Exploiting Apache Solr through OpenCMS
http://bit.ly/2vbESNv
Submitted April 13, 2019 at 10:13PM by smaury
via reddit http://bit.ly/2IscRc8
http://bit.ly/2vbESNv
Submitted April 13, 2019 at 10:13PM by smaury
via reddit http://bit.ly/2IscRc8
Shielder
Exploiting Apache Solr through OpenCMS - Shielder
Exploiting a known XXE in Apache Solr through OpenCMS handleSolrSelect, to read arbitrary files from the OpenCMS' server.
CVE-2019-8513: Command injection in macOS TimeMachine allows reliable local root privilege escalation exploit
http://bit.ly/2Xb896S
Submitted April 13, 2019 at 11:27PM by CodeColorist
via reddit http://bit.ly/2XaTrfQ
http://bit.ly/2Xb896S
Submitted April 13, 2019 at 11:27PM by CodeColorist
via reddit http://bit.ly/2XaTrfQ
Medium
Rootpipe Reborn Part I: CVE-2019–8513 TimeMachine root command injection
This writeup is for the command injection in TimeMachine diagnose extension, affects 10.12.x-10.14.3
Anatomy of the Triton Malware Attack.
http://bit.ly/2KDWBaH
Submitted April 14, 2019 at 12:13PM by hacktvist
via reddit http://bit.ly/2UAlGrF
http://bit.ly/2KDWBaH
Submitted April 14, 2019 at 12:13PM by hacktvist
via reddit http://bit.ly/2UAlGrF
CyberArk
Anatomy of the Triton Malware Attack | CyberArk
Schneider Electric SE recently fell victim to a breach of its safety system, which crippled operations at a critical infrastructure facility in the Middle East. It’s the first reported attack on a safety instrumented system...
Spectre Attacks: Exploiting Speculative Execution
http://bit.ly/2EORJIX
Submitted April 14, 2019 at 01:47PM by gotanyofthemexploits
via reddit http://bit.ly/2GdD8by
http://bit.ly/2EORJIX
Submitted April 14, 2019 at 01:47PM by gotanyofthemexploits
via reddit http://bit.ly/2GdD8by
Envoy CVE-2019-9900 and CVE-2019-9901
http://bit.ly/2UBprgn
Submitted April 14, 2019 at 03:53PM by reddit_read_today
via reddit http://bit.ly/2Darmhi
http://bit.ly/2UBprgn
Submitted April 14, 2019 at 03:53PM by reddit_read_today
via reddit http://bit.ly/2Darmhi
Twistlock
Unpacking Envoy Vulnerabilities (CVE-2019-9900 and CVE-2019-9901) and How it Impacts Istio | Twistlock
Recently 2 vulnerabilities in Envoy
P4wnP1 USB shell while evading Symantec detection features.
http://bit.ly/2UVwLTG
Submitted April 14, 2019 at 10:59PM by InitRoot
via reddit http://bit.ly/2KEUWSf
http://bit.ly/2UVwLTG
Submitted April 14, 2019 at 10:59PM by InitRoot
via reddit http://bit.ly/2KEUWSf
Medium
Simple AV Evasion Symantec and P4wnP1 USB
I’ve recently converted my sturdy Raspberry Pi Zero W to a bad USB using the P4wnP1 image and toolkit created my mame82. The ultimate goal…
Timing Attacks reviewed using Machine Learning
http://bit.ly/2VGpyE8
Submitted April 15, 2019 at 02:22AM by fleezenleger
via reddit http://bit.ly/2DhuLLj
http://bit.ly/2VGpyE8
Submitted April 15, 2019 at 02:22AM by fleezenleger
via reddit http://bit.ly/2DhuLLj
parzelsec.
Timing Attacks using Machine Learning
Timing analysis powered up by Gaussian Mixture Models to deal with noisy and small timing differences. This article analyzes, models and implements Timing Attacks using Machine Learning.
Quantum Cryptography
http://bit.ly/2Gp8nl9
Submitted April 15, 2019 at 09:22AM by gotanyofthemexploits
via reddit http://bit.ly/2Iw38BH
http://bit.ly/2Gp8nl9
Submitted April 15, 2019 at 09:22AM by gotanyofthemexploits
via reddit http://bit.ly/2Iw38BH
reddit
r/netsec - Quantum Cryptography
0 votes and 0 comments so far on Reddit
GitHub - realtho/PartyLoud: A simple tool to do several HTTP / HTTPS requests and simulate navigation
http://bit.ly/2IxGI2P
Submitted April 15, 2019 at 04:14PM by Tho_real
via reddit http://bit.ly/2GhrwUJ
http://bit.ly/2IxGI2P
Submitted April 15, 2019 at 04:14PM by Tho_real
via reddit http://bit.ly/2GhrwUJ
GitHub
realtho/PartyLoud
A simple tool to do several HTTP / HTTPS requests and simulate navigation - realtho/PartyLoud
CVE-2019-9730: Local Privilege Elevation in Synaptics Sound Device Driver (Write-Up + Exploit)
http://bit.ly/2UCzOAR
Submitted April 15, 2019 at 06:04PM by xVIoct
via reddit http://bit.ly/2Gcm85o
http://bit.ly/2UCzOAR
Submitted April 15, 2019 at 06:04PM by xVIoct
via reddit http://bit.ly/2Gcm85o
reddit
r/netsec - CVE-2019-9730: Local Privilege Elevation in Synaptics Sound Device Driver (Write-Up + Exploit)
0 votes and 0 comments so far on Reddit
Coerchck - PowerShell Script For Listing Local Admins - Blue Team
http://bit.ly/2Dfrdci
Submitted April 15, 2019 at 07:54PM by Evil1337
via reddit http://bit.ly/2VJMdzm
http://bit.ly/2Dfrdci
Submitted April 15, 2019 at 07:54PM by Evil1337
via reddit http://bit.ly/2VJMdzm
reddit
r/netsec - Coerchck - PowerShell Script For Listing Local Admins - Blue Team
0 votes and 0 comments so far on Reddit
Cobalt Strike Walkthrough - In Depth Post
http://bit.ly/2XhV2Rj
Submitted April 15, 2019 at 08:51PM by ZephrX112
via reddit http://bit.ly/2Ggyl99
http://bit.ly/2XhV2Rj
Submitted April 15, 2019 at 08:51PM by ZephrX112
via reddit http://bit.ly/2Ggyl99
Pentestpartners
Cobalt Strike. Walkthrough for Red Teamers | Pen Test Partners
What is Cobalt Strike? Raphael Mudge is the creator of Cobalt Strike (CS), around 2010 he released a tool noscriptd Armitage, which is described by wikipedia as a
The Outlook Winner is Dash
http://bit.ly/2v6oc9T
Submitted April 15, 2019 at 11:20PM by holyvier
via reddit http://bit.ly/2Uh78YR
http://bit.ly/2v6oc9T
Submitted April 15, 2019 at 11:20PM by holyvier
via reddit http://bit.ly/2Uh78YR
etticblog
The Outlook Winner is Dash
Abusing Office Groups
Adblock Plus filter lists may execute arbitrary code in web pages
http://bit.ly/2V1lst0
Submitted April 16, 2019 at 02:05AM by iamapizza
via reddit http://bit.ly/2v8Ry7M
http://bit.ly/2V1lst0
Submitted April 16, 2019 at 02:05AM by iamapizza
via reddit http://bit.ly/2v8Ry7M
armin.dev
Adblock Plus filter lists may execute arbitrary code in web pages
A new version of Adblock Plus was released on July 17, 2018. Version 3.2 introduced a new filter option for rewriting requests. A day later AdBlock followed suit and released support for the new filter option. uBlock, being owned by AdBlock, also implemented…
How does Tor really work? An in-depth guide
http://bit.ly/2XgLFRP
Submitted April 16, 2019 at 04:14AM by bbno3
via reddit http://bit.ly/2IpUFRg
http://bit.ly/2XgLFRP
Submitted April 16, 2019 at 04:14AM by bbno3
via reddit http://bit.ly/2IpUFRg
Brandon Skerritt
How does Tor really work?
An introduction to every aspect of how TOR works, from hidden onion addresses to the nodes that make up TOR.
CVE-2019-0841: Windows Local Privilege Escalation through Windows Apps
http://bit.ly/2D6Drnw
Submitted April 16, 2019 at 12:53PM by gquere
via reddit http://bit.ly/2v7Ev6A
http://bit.ly/2D6Drnw
Submitted April 16, 2019 at 12:53PM by gquere
via reddit http://bit.ly/2v7Ev6A
reddit
r/netsec - CVE-2019-0841: Windows Local Privilege Escalation through Windows Apps
0 votes and 0 comments so far on Reddit
Privilege Escalation in ManageEngine ADManager Plus 6.6
http://bit.ly/2DgGv0N
Submitted April 16, 2019 at 03:10PM by digitalinterruption
via reddit http://bit.ly/2Git80I
http://bit.ly/2DgGv0N
Submitted April 16, 2019 at 03:10PM by digitalinterruption
via reddit http://bit.ly/2Git80I
Digitalinterruption
Privilege Escalation in ManageEngine ADManager Plus 6.6 | Digital Interruption Research
During a recent review of the ADManager Plus software offered by Zoho, we were able to identify a privilege escalation vulnerability which would allow authen...
Malware creators convicted of hijacking 400,000 computers
http://bit.ly/2GjSSJT
Submitted April 16, 2019 at 03:29PM by _LET_
via reddit http://bit.ly/2DhrpYN
http://bit.ly/2GjSSJT
Submitted April 16, 2019 at 03:29PM by _LET_
via reddit http://bit.ly/2DhrpYN
Norton.com/Setup
Malware creators convicted of hijacking 400,000 computers
Two culprits named Nicolescu and Miclaus found guilty of their criminal battle in 2007 with the making of malware. The US government finally convicts both
GitHub - HA71/pywhatcms: Unofficial WhatCMS API package
http://bit.ly/2Ir4Tkm
Submitted April 16, 2019 at 04:08PM by BISH4
via reddit http://bit.ly/2V27FT2
http://bit.ly/2Ir4Tkm
Submitted April 16, 2019 at 04:08PM by BISH4
via reddit http://bit.ly/2V27FT2
GitHub
HA71/pywhatcms
Unofficial WhatCMS API package. Contribute to HA71/pywhatcms development by creating an account on GitHub.
How Domain Fronting helped the most at-risk users on Tor, Telegram and Signal and Why It's Dying
http://bit.ly/2IE8UB4
Submitted April 16, 2019 at 08:20PM by HeapAllocator
via reddit http://bit.ly/2DipaEv
http://bit.ly/2IE8UB4
Submitted April 16, 2019 at 08:20PM by HeapAllocator
via reddit http://bit.ly/2DipaEv
SentinelOne
Privacy 2019: Tor, Meek & The Rise And Fall Of Domain Fronting
Censorship and state-sponsored surveillance is a daily reality around the world. Join us as we explore the state of privacy, anonymity and security in 2019
Massive eGobbler Malvertising Campaign Leverages Chrome Vulnerability To Target iOS Users [r/adops x-post]
http://bit.ly/2XhW4fY
Submitted April 16, 2019 at 08:19PM by eliya_confiant
via reddit http://bit.ly/2ImjIEN
http://bit.ly/2XhW4fY
Submitted April 16, 2019 at 08:19PM by eliya_confiant
via reddit http://bit.ly/2ImjIEN
Confiant
Massive eGobbler Malvertising Campaign Leverages Chrome Vulnerability To Target iOS Users
As publishers have become increasingly aware over the last week, there’s a series of rampant malvertising campaigns on the loose…