A repository of my completed writeups, along with the samples themselves. - itsKindred/malware-analysis-writeups

Parents of three Tennessee children learned today that a hacker had remotely broke into there Ring smart camera. The hacker spoke to the children and monitored them just four days after the purchase of the device. This sets a dangerous precedent when so many…

From combining emoji marks and astral planes, Unicode is under appreciated and poorly understood. One lesser known attack vector is Unicode Case Mapping Collisions— an edge case that many of the best devs don't understand— even at Github.

“The s in IoT stands for security” is a joke as old as the shared code base used in your IoT web-camera. Usually we mock IoT for having little or bad security, but the real issue is perhaps that IoT can't have good security.

Posted in r/netsec by u/pimterry • 1 point and 0 comments

The bug will crash the app and it will continue to crash even after we reopen WhatsApp, resulting in a crash loop. Moreover, the user will not be able to return to thegroup and all the data that was written and shared in the group is now gone for good. The…

Hacking Live Stream | Playing CTFs for fun!

Telerik UI for ASP.NET AJAX insecurely deserializes JSON objects resulting in arbitrary RCE. Learn how to patch and securely configure this software.

Contribute to canarytail/standard development by creating an account on GitHub.

Blockchain intelligence firm CipherTrace claims banks unknowingly process $2 billion in crypto funds every year, opening themselves up to potential risks.

To check if they're vulnerable or not. Here's a new tool that scans the RDP of your system to explore BlueKeep's vulnerability.

Posted in r/netsec by u/thegeekbin • 29 points and 2 comments

Quick navigation Introduction (this page)Bug #1 – The Python language serverBug #2 – A custom Cloud Shell imageBug #3 – Git cloneBug #4 – Go and get pwned Note: The vulnerab…

Posted in r/netsec by u/oleavr • 63 points and 6 comments

List of worst passwords of the 2019 list. You can check out the list and see if your password is on the list or not.

Facebook’s Tor gateway will be out of commission for a week or two after a TLS certificate expired. “Our onion service, facebookcorewwwi.onion, is

Amazon Web Services’ AssumeRole operation accepts an optional parameter called “sts:ExternalId” which is intended to mitigate certain types of attacks. However, both the attacks t…

Hardlinks again! Yes, there are plenty of opportunities to raise your privileges due to incorrect permissions settings when combined with  hardlinks in many softwares (MS included) ;-) In this post…

Broken Links Repair Plugin disables the bad links in your content immediately upon detection by Hexometer.com scanner.