Windows-Based Exploitation —VulnServer TRUN Command Buffer Overflow
http://bit.ly/2QwTUHi

Submitted May 30, 2019 at 06:45PM by Eta-Meson
via reddit http://bit.ly/2Milv0u

BlueKeep Exploit POC (minus payload)
http://bit.ly/2MipIRC

Submitted May 30, 2019 at 07:29PM by got_nations
via reddit http://bit.ly/2HK05F3

When all else fails - find a 0-day [InfluxDB authentication bypass]
http://bit.ly/2HOwcUp

Submitted May 30, 2019 at 07:13PM by zoh4rs
via reddit http://bit.ly/2Mk3GOv

Coding a WebAssembly CTF Challenge
http://bit.ly/2JSrmaX

Submitted May 30, 2019 at 08:36PM by chicksdigthelongrun
via reddit http://bit.ly/2QBornf

Breaking Out of Rkt containers - 3 New Unpatched CVEs
http://bit.ly/2Qyb8nH

Submitted May 30, 2019 at 09:25PM by YuvalAvra
via reddit http://bit.ly/2WFryAl

Docker Bug Allows Root Access to Host File System
https://duo.sc/2KaqXjb

Submitted May 30, 2019 at 11:33PM by Lunarghini
via reddit http://bit.ly/2Kb3ePQ

Recorded Future threat intelligence firm acquired by Insight Partners for $780M
http://bit.ly/2ECTsmb

Submitted May 30, 2019 at 11:14PM by mintpomegranate
via reddit http://bit.ly/2HLvWoZ

Implementing a New CPU Architecture for Ghidra
http://bit.ly/2YUhAZ9

Submitted May 30, 2019 at 11:54PM by guedou
via reddit http://bit.ly/30YjlWS

The time I was hacked by Mr. Sh
http://bit.ly/2EH3cfi

Submitted May 31, 2019 at 03:37AM by SlightlyCyborg
via reddit http://bit.ly/30XaEwc

A new super light protocol resistant to Eclipse Attacks
http://bit.ly/2WvagW8

Submitted May 31, 2019 at 08:08AM by yahsintw
via reddit http://bit.ly/2WfE61z

My thoughts after my first (real) attempt at Hackthebox - Beginner Guides - 0x00sec
http://bit.ly/2Mlz6nH

Submitted May 31, 2019 at 01:33PM by Evil1337
via reddit http://bit.ly/2HMwGdp

I made this tool to look for all the build logs of CI tools such as Travis-CI which can then be used to find sensitive information
http://bit.ly/2KgHKkK

Submitted May 31, 2019 at 03:55PM by darshkpatel
via reddit http://bit.ly/2YWQu3x

Bypass default AppLocker rules - A post about a small discovery in AppLocker
http://bit.ly/2wEIHLT

Submitted May 31, 2019 at 05:50PM by oddvarmoe
via reddit http://bit.ly/30X1oZ0

Infosec career path
http://bit.ly/2Z00M36

Submitted May 31, 2019 at 09:08PM by trajanhorses
via reddit http://bit.ly/2MvEHbk

Public DNS in Taiwan the latest victim to BGP hijack
http://bit.ly/2Wcog7Y

Submitted May 31, 2019 at 11:30PM by danyork
via reddit http://bit.ly/2I9Dota

Analyzing a Coin Mining and Remote Access Hybrid Campaign
http://bit.ly/2KhoDHl

Submitted May 31, 2019 at 11:45PM by kindredsec
via reddit http://bit.ly/2Ke08uq

Exploiting File Uploads Pt. 1 – MIME Sniffing to Stored XSS
http://bit.ly/2WAaLOR

Submitted May 31, 2019 at 11:53PM by deft3
via reddit http://bit.ly/2XjE8Sz

Pgen – Command-line passphrase generator
The EFF has made and published three lists of words to use that are easy to spell and generally easy to remember.I wrote a command-line tool in Rust for generating passphrase using these wordlists. I use it myself any time I need a password.My tool is fast, free of charge, open source and it can also tell you the entropy that will result for any given choice of number of words.For example let’s say I want it to give me four words from the long wordlist, and I want to know how many bits of entropy this corresponds to.

pgen -l -n 4 -e Current settings will create passphrases with 51.70 bits of entropy. 

51.70 bits of entropy.What does that mean, you might ask.The Wikipedia article on password strength (https://en.wikipedia.org/wiki/Password_strength) explains it well:A password with an entropy of 42 bits calculated in this way would be as strong as a string of 42 bits chosen randomly, for example by a fair coin toss. Put another way, a password with an entropy of 42 bits would require 242 (4,398,046,511,104) attempts to exhaust all possibilities during a brute force search. Thus, by increasing the entropy of the password by one bit the number of guesses required doubles, making an attacker's task twice as difficult. On average, an attacker will have to try half the possible number of passwords before finding the correct one.Ok, so how good is 51.70 bits of entropy?Wikipedia, same article again:The minimum number of bits of entropy needed for a password depends on the threat model for the given application. [...] RFC 4086, "Randomness Requirements for Security", presents some example threat models and how to calculate the entropy desired for each one. Their answers vary between 29 bits of entropy needed if only online attacks are expected, and up to 96 bits of entropy needed for important cryptographic keys used in applications like encryption where the password or key needs to be secure for a long period of time and stretching isn't applicable.So let's say that you are satisfied with 51.70 bits of entropy in this case. What does a password like that look like? Let's generate one.

pgen -l -n 4 plastic case refocus demise 

Pretty memorable right? :)Oh yeah, and about the claim that it's fast. Just how fast is it? Have a look.

time pgen -l -n 4 browbeat hummus sandbox unfixable real 0m0.005s user 0m0.001s sys 0m0.006s 

That's 5 milliseconds.But hey, let's say we wanted to generate a bunch of passphrases at once.How much time does it take to generate 10.000 passphrases and dump them into a text file?

time pgen -l -n 4 -k 10000 > 10k.txt real 0m0.132s user 0m0.073s sys 0m0.058s 

About zero point one seconds. Not that generating 10.000 passphrases is something that you are likely to do, but it just speaks to how fast this tool is ^^Source and instructions on how to install it are on GitHub.https://github.com/ctsrc/Pgen

Submitted May 31, 2019 at 10:27PM by codetrotter
via reddit http://bit.ly/2ENBxsS

Passive DNS - a tutorial to setup your own Passive DNS using D4 Project
http://bit.ly/2WzGpvR

Submitted June 01, 2019 at 02:13AM by adulau
via reddit http://bit.ly/2Mm1MwL

The /r/netsec Monthly Discussion Thread - June 2019
OverviewQuestions regarding netsec and discussion related directly to netsec are welcome here.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on /r/netsec.As always, the content & discussion guidelines should also be observed on /r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.

Submitted June 01, 2019 at 10:06AM by AutoModerator
via reddit http://bit.ly/2HP2A9e

Disclosing TOR users' real IP address through 301 HTTP Redirect Cache Poisoning
http://bit.ly/30YpGSl

Submitted June 01, 2019 at 10:32AM by piotrd_
via reddit http://bit.ly/2WhPFFJ