilege Escalation techniques abusing sudo token
http://bit.ly/2KBt41x
Submitted April 13, 2019 at 08:35PM by chaign_c
via reddit http://bit.ly/2UWefKI
http://bit.ly/2KBt41x
Submitted April 13, 2019 at 08:35PM by chaign_c
via reddit http://bit.ly/2UWefKI
GitHub
nongiach/sudo_inject
[Linux] Two Privilege Escalation techniques abusing sudo token - nongiach/sudo_inject
Exploiting Apache Solr through OpenCMS
http://bit.ly/2vbESNv
Submitted April 13, 2019 at 10:13PM by smaury
via reddit http://bit.ly/2IscRc8
http://bit.ly/2vbESNv
Submitted April 13, 2019 at 10:13PM by smaury
via reddit http://bit.ly/2IscRc8
Shielder
Exploiting Apache Solr through OpenCMS - Shielder
Exploiting a known XXE in Apache Solr through OpenCMS handleSolrSelect, to read arbitrary files from the OpenCMS' server.
CVE-2019-8513: Command injection in macOS TimeMachine allows reliable local root privilege escalation exploit
http://bit.ly/2Xb896S
Submitted April 13, 2019 at 11:27PM by CodeColorist
via reddit http://bit.ly/2XaTrfQ
http://bit.ly/2Xb896S
Submitted April 13, 2019 at 11:27PM by CodeColorist
via reddit http://bit.ly/2XaTrfQ
Medium
Rootpipe Reborn Part I: CVE-2019–8513 TimeMachine root command injection
This writeup is for the command injection in TimeMachine diagnose extension, affects 10.12.x-10.14.3
Anatomy of the Triton Malware Attack.
http://bit.ly/2KDWBaH
Submitted April 14, 2019 at 12:13PM by hacktvist
via reddit http://bit.ly/2UAlGrF
http://bit.ly/2KDWBaH
Submitted April 14, 2019 at 12:13PM by hacktvist
via reddit http://bit.ly/2UAlGrF
CyberArk
Anatomy of the Triton Malware Attack | CyberArk
Schneider Electric SE recently fell victim to a breach of its safety system, which crippled operations at a critical infrastructure facility in the Middle East. It’s the first reported attack on a safety instrumented system...
Spectre Attacks: Exploiting Speculative Execution
http://bit.ly/2EORJIX
Submitted April 14, 2019 at 01:47PM by gotanyofthemexploits
via reddit http://bit.ly/2GdD8by
http://bit.ly/2EORJIX
Submitted April 14, 2019 at 01:47PM by gotanyofthemexploits
via reddit http://bit.ly/2GdD8by
Envoy CVE-2019-9900 and CVE-2019-9901
http://bit.ly/2UBprgn
Submitted April 14, 2019 at 03:53PM by reddit_read_today
via reddit http://bit.ly/2Darmhi
http://bit.ly/2UBprgn
Submitted April 14, 2019 at 03:53PM by reddit_read_today
via reddit http://bit.ly/2Darmhi
Twistlock
Unpacking Envoy Vulnerabilities (CVE-2019-9900 and CVE-2019-9901) and How it Impacts Istio | Twistlock
Recently 2 vulnerabilities in Envoy
P4wnP1 USB shell while evading Symantec detection features.
http://bit.ly/2UVwLTG
Submitted April 14, 2019 at 10:59PM by InitRoot
via reddit http://bit.ly/2KEUWSf
http://bit.ly/2UVwLTG
Submitted April 14, 2019 at 10:59PM by InitRoot
via reddit http://bit.ly/2KEUWSf
Medium
Simple AV Evasion Symantec and P4wnP1 USB
I’ve recently converted my sturdy Raspberry Pi Zero W to a bad USB using the P4wnP1 image and toolkit created my mame82. The ultimate goal…
Timing Attacks reviewed using Machine Learning
http://bit.ly/2VGpyE8
Submitted April 15, 2019 at 02:22AM by fleezenleger
via reddit http://bit.ly/2DhuLLj
http://bit.ly/2VGpyE8
Submitted April 15, 2019 at 02:22AM by fleezenleger
via reddit http://bit.ly/2DhuLLj
parzelsec.
Timing Attacks using Machine Learning
Timing analysis powered up by Gaussian Mixture Models to deal with noisy and small timing differences. This article analyzes, models and implements Timing Attacks using Machine Learning.
Quantum Cryptography
http://bit.ly/2Gp8nl9
Submitted April 15, 2019 at 09:22AM by gotanyofthemexploits
via reddit http://bit.ly/2Iw38BH
http://bit.ly/2Gp8nl9
Submitted April 15, 2019 at 09:22AM by gotanyofthemexploits
via reddit http://bit.ly/2Iw38BH
reddit
r/netsec - Quantum Cryptography
0 votes and 0 comments so far on Reddit
GitHub - realtho/PartyLoud: A simple tool to do several HTTP / HTTPS requests and simulate navigation
http://bit.ly/2IxGI2P
Submitted April 15, 2019 at 04:14PM by Tho_real
via reddit http://bit.ly/2GhrwUJ
http://bit.ly/2IxGI2P
Submitted April 15, 2019 at 04:14PM by Tho_real
via reddit http://bit.ly/2GhrwUJ
GitHub
realtho/PartyLoud
A simple tool to do several HTTP / HTTPS requests and simulate navigation - realtho/PartyLoud
CVE-2019-9730: Local Privilege Elevation in Synaptics Sound Device Driver (Write-Up + Exploit)
http://bit.ly/2UCzOAR
Submitted April 15, 2019 at 06:04PM by xVIoct
via reddit http://bit.ly/2Gcm85o
http://bit.ly/2UCzOAR
Submitted April 15, 2019 at 06:04PM by xVIoct
via reddit http://bit.ly/2Gcm85o
reddit
r/netsec - CVE-2019-9730: Local Privilege Elevation in Synaptics Sound Device Driver (Write-Up + Exploit)
0 votes and 0 comments so far on Reddit
Coerchck - PowerShell Script For Listing Local Admins - Blue Team
http://bit.ly/2Dfrdci
Submitted April 15, 2019 at 07:54PM by Evil1337
via reddit http://bit.ly/2VJMdzm
http://bit.ly/2Dfrdci
Submitted April 15, 2019 at 07:54PM by Evil1337
via reddit http://bit.ly/2VJMdzm
reddit
r/netsec - Coerchck - PowerShell Script For Listing Local Admins - Blue Team
0 votes and 0 comments so far on Reddit
Cobalt Strike Walkthrough - In Depth Post
http://bit.ly/2XhV2Rj
Submitted April 15, 2019 at 08:51PM by ZephrX112
via reddit http://bit.ly/2Ggyl99
http://bit.ly/2XhV2Rj
Submitted April 15, 2019 at 08:51PM by ZephrX112
via reddit http://bit.ly/2Ggyl99
Pentestpartners
Cobalt Strike. Walkthrough for Red Teamers | Pen Test Partners
What is Cobalt Strike? Raphael Mudge is the creator of Cobalt Strike (CS), around 2010 he released a tool noscriptd Armitage, which is described by wikipedia as a
The Outlook Winner is Dash
http://bit.ly/2v6oc9T
Submitted April 15, 2019 at 11:20PM by holyvier
via reddit http://bit.ly/2Uh78YR
http://bit.ly/2v6oc9T
Submitted April 15, 2019 at 11:20PM by holyvier
via reddit http://bit.ly/2Uh78YR
etticblog
The Outlook Winner is Dash
Abusing Office Groups
Adblock Plus filter lists may execute arbitrary code in web pages
http://bit.ly/2V1lst0
Submitted April 16, 2019 at 02:05AM by iamapizza
via reddit http://bit.ly/2v8Ry7M
http://bit.ly/2V1lst0
Submitted April 16, 2019 at 02:05AM by iamapizza
via reddit http://bit.ly/2v8Ry7M
armin.dev
Adblock Plus filter lists may execute arbitrary code in web pages
A new version of Adblock Plus was released on July 17, 2018. Version 3.2 introduced a new filter option for rewriting requests. A day later AdBlock followed suit and released support for the new filter option. uBlock, being owned by AdBlock, also implemented…