Banking-Grade Credential Stuffing: The Futility of Partial Password Validation
http://bit.ly/2EHZzY8
Submitted April 21, 2019 at 09:57PM by civicode
via reddit http://bit.ly/2vha25O
http://bit.ly/2EHZzY8
Submitted April 21, 2019 at 09:57PM by civicode
via reddit http://bit.ly/2vha25O
The Cloudflare Blog
Banking-Grade Credential Stuffing: The Futility of Partial Password Validation
Recently when logging into one of my credit card providers, I was greeted by a familiar screen. After entering in my username, the service asked me to supply 3 random characters from my password to validate ownership of my account.
Modern Vulnerability Research Techniques on Embedded Systems
http://bit.ly/2Zsltps
Submitted April 21, 2019 at 11:50PM by Arrilius
via reddit http://bit.ly/2IMqenC
http://bit.ly/2Zsltps
Submitted April 21, 2019 at 11:50PM by Arrilius
via reddit http://bit.ly/2IMqenC
breaking-bits.gitbook.io
Modern Vulnerability Research Techniques on Embedded Systems
GitHub - tg12/OpenMailRelayFuzzer: Fuzzer for finding Open Mail Relays
http://bit.ly/2VZpwqS
Submitted April 22, 2019 at 12:55AM by Quick_Stick
via reddit http://bit.ly/2DpTL34
http://bit.ly/2VZpwqS
Submitted April 22, 2019 at 12:55AM by Quick_Stick
via reddit http://bit.ly/2DpTL34
GitHub
tg12/OpenMailRelayFuzzer
Fuzzer for finding Open Mail Relays. Contribute to tg12/OpenMailRelayFuzzer development by creating an account on GitHub.
Attacking Cloud Containers Using SSRF
http://bit.ly/2Dhd26S
Submitted April 22, 2019 at 05:54AM by Plazmaz1
via reddit http://bit.ly/2XDjHQD
http://bit.ly/2Dhd26S
Submitted April 22, 2019 at 05:54AM by Plazmaz1
via reddit http://bit.ly/2XDjHQD
0xACB/viewgen: Payload generator to achieve RCE on .NET servers through leaking the machineKey
http://bit.ly/2IvTzn7
Submitted April 22, 2019 at 09:04AM by Mempodipper
via reddit http://bit.ly/2ZrBgEU
http://bit.ly/2IvTzn7
Submitted April 22, 2019 at 09:04AM by Mempodipper
via reddit http://bit.ly/2ZrBgEU
GitHub
0xACB/viewgen
viewgen is a ViewState tool capable of generating both signed and encrypted payloads with leaked validation keys - 0xACB/viewgen
Simple Rules to Protect Against Spoofed & windows.net Phishing Attacks
http://bit.ly/2Gs7cQG
Submitted April 22, 2019 at 07:58PM by GelosSnake
via reddit http://bit.ly/2INtWNN
http://bit.ly/2Gs7cQG
Submitted April 22, 2019 at 07:58PM by GelosSnake
via reddit http://bit.ly/2INtWNN
reddit
Simple Rules to Protect Against Spoofed & windows.net Phishing Attacks
Posted in r/netsec by u/GelosSnake • 52 points and 10 comments
Shellcode for IoT: A Password-Protected Reverse Shell (Linux/ARM) - @syscall59
http://bit.ly/2VYM8rv
Submitted April 22, 2019 at 08:59PM by h41zum
via reddit http://bit.ly/2IzGYPW
http://bit.ly/2VYM8rv
Submitted April 22, 2019 at 08:59PM by h41zum
via reddit http://bit.ly/2IzGYPW
Medium
Writing shellcode for IoT: Password-Protected Reverse Shell (Linux/ARM)
It’s time to write some shellcode!
How to obtain Office 365 credentials on Mac OS
http://bit.ly/2VhQQ6x
Submitted April 22, 2019 at 11:39PM by pentest4life
via reddit http://bit.ly/2KVLzhj
http://bit.ly/2VhQQ6x
Submitted April 22, 2019 at 11:39PM by pentest4life
via reddit http://bit.ly/2KVLzhj
Medium
How to obtain Office 365 credentials on Mac OS
In this article we’ll discuss how to get clear text credentials from Outlook 2016 using Responder on Mac OS High Sierra. From password…
What goes wrong if I have your SNMP RW string for a Cisco Device?
http://bit.ly/2Gpozlc
Submitted April 22, 2019 at 02:05AM by msarmad
via reddit http://bit.ly/2XtK0s4
http://bit.ly/2Gpozlc
Submitted April 22, 2019 at 02:05AM by msarmad
via reddit http://bit.ly/2XtK0s4
Medium
What goes wrong if I have your SNMP RW string for a Cisco Device?
I am assuming that ,we know that what SNMP is for and with the help of community strings ,one can query change configurations remotely…
Behavioral Analysis of Obfuscated Code
http://bit.ly/2UyaO8G
Submitted April 23, 2019 at 11:59AM by jeandrew
via reddit http://bit.ly/2Zsni5x
http://bit.ly/2UyaO8G
Submitted April 23, 2019 at 11:59AM by jeandrew
via reddit http://bit.ly/2Zsni5x
How I found 5 ReDOS vulnerabilities in Mod Security CRS
http://bit.ly/2XuOe2S
Submitted April 23, 2019 at 01:06PM by s0md3v
via reddit http://bit.ly/2XFo9hJ
http://bit.ly/2XuOe2S
Submitted April 23, 2019 at 01:06PM by s0md3v
via reddit http://bit.ly/2XFo9hJ
Medium
How I found 5 ReDOS Vulnerabilities in Mod Security CRS
This write-up assumes that the reader has intermediate (or higher) knowledge of regular expressions. If you are not very familiar with…
Ignoring Atlassian Confluence Security Advisories? A report...
http://bit.ly/2W7cvvL
Submitted April 23, 2019 at 02:26PM by b4d17
via reddit http://bit.ly/2IBHL2N
http://bit.ly/2W7cvvL
Submitted April 23, 2019 at 02:26PM by b4d17
via reddit http://bit.ly/2IBHL2N
reddit
r/netsec - Ignoring Atlassian Confluence Security Advisories? A report...
0 votes and 1 comment so far on Reddit
Analysis of false positive on beian.gov.cn requests in regards to Huawei P30 Pro traffic research
http://bit.ly/2GzJumW
Submitted April 23, 2019 at 03:09PM by pe3zx
via reddit http://bit.ly/2GylfUL
http://bit.ly/2GzJumW
Submitted April 23, 2019 at 03:09PM by pe3zx
via reddit http://bit.ly/2GylfUL
GitHub
pe3zx/huawei-block-list
Captured DNS requests from Huawei P30 Pro to a block list - pe3zx/huawei-block-list
GitHub - Cuckoo Sandbox plugin for extracts configuration data of known malware
http://bit.ly/2GtIsru
Submitted April 23, 2019 at 07:22PM by oil_sardine
via reddit http://bit.ly/2VZ3ILX
http://bit.ly/2GtIsru
Submitted April 23, 2019 at 07:22PM by oil_sardine
via reddit http://bit.ly/2VZ3ILX
GitHub
GitHub - JPCERTCC/MalConfScan-with-Cuckoo: Cuckoo Sandbox plugin for extracts configuration data of known malware
Cuckoo Sandbox plugin for extracts configuration data of known malware - GitHub - JPCERTCC/MalConfScan-with-Cuckoo: Cuckoo Sandbox plugin for extracts configuration data of known malware
Getting access to Zendesk’s Google Cloud and Artifactory from GitHub dotfile repos
http://bit.ly/2IQJPTD
Submitted April 23, 2019 at 08:22PM by Mempodipper
via reddit http://bit.ly/2GCDYA3
http://bit.ly/2IQJPTD
Submitted April 23, 2019 at 08:22PM by Mempodipper
via reddit http://bit.ly/2GCDYA3
reddit
r/netsec - Getting access to Zendesk’s Google Cloud and Artifactory from GitHub dotfile repos
0 votes and 0 comments so far on Reddit
Vulnerability Management ZeroOne Release
We at Firo Solutions recently went live with out new Vulnerability Management platform.Check us out and let us know what think:https://firosolutions.com | https://watchers.firosolutions.com
Submitted April 23, 2019 at 08:39PM by FiroSolutions
via reddit http://bit.ly/2UOv6jk
We at Firo Solutions recently went live with out new Vulnerability Management platform.Check us out and let us know what think:https://firosolutions.com | https://watchers.firosolutions.com
Submitted April 23, 2019 at 08:39PM by FiroSolutions
via reddit http://bit.ly/2UOv6jk
Firo Solutions
Vulnerability Management by SaaS
Termshark - a terminal UI for tshark inspired by Wireshark
https://termshark.io/
Submitted April 23, 2019 at 11:57PM by DreamlessMojo
via reddit http://bit.ly/2XHlJz9
https://termshark.io/
Submitted April 23, 2019 at 11:57PM by DreamlessMojo
via reddit http://bit.ly/2XHlJz9
A terminal UI for tshark, inspired by Wireshark
GitHub Gist Recon - The art of finding information leaks in GitHub Gists and elsewhere
http://bit.ly/2L1KzIq
Submitted April 24, 2019 at 03:22AM by _pdp_
via reddit http://bit.ly/2PpUB4C
http://bit.ly/2L1KzIq
Submitted April 24, 2019 at 03:22AM by _pdp_
via reddit http://bit.ly/2PpUB4C
Secapps
GitHub Gist Recon
carbanak source leaked and added to github
http://bit.ly/2GtLprT
Submitted April 24, 2019 at 04:18AM by d4nk1st
via reddit http://bit.ly/2IQdvQV
http://bit.ly/2GtLprT
Submitted April 24, 2019 at 04:18AM by d4nk1st
via reddit http://bit.ly/2IQdvQV
GitHub
Aekras1a/Updated-Carbanak-Source-with-Plugins
https://twitter.com/itsreallynick/status/1120410950430089224 - Aekras1a/Updated-Carbanak-Source-with-Plugins
A quick TLDR of the attacks mentioned in the infamous Mueller report
http://bit.ly/2USDxu3
Submitted April 24, 2019 at 08:33AM by kangsterizer
via reddit http://bit.ly/2XGtLYL
http://bit.ly/2USDxu3
Submitted April 24, 2019 at 08:33AM by kangsterizer
via reddit http://bit.ly/2XGtLYL
reddit
r/netsec - A quick TLDR of the attacks mentioned in the infamous Mueller report
0 votes and 3 comments so far on Reddit
The most common OAuth 2.0 Hacks
http://bit.ly/2Dwd0rQ
Submitted April 24, 2019 at 03:25PM by atomlib_com
via reddit http://bit.ly/2DzOdTH
http://bit.ly/2Dwd0rQ
Submitted April 24, 2019 at 03:25PM by atomlib_com
via reddit http://bit.ly/2DzOdTH
Habr
The most common OAuth 2.0 Hacks
OAuth 2 overview This article assumes that readers are familiar with OAuth 2. However, below a brief denoscription of it is presented below. The application...