DHCP security in Windows 10: critical vulnerability CVE-2019-0726
http://bit.ly/2IopGFa
Submitted April 17, 2019 at 06:49AM by Gallus
via reddit http://bit.ly/2XfuakP
http://bit.ly/2IopGFa
Submitted April 17, 2019 at 06:49AM by Gallus
via reddit http://bit.ly/2XfuakP
Habr
Безопасность DHCP в Windows 10: разбираем критическую уязвимость CVE-2019-0726
Изображение: Pexels С выходом январских обновлений для Windows новость о критически опасной уязвимости CVE-2019-0547 в DHCP-клиентах всколыхнула общественност...
Arjun : API Testing Tool (Finds HTTP Parameters)
http://bit.ly/2Ge2So0
Submitted April 17, 2019 at 02:36PM by s0md3v
via reddit http://bit.ly/2UqvvDu
http://bit.ly/2Ge2So0
Submitted April 17, 2019 at 02:36PM by s0md3v
via reddit http://bit.ly/2UqvvDu
GitHub
s0md3v/Arjun
HTTP parameter discovery suite. Contribute to s0md3v/Arjun development by creating an account on GitHub.
Subdomain Takeover: Microsoft loses control over Windows Tiles - Golem.de
http://bit.ly/2PhwtRS
Submitted April 17, 2019 at 02:09PM by 0xKaishakunin
via reddit http://bit.ly/2Xq3UVd
http://bit.ly/2PhwtRS
Submitted April 17, 2019 at 02:09PM by 0xKaishakunin
via reddit http://bit.ly/2Xq3UVd
www.golem.de
Microsoft loses control over Windows Tiles
A service from Microsoft used to allow web page owners to deliver news on Windows Tiles as so-called Windows Live Tiles. After the service has been disabled, we were able to take
Password Spraying- Common mistakes and how to avoid them
http://bit.ly/2XlsqX9
Submitted April 17, 2019 at 04:40PM by pentest4life
via reddit http://bit.ly/2Usmr1e
http://bit.ly/2XlsqX9
Submitted April 17, 2019 at 04:40PM by pentest4life
via reddit http://bit.ly/2Usmr1e
Medium
Password Spraying- Common mistakes and how to avoid them
When password spraying attacks are executed properly, coordinated and scoped properly during an authorized engagement — they can identify…
Microsoft Edge Uses a Secret Trick And Breaks Internet Explorer's Security
http://bit.ly/2UoVs6C
Submitted April 17, 2019 at 03:45PM by dielel
via reddit http://bit.ly/2UoUmb0
http://bit.ly/2UoVs6C
Submitted April 17, 2019 at 03:45PM by dielel
via reddit http://bit.ly/2UoUmb0
0Patch
Microsoft Edge Uses a Secret Trick And Breaks Internet Explorer's Security
Edge Decided To Use An Undocumented Security Feature. Internet Explorer Didn't Get The Memo. by Mitja Kolsek, the 0patch Team ...
Jailbreaking Subaru StarLink
http://bit.ly/2NdSkbS
Submitted April 17, 2019 at 07:18PM by technonerd
via reddit http://bit.ly/2ICWhXd
http://bit.ly/2NdSkbS
Submitted April 17, 2019 at 07:18PM by technonerd
via reddit http://bit.ly/2ICWhXd
GitHub
sgayou/subaru-starlink-research
Subaru StarLink persistent root code execution. Contribute to sgayou/subaru-starlink-research development by creating an account on GitHub.
How NOT to use the PAM trust - Leveraging Shadow Principals for Cross Forest Attacks
http://bit.ly/2IEwVrV
Submitted April 17, 2019 at 08:21PM by SamratAsh0k
via reddit http://bit.ly/2VPevs9
http://bit.ly/2IEwVrV
Submitted April 17, 2019 at 08:21PM by SamratAsh0k
via reddit http://bit.ly/2VPevs9
Labofapenetrationtester
How NOT to use the PAM trust - Leveraging Shadow Principals for Cross Forest Attacks
Home of Nikhil SamratAshok Mittal. Posts about Red Teaming, Offensive PowerShell, Active Directory and Pen Testing.
CERT Notice of VPN Vulns
http://bit.ly/2v6hil2
Submitted April 17, 2019 at 08:13PM by donnaber06
via reddit http://bit.ly/2KJXzSN
http://bit.ly/2v6hil2
Submitted April 17, 2019 at 08:13PM by donnaber06
via reddit http://bit.ly/2KJXzSN
reddit
r/networking - CERT Notice of VPN Vulnerabilities (Cisco, Palo Alto, F5, Pulse)
0 votes and 0 comments so far on Reddit
Reverse-engineering Broadcom wireless chipsets
http://bit.ly/2KKhOjl
Submitted April 18, 2019 at 01:13AM by shawn_webb
via reddit http://bit.ly/2Gvqzd3
http://bit.ly/2KKhOjl
Submitted April 18, 2019 at 01:13AM by shawn_webb
via reddit http://bit.ly/2Gvqzd3
Quarkslab
Reverse-engineering Broadcom wireless chipsets
PolyLogyx osquery Extension for Windows Extension to osquery that enhances it with real-time telemetry, log monitoring and other endpoint data collection
http://bit.ly/2UA8Fxo
Submitted April 18, 2019 at 12:23AM by digicat
via reddit http://bit.ly/2ZrNwVY
http://bit.ly/2UA8Fxo
Submitted April 18, 2019 at 12:23AM by digicat
via reddit http://bit.ly/2ZrNwVY
GitHub
polylogyx/osq-ext-bin
Extension to osquery windows that enhances it with real-time telemetry, log monitoring and other endpoint data collection - polylogyx/osq-ext-bin
The Complete CompTIA Certification Training Bundle: Lifetime Access | StackSocial
http://bit.ly/2Gw7Rlz
Submitted April 18, 2019 at 11:19AM by Zadent1ty
via reddit http://bit.ly/2IFUjp5
http://bit.ly/2Gw7Rlz
Submitted April 18, 2019 at 11:19AM by Zadent1ty
via reddit http://bit.ly/2IFUjp5
StackSocial
Your Path to a Lucrative IT Career Starts with The Ultimate (12 Courses, 140+ Hours!) IT Certification Training Guide
The Complete 2018 CompTIA Certification Training Bundle: Lifetime Access, Your Path to a Lucrative IT Career Starts with The Ultimate (12 Courses, 100+ Hours!) IT Certification Training Guide
APT34 Hacking Tools Leak
http://bit.ly/2Gl8uNy
Submitted April 18, 2019 at 05:10PM by GelosSnake
via reddit http://bit.ly/2KXePUC
http://bit.ly/2Gl8uNy
Submitted April 18, 2019 at 05:10PM by GelosSnake
via reddit http://bit.ly/2KXePUC
reddit
r/netsec - APT34 Hacking Tools Leak
0 votes and 0 comments so far on Reddit
Drop-by-Drop: Bleeding through libvips (CVE-2019-6976)
http://bit.ly/2Iqeckv
Submitted April 18, 2019 at 04:05PM by buherator
via reddit http://bit.ly/2Gjq7NE
http://bit.ly/2Iqeckv
Submitted April 18, 2019 at 04:05PM by buherator
via reddit http://bit.ly/2Gjq7NE
reddit
r/netsec - Drop-by-Drop: Bleeding through libvips (CVE-2019-6976)
0 votes and 0 comments so far on Reddit
pipetap.sh: Remote wireshark. Invoke tcpdump over ssh piping to STDOUT, for importation to a local Wireshark via STDIN.
http://bit.ly/2IvzvRM
Submitted April 18, 2019 at 04:02PM by ShadowHatesYou
via reddit http://bit.ly/2UISvmd
http://bit.ly/2IvzvRM
Submitted April 18, 2019 at 04:02PM by ShadowHatesYou
via reddit http://bit.ly/2UISvmd
GitHub
ShadowHatesYou/pipetap.sh
This noscript invokes tcpdump over ssh piping to STDOUT, allowing remote use of wireshark - ShadowHatesYou/pipetap.sh
RCE in EA's Origin Desktop Client
http://bit.ly/2IHC8z1
Submitted April 18, 2019 at 05:43PM by Single_Diamond
via reddit http://bit.ly/2XkZkHv
http://bit.ly/2IHC8z1
Submitted April 18, 2019 at 05:43PM by Single_Diamond
via reddit http://bit.ly/2XkZkHv
Underdogsecurity
RCE in EA's Origin Desktop Client
User privileges in Docker containers
http://bit.ly/2Pet1am
Submitted April 18, 2019 at 06:18PM by 000000Swan
via reddit http://bit.ly/2INk4nx
http://bit.ly/2Pet1am
Submitted April 18, 2019 at 06:18PM by 000000Swan
via reddit http://bit.ly/2INk4nx
Medium
User privileges in Docker containers
Over the past few years, Docker has become a quintessential technology used in software development. Its concept of containerization has…
Must watch (IMHO) Securing Vendor Webapps - A Vulnerability Assessment on HELK
http://bit.ly/2IsjtIo
Submitted April 18, 2019 at 10:10PM by small-data-expert
via reddit http://bit.ly/2GlINMH
http://bit.ly/2IsjtIo
Submitted April 18, 2019 at 10:10PM by small-data-expert
via reddit http://bit.ly/2GlINMH
reddit
r/sysadmin - Must watch (IMHO) Securing Vendor Webapps - A Vulnerability Assessment on HELK
6 votes and 1 comment so far on Reddit
Simple Tool for Testing CVE Mitigation in Web Apps
http://bit.ly/2GtmTZ2
Submitted April 19, 2019 at 01:36AM by foospidy
via reddit http://bit.ly/2XqAZQO
http://bit.ly/2GtmTZ2
Submitted April 19, 2019 at 01:36AM by foospidy
via reddit http://bit.ly/2XqAZQO
Medium
Simple Tool for Testing CVE Mitigation in Web Apps
With Internet exposed web applications prompt mitigation of CVE (Common Vulnerabilities and Exposures) is critical. When a new CVE has…
Using Slack as a C2 Channel (Download Code)
http://bit.ly/2VaXJGQ
Submitted April 19, 2019 at 01:18AM by myover
via reddit http://bit.ly/2KM8MlS
http://bit.ly/2VaXJGQ
Submitted April 19, 2019 at 01:18AM by myover
via reddit http://bit.ly/2KM8MlS
Praetorian
Using Slack as a C2 Channel: MITRE ATT&CK – Web Service (T1102)
Our proof of concept (PoC) blends in with normal business activities such as user-to-user or user-to-group communications. Detecting this type of activity requires sophisticated network analysis capabilities, such as the ability to intercept and decrypt SSL…
BlueCommand: Dashboarding and Tooling front-end for PowerShell Empire using PowerShell Universal Dashboard
http://bit.ly/2Gv2AdV
Submitted April 19, 2019 at 09:18AM by l33t_d0nut
via reddit http://bit.ly/2KNWU2P
http://bit.ly/2Gv2AdV
Submitted April 19, 2019 at 09:18AM by l33t_d0nut
via reddit http://bit.ly/2KNWU2P
GitHub
leeberg/BlueCommand
Dashboarding and Tooling front-end for PowerShell Empire using PowerShell Universal Dashboard - leeberg/BlueCommand
How the Boeing 737 Max Disaster Looks to a Software Developer
http://bit.ly/2ZopI50
Submitted April 19, 2019 at 12:34PM by xaocuc
via reddit http://bit.ly/2IHEE8v
http://bit.ly/2ZopI50
Submitted April 19, 2019 at 12:34PM by xaocuc
via reddit http://bit.ly/2IHEE8v
IEEE Spectrum: Technology, Engineering, and Science News
How the Boeing 737 Max Disaster Looks to a Software Developer
Design shortcuts meant to make a new plane seem like an old, familiar one are to blame