Google's Project Zero hacks Windows Notepad to offer remote shell access
http://bit.ly/30XUnHk
Submitted June 05, 2019 at 01:05AM by cos
via reddit http://bit.ly/2IcRlWY
http://bit.ly/30XUnHk
Submitted June 05, 2019 at 01:05AM by cos
via reddit http://bit.ly/2IcRlWY
MSPoweruser
Google’s Project Zero hacks Windows Notepad to offer remote shell access
It seems Windows Notepad’s days of innocence is over, as Threatpost reports that Google’s Project Zero has managed to corrupt the app into an entry point for full system access. Tavis Ormandy, from Google’s Project Zero managed to find a memory corruption…
SameSite cookies in practice
http://bit.ly/318CxBv
Submitted June 05, 2019 at 12:49PM by neverforgetdream
via reddit http://bit.ly/2XsS5O8
http://bit.ly/318CxBv
Submitted June 05, 2019 at 12:49PM by neverforgetdream
via reddit http://bit.ly/2XsS5O8
reddit
r/netsec - SameSite cookies in practice
0 votes and 0 comments so far on Reddit
Build an easy RDP Honeypot with Raspberry PI 3 and observe the infamous attacks as (BlueKeep) CVE-2019–0708
http://bit.ly/2WJfH3X
Submitted June 05, 2019 at 01:22PM by alt3kx
via reddit http://bit.ly/2QMRy76
http://bit.ly/2WJfH3X
Submitted June 05, 2019 at 01:22PM by alt3kx
via reddit http://bit.ly/2QMRy76
Medium
Build an easy RDP Honeypot with Raspberry PI 3 and observe the infamous attacks as (BlueKeep) CVE-2019–0708
Last weeks a big activity on networks trying to attack RDP service , maybe a botnets looking an infected “zombies” on RDP services or…
How to create an EVIL LTE Twin
http://bit.ly/2wBYMlh
Submitted June 05, 2019 at 04:43PM by pentest4life
via reddit http://bit.ly/2XrvIst
http://bit.ly/2wBYMlh
Submitted June 05, 2019 at 04:43PM by pentest4life
via reddit http://bit.ly/2XrvIst
Medium
How to create an EVIL LTE Twin
Be very careful when playing with any cellular bands. Denial of service attacks can have devastating and sometimes jail worthy…
Pulling Credentials from Logs in Exagrid Appliances
http://bit.ly/2MF0mgW
Submitted June 05, 2019 at 06:00PM by regul8_
via reddit http://bit.ly/2XqKQ9u
http://bit.ly/2MF0mgW
Submitted June 05, 2019 at 06:00PM by regul8_
via reddit http://bit.ly/2XqKQ9u
InquisIT
Exagrid Directory Traversal Vulnerability (CVE-2019-12310) to “Support” Credential Extraction - InquisIT
Summary The Exagrid backup appliance at version 4.8.1.1044.P50 suffers from a directory traversal vulnerability at “http://EXAGRID_IP/monitor/data/Upgrade/” (case sensitive) which allows unauthenticated access to detailed log files. Active “support” credentials…
Launching Incidents: an open source web app for organizing non-trivial security investigations
https://github.com/veeral-patel/incidentsJIRA, Google Docs, and Slack are sufficient for small security incidents, but as more people get involved and the scope of the investigation grows, it's hard to feel in control and not miss things.Our insight is that incidents are trees of tickets, where some tickets are leads.https://i.redd.it/ji74b2mwpe231.pngVideo Demo: https://www.youtube.com/watch?v=Z7U2iYwOpQ4Live Demo: http://134.209.4.68(Author here, feel free to ask questions)
Submitted June 05, 2019 at 02:49AM by yaraz
via reddit http://bit.ly/2wz5rwH
https://github.com/veeral-patel/incidentsJIRA, Google Docs, and Slack are sufficient for small security incidents, but as more people get involved and the scope of the investigation grows, it's hard to feel in control and not miss things.Our insight is that incidents are trees of tickets, where some tickets are leads.https://i.redd.it/ji74b2mwpe231.pngVideo Demo: https://www.youtube.com/watch?v=Z7U2iYwOpQ4Live Demo: http://134.209.4.68(Author here, feel free to ask questions)
Submitted June 05, 2019 at 02:49AM by yaraz
via reddit http://bit.ly/2wz5rwH
GitHub
GitHub - veeral-patel/incidents: Please use https://github.com/veeral-patel/true-positive instead
Please use https://github.com/veeral-patel/true-positive instead - veeral-patel/incidents
Bypassing CSP with policy injection
http://bit.ly/2MxLdy6
Submitted June 05, 2019 at 06:43PM by albinowax
via reddit http://bit.ly/2XuT80e
http://bit.ly/2MxLdy6
Submitted June 05, 2019 at 06:43PM by albinowax
via reddit http://bit.ly/2XuT80e
portswigger.net
Bypassing CSP with policy injection | Blog
Whilst testing PayPal looking for ways to bypass CSP and mixed content protection I found an interesting behaviour. PayPal was putting a GET parameter called token inside the report-uri directive of t
We Decide What You See: Remote Code Execution on a Major IPTV Platform - Check Point Research
http://bit.ly/2WmQnl4
Submitted June 05, 2019 at 07:48PM by omriher
via reddit http://bit.ly/2WvuJLH
http://bit.ly/2WmQnl4
Submitted June 05, 2019 at 07:48PM by omriher
via reddit http://bit.ly/2WvuJLH
Check Point Research
We Decide What You See: Remote Code Execution on a Major IPTV Platform - Check Point Research
Research by: Ronen Shustin Introduction About a year ago Check Point Research discovered critical vulnerabilities in a Ukrainian TV streaming platform that, if exploited, could leave service providers exposed to a serious breach. The risks would be their…
What To Do When SIM-Swapping Happens To You - Medium
http://bit.ly/2EQHTry
Submitted June 06, 2019 at 12:04AM by trogdortb001
via reddit http://bit.ly/2wzS1As
http://bit.ly/2EQHTry
Submitted June 06, 2019 at 12:04AM by trogdortb001
via reddit http://bit.ly/2wzS1As
Medium
What To Do When SIM-Swapping Happens To You
CipherBlade in MyCryptoJun 5 · 50 min read
Implementing Application Whitelisting with Google Santa and Upvote (Part 2 of 2)
http://bit.ly/2Iob2Lz
Submitted June 06, 2019 at 01:07AM by myover
via reddit http://bit.ly/2IrzRX0
http://bit.ly/2Iob2Lz
Submitted June 06, 2019 at 01:07AM by myover
via reddit http://bit.ly/2IrzRX0
Praetorian
Implementing Application Whitelisting with Google Santa and Upvote (Part 2 of 2)
In part 2 of this series, we will provide technical guidance on how you can deploy Google Santa and Upvote in your organization.
WAF through the eyes of hackers or how to bypass modern WAF
http://bit.ly/2HVQATn
Submitted June 05, 2019 at 04:07PM by barracud4_
via reddit http://bit.ly/2IjSvA3
http://bit.ly/2HVQATn
Submitted June 05, 2019 at 04:07PM by barracud4_
via reddit http://bit.ly/2IjSvA3
Habr
WAF through the eyes of hackers
Today we’re going to talk about one of the modern security mechanism for web applications, namely Web Application Firewall (WAF). We’ll discuss modern WAFs and...
PSPTool – Parse and trace firmware of AMD's Platform Security Processor
http://bit.ly/3191Rre
Submitted June 05, 2019 at 02:15PM by cwerling
via reddit http://bit.ly/2HVPQxz
http://bit.ly/3191Rre
Submitted June 05, 2019 at 02:15PM by cwerling
via reddit http://bit.ly/2HVPQxz
GitHub
cwerling/psptool
Display, extract, and manipulate PSP firmware inside UEFI images - cwerling/psptool
Welcome Endgame: Bringing Endpoint Security to the Elastic Stack
http://bit.ly/2wFMdoZ
Submitted June 06, 2019 at 03:06AM by CloudButWhy
via reddit http://bit.ly/2Woi0dm
http://bit.ly/2wFMdoZ
Submitted June 06, 2019 at 03:06AM by CloudButWhy
via reddit http://bit.ly/2Woi0dm
Elastic Blog
Welcome Endgame: Bringing Endpoint Security to the Elastic Stack
We are excited to announce that we have entered into an acquisition agreement to join forces with Endgame, Inc. an endpoint security company.
Tutorial: Bringing passwords back like a necromancer with h8mail
http://bit.ly/2WIpMyj
Submitted June 06, 2019 at 03:03AM by khast3x
via reddit http://bit.ly/2Wge2hZ
http://bit.ly/2WIpMyj
Submitted June 06, 2019 at 03:03AM by khast3x
via reddit http://bit.ly/2Wge2hZ
khast3x.club
Getting started with h8mail v2
Information security, tips, hacks and giggles
http://bit.ly/1gFjN4e
http://bit.ly/2Wiv6UH
Submitted June 06, 2019 at 04:42PM by khasaia
via reddit http://bit.ly/2ZaYLRs
http://bit.ly/2Wiv6UH
Submitted June 06, 2019 at 04:42PM by khasaia
via reddit http://bit.ly/2ZaYLRs
secrary[dot]com::LashaKhasaia
Hide From Sandboxes And Emulators
This blog is about malware analysis and reverse engineering. I’m Lasha Khasaia
Understanding LTE, and how to create an LTE Evil Twin to passively obtain IMSI numbers
http://bit.ly/2wBYMlh
Submitted June 06, 2019 at 04:38PM by pentest4life
via reddit http://bit.ly/2ERQla0
http://bit.ly/2wBYMlh
Submitted June 06, 2019 at 04:38PM by pentest4life
via reddit http://bit.ly/2ERQla0
Medium
How to create an EVIL LTE Twin
Be very careful when playing with any cellular bands. Denial of service attacks can have devastating and sometimes jail worthy…
New Toys!
http://bit.ly/2WNwaEw
Submitted June 06, 2019 at 04:07PM by HanoverWilliam
via reddit http://bit.ly/2QO1HAK
http://bit.ly/2WNwaEw
Submitted June 06, 2019 at 04:07PM by HanoverWilliam
via reddit http://bit.ly/2QO1HAK
reddit
r/netsec - New Toys!
0 votes and 1 comment so far on Reddit
Web Application Firewall through the eyes of hackers
http://bit.ly/2HWYdJb
Submitted June 06, 2019 at 05:19PM by atomlib_com
via reddit http://bit.ly/2WrCkKT
http://bit.ly/2HWYdJb
Submitted June 06, 2019 at 05:19PM by atomlib_com
via reddit http://bit.ly/2WrCkKT
Habr
WAF through the eyes of hackers
Today we’re going to talk about one of the modern security mechanism for web applications, namely Web Application Firewall (WAF). We’ll discuss modern WAFs and...
Osquery for Windows access right misconfiguration Elevation of Privilege (CVE-2019-3567)
http://bit.ly/2HXhrhO
Submitted June 06, 2019 at 05:32PM by the-useless-one
via reddit http://bit.ly/2ZbJWOO
http://bit.ly/2HXhrhO
Submitted June 06, 2019 at 05:32PM by the-useless-one
via reddit http://bit.ly/2ZbJWOO
reddit
r/netsec - Osquery for Windows access right misconfiguration Elevation of Privilege (CVE-2019-3567)
0 votes and 0 comments so far on Reddit
Our Discord server focused on CyberSec. We also provide labs and VPSes. Also, challenges are held regularly.
http://bit.ly/2IoFeGv
Submitted June 06, 2019 at 05:20PM by NunyaBisns
via reddit http://bit.ly/2EUTPJ1
http://bit.ly/2IoFeGv
Submitted June 06, 2019 at 05:20PM by NunyaBisns
via reddit http://bit.ly/2EUTPJ1
Discord
Join the CybertechITsolutions Discord Server!
Check out the CybertechITsolutions community on Discord - hang out with 248 other members and enjoy free voice and text chat.
What we learned from Infosecurity Europe 2019: GDPR, budgets and people problems
http://bit.ly/2Xqa5J4
Submitted June 06, 2019 at 06:10PM by KeyDutch
via reddit http://bit.ly/2HYX1Fg
http://bit.ly/2Xqa5J4
Submitted June 06, 2019 at 06:10PM by KeyDutch
via reddit http://bit.ly/2HYX1Fg
Immuniweb
What we learned from Infosecurity Europe 2019: GDPR, budgets and people problems
Infosecurity Europe 2019 has come and gone this week, highlighting new broad industry trends, re-examining security specifics and challenging existing thinking.