Jailbreaking Subaru StarLink
http://bit.ly/2NdSkbS
Submitted April 17, 2019 at 07:18PM by technonerd
via reddit http://bit.ly/2ICWhXd
http://bit.ly/2NdSkbS
Submitted April 17, 2019 at 07:18PM by technonerd
via reddit http://bit.ly/2ICWhXd
GitHub
sgayou/subaru-starlink-research
Subaru StarLink persistent root code execution. Contribute to sgayou/subaru-starlink-research development by creating an account on GitHub.
How NOT to use the PAM trust - Leveraging Shadow Principals for Cross Forest Attacks
http://bit.ly/2IEwVrV
Submitted April 17, 2019 at 08:21PM by SamratAsh0k
via reddit http://bit.ly/2VPevs9
http://bit.ly/2IEwVrV
Submitted April 17, 2019 at 08:21PM by SamratAsh0k
via reddit http://bit.ly/2VPevs9
Labofapenetrationtester
How NOT to use the PAM trust - Leveraging Shadow Principals for Cross Forest Attacks
Home of Nikhil SamratAshok Mittal. Posts about Red Teaming, Offensive PowerShell, Active Directory and Pen Testing.
CERT Notice of VPN Vulns
http://bit.ly/2v6hil2
Submitted April 17, 2019 at 08:13PM by donnaber06
via reddit http://bit.ly/2KJXzSN
http://bit.ly/2v6hil2
Submitted April 17, 2019 at 08:13PM by donnaber06
via reddit http://bit.ly/2KJXzSN
reddit
r/networking - CERT Notice of VPN Vulnerabilities (Cisco, Palo Alto, F5, Pulse)
0 votes and 0 comments so far on Reddit
Reverse-engineering Broadcom wireless chipsets
http://bit.ly/2KKhOjl
Submitted April 18, 2019 at 01:13AM by shawn_webb
via reddit http://bit.ly/2Gvqzd3
http://bit.ly/2KKhOjl
Submitted April 18, 2019 at 01:13AM by shawn_webb
via reddit http://bit.ly/2Gvqzd3
Quarkslab
Reverse-engineering Broadcom wireless chipsets
PolyLogyx osquery Extension for Windows Extension to osquery that enhances it with real-time telemetry, log monitoring and other endpoint data collection
http://bit.ly/2UA8Fxo
Submitted April 18, 2019 at 12:23AM by digicat
via reddit http://bit.ly/2ZrNwVY
http://bit.ly/2UA8Fxo
Submitted April 18, 2019 at 12:23AM by digicat
via reddit http://bit.ly/2ZrNwVY
GitHub
polylogyx/osq-ext-bin
Extension to osquery windows that enhances it with real-time telemetry, log monitoring and other endpoint data collection - polylogyx/osq-ext-bin
The Complete CompTIA Certification Training Bundle: Lifetime Access | StackSocial
http://bit.ly/2Gw7Rlz
Submitted April 18, 2019 at 11:19AM by Zadent1ty
via reddit http://bit.ly/2IFUjp5
http://bit.ly/2Gw7Rlz
Submitted April 18, 2019 at 11:19AM by Zadent1ty
via reddit http://bit.ly/2IFUjp5
StackSocial
Your Path to a Lucrative IT Career Starts with The Ultimate (12 Courses, 140+ Hours!) IT Certification Training Guide
The Complete 2018 CompTIA Certification Training Bundle: Lifetime Access, Your Path to a Lucrative IT Career Starts with The Ultimate (12 Courses, 100+ Hours!) IT Certification Training Guide
APT34 Hacking Tools Leak
http://bit.ly/2Gl8uNy
Submitted April 18, 2019 at 05:10PM by GelosSnake
via reddit http://bit.ly/2KXePUC
http://bit.ly/2Gl8uNy
Submitted April 18, 2019 at 05:10PM by GelosSnake
via reddit http://bit.ly/2KXePUC
reddit
r/netsec - APT34 Hacking Tools Leak
0 votes and 0 comments so far on Reddit
Drop-by-Drop: Bleeding through libvips (CVE-2019-6976)
http://bit.ly/2Iqeckv
Submitted April 18, 2019 at 04:05PM by buherator
via reddit http://bit.ly/2Gjq7NE
http://bit.ly/2Iqeckv
Submitted April 18, 2019 at 04:05PM by buherator
via reddit http://bit.ly/2Gjq7NE
reddit
r/netsec - Drop-by-Drop: Bleeding through libvips (CVE-2019-6976)
0 votes and 0 comments so far on Reddit
pipetap.sh: Remote wireshark. Invoke tcpdump over ssh piping to STDOUT, for importation to a local Wireshark via STDIN.
http://bit.ly/2IvzvRM
Submitted April 18, 2019 at 04:02PM by ShadowHatesYou
via reddit http://bit.ly/2UISvmd
http://bit.ly/2IvzvRM
Submitted April 18, 2019 at 04:02PM by ShadowHatesYou
via reddit http://bit.ly/2UISvmd
GitHub
ShadowHatesYou/pipetap.sh
This noscript invokes tcpdump over ssh piping to STDOUT, allowing remote use of wireshark - ShadowHatesYou/pipetap.sh
RCE in EA's Origin Desktop Client
http://bit.ly/2IHC8z1
Submitted April 18, 2019 at 05:43PM by Single_Diamond
via reddit http://bit.ly/2XkZkHv
http://bit.ly/2IHC8z1
Submitted April 18, 2019 at 05:43PM by Single_Diamond
via reddit http://bit.ly/2XkZkHv
Underdogsecurity
RCE in EA's Origin Desktop Client
User privileges in Docker containers
http://bit.ly/2Pet1am
Submitted April 18, 2019 at 06:18PM by 000000Swan
via reddit http://bit.ly/2INk4nx
http://bit.ly/2Pet1am
Submitted April 18, 2019 at 06:18PM by 000000Swan
via reddit http://bit.ly/2INk4nx
Medium
User privileges in Docker containers
Over the past few years, Docker has become a quintessential technology used in software development. Its concept of containerization has…
Must watch (IMHO) Securing Vendor Webapps - A Vulnerability Assessment on HELK
http://bit.ly/2IsjtIo
Submitted April 18, 2019 at 10:10PM by small-data-expert
via reddit http://bit.ly/2GlINMH
http://bit.ly/2IsjtIo
Submitted April 18, 2019 at 10:10PM by small-data-expert
via reddit http://bit.ly/2GlINMH
reddit
r/sysadmin - Must watch (IMHO) Securing Vendor Webapps - A Vulnerability Assessment on HELK
6 votes and 1 comment so far on Reddit
Simple Tool for Testing CVE Mitigation in Web Apps
http://bit.ly/2GtmTZ2
Submitted April 19, 2019 at 01:36AM by foospidy
via reddit http://bit.ly/2XqAZQO
http://bit.ly/2GtmTZ2
Submitted April 19, 2019 at 01:36AM by foospidy
via reddit http://bit.ly/2XqAZQO
Medium
Simple Tool for Testing CVE Mitigation in Web Apps
With Internet exposed web applications prompt mitigation of CVE (Common Vulnerabilities and Exposures) is critical. When a new CVE has…
Using Slack as a C2 Channel (Download Code)
http://bit.ly/2VaXJGQ
Submitted April 19, 2019 at 01:18AM by myover
via reddit http://bit.ly/2KM8MlS
http://bit.ly/2VaXJGQ
Submitted April 19, 2019 at 01:18AM by myover
via reddit http://bit.ly/2KM8MlS
Praetorian
Using Slack as a C2 Channel: MITRE ATT&CK – Web Service (T1102)
Our proof of concept (PoC) blends in with normal business activities such as user-to-user or user-to-group communications. Detecting this type of activity requires sophisticated network analysis capabilities, such as the ability to intercept and decrypt SSL…
BlueCommand: Dashboarding and Tooling front-end for PowerShell Empire using PowerShell Universal Dashboard
http://bit.ly/2Gv2AdV
Submitted April 19, 2019 at 09:18AM by l33t_d0nut
via reddit http://bit.ly/2KNWU2P
http://bit.ly/2Gv2AdV
Submitted April 19, 2019 at 09:18AM by l33t_d0nut
via reddit http://bit.ly/2KNWU2P
GitHub
leeberg/BlueCommand
Dashboarding and Tooling front-end for PowerShell Empire using PowerShell Universal Dashboard - leeberg/BlueCommand
How the Boeing 737 Max Disaster Looks to a Software Developer
http://bit.ly/2ZopI50
Submitted April 19, 2019 at 12:34PM by xaocuc
via reddit http://bit.ly/2IHEE8v
http://bit.ly/2ZopI50
Submitted April 19, 2019 at 12:34PM by xaocuc
via reddit http://bit.ly/2IHEE8v
IEEE Spectrum: Technology, Engineering, and Science News
How the Boeing 737 Max Disaster Looks to a Software Developer
Design shortcuts meant to make a new plane seem like an old, familiar one are to blame
Unmasked: An Analysis of 10 Million Passwords
http://bit.ly/1ELt5G1
Submitted April 19, 2019 at 01:25PM by NaiveMonitor
via reddit http://bit.ly/2GrO0T1
http://bit.ly/1ELt5G1
Submitted April 19, 2019 at 01:25PM by NaiveMonitor
via reddit http://bit.ly/2GrO0T1
Wpengine
Unmasked: An Analysis of 10 Million Passwords
How strong are your passwords? Here's an analysis of 10 million via @wpengine
Protected tweets leakage through URL detection #XSSearch #BugBounty
http://bit.ly/2PgLsLA
Submitted April 19, 2019 at 11:14PM by terjanq
via reddit http://bit.ly/2vfln6G
http://bit.ly/2PgLsLA
Submitted April 19, 2019 at 11:14PM by terjanq
via reddit http://bit.ly/2vfln6G
HackerOne
Twitter disclosed on HackerOne: Protected tweets exposure through...
## Summary
Leaking sensitive information from protected tweets via a prepared website. This vulnerability could lead to exposure of information such as **credit card numbers**, **bank account...
Leaking sensitive information from protected tweets via a prepared website. This vulnerability could lead to exposure of information such as **credit card numbers**, **bank account...
A public database exposed medical records of 150k rehab patients
http://bit.ly/2XsQzLs
Submitted April 20, 2019 at 01:35AM by xxdesmus
via reddit http://bit.ly/2XqJEmb
http://bit.ly/2XsQzLs
Submitted April 20, 2019 at 01:35AM by xxdesmus
via reddit http://bit.ly/2XqJEmb
Rainbowtabl.es
Steps To Recovery Addiction Treatment Center Leaking PII
An improperly secured ElasticSearch database leaked 1.5 years of PII related to individuals who had received medical treatment at an addiction treatment center. Steps to Recovery has yet to reply to any inquiries, and has not notified their patients regarding…
miniprint - A medium interaction printer honeypot 🍯
http://bit.ly/2DoeynL
Submitted April 20, 2019 at 02:59AM by GoGoGadgetSalmon
via reddit http://bit.ly/2KMOUin
http://bit.ly/2DoeynL
Submitted April 20, 2019 at 02:59AM by GoGoGadgetSalmon
via reddit http://bit.ly/2KMOUin
GitHub
sa7mon/miniprint
A medium interaction printer honeypot 🍯. Contribute to sa7mon/miniprint development by creating an account on GitHub.
The Future of Vulnerabilities Equities Processes Around the World
http://bit.ly/2FbEzZg
Submitted April 20, 2019 at 05:48PM by xaocuc
via reddit http://bit.ly/2DsuBB0
http://bit.ly/2FbEzZg
Submitted April 20, 2019 at 05:48PM by xaocuc
via reddit http://bit.ly/2DsuBB0
Lawfare
The Future of Vulnerabilities Equities Processes Around the World
Recent actions by the U.K. and Germany set a new bar for how nations can and should use a vulnerabilities equities process.