Configuring MTA-STS and SMTP TLS-RPT
https://ift.tt/2LDHe0a
Submitted December 09, 2019 at 05:16AM by fmisle
via reddit https://ift.tt/36h1a0B
https://ift.tt/2LDHe0a
Submitted December 09, 2019 at 05:16AM by fmisle
via reddit https://ift.tt/36h1a0B
Faisalmisle
Configuring MTA-STS and SMTP TLS-RPT | Faisal Misle
Faisal's Blog
MalwinX: A framework for learning Malware and win32 functions
https://ift.tt/2RzlV3q
Submitted December 09, 2019 at 07:08AM by beyonderdabas
via reddit https://ift.tt/2DVg00L
https://ift.tt/2RzlV3q
Submitted December 09, 2019 at 07:08AM by beyonderdabas
via reddit https://ift.tt/2DVg00L
securityviacode.in
MalwinX: A framework for learning Malware and win32 functions
Just a normal flask web app to understand win32api with code snippets and references.
Full exploit chain (CVE-2019-11708 & CVE-2019-9810) against Firefox on Windows 64-bit.
https://ift.tt/2Pnna31
Submitted December 09, 2019 at 09:50AM by netsec_burn
via reddit https://ift.tt/2RzB4BO
https://ift.tt/2Pnna31
Submitted December 09, 2019 at 09:50AM by netsec_burn
via reddit https://ift.tt/2RzB4BO
GitHub
0vercl0k/CVE-2019-11708
Full exploit chain (CVE-2019-11708 & CVE-2019-9810) against Firefox on Windows 64-bit. - 0vercl0k/CVE-2019-11708
PHP Autloading: Local File Inclusion by Design
https://ift.tt/355roTw
Submitted December 09, 2019 at 01:11PM by ss2342-
via reddit https://ift.tt/2RzYHu0
https://ift.tt/355roTw
Submitted December 09, 2019 at 01:11PM by ss2342-
via reddit https://ift.tt/2RzYHu0
Medium
PHP Autloading: Local File Inclusion by Design
In the year 2009, PHP 5.3 was released, bringing with it major new features like namespaces and lambda functions. At the time, there was…
Spilling Local Files via XXE When HTTP OOB Fails
https://ift.tt/357TOfW
Submitted December 09, 2019 at 02:52PM by albinowax
via reddit https://ift.tt/2PpVQRW
https://ift.tt/357TOfW
Submitted December 09, 2019 at 02:52PM by albinowax
via reddit https://ift.tt/2PpVQRW
www.noob.ninja
Spilling Local Files via XXE When HTTP OOB Fails
Hello Everyone, Today I will be sharing a very interesting technique of exploiting an XXE which was discovered from what I know by https...
This is a story how I accidentally found a common vulnerability across similar web applications just by reusing cookies on different subdomains from the same web application.
https://ift.tt/38mjhnR
Submitted December 09, 2019 at 03:38PM by riramar
via reddit https://ift.tt/2LwS1sX
https://ift.tt/38mjhnR
Submitted December 09, 2019 at 03:38PM by riramar
via reddit https://ift.tt/2LwS1sX
Medium
Reusing Cookies
TL;DR: This is a story how I accidentally found a common vulnerability across similar web applications just by reusing cookies on…
The Githubification of InfoSec by John Lambert, Distinguished Engineer, Microsoft Threat Intelligence Center
https://ift.tt/2DUuLkq
Submitted December 09, 2019 at 08:21PM by digicat
via reddit https://ift.tt/2LS5gon
https://ift.tt/2DUuLkq
Submitted December 09, 2019 at 08:21PM by digicat
via reddit https://ift.tt/2LS5gon
Medium
The Githubification of InfoSec
Towards a more open, contributor friendly, vendor neutral model for accelerated learning in InfoSec
Made a tool to check on a graph approach network traffic (live capture or pcap)
https://ift.tt/2NlGHzY
Submitted December 09, 2019 at 10:02PM by michoo_42
via reddit https://ift.tt/2rtydQk
https://ift.tt/2NlGHzY
Submitted December 09, 2019 at 10:02PM by michoo_42
via reddit https://ift.tt/2rtydQk
GitHub
GitHub - michoo/pci: Packet communication investigator
Packet communication investigator. Contribute to michoo/pci development by creating an account on GitHub.
Breaking the chains on HTTP Request Smuggler
https://ift.tt/2s81qjK
Submitted December 10, 2019 at 12:17AM by digicat
via reddit https://ift.tt/36hvHLD
https://ift.tt/2s81qjK
Submitted December 10, 2019 at 12:17AM by digicat
via reddit https://ift.tt/36hvHLD
PortSwigger Research
Breaking the chains on HTTP Request Smuggler
We've all seen it - a conference presentation drops a fancy new technique, and a hot new tool is released. Then over the following months and years, the environment changes and the tool is left unmain
$10m GDPR Fine; Why we Need GDPR in Bug Bounties
https://ift.tt/2P4kEzE
Submitted December 10, 2019 at 12:38AM by arrayleads
via reddit https://ift.tt/2t37zyf
https://ift.tt/2P4kEzE
Submitted December 10, 2019 at 12:38AM by arrayleads
via reddit https://ift.tt/2t37zyf
Use by a large number of enterprises and users, Angular is a platform for building responsive, universal single page applications. Here are the vulnerabilities that can occur using Angula and the best ways to circumvent those
https://ift.tt/35bB2nK
Submitted December 10, 2019 at 02:35PM by xjueldta
via reddit https://ift.tt/345gJqS
https://ift.tt/35bB2nK
Submitted December 10, 2019 at 02:35PM by xjueldta
via reddit https://ift.tt/345gJqS
Amazon's Blink XT2 Camera System Command Injection Flaws
https://ift.tt/3582tyV
Submitted December 10, 2019 at 07:39PM by chicksdigthelongrun
via reddit https://ift.tt/2Pu4XAU
https://ift.tt/3582tyV
Submitted December 10, 2019 at 07:39PM by chicksdigthelongrun
via reddit https://ift.tt/2Pu4XAU
Medium
Blink XT2 Camera System Command Injection Flaws
Blink home security camera systems, owned and operated by Amazon, contain a number of security flaws that could allow attackers or other…
Ban 100K hacked passwords from your systems
https://ift.tt/2rwO4xy
Submitted December 10, 2019 at 08:00PM by hacware
via reddit https://ift.tt/2RFP7G6
https://ift.tt/2rwO4xy
Submitted December 10, 2019 at 08:00PM by hacware
via reddit https://ift.tt/2RFP7G6
Hacware
Ban Hacked Passwords
Hacware is your partner on this cybersecurity journey. We have collected 100K commonly used passwords and created a JQuery validator extension to prevent your users from registering with a compromised password.
Solismed Version 3.3SP1 - Critical CVEs
https://ift.tt/2PwVHfn
Submitted December 10, 2019 at 11:16PM by breach_house
via reddit https://ift.tt/349R1S3
https://ift.tt/2PwVHfn
Submitted December 10, 2019 at 11:16PM by breach_house
via reddit https://ift.tt/349R1S3
Bishopfox
Solismed Version 3.3SP1
Bishop Fox discovered vulnerabilities in the Solismed application version 3.3SP1.
Flaw Found in Keepkey Crypto Hardware Wallet
https://ift.tt/2E4GKM8
Submitted December 10, 2019 at 11:00PM by Forthewolf_x
via reddit https://ift.tt/38mIUVs
https://ift.tt/2E4GKM8
Submitted December 10, 2019 at 11:00PM by Forthewolf_x
via reddit https://ift.tt/38mIUVs
Kraken Blog
Inside Kraken Security Labs: Flaw Found in Keepkey Crypto Hardware Wallet (Part 2)
Although much of the original KeepKey codebase is based on the Trezor One, their codebases have diverged. The KeepKey team added several mitigation mechanisms to make the KeepKey firmware resilient to the glitching attacks demonstrated during the Wallet.Fail…
New macOS Bundlore Loader Analysis
https://ift.tt/2YyKvTw
Submitted December 11, 2019 at 12:45AM by eliya_confiant
via reddit https://ift.tt/2rmHZ6V
https://ift.tt/2YyKvTw
Submitted December 11, 2019 at 12:45AM by eliya_confiant
via reddit https://ift.tt/2rmHZ6V
Medium
New macOS Bundlore Loader Analysis
Looking at a recent Malvertising campaigns detected by Confiant realtime Malvertising detection engine, we stumbled upon a slightly…
Plundervolt: Software-based Fault Injection Attacks against Intel SGX
https://ift.tt/2P7XOr6
Submitted December 11, 2019 at 04:36AM by freakwin
via reddit https://ift.tt/2rqj2Yi
https://ift.tt/2P7XOr6
Submitted December 11, 2019 at 04:36AM by freakwin
via reddit https://ift.tt/2rqj2Yi
Your Developers Should be Your SDLC Immune System
https://ift.tt/35h0Sa8
Submitted December 11, 2019 at 11:51AM by DebugDucky
via reddit https://ift.tt/2PwD3Eo
https://ift.tt/35h0Sa8
Submitted December 11, 2019 at 11:51AM by DebugDucky
via reddit https://ift.tt/2PwD3Eo
blog.adversary.io
Your Developers Should be Your SDLC Immune System
The secure development lifecycle (SDLC) of an organization is not unlike the immune system of an organism. Here's how to strengthen your security health.
Persistence – Office Application Startup
https://ift.tt/2RCep89
Submitted December 11, 2019 at 04:22PM by netbiosX
via reddit https://ift.tt/2YF9K6B
https://ift.tt/2RCep89
Submitted December 11, 2019 at 04:22PM by netbiosX
via reddit https://ift.tt/2YF9K6B
Penetration Testing Lab
Persistence – Office Application Startup
Microsoft Office is the most popular product in Windows operating systems since it allows users to write and edit documents, create and present slides, gather notes, sent emails and perform calcula…
South Korea’s security agencies predict more crypto exchange hacks in 2020
https://ift.tt/2LICrKX
Submitted December 11, 2019 at 09:53PM by Tennis3765
via reddit https://ift.tt/2E8Xl1w
https://ift.tt/2LICrKX
Submitted December 11, 2019 at 09:53PM by Tennis3765
via reddit https://ift.tt/2E8Xl1w
Decrypt
South Korea’s security agencies predict more hacks in 2020 - Decrypt
Korea Internet & Security Agency (KISA) and the nation's top security firms said last week that they anticipate more crypto hacks in 2020.
Deserialized Double Dirty - Exploiting CVE-2017-12149
https://ift.tt/2LH7s1G
Submitted December 11, 2019 at 10:42PM by coalfirelabs
via reddit https://ift.tt/2LLEvBF
https://ift.tt/2LH7s1G
Submitted December 11, 2019 at 10:42PM by coalfirelabs
via reddit https://ift.tt/2LLEvBF
Coalfire.com
Deserialized Double Dirty
Resource covering the most important issues in IT security and compliance as well as insights on IT GRC issues that impact the industries that we serve.