Unos consejos para fortificar MongoDB en el mundo NoSQL
http://feedproxy.google.com/~r/ElLadoDelMal/~3/-ZrxNscmZgY/unos-consejos-para-fortificar-mongodb.html
http://feedproxy.google.com/~r/ElLadoDelMal/~3/-ZrxNscmZgY/unos-consejos-para-fortificar-mongodb.html
Elladodelmal
Unos consejos para fortificar MongoDB en el mundo NoSQL
Blog personal de Chema Alonso, CDCO Telefónica, 0xWord, MyPublicInbox, sobre seguridad, hacking, hackers y Cálico Electrónico.
Chema vs. Chema: Descansar o Construir.
http://feedproxy.google.com/~r/ElLadoDelMal/~3/I2smacvOi40/chema-vs-chema-descansar-o-construir.html
http://feedproxy.google.com/~r/ElLadoDelMal/~3/I2smacvOi40/chema-vs-chema-descansar-o-construir.html
Elladodelmal
Chema vs. Chema: Descansar o Construir.
Blog personal de Chema Alonso, CDCO Telefónica, 0xWord, MyPublicInbox, sobre seguridad, hacking, hackers y Cálico Electrónico.
⚙️"Cómo recuperar la contraseña de archivos .rar o .zip" https://www.solvetic.com/tutoriales/article/2763-como-recuperar-la-contrasena-de-archivos-rar-o-zip/
Solvetic
▷ Quitar y RECUPERAR CONTRASEÑA WinRAR, Zip ✔️
Tutorial para poder quitar contraseña ZIP o recuperar contraseña WinRAR o RAR de diferentes formas.
🗺 Mapa con ataques informáticos en tiempo real: https://community.blueliv.com/map/
Herramienta para exfiltrar el texto de los documentos de Word abiertos
https://www.hackplayers.com/2020/08/herramienta-para-exfiltrar-el-texto-de.html
https://www.hackplayers.com/2020/08/herramienta-para-exfiltrar-el-texto-de.html
Hackplayers
Herramienta para exfiltrar el texto de los documentos de Word abiertos
Invoke-WordThief es una herramienta que se compone de un script en powershell que conecta con un servidor TCP implementado en python y que ...
⚙️"Guía de indicaciones para preservar los derechos fundamentales en Internet" https://xnet-x.net/manual-tecnico-derechos-fundamentales-internet/
Xnet - Internet, derechos y democracia en la era digital
Guía de indicaciones para preservar los derechos fundamentales en Internet
Todo cuanto se explica en esta guía es para proteger la inviolabilidad de nuestras comunicaciones, nuestro derecho a la privacidad y la libertad de opinión política, de expresión y de acceso a la información, todos ellos derechos fundamentales legalmente…
CVE-2020-13379:
Unauthenticated Full-Read SSRF in Grafana 3.0.1 - 7.0.1
https://rhynorater.github.io/CVE-2020-13379-Write-Up
PoC:
/avatar/tesdt%3Fd=http://redirect.rhynorater.com%25253f%253b%http://252fbp.blogspot.com%252f169.254.169.254
Unauthenticated Full-Read SSRF in Grafana 3.0.1 - 7.0.1
https://rhynorater.github.io/CVE-2020-13379-Write-Up
PoC:
/avatar/tesdt%3Fd=http://redirect.rhynorater.com%25253f%253b%http://252fbp.blogspot.com%252f169.254.169.254
rhynorater.github.io
CVE-2020-13379
Unauthenticated Full-Read SSRF in Grafana
FreeBSD ip6_setpktopt Use-After-Free Privilege Escalation (CVE-2020-7457) (PoC)
https://packetstormsecurity.com/files/158695/ip6_setpktopt_uaf_priv_esc.rb.txt
https://packetstormsecurity.com/files/158695/ip6_setpktopt_uaf_priv_esc.rb.txt
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
Threat research:
UAC bypass via dll hijacking and mock directorie (PoC)
http://daniels-it-blog.blogspot.com/2020/07/uac-bypass-via-dll-hijacking-and-mock.html
UAC bypass via dll hijacking and mock directorie (PoC)
http://daniels-it-blog.blogspot.com/2020/07/uac-bypass-via-dll-hijacking-and-mock.html
Blogspot
UAC bypass via dll hijacking and mock directories
UAC
UAC Bypass
dll hijacking
mock folders
Daniel Gebert
SRP
Software Restiction Policies
dll
hijacking
Windows 10
UAC Bypass
dll hijacking
mock folders
Daniel Gebert
SRP
Software Restiction Policies
dll
hijacking
Windows 10
Technical analysis:
CVE-2020-15654 and a history of Firefox “Browser Lock” bugs
https://news.sophos.com/en-us/2020/08/03/technical-analysis-cve-2020-15654-and-a-history-of-firefox-browser-lock-bugs/#deceptive-custom-cursor
CVE-2020-15654 and a history of Firefox “Browser Lock” bugs
https://news.sophos.com/en-us/2020/08/03/technical-analysis-cve-2020-15654-and-a-history-of-firefox-browser-lock-bugs/#deceptive-custom-cursor
Sophos
Technical analysis: CVE-2020-15654 and a history of Firefox “Browser Lock” bugs
Technical support scams are among the most pervasive forms of Internet-powered fraud. Preying primarily on less sophisticated computer, tablet and smartphone users, tech support scammers use fear and misinformation to convince their targets that they have…
CVE-2020-5617:
SKYSEA Client View (ver.12.200.12n - 15.210.05f) vulnerable to privilege escalation (PoC)
https://acru3l.github.io/2020/08/03/exploiting-activity-monitor-driver/
PoC Exploit:
https://github.com/acru3l/PoC/tree/master/CVE-2020-5617
SKYSEA Client View (ver.12.200.12n - 15.210.05f) vulnerable to privilege escalation (PoC)
https://acru3l.github.io/2020/08/03/exploiting-activity-monitor-driver/
PoC Exploit:
https://github.com/acru3l/PoC/tree/master/CVE-2020-5617
GitHub
PoC/CVE-2020-5617 at master · acru3l/PoC
Contribute to acru3l/PoC development by creating an account on GitHub.
SSRF-Vulnerabilities in the Openfire Admin Console (Jabber server)
https://swarm.ptsecurity.com/openfire-admin-console
PoC:
https://github.com/projectdiscovery/nuclei-templates/blob/master/cves/CVE-2019-18394.yaml
https://swarm.ptsecurity.com/openfire-admin-console
PoC:
https://github.com/projectdiscovery/nuclei-templates/blob/master/cves/CVE-2019-18394.yaml
PT SWARM
Vulnerabilities in the Openfire Admin Console
Openfire is a Jabber server supported by Ignite Realtime. It’s a cross-platform Java application, which positions itself as a platform for medium-sized enterprises to control internal communications and make instant messaging easier. I regularly see Openfire…
📃 "Botnet, la red Zombie" https://pixelmuerto.com/post/620069211263369216/botnet-la-red-zombie
>>Pixel Muerto
Botnet, la red Zombie
Hoy quería traeros un post en el que no hacer instrucciones y no usar herramientas. Hoy simplemente quería hablar de algo que la verdad me llama mucho la atención y quería dedicarle un post, el asunto...
Research/BlackHat 2020:
"EtherOops - Exploit Utilizing Packet-in-Packet Attacks on Ethernet Cables To Bypass Firewalls & NATs" (PoC)
https://www.armis.com/etheroops/
"EtherOops - Exploit Utilizing Packet-in-Packet Attacks on Ethernet Cables To Bypass Firewalls & NATs" (PoC)
https://www.armis.com/etheroops/
Armis
ETHEROOPS
EtherOops includes methods to exploit packet-in-packet attacks in Ethernet cables. Discover how to develop mitigations in your network infrastructure.
⚙️ "Cómo robar el pin de android y el código de iphone de su amigo con un enlace único" https://noticiasseguridad.com/tutoriales/como-robar-el-pin-de-android-y-el-codigo-de-iphone-de-su-amigo-con-un-enlace-unico/
Noticias de seguridad informática, ciberseguridad y hacking
CÓMO ROBAR EL PIN DE ANDROID Y EL CÓDIGO DE IPHONE O ANDROID DE SU AMIGO CON UN ENLACE ÚNICO
CÓMO ROBAR EL PIN DE ANDROID Y EL CÓDIGO DE IPHONE O ANDROID DE SU AMIGO CON UN ENLACE ÚNICO - Tutoriales
CVE-2020-3702:
"Kr00k2" - Qualcomm, MediaTek Wi-Fi Chips Vulnerable to Kr00k-Like Attacks
https://www.welivesecurity.com/2020/08/06/beyond-kr00k-even-more-wifi-chips-vulnerable-eavesdropping/
Testing script:
https://github.com/eset/malware-research/tree/master/kr00k
"Kr00k2" - Qualcomm, MediaTek Wi-Fi Chips Vulnerable to Kr00k-Like Attacks
https://www.welivesecurity.com/2020/08/06/beyond-kr00k-even-more-wifi-chips-vulnerable-eavesdropping/
Testing script:
https://github.com/eset/malware-research/tree/master/kr00k
WeLiveSecurity
Beyond KrØØk: Even more Wi‑Fi chips vulnerable to eavesdropping
Following their discovery of the KrØØk vulnerability, ESET researchers reveal that variants of the same flaw affect even more Wi-Fi chips than initially thought.
Research:
"18 Attacks on Email Sender Authentication"
https://www.blackhat.com/us-20/briefings/schedule/#you-have-no-idea-who-sent-that-email--attacks-on-email-sender-authentication-19902
An email spoofing testing tool that aims to bypass SPF/DKIM/DMARC and forge DKIM signatures:
https://github.com/chenjj/espoofer
"18 Attacks on Email Sender Authentication"
https://www.blackhat.com/us-20/briefings/schedule/#you-have-no-idea-who-sent-that-email--attacks-on-email-sender-authentication-19902
An email spoofing testing tool that aims to bypass SPF/DKIM/DMARC and forge DKIM signatures:
https://github.com/chenjj/espoofer
Blackhat
Black Hat USA 2020
Presentadas cuatro nuevas variantes de HTTP Request Smuggling en BlackHat 2020
https://unaaldia.hispasec.com/2020/08/presentadas-cuatro-nuevas-variantes-de-http-request-smuggling-en-blackhat-2020.html
https://unaaldia.hispasec.com/2020/08/presentadas-cuatro-nuevas-variantes-de-http-request-smuggling-en-blackhat-2020.html
Una al Día
Presentadas cuatro nuevas variantes de HTTP Request Smuggling en BlackHat 2020
Tras 15 años de su descubrimiento, se han encontrado nuevas variantes de este tipo de ataque en Abyss X1, Squirt y CRS en conjunto con servidores tan populares como IIS, Apache o Tomcat
SCADA Security/Research:
Infiltrating your home IoT network using a malicious ZigBee lightbulb (CVE-2020-6007) (PoC)
https://research.checkpoint.com/2020/dont-be-silly-its-only-a-lightbulb/
Infiltrating your home IoT network using a malicious ZigBee lightbulb (CVE-2020-6007) (PoC)
https://research.checkpoint.com/2020/dont-be-silly-its-only-a-lightbulb/
Check Point Research
Don’t be silly - it’s only a lightbulb - Check Point Research
Research by: Eyal Itkin Background Everyone is familiar with the concept of IoT, the Internet of Things, but how many have heard of smart lightbulbs? You can control the light in your house, and even calibrate the color of each lightbulb, just by using a…