On February 1 2020, DNS servers that don’t support DNS both over UDP and TCP may stop working
http://bit.ly/2EqaPq9
Submitted May 22, 2019 at 12:13AM by atomlib_com
via reddit http://bit.ly/2X0cpGG
http://bit.ly/2EqaPq9
Submitted May 22, 2019 at 12:13AM by atomlib_com
via reddit http://bit.ly/2X0cpGG
Habr
What is gonna happen on February 1, 2020?
TL;DR: starting February 2020, DNS servers that don’t support DNS both over UDP and TCP may stop working. Bangkok, in general, is a strange place to stay. Of c...
XSS without parentheses and semi-colons
http://bit.ly/2VCt8Di
Submitted May 20, 2019 at 07:34PM by albinowax
via reddit http://bit.ly/2M1piPz
http://bit.ly/2VCt8Di
Submitted May 20, 2019 at 07:34PM by albinowax
via reddit http://bit.ly/2M1piPz
portswigger.net
XSS without parentheses and semi-colons | Blog
A few years ago I discovered a technique to call functions in JavaScript without parentheses using onerror and the throw statement. It works by setting the onerror handler to the function you want to
AWS Security Incident Response Guide
http://bit.ly/2HOSALQ
Submitted May 22, 2019 at 12:48AM by digicat
via reddit http://bit.ly/2VHGRDY
http://bit.ly/2HOSALQ
Submitted May 22, 2019 at 12:48AM by digicat
via reddit http://bit.ly/2VHGRDY
The U.S. Navy "attacked" the U.S. Air Force with a "Splunk Tool"
http://bit.ly/30wSilD
Submitted May 22, 2019 at 02:01AM by tacobelldog52
via reddit http://bit.ly/2MeM9rd
http://bit.ly/30wSilD
Submitted May 22, 2019 at 02:01AM by tacobelldog52
via reddit http://bit.ly/2MeM9rd
Military Times
Why the Air Force is investigating a cyber attack from the Navy
The Air Force has reportedly seized an attorney's computer and phone as part of an investigation into whether the Navy improperly spied on defense attorneys.
Secure and Scalable Secrets Management in the Cloud
http://bit.ly/2WfVvGF
Submitted May 22, 2019 at 02:32AM by myover
via reddit http://bit.ly/2M0I4Xa
http://bit.ly/2WfVvGF
Submitted May 22, 2019 at 02:32AM by myover
via reddit http://bit.ly/2M0I4Xa
Praetorian
Secure and Scalable Secrets Management in the Cloud for DevOps
Regardless of industry, size, or tech stack, modern organizations rely on secrets to operate their infrastructure. Increasingly, DevOps teams elect to build or migrate their infrastructure with the cloud. All too often, secure and scalable secret management…
UXSS in Safari
http://bit.ly/2HvKBoc
Submitted May 22, 2019 at 01:03PM by i_bo0om
via reddit http://bit.ly/2EmzL1W
http://bit.ly/2HvKBoc
Submitted May 22, 2019 at 01:03PM by i_bo0om
via reddit http://bit.ly/2EmzL1W
Speaker Deck
2000day in Safari
Unauthenticated CVE-2019-0708 (RDP RCE) scanner PoC
http://bit.ly/2EprIRK
Submitted May 22, 2019 at 12:41PM by Fugitif
via reddit http://bit.ly/2Eo7FU2
http://bit.ly/2EprIRK
Submitted May 22, 2019 at 12:41PM by Fugitif
via reddit http://bit.ly/2Eo7FU2
GitHub
zerosum0x0/CVE-2019-0708
Scanner PoC for CVE-2019-0708 RDP RCE vuln. Contribute to zerosum0x0/CVE-2019-0708 development by creating an account on GitHub.
Online dating: best sites and how to avoid dating scams
http://bit.ly/2VW5Nwe
Submitted May 22, 2019 at 02:19PM by MoneyShoulder
via reddit http://bit.ly/2HLXNUL
http://bit.ly/2VW5Nwe
Submitted May 22, 2019 at 02:19PM by MoneyShoulder
via reddit http://bit.ly/2HLXNUL
Medium
Online dating: best sites and how to avoid dating scams
Online dating is a common thing now, it is hard to find people to date and online dating apps makes it easier to do so and it is more…
[Squally] - New Mini-Game to Teach x86/x64 Registers, Pointers, Segfaults, Addressing
http://bit.ly/2vEochC
Submitted May 22, 2019 at 03:26PM by Aecial
via reddit http://bit.ly/30EJKJ8
http://bit.ly/2vEochC
Submitted May 22, 2019 at 03:26PM by Aecial
via reddit http://bit.ly/30EJKJ8
reddit
[Squally] - New Mini-Game to Teach x86/x64 Registers, Pointers,...
Posted in r/programming by u/Aecial • 2,404 points and 73 comments
Possible Windows 10 Zero Day LPE PoC Code Released
http://bit.ly/2LZsviA
Submitted May 22, 2019 at 05:54PM by da7rutrak
via reddit http://bit.ly/2WXMO15
http://bit.ly/2LZsviA
Submitted May 22, 2019 at 05:54PM by da7rutrak
via reddit http://bit.ly/2WXMO15
GitHub
SandboxEscaper/polarbearrepo
Contribute to SandboxEscaper/polarbearrepo development by creating an account on GitHub.
My first professional article: "Static Code Analysis — A Personal Research Story"
http://bit.ly/2EqW06E
Submitted May 22, 2019 at 07:34PM by mjalt96
via reddit http://bit.ly/2WmLIP6
http://bit.ly/2EqW06E
Submitted May 22, 2019 at 07:34PM by mjalt96
via reddit http://bit.ly/2WmLIP6
Medium
Static Code Analysis — A Personal Research Story
Whether you have never heard of this before, you don’t know enough about it, or you already know but care to hear different perspectives…
Sophisticated Phishing Using Homograph Attacks
http://bit.ly/2LZ69xE
Submitted May 22, 2019 at 07:56PM by slashcrypto
via reddit http://bit.ly/2WnGO4m
http://bit.ly/2LZ69xE
Submitted May 22, 2019 at 07:56PM by slashcrypto
via reddit http://bit.ly/2WnGO4m
Offensity
Sophisticated Spear Phishing Campaigns using Homograph Attacks | Offensity
Use offense to plan defense.
New Windows 10 zero-day gets published to Github by SandboxEscaper
http://bit.ly/2VGqZS0
Submitted May 22, 2019 at 08:41PM by ThrowAway823434-234
via reddit http://bit.ly/30DOFu8
http://bit.ly/2VGqZS0
Submitted May 22, 2019 at 08:41PM by ThrowAway823434-234
via reddit http://bit.ly/30DOFu8
Neowin
New Windows 10 zero-day gets published to Github by SandboxEscaper
A new Windows 10 zero-day has surfaced on Github. The vulnerability, which Microsoft isn't believed to have been forewarned about, was released by SandboxEscaper who has previously released zero-days.
Building backdoors for Apache (PoC inside with socks5 support, root shell, hiding logs...)
http://bit.ly/2QhHQcE
Submitted May 22, 2019 at 08:25PM by gid0rah
via reddit http://bit.ly/2wjVp25
http://bit.ly/2QhHQcE
Submitted May 22, 2019 at 08:25PM by gid0rah
via reddit http://bit.ly/2wjVp25
Tarlogic Security - Cyber Security and Ethical hacking
Backdoors in XAMP stack (part III): Apache Modules
This third fascicle of the series about backdoors for web servers based on the XAMP stack (Apache2, MySQL, PHP), will focus on the development of modules for Apache2 in the context of a Red Team operation . The use of modules and plugins for web servers as…
Fuzz a WebSocket with the Python Kitty Fuzzing Framework (OWASP ZAP didn't work for this case)
http://bit.ly/2JVx2A1
Submitted May 22, 2019 at 09:46PM by andreashappe
via reddit http://bit.ly/2VJcX26
http://bit.ly/2JVx2A1
Submitted May 22, 2019 at 09:46PM by andreashappe
via reddit http://bit.ly/2VJcX26
snikt.net
To Fuzz a WebSocket
During a recent assignment the customer server was utilizing a WebSocket for some notification transport, part of my assignment was to fuzz-test the used WebSocket (and the messages transported over it).
To do this, I turned to my typical tools:
PortSwigger…
To do this, I turned to my typical tools:
PortSwigger…
No, 2FA Does Not Stop Credential Stuffing Attacks
http://bit.ly/2HLB8YL
Submitted May 22, 2019 at 10:24PM by jsoverson
via reddit http://bit.ly/30zsTYx
http://bit.ly/2HLB8YL
Submitted May 22, 2019 at 10:24PM by jsoverson
via reddit http://bit.ly/30zsTYx
Medium
No, 2FA Does Not Stop Credential Stuffing Attacks
Credential Stuffing Myth debunked.
Introducing py-ews: A cross-platform Python package to interact with eDiscovery endpoints using Exchange Web Services for Exchange 2010 to 2019 and Office 365
Hello Everyone, I recently released an open-source Python package called py-ews. Py-ews allows you to (at this time) interact with the Exchange 2010 to 2019 (on-premises) and Office 365 eDiscovery endpoints to:GetSearchableMailboxes: Automatically identify all mailboxes in your environment that you have access rights to search.SearchMailboxes: By using Microsoft’s Advanced Query Syntax you can search a single or all mailboxes in your environment.DeleteItem: You can HardDelete, SoftDelete or MoveToDeletedItems a mail item.Autodiscover: Autodiscover enables you to call a single endpoint when communicating with EWS.ResolveNames: Translate a users email address into a detailed user object to retrieve properties from.GetInboxRules: Determine the inbox rules of a single mailbox.You can read more about it with this blog post: https://swimlane.com/blog/swimlane-research-team-py-ews/The official documentation is here: https://py-ews.readthedocs.io/en/latest/Also, this is my first pypi python package (I previously have wrote and distributed a lot of PowerShell modules).I hope this helps some of you out there! Cheers!
Submitted May 22, 2019 at 09:33PM by _Unas_
via reddit http://bit.ly/2X2m67g
Hello Everyone, I recently released an open-source Python package called py-ews. Py-ews allows you to (at this time) interact with the Exchange 2010 to 2019 (on-premises) and Office 365 eDiscovery endpoints to:GetSearchableMailboxes: Automatically identify all mailboxes in your environment that you have access rights to search.SearchMailboxes: By using Microsoft’s Advanced Query Syntax you can search a single or all mailboxes in your environment.DeleteItem: You can HardDelete, SoftDelete or MoveToDeletedItems a mail item.Autodiscover: Autodiscover enables you to call a single endpoint when communicating with EWS.ResolveNames: Translate a users email address into a detailed user object to retrieve properties from.GetInboxRules: Determine the inbox rules of a single mailbox.You can read more about it with this blog post: https://swimlane.com/blog/swimlane-research-team-py-ews/The official documentation is here: https://py-ews.readthedocs.io/en/latest/Also, this is my first pypi python package (I previously have wrote and distributed a lot of PowerShell modules).I hope this helps some of you out there! Cheers!
Submitted May 22, 2019 at 09:33PM by _Unas_
via reddit http://bit.ly/2X2m67g
Docs
QueryString (QueryStringType)
The QueryString element contains a mailbox query string based on Advanced Query Syntax (AQS).
Write-up | WD My Cloud RCE
http://bit.ly/2YGhBzN
Submitted May 23, 2019 at 01:19AM by bnbdr
via reddit http://bit.ly/2VHOfio
http://bit.ly/2YGhBzN
Submitted May 23, 2019 at 01:19AM by bnbdr
via reddit http://bit.ly/2VHOfio
https://bnbdr.github.io/
WD My Cloud RCE
*slaps NAS* This baby fits so many CVEs
How to Create a Malware Detection System With Machine Learning
http://bit.ly/2WZPhb3
Submitted May 23, 2019 at 04:10AM by evilsocket
via reddit http://bit.ly/2ECrAPd
http://bit.ly/2WZPhb3
Submitted May 23, 2019 at 04:10AM by evilsocket
via reddit http://bit.ly/2ECrAPd
evilsocket
How to Create a Malware Detection System With Machine Learning
In this post we’ll talk about two topics I love and that have been central elements of my (private) research for the last ~7 years: machine learning and malware detection. Having a rather empirical an
Multithreaded powershell noscript to exfiltrate data securely
http://bit.ly/2VTy46G
Submitted May 23, 2019 at 03:43AM by p3nt4
via reddit http://bit.ly/2YC1TWi
http://bit.ly/2VTy46G
Submitted May 23, 2019 at 03:43AM by p3nt4
via reddit http://bit.ly/2YC1TWi
GitHub
p3nt4/MagicCopy
Powershell noscript to exfiltrate large files quickly and securely - p3nt4/MagicCopy
Love is in the air: Reverse Engineering a shitty drone :: EzequielTBH Blog's
http://bit.ly/2VJWKK2
Submitted May 23, 2019 at 07:52AM by EzequielTBH
via reddit http://bit.ly/2wnFW1n
http://bit.ly/2VJWKK2
Submitted May 23, 2019 at 07:52AM by EzequielTBH
via reddit http://bit.ly/2wnFW1n
ezequieltbh.me
Love is in the air: Reverse Engineering a shitty drone
On March 9, 2018, (hey, better late than never :), Security Jam, a security meeting/conference, was held, where speakers present their Research in a relaxed environment.
Last year I was lucky enough to be able to participate as a Speaker giving a talk called:…
Last year I was lucky enough to be able to participate as a Speaker giving a talk called:…