ESI Injection Part 2: Abusing specific implementations
http://bit.ly/2LxknWz
Submitted May 03, 2019 at 02:46PM by albinowax
via reddit http://bit.ly/2ZSliUr
http://bit.ly/2LxknWz
Submitted May 03, 2019 at 02:46PM by albinowax
via reddit http://bit.ly/2ZSliUr
www.gosecure.net
ESI Injection Part 2: Abusing specific implementations
This post is a follow up with items discovered after the first ESI publication. Those discoveries are attack vectors that apply to specific implementations.
Throwing 500 vm's at your fuzzing target being an individual security researcher
http://bit.ly/2VFlXcK
Submitted May 03, 2019 at 08:39PM by kciredor_
via reddit http://bit.ly/2UXDI2z
http://bit.ly/2VFlXcK
Submitted May 03, 2019 at 08:39PM by kciredor_
via reddit http://bit.ly/2UXDI2z
kciredor’s information security blog
Throwing 500 vm’s at your fuzzing target being an individual security researcher
Adobe Reader progress One year ago I blogged about my many attempts and failures at fuzzing Adobe Reader and finding exploitable security issues.
Comprehensive walk-through of CTF reverse engineering challenges
http://bit.ly/2VH5gNL
Submitted May 03, 2019 at 09:33PM by LloydLabs
via reddit http://bit.ly/2LlTRiK
http://bit.ly/2VH5gNL
Submitted May 03, 2019 at 09:33PM by LloydLabs
via reddit http://bit.ly/2LlTRiK
reddit
r/netsec - Comprehensive walk-through of CTF reverse engineering challenges
0 votes and 0 comments so far on Reddit
Wormable XSS in Twitter
http://bit.ly/2ZUYpzR
Submitted May 03, 2019 at 06:31AM by _kidd0
via reddit http://bit.ly/2H05sQ0
http://bit.ly/2ZUYpzR
Submitted May 03, 2019 at 06:31AM by _kidd0
via reddit http://bit.ly/2H05sQ0
Virtue Security
Tale of a Wormable Twitter XSS - Virtue Security
This is a tale of how we found a wormable XSS on Twitter, and how we managed to fully bypass its CSP policy.
Insider Threats - Importance & Prevention
http://bit.ly/2JkloOZ
Submitted May 04, 2019 at 02:01AM by Eta-Meson
via reddit http://bit.ly/2IXSl4g
http://bit.ly/2JkloOZ
Submitted May 04, 2019 at 02:01AM by Eta-Meson
via reddit http://bit.ly/2IXSl4g
Medium
Insider Threats - Importance & Prevention
I am about to complete my college and have been really busy with sitting and applying for job interviews. I would say I am pretty decent…
Shifting Left on Cloud Security and Compliance (Establishing Baseline as Contract)
http://bit.ly/2ZXJoxg
Submitted May 04, 2019 at 11:36AM by OnlyInstruction
via reddit http://bit.ly/2PMGTsF
http://bit.ly/2ZXJoxg
Submitted May 04, 2019 at 11:36AM by OnlyInstruction
via reddit http://bit.ly/2PMGTsF
www.fugue.co
Shifting Left on Cloud Security and Compliance
Compliance and security are often implemented as a gate during the test phase, and it's common for them to cause rework in design, development, and testing to continue due to problems found during security and compliance testing. If we could shift compliance…
Every FireFox extensions disabled due to expiration of intermediate signing cert
https://mzl.la/2PLBfa8
Submitted May 04, 2019 at 02:20PM by RodolpheB
via reddit http://bit.ly/2WohBUc
https://mzl.la/2PLBfa8
Submitted May 04, 2019 at 02:20PM by RodolpheB
via reddit http://bit.ly/2WohBUc
bugzilla.mozilla.org
1548973 - All extensions disabled due to expiration of intermediate signing cert
NEW (nobody) in Toolkit - Add-ons Manager. Last updated 2019-05-03.
Monzo's real-time incident response and reporting tool
http://bit.ly/2Y7h3m6
Submitted May 04, 2019 at 06:11PM by digicat
via reddit http://bit.ly/2H2mX2r
http://bit.ly/2Y7h3m6
Submitted May 04, 2019 at 06:11PM by digicat
via reddit http://bit.ly/2H2mX2r
reddit
r/blueteamsec - Monzo's real-time incident response and reporting tool
0 votes and 1 comment so far on Reddit
Hack The Box - BigHead Write-up by 0xRick
http://bit.ly/2WnLi87
Submitted May 04, 2019 at 08:32PM by Ahm3d_H3sham
via reddit http://bit.ly/2GZuhM2
http://bit.ly/2WnLi87
Submitted May 04, 2019 at 08:32PM by Ahm3d_H3sham
via reddit http://bit.ly/2GZuhM2
0xRick Owned Root !
Hack The Box - BigHead
Quick Summary Hey guys, Today BigHead retired and here’s my write-up about it. As you can see it’s an insane box, actually it’s hard to summarize this box as it included a lot of steps to achieve different goals. Most of the steps require deep enumeration…
CVE-2018-18500: Write-after-free vulnerability in Firefox, analysis and exploitation
http://bit.ly/2ItUAfs
Submitted May 04, 2019 at 04:48AM by 9129894
via reddit http://bit.ly/2vzPENF
http://bit.ly/2ItUAfs
Submitted May 04, 2019 at 04:48AM by 9129894
via reddit http://bit.ly/2vzPENF
reddit
r/netsec - CVE-2018-18500: Write-after-free vulnerability in Firefox, analysis and exploitation
1 vote and 0 comments so far on Reddit
Creating a PortScanner in C
http://bit.ly/2LjQys3
Submitted May 05, 2019 at 02:48AM by Scrabbilisk
via reddit http://bit.ly/2DLEo5a
http://bit.ly/2LjQys3
Submitted May 05, 2019 at 02:48AM by Scrabbilisk
via reddit http://bit.ly/2DLEo5a
GeeksforGeeks
Creating a PortScanner in C - GeeksforGeeks
Picture a bay where lots of private boats are docked. The location is called a seaport, literally a port at or on the sea. Everyone… Read More »
BadWPAD and wpad.pl / wpadblocking.com case (part 2)
http://bit.ly/2J2jhzI
Submitted May 05, 2019 at 05:19PM by adamziaja_com
via reddit http://bit.ly/2JhXYJK
http://bit.ly/2J2jhzI
Submitted May 05, 2019 at 05:19PM by adamziaja_com
via reddit http://bit.ly/2JhXYJK
blog.redteam.pl
BadWPAD and wpad.pl / wpadblocking.com case (part 2)
red team, blue team, penetration testing, red teaming, threat hunting, digital forensics, incident response, cyber security, IT security
UUTCF 2019 WriteUps
http://bit.ly/2vGoZ1v
Submitted May 05, 2019 at 10:01PM by Eta-Meson
via reddit http://bit.ly/2DLHjdZ
http://bit.ly/2vGoZ1v
Submitted May 05, 2019 at 10:01PM by Eta-Meson
via reddit http://bit.ly/2DLHjdZ
Medium
UUTCTF 2019 WriteUps
In this post I am going to walk you through 3 CTF challenges from UUTCTF 2019, 2 Forensics and 1 Misc. I was so excited to solve these…
INFILTRATE 2019 Slides on Reverse Engineering With Ghidra [PDF, 16 MB]
http://bit.ly/2GY7cbB
Submitted May 06, 2019 at 06:37AM by 0xAlexei
via reddit http://bit.ly/2VIDP6t
http://bit.ly/2GY7cbB
Submitted May 06, 2019 at 06:37AM by 0xAlexei
via reddit http://bit.ly/2VIDP6t
reddit
r/netsec - INFILTRATE 2019 Slides on Reverse Engineering With Ghidra [PDF, 16 MB]
0 votes and 0 comments so far on Reddit
CarolinaCon 15: Writing Exploit-Resistant Code With OpenBSD
http://bit.ly/2ZI4Wxw
Submitted May 06, 2019 at 12:31PM by infosec-jobs
via reddit http://bit.ly/2H5A96z
http://bit.ly/2ZI4Wxw
Submitted May 06, 2019 at 12:31PM by infosec-jobs
via reddit http://bit.ly/2H5A96z
Lawrence Teo
CarolinaCon 15: Writing Exploit-Resistant Code With OpenBSD
On April 27, 2019, I gave a talk on how to use OpenBSD to write better software at CarolinaCon 15 in Charlotte.
Undetectable C# & C++ Reverse Shells
http://bit.ly/2WtmNGC
Submitted May 06, 2019 at 03:37PM by ericnyamu
via reddit http://bit.ly/2Vi30ND
http://bit.ly/2WtmNGC
Submitted May 06, 2019 at 03:37PM by ericnyamu
via reddit http://bit.ly/2Vi30ND
Medium
Undetectable C# & C++ Reverse Shells
Technical overview of different way to spawn a reverse shell on a victim machine
CVE-2019–5418: on WAF bypass and caching
http://bit.ly/2DR7Bfg
Submitted May 06, 2019 at 03:36PM by ericnyamu
via reddit http://bit.ly/2H0knIS
http://bit.ly/2DR7Bfg
Submitted May 06, 2019 at 03:36PM by ericnyamu
via reddit http://bit.ly/2H0knIS
PentesterLab
CVE-2019–5418: on WAF bypass and caching
If you follow PentesterLab on Twitter, you probably saw the following tweet:
CVE-2019-7286 Part II: Gaining PC Control
http://bit.ly/2WnfMXS
Submitted May 06, 2019 at 03:35PM by ericnyamu
via reddit http://bit.ly/2VjrA0w
http://bit.ly/2WnfMXS
Submitted May 06, 2019 at 03:35PM by ericnyamu
via reddit http://bit.ly/2VjrA0w
ZecOps Blog
CVE-2019-7286 Part II: Gaining PC Control - ZecOps Blog
VMware Fusion 11 - Guest VM RCE
http://bit.ly/2DR7EaW
Submitted May 06, 2019 at 03:31PM by ericnyamu
via reddit http://bit.ly/2Jp8b7c
http://bit.ly/2DR7EaW
Submitted May 06, 2019 at 03:31PM by ericnyamu
via reddit http://bit.ly/2Jp8b7c
theevilbit.github.io
VMware Fusion 11 - Guest VM RCE - CVE-2019-5514
UAC Bypass in System Reset Binary via DLL Hijacking
http://bit.ly/2WnfOis
Submitted May 06, 2019 at 03:31PM by ericnyamu
via reddit http://bit.ly/2J2FDBq
http://bit.ly/2WnfOis
Submitted May 06, 2019 at 03:31PM by ericnyamu
via reddit http://bit.ly/2J2FDBq
Active Cyber
UAC Bypass in System Reset Binary via DLL Hijacking
To continue our journey in the realm of bypassing UAC (see previous work here ), we’ve decided to investigate Windows Server 2019. Please note this blog post is not a UAC primer but if you need...
Exploiting CSRF on JSON endpoints with Flash and redirects
http://bit.ly/2RXQ0WU
Submitted May 06, 2019 at 03:30PM by ericnyamu
via reddit http://bit.ly/2Jp8f6W
http://bit.ly/2RXQ0WU
Submitted May 06, 2019 at 03:30PM by ericnyamu
via reddit http://bit.ly/2Jp8f6W
Appsecco
Exploiting CSRF on JSON endpoints with Flash and redirects
A quick walkthrough of the setup required to exploit a CSRF vulnerability on a JSON endpoint using a third party attacker controlled…