The Bible of Kerberos Attacks
http://bit.ly/2HVXvfv
Submitted June 04, 2019 at 03:04PM by gid0rah
via reddit http://bit.ly/3192sZF
http://bit.ly/2HVXvfv
Submitted June 04, 2019 at 03:04PM by gid0rah
via reddit http://bit.ly/3192sZF
Tarlogic Security - Cyber Security and Ethical hacking
Kerberos (II): How to attack Kerberos?
IntroductionIn this article about Kerberos, a few attacks against the protocol will be shown. In order to refresh the concepts behind the following attacks, it is recommended to check the first part of this series which covers Kerberos theory.The post is…
APT34/OilRig update - Jason, new leaked bruteforce tool
http://bit.ly/2Gl8uNy
Submitted June 04, 2019 at 02:59PM by GelosSnake
via reddit http://bit.ly/2WmxZZp
http://bit.ly/2Gl8uNy
Submitted June 04, 2019 at 02:59PM by GelosSnake
via reddit http://bit.ly/2WmxZZp
reddit
r/netsec - APT34/OilRig update - Jason, new leaked bruteforce tool
0 votes and 0 comments so far on Reddit
Another Task Scheduler 0day, Another Task Scheduler Micropatch (The SandboxEscaper Saga)
http://bit.ly/2Kp8Mqc
Submitted June 04, 2019 at 05:33PM by dielel
via reddit http://bit.ly/2ERwZSt
http://bit.ly/2Kp8Mqc
Submitted June 04, 2019 at 05:33PM by dielel
via reddit http://bit.ly/2ERwZSt
0Patch
Another Task Scheduler 0day, Another Task Scheduler Micropatch (The SandboxEscaper Saga)
Backward Compatibility is Hard, and so is Stacked Impersonation by Simon Raner and Mitja Kolsek, the 0patch Team Last August we is...
macOS - Getting root with benign AppStore apps
http://bit.ly/2QLM78M
Submitted June 04, 2019 at 09:45PM by PositivePeter
via reddit http://bit.ly/2wDUh9K
http://bit.ly/2QLM78M
Submitted June 04, 2019 at 09:45PM by PositivePeter
via reddit http://bit.ly/2wDUh9K
theevilbit.github.io
macOS - Getting root with benign AppStore apps
This writeup is intended to be a bit of storytelling. I would like to show how I went down the rabbit hole in a quick ’research’ I wanted to do, and eventually found a local privilege escalation vulnerability in macOS. I also want to show, tell about all…
Vim/Neovim Arbitrary Code Execution via Modelines
https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md
Submitted June 04, 2019 at 11:08PM by Fa1l3r
via reddit https://www.reddit.com/r/netsec/comments/bwrjrx/vimneovim_arbitrary_code_execution_via_modelines/?utm_source=ifttt
https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md
Submitted June 04, 2019 at 11:08PM by Fa1l3r
via reddit https://www.reddit.com/r/netsec/comments/bwrjrx/vimneovim_arbitrary_code_execution_via_modelines/?utm_source=ifttt
GitHub
security/doc/2019-06-04_ace-vim-neovim.md at master · numirias/security
Some of my security stuff and vulnerabilities. Nothing advanced. More to come. - numirias/security
Quest Diagnostics says 11.9 million patients' financial and medical information may have been exposed in data breach
https://www.cnbc.com/2019/06/03/quest-diagnostics-says-nearly-12-million-patients-may-have-had-data-breached.html
Submitted June 04, 2019 at 10:40PM by RGray805
via reddit http://bit.ly/2EU4dR0
https://www.cnbc.com/2019/06/03/quest-diagnostics-says-nearly-12-million-patients-may-have-had-data-breached.html
Submitted June 04, 2019 at 10:40PM by RGray805
via reddit http://bit.ly/2EU4dR0
CNBC
Quest Diagnostics says 11.9 million patients' financial and medical information may have been exposed in data breach
About 11.9 million Quest Diagnostics patients may have had their financial, medical and other personal information exposed in a data breach, the company said Monday.
secDevLabs: Open-source training lab with OWASP Top10 based vulnerable apps to be secured by developers through Pull Requests
http://bit.ly/2WnT59P
Submitted June 04, 2019 at 10:23PM by Krlier
via reddit http://bit.ly/2WaLLJW
http://bit.ly/2WnT59P
Submitted June 04, 2019 at 10:23PM by Krlier
via reddit http://bit.ly/2WaLLJW
GitHub
globocom/secDevLabs
Laboratory for those who are interested in learning about web security - globocom/secDevLabs
Bypassing CA cert checks in Flutter based apps on Android
http://bit.ly/2QK2TVK
Submitted June 05, 2019 at 12:08AM by fridgehead
via reddit http://bit.ly/2WMBdF5
http://bit.ly/2QK2TVK
Submitted June 05, 2019 at 12:08AM by fridgehead
via reddit http://bit.ly/2WMBdF5
Orangewi.re Labs
Bypassing Root CA checks in Flutter based apps on Android
I recently started looking at Android apps based on the Flutter framework, I’d not come across any before and after a pub discussion about something entirely unrelated managed to find one to …
CapsAttacks: Testing Adversarial Attacks on Capsule Networks
http://bit.ly/2WjImNE
Submitted June 05, 2019 at 12:18AM by Yuqing7
via reddit http://bit.ly/2Wqm2Sz
http://bit.ly/2WjImNE
Submitted June 05, 2019 at 12:18AM by Yuqing7
via reddit http://bit.ly/2Wqm2Sz
Medium
CapsAttacks: Testing Adversarial Attacks on Capsule Networks
Convolutional Neural Networks (CNNs) have been proven vulnerable to attacks by adversarial samples. These slight image modifications are…
Google's Project Zero hacks Windows Notepad to offer remote shell access
http://bit.ly/30XUnHk
Submitted June 05, 2019 at 01:05AM by cos
via reddit http://bit.ly/2IcRlWY
http://bit.ly/30XUnHk
Submitted June 05, 2019 at 01:05AM by cos
via reddit http://bit.ly/2IcRlWY
MSPoweruser
Google’s Project Zero hacks Windows Notepad to offer remote shell access
It seems Windows Notepad’s days of innocence is over, as Threatpost reports that Google’s Project Zero has managed to corrupt the app into an entry point for full system access. Tavis Ormandy, from Google’s Project Zero managed to find a memory corruption…
SameSite cookies in practice
http://bit.ly/318CxBv
Submitted June 05, 2019 at 12:49PM by neverforgetdream
via reddit http://bit.ly/2XsS5O8
http://bit.ly/318CxBv
Submitted June 05, 2019 at 12:49PM by neverforgetdream
via reddit http://bit.ly/2XsS5O8
reddit
r/netsec - SameSite cookies in practice
0 votes and 0 comments so far on Reddit
Build an easy RDP Honeypot with Raspberry PI 3 and observe the infamous attacks as (BlueKeep) CVE-2019–0708
http://bit.ly/2WJfH3X
Submitted June 05, 2019 at 01:22PM by alt3kx
via reddit http://bit.ly/2QMRy76
http://bit.ly/2WJfH3X
Submitted June 05, 2019 at 01:22PM by alt3kx
via reddit http://bit.ly/2QMRy76
Medium
Build an easy RDP Honeypot with Raspberry PI 3 and observe the infamous attacks as (BlueKeep) CVE-2019–0708
Last weeks a big activity on networks trying to attack RDP service , maybe a botnets looking an infected “zombies” on RDP services or…
How to create an EVIL LTE Twin
http://bit.ly/2wBYMlh
Submitted June 05, 2019 at 04:43PM by pentest4life
via reddit http://bit.ly/2XrvIst
http://bit.ly/2wBYMlh
Submitted June 05, 2019 at 04:43PM by pentest4life
via reddit http://bit.ly/2XrvIst
Medium
How to create an EVIL LTE Twin
Be very careful when playing with any cellular bands. Denial of service attacks can have devastating and sometimes jail worthy…
Pulling Credentials from Logs in Exagrid Appliances
http://bit.ly/2MF0mgW
Submitted June 05, 2019 at 06:00PM by regul8_
via reddit http://bit.ly/2XqKQ9u
http://bit.ly/2MF0mgW
Submitted June 05, 2019 at 06:00PM by regul8_
via reddit http://bit.ly/2XqKQ9u
InquisIT
Exagrid Directory Traversal Vulnerability (CVE-2019-12310) to “Support” Credential Extraction - InquisIT
Summary The Exagrid backup appliance at version 4.8.1.1044.P50 suffers from a directory traversal vulnerability at “http://EXAGRID_IP/monitor/data/Upgrade/” (case sensitive) which allows unauthenticated access to detailed log files. Active “support” credentials…
Launching Incidents: an open source web app for organizing non-trivial security investigations
https://github.com/veeral-patel/incidentsJIRA, Google Docs, and Slack are sufficient for small security incidents, but as more people get involved and the scope of the investigation grows, it's hard to feel in control and not miss things.Our insight is that incidents are trees of tickets, where some tickets are leads.https://i.redd.it/ji74b2mwpe231.pngVideo Demo: https://www.youtube.com/watch?v=Z7U2iYwOpQ4Live Demo: http://134.209.4.68(Author here, feel free to ask questions)
Submitted June 05, 2019 at 02:49AM by yaraz
via reddit http://bit.ly/2wz5rwH
https://github.com/veeral-patel/incidentsJIRA, Google Docs, and Slack are sufficient for small security incidents, but as more people get involved and the scope of the investigation grows, it's hard to feel in control and not miss things.Our insight is that incidents are trees of tickets, where some tickets are leads.https://i.redd.it/ji74b2mwpe231.pngVideo Demo: https://www.youtube.com/watch?v=Z7U2iYwOpQ4Live Demo: http://134.209.4.68(Author here, feel free to ask questions)
Submitted June 05, 2019 at 02:49AM by yaraz
via reddit http://bit.ly/2wz5rwH
GitHub
GitHub - veeral-patel/incidents: Please use https://github.com/veeral-patel/true-positive instead
Please use https://github.com/veeral-patel/true-positive instead - veeral-patel/incidents
Bypassing CSP with policy injection
http://bit.ly/2MxLdy6
Submitted June 05, 2019 at 06:43PM by albinowax
via reddit http://bit.ly/2XuT80e
http://bit.ly/2MxLdy6
Submitted June 05, 2019 at 06:43PM by albinowax
via reddit http://bit.ly/2XuT80e
portswigger.net
Bypassing CSP with policy injection | Blog
Whilst testing PayPal looking for ways to bypass CSP and mixed content protection I found an interesting behaviour. PayPal was putting a GET parameter called token inside the report-uri directive of t
We Decide What You See: Remote Code Execution on a Major IPTV Platform - Check Point Research
http://bit.ly/2WmQnl4
Submitted June 05, 2019 at 07:48PM by omriher
via reddit http://bit.ly/2WvuJLH
http://bit.ly/2WmQnl4
Submitted June 05, 2019 at 07:48PM by omriher
via reddit http://bit.ly/2WvuJLH
Check Point Research
We Decide What You See: Remote Code Execution on a Major IPTV Platform - Check Point Research
Research by: Ronen Shustin Introduction About a year ago Check Point Research discovered critical vulnerabilities in a Ukrainian TV streaming platform that, if exploited, could leave service providers exposed to a serious breach. The risks would be their…
What To Do When SIM-Swapping Happens To You - Medium
http://bit.ly/2EQHTry
Submitted June 06, 2019 at 12:04AM by trogdortb001
via reddit http://bit.ly/2wzS1As
http://bit.ly/2EQHTry
Submitted June 06, 2019 at 12:04AM by trogdortb001
via reddit http://bit.ly/2wzS1As
Medium
What To Do When SIM-Swapping Happens To You
CipherBlade in MyCryptoJun 5 · 50 min read
Implementing Application Whitelisting with Google Santa and Upvote (Part 2 of 2)
http://bit.ly/2Iob2Lz
Submitted June 06, 2019 at 01:07AM by myover
via reddit http://bit.ly/2IrzRX0
http://bit.ly/2Iob2Lz
Submitted June 06, 2019 at 01:07AM by myover
via reddit http://bit.ly/2IrzRX0
Praetorian
Implementing Application Whitelisting with Google Santa and Upvote (Part 2 of 2)
In part 2 of this series, we will provide technical guidance on how you can deploy Google Santa and Upvote in your organization.
WAF through the eyes of hackers or how to bypass modern WAF
http://bit.ly/2HVQATn
Submitted June 05, 2019 at 04:07PM by barracud4_
via reddit http://bit.ly/2IjSvA3
http://bit.ly/2HVQATn
Submitted June 05, 2019 at 04:07PM by barracud4_
via reddit http://bit.ly/2IjSvA3
Habr
WAF through the eyes of hackers
Today we’re going to talk about one of the modern security mechanism for web applications, namely Web Application Firewall (WAF). We’ll discuss modern WAFs and...
PSPTool – Parse and trace firmware of AMD's Platform Security Processor
http://bit.ly/3191Rre
Submitted June 05, 2019 at 02:15PM by cwerling
via reddit http://bit.ly/2HVPQxz
http://bit.ly/3191Rre
Submitted June 05, 2019 at 02:15PM by cwerling
via reddit http://bit.ly/2HVPQxz
GitHub
cwerling/psptool
Display, extract, and manipulate PSP firmware inside UEFI images - cwerling/psptool