Some grocery stores in Norway use fingerprints for verifying the users age when buying an item that has age-restrictions. The security of this solution gets a thumb up 👍

CyStack Advisory IDCSA-2019-04CVE IDs CVE-2019-19307
[https://nvd.nist.gov/vuln/detail/CVE-2019-19307]SeverityCriticalCVSS v3 Base9.8
Synopsis
CyStack Security discovered an integer overflow vulnerability in the
implementation of MQTT protocol in the Cesanta…

Summary

The Great Cannon is a distributed denial of service tool (“DDoS”) that operates by injecting malicious Javascript into pages served from behind the Great Firewall. These scripts, potentially served to millions of users across the internet, hijack…

Posted in r/netsec by u/seclurkern • 3 points and 0 comments

How to Effectively Transition to SOC 3.0 Operations

A bug chain of HTTP Request Smuggling and an IDOR which allows to retrieve user sensitive data

This tool shows the result of crt.sh. Contribute to famasoon/crtsh development by creating an account on GitHub.

[https://ics.i3xplore.com/2019/12/06/omron-plc-denial-of-service-as-a-feature/](https://ics.i3xplore.com/2019/12/06/omron-plc-denial-of-service-as-...

red team, blue team, penetration testing, red teaming, threat hunting, digital forensics, incident response, cyber security, IT security

  This post has been written by me and two friends: @splinter_code and 0xea31 This is the “unintended” result of a research we did on Juicypotato exploit in order to find a possibl…

My write-up / walkthrough for Wall from Hack The Box.

Jump Ahead: Enum – Getting a Rev. Shell – Root – Resources – Shoutout TL;DR; To solve this machine we enumerate open ports – finding ports 80 and 22 open. Enumerating …

Posted by evo4ce - 50 votes and 2 comments

Description of how to pivot though the MySQL service. Turning MySQL into a SOCKS5 that can be used by proxychains.

High performance WordPress login bruteforcer with automatic concurrency for maximum amount of tries per second. - llebout/wpbrute-rs

LONDON, UK – Hundreds of thousands of documents from inside Formations House, a posh British finance firm located in central London, have been released online tonight. Formations House created thousands of companies for ultra-wealthy business-people for offshore…

Introduction
Led by Noam Rotem and Ran Locar, vpnMentor’s research team discovered a breached database belonging to the American communications company, TrueDialog.

TrueDialog

[https://drive.google.com/file/d/0B-OpLAp8EyTfbEVfTm5OdkVXT2s/view?usp=sharing](https://drive.google.com/file/d/0B-OpLAp8EyTfbEVfTm5OdkVXT2s/view?u...

The penetration testing company Practical Pentest Labs has recently come under fire for how they handle user passwords. The passwords for user accounts were sent via email to users upon sign up in clear text. The argument was made that these could be intercepted…

Faisal's Blog

Just a normal flask web app to understand win32api with code snippets and references.