UXSS in Safari
http://bit.ly/2HvKBoc
Submitted May 22, 2019 at 01:03PM by i_bo0om
via reddit http://bit.ly/2EmzL1W
http://bit.ly/2HvKBoc
Submitted May 22, 2019 at 01:03PM by i_bo0om
via reddit http://bit.ly/2EmzL1W
Speaker Deck
2000day in Safari
Unauthenticated CVE-2019-0708 (RDP RCE) scanner PoC
http://bit.ly/2EprIRK
Submitted May 22, 2019 at 12:41PM by Fugitif
via reddit http://bit.ly/2Eo7FU2
http://bit.ly/2EprIRK
Submitted May 22, 2019 at 12:41PM by Fugitif
via reddit http://bit.ly/2Eo7FU2
GitHub
zerosum0x0/CVE-2019-0708
Scanner PoC for CVE-2019-0708 RDP RCE vuln. Contribute to zerosum0x0/CVE-2019-0708 development by creating an account on GitHub.
Online dating: best sites and how to avoid dating scams
http://bit.ly/2VW5Nwe
Submitted May 22, 2019 at 02:19PM by MoneyShoulder
via reddit http://bit.ly/2HLXNUL
http://bit.ly/2VW5Nwe
Submitted May 22, 2019 at 02:19PM by MoneyShoulder
via reddit http://bit.ly/2HLXNUL
Medium
Online dating: best sites and how to avoid dating scams
Online dating is a common thing now, it is hard to find people to date and online dating apps makes it easier to do so and it is more…
[Squally] - New Mini-Game to Teach x86/x64 Registers, Pointers, Segfaults, Addressing
http://bit.ly/2vEochC
Submitted May 22, 2019 at 03:26PM by Aecial
via reddit http://bit.ly/30EJKJ8
http://bit.ly/2vEochC
Submitted May 22, 2019 at 03:26PM by Aecial
via reddit http://bit.ly/30EJKJ8
reddit
[Squally] - New Mini-Game to Teach x86/x64 Registers, Pointers,...
Posted in r/programming by u/Aecial • 2,404 points and 73 comments
Possible Windows 10 Zero Day LPE PoC Code Released
http://bit.ly/2LZsviA
Submitted May 22, 2019 at 05:54PM by da7rutrak
via reddit http://bit.ly/2WXMO15
http://bit.ly/2LZsviA
Submitted May 22, 2019 at 05:54PM by da7rutrak
via reddit http://bit.ly/2WXMO15
GitHub
SandboxEscaper/polarbearrepo
Contribute to SandboxEscaper/polarbearrepo development by creating an account on GitHub.
My first professional article: "Static Code Analysis — A Personal Research Story"
http://bit.ly/2EqW06E
Submitted May 22, 2019 at 07:34PM by mjalt96
via reddit http://bit.ly/2WmLIP6
http://bit.ly/2EqW06E
Submitted May 22, 2019 at 07:34PM by mjalt96
via reddit http://bit.ly/2WmLIP6
Medium
Static Code Analysis — A Personal Research Story
Whether you have never heard of this before, you don’t know enough about it, or you already know but care to hear different perspectives…
Sophisticated Phishing Using Homograph Attacks
http://bit.ly/2LZ69xE
Submitted May 22, 2019 at 07:56PM by slashcrypto
via reddit http://bit.ly/2WnGO4m
http://bit.ly/2LZ69xE
Submitted May 22, 2019 at 07:56PM by slashcrypto
via reddit http://bit.ly/2WnGO4m
Offensity
Sophisticated Spear Phishing Campaigns using Homograph Attacks | Offensity
Use offense to plan defense.
New Windows 10 zero-day gets published to Github by SandboxEscaper
http://bit.ly/2VGqZS0
Submitted May 22, 2019 at 08:41PM by ThrowAway823434-234
via reddit http://bit.ly/30DOFu8
http://bit.ly/2VGqZS0
Submitted May 22, 2019 at 08:41PM by ThrowAway823434-234
via reddit http://bit.ly/30DOFu8
Neowin
New Windows 10 zero-day gets published to Github by SandboxEscaper
A new Windows 10 zero-day has surfaced on Github. The vulnerability, which Microsoft isn't believed to have been forewarned about, was released by SandboxEscaper who has previously released zero-days.
Building backdoors for Apache (PoC inside with socks5 support, root shell, hiding logs...)
http://bit.ly/2QhHQcE
Submitted May 22, 2019 at 08:25PM by gid0rah
via reddit http://bit.ly/2wjVp25
http://bit.ly/2QhHQcE
Submitted May 22, 2019 at 08:25PM by gid0rah
via reddit http://bit.ly/2wjVp25
Tarlogic Security - Cyber Security and Ethical hacking
Backdoors in XAMP stack (part III): Apache Modules
This third fascicle of the series about backdoors for web servers based on the XAMP stack (Apache2, MySQL, PHP), will focus on the development of modules for Apache2 in the context of a Red Team operation . The use of modules and plugins for web servers as…
Fuzz a WebSocket with the Python Kitty Fuzzing Framework (OWASP ZAP didn't work for this case)
http://bit.ly/2JVx2A1
Submitted May 22, 2019 at 09:46PM by andreashappe
via reddit http://bit.ly/2VJcX26
http://bit.ly/2JVx2A1
Submitted May 22, 2019 at 09:46PM by andreashappe
via reddit http://bit.ly/2VJcX26
snikt.net
To Fuzz a WebSocket
During a recent assignment the customer server was utilizing a WebSocket for some notification transport, part of my assignment was to fuzz-test the used WebSocket (and the messages transported over it).
To do this, I turned to my typical tools:
PortSwigger…
To do this, I turned to my typical tools:
PortSwigger…
No, 2FA Does Not Stop Credential Stuffing Attacks
http://bit.ly/2HLB8YL
Submitted May 22, 2019 at 10:24PM by jsoverson
via reddit http://bit.ly/30zsTYx
http://bit.ly/2HLB8YL
Submitted May 22, 2019 at 10:24PM by jsoverson
via reddit http://bit.ly/30zsTYx
Medium
No, 2FA Does Not Stop Credential Stuffing Attacks
Credential Stuffing Myth debunked.
Introducing py-ews: A cross-platform Python package to interact with eDiscovery endpoints using Exchange Web Services for Exchange 2010 to 2019 and Office 365
Hello Everyone, I recently released an open-source Python package called py-ews. Py-ews allows you to (at this time) interact with the Exchange 2010 to 2019 (on-premises) and Office 365 eDiscovery endpoints to:GetSearchableMailboxes: Automatically identify all mailboxes in your environment that you have access rights to search.SearchMailboxes: By using Microsoft’s Advanced Query Syntax you can search a single or all mailboxes in your environment.DeleteItem: You can HardDelete, SoftDelete or MoveToDeletedItems a mail item.Autodiscover: Autodiscover enables you to call a single endpoint when communicating with EWS.ResolveNames: Translate a users email address into a detailed user object to retrieve properties from.GetInboxRules: Determine the inbox rules of a single mailbox.You can read more about it with this blog post: https://swimlane.com/blog/swimlane-research-team-py-ews/The official documentation is here: https://py-ews.readthedocs.io/en/latest/Also, this is my first pypi python package (I previously have wrote and distributed a lot of PowerShell modules).I hope this helps some of you out there! Cheers!
Submitted May 22, 2019 at 09:33PM by _Unas_
via reddit http://bit.ly/2X2m67g
Hello Everyone, I recently released an open-source Python package called py-ews. Py-ews allows you to (at this time) interact with the Exchange 2010 to 2019 (on-premises) and Office 365 eDiscovery endpoints to:GetSearchableMailboxes: Automatically identify all mailboxes in your environment that you have access rights to search.SearchMailboxes: By using Microsoft’s Advanced Query Syntax you can search a single or all mailboxes in your environment.DeleteItem: You can HardDelete, SoftDelete or MoveToDeletedItems a mail item.Autodiscover: Autodiscover enables you to call a single endpoint when communicating with EWS.ResolveNames: Translate a users email address into a detailed user object to retrieve properties from.GetInboxRules: Determine the inbox rules of a single mailbox.You can read more about it with this blog post: https://swimlane.com/blog/swimlane-research-team-py-ews/The official documentation is here: https://py-ews.readthedocs.io/en/latest/Also, this is my first pypi python package (I previously have wrote and distributed a lot of PowerShell modules).I hope this helps some of you out there! Cheers!
Submitted May 22, 2019 at 09:33PM by _Unas_
via reddit http://bit.ly/2X2m67g
Docs
QueryString (QueryStringType)
The QueryString element contains a mailbox query string based on Advanced Query Syntax (AQS).
Write-up | WD My Cloud RCE
http://bit.ly/2YGhBzN
Submitted May 23, 2019 at 01:19AM by bnbdr
via reddit http://bit.ly/2VHOfio
http://bit.ly/2YGhBzN
Submitted May 23, 2019 at 01:19AM by bnbdr
via reddit http://bit.ly/2VHOfio
https://bnbdr.github.io/
WD My Cloud RCE
*slaps NAS* This baby fits so many CVEs
How to Create a Malware Detection System With Machine Learning
http://bit.ly/2WZPhb3
Submitted May 23, 2019 at 04:10AM by evilsocket
via reddit http://bit.ly/2ECrAPd
http://bit.ly/2WZPhb3
Submitted May 23, 2019 at 04:10AM by evilsocket
via reddit http://bit.ly/2ECrAPd
evilsocket
How to Create a Malware Detection System With Machine Learning
In this post we’ll talk about two topics I love and that have been central elements of my (private) research for the last ~7 years: machine learning and malware detection. Having a rather empirical an
Multithreaded powershell noscript to exfiltrate data securely
http://bit.ly/2VTy46G
Submitted May 23, 2019 at 03:43AM by p3nt4
via reddit http://bit.ly/2YC1TWi
http://bit.ly/2VTy46G
Submitted May 23, 2019 at 03:43AM by p3nt4
via reddit http://bit.ly/2YC1TWi
GitHub
p3nt4/MagicCopy
Powershell noscript to exfiltrate large files quickly and securely - p3nt4/MagicCopy
Love is in the air: Reverse Engineering a shitty drone :: EzequielTBH Blog's
http://bit.ly/2VJWKK2
Submitted May 23, 2019 at 07:52AM by EzequielTBH
via reddit http://bit.ly/2wnFW1n
http://bit.ly/2VJWKK2
Submitted May 23, 2019 at 07:52AM by EzequielTBH
via reddit http://bit.ly/2wnFW1n
ezequieltbh.me
Love is in the air: Reverse Engineering a shitty drone
On March 9, 2018, (hey, better late than never :), Security Jam, a security meeting/conference, was held, where speakers present their Research in a relaxed environment.
Last year I was lucky enough to be able to participate as a Speaker giving a talk called:…
Last year I was lucky enough to be able to participate as a Speaker giving a talk called:…
New Zero-Day Exploit for Bug in Windows 10 Task Scheduler
http://bit.ly/30CuqwH
Submitted May 23, 2019 at 10:43AM by 0x2dend
via reddit http://bit.ly/2HJZXUW
http://bit.ly/30CuqwH
Submitted May 23, 2019 at 10:43AM by 0x2dend
via reddit http://bit.ly/2HJZXUW
BleepingComputer
New Zero-Day Exploit for Bug in Windows 10 Task Scheduler
Exploit developer SandboxEscaper has quietly dropped a new zero-day exploit for the Windows operating system just a week after Microsoft's monthly cycle of security updates.
Fun With Custom URI Schemes, featuring another Origin RCE
http://bit.ly/2YGOwEn
Submitted May 23, 2019 at 10:41AM by bigsn00p
via reddit http://bit.ly/2VXBcia
http://bit.ly/2YGOwEn
Submitted May 23, 2019 at 10:41AM by bigsn00p
via reddit http://bit.ly/2VXBcia
zeropwn.github.io
Fun With Custom URI Schemes
Take a look into how custom URI schemes can be used to leverage underlying vulnerabilities in applications.
Insights as incident responders on Business Email Compromises
http://bit.ly/2Mjb64P
Submitted May 23, 2019 at 02:19PM by Bobbygehim
via reddit http://bit.ly/2YKbYRg
http://bit.ly/2Mjb64P
Submitted May 23, 2019 at 02:19PM by Bobbygehim
via reddit http://bit.ly/2YKbYRg
Linkedin
Responding to a Business Email Compromise - Part 3
This three-part blog series is about Business Email Compromises (BEC) targeting Office 365 environments and our insights as incident responders. The first post can be found here and contains an introduction to BEC attacks and the challenges that often arise…
Why Reverse Tabnabbing Matters (an Example on Reddit)
http://bit.ly/2X9zEhe
Submitted May 23, 2019 at 01:32PM by RedTeamPentesting
via reddit http://bit.ly/2EsZ1nf
http://bit.ly/2X9zEhe
Submitted May 23, 2019 at 01:32PM by RedTeamPentesting
via reddit http://bit.ly/2EsZ1nf
reddit
r/netsec - Why Reverse Tabnabbing Matters (an Example on Reddit)
0 votes and 1 comment so far on Reddit
Abusing jQuery for CSS powered timing attacks | Blog
http://bit.ly/2HQsSXE
Submitted May 23, 2019 at 05:58PM by minecrater1
via reddit http://bit.ly/2wgU64g
http://bit.ly/2HQsSXE
Submitted May 23, 2019 at 05:58PM by minecrater1
via reddit http://bit.ly/2wgU64g
portswigger.net
Abusing jQuery for CSS powered timing attacks | Blog
Arthur Saftnes did some quite awesome research last year on timing attacks with jQuery CSS selectors, in fact it was probably my favourite blog post from last year. It's a common design pattern for we