When ꓘamerka meets healthcare — Research on exposed medical devices
https://ift.tt/2stl6yW
Submitted December 27, 2019 at 10:18PM by Mysterii8
via reddit https://ift.tt/39rPomC
https://ift.tt/2stl6yW
Submitted December 27, 2019 at 10:18PM by Mysterii8
via reddit https://ift.tt/39rPomC
Medium
When ꓘamerka meets healthcare — Research on exposed medical devices
ꓘamerka is going after hospitals and health clinics. I’m publishing tons of queries related to healthcare industry and medical sciences.
Wifi deauthentication attacks and home security
https://ift.tt/360gD5j
Submitted December 27, 2019 at 10:47PM by liotier
via reddit https://ift.tt/2Q5rohv
https://ift.tt/360gD5j
Submitted December 27, 2019 at 10:47PM by liotier
via reddit https://ift.tt/2Q5rohv
reddit
Wifi deauthentication attacks and home security
Posted in r/netsec by u/liotier • 2 points and 0 comments
PE Import Table hijacking as a way of achieving persistence - or exploiting DLL side loading
https://ift.tt/2ZstTNG
Submitted December 27, 2019 at 11:43PM by fuckup1337
via reddit https://ift.tt/2ZvlkC3
https://ift.tt/2ZstTNG
Submitted December 27, 2019 at 11:43PM by fuckup1337
via reddit https://ift.tt/2ZvlkC3
HACKINGISCOOL
PE Import Table hijacking as a way of achieving persistence - or exploiting DLL side loading
PrefaceIn this post I describe a simple trick I came up with recently - something which is definitely nothing new, but as I found it useful and haven't seen it elsewhere, I decided to write it up. What we want to achieveSo - let's consider backdooring a Windows…
<b>Parsuite: A Modularized Parser Framework Written in Python 3</b>
<a href="https://github.com/arch4ngel/parsuite">https://github.com/arch4ngel/parsuite</a>I came across <a href="https://www.reddit.com/r/netsec/comments/efl3rc/parse_and_convert_nessus_nmap_and_more_tools_to/">0bs1d1an-'s</a> post about a really cool parser yesterday that supports input files from various sources and it inspired me to share this modular parser I've been working on. I put it together when I decided too much time was being spent using grep and awk during my day-to-day as a penetration tester.Hope someone finds it useful!Framework CapabilitiesYou can create simple <strong>parser modules</strong> and drop them in the <code>parsuite.modules</code> path as described in the <a href="https://github.com/arch4ngel/parsuite/wiki/Parser-Modules">wiki</a>, which'll make them appear in the interface.<strong>abstractions</strong> can be used to represent elements from Nessus, NMap, Masscan, and Burp XML files as Python objects (it's not one-to-one, but enough to get the job done in most cases)<strong>parsers</strong> can be used to parse XML objects on the quickCurrent ModulesThere are several super useful modules already implemented, but here are the three I use most often:nessus_api_host_dumperContrary to the name, this module dumps output from a Nessus scan using the JSON API to while using the filesystem as an improvised database, i.e. each vulnerability receives a folder that contains a list of affected hosts, ports, and sockets. The directory structure is: <code><output directory>/<severity>/<vulnerability name></code>.This module is particularly useful when long scans are running or when the user interface stops working due to large data sets (thanks Tenable).``` archangel@deskjet~> parsuite nessus_api_host_dumper --url <a href="https://www.somenessus.com:8834">https://www.somenessus.com:8834</a> -od nessus_output -i --scan-names TestScan [+] Starting the parser [+] Loading modules [+] Executing module: nessus_api_host_dumper [+] Getting user credentials...[+] Attempting to dump hosts from TestScan [+] Processing: TestScan [+] Processing scan hosts [+] Processing scan plugins (this may take some time) [+] Processing target plugin ids [+] [INFO] traceroute_information [+] [INFO] nessus_scan_information [+] [INFO] additional_dns_hostnames [+] [INFO] tls_version_1_1_protocol_detection [+] [INFO] tls_npn_supported_protocol_enumeration [+] [INFO] tls_next_protocols_supported [+] [INFO] tls_alpn_supported_protocol_enumeration [+] [INFO] ssl_root_certification_authority_certificate_infor [+] [INFO] ssl_perfect_forward_secrecy_cipher_suites_supporte [+] [INFO] ssl_cipher_suites_supported [+] [INFO] ssl_cipher_block_chaining_cipher_suites_supported [+] [INFO] ssl_certificate_signed_using_weak_hashing_algorith [+] [INFO] ssl_certificate_information [+] [INFO] ssl_tls_versions_supported [+] [INFO] hsts_missing_from_https_server [+] [INFO] nessus_tcp_scanner [+] [INFO] hypertext_transfer_protocol_http_information [+] [INFO] http_server_type_and_version [+] [INFO] service_detection [+] Module execution complete. Exiting. ```...and the directory structure looks like``` archangel@deskjet~> head nessus_output/info/additional_dns_hostnames/additional_informationPlugin Name: Additional DNS HostnamesPlugin ID: 46180Severity: INFODescription:Hostnames different from the current hostname have been collected by miscellaneous plugins. Nessus has generated a list of hostnames that point to the remote host. Note that these are only the alternate hostnames for vhosts discovered on a web server.Different web servers may be hosted on name-based virtual hosts. ```xml_dumperExtract output from NMap, Nessus, and Masscan XML files in various formats.Here's an example of dumping records in URI format while searching for HTTP services.<code>root@deskjet:recon~> parsuite xml_dumper -ifs full_aggressive.xml --format uri --sreg --service-search 'https?' [+] Starting the parser [+] Loading…
<a href="https://github.com/arch4ngel/parsuite">https://github.com/arch4ngel/parsuite</a>I came across <a href="https://www.reddit.com/r/netsec/comments/efl3rc/parse_and_convert_nessus_nmap_and_more_tools_to/">0bs1d1an-'s</a> post about a really cool parser yesterday that supports input files from various sources and it inspired me to share this modular parser I've been working on. I put it together when I decided too much time was being spent using grep and awk during my day-to-day as a penetration tester.Hope someone finds it useful!Framework CapabilitiesYou can create simple <strong>parser modules</strong> and drop them in the <code>parsuite.modules</code> path as described in the <a href="https://github.com/arch4ngel/parsuite/wiki/Parser-Modules">wiki</a>, which'll make them appear in the interface.<strong>abstractions</strong> can be used to represent elements from Nessus, NMap, Masscan, and Burp XML files as Python objects (it's not one-to-one, but enough to get the job done in most cases)<strong>parsers</strong> can be used to parse XML objects on the quickCurrent ModulesThere are several super useful modules already implemented, but here are the three I use most often:nessus_api_host_dumperContrary to the name, this module dumps output from a Nessus scan using the JSON API to while using the filesystem as an improvised database, i.e. each vulnerability receives a folder that contains a list of affected hosts, ports, and sockets. The directory structure is: <code><output directory>/<severity>/<vulnerability name></code>.This module is particularly useful when long scans are running or when the user interface stops working due to large data sets (thanks Tenable).``` archangel@deskjet~> parsuite nessus_api_host_dumper --url <a href="https://www.somenessus.com:8834">https://www.somenessus.com:8834</a> -od nessus_output -i --scan-names TestScan [+] Starting the parser [+] Loading modules [+] Executing module: nessus_api_host_dumper [+] Getting user credentials...[+] Attempting to dump hosts from TestScan [+] Processing: TestScan [+] Processing scan hosts [+] Processing scan plugins (this may take some time) [+] Processing target plugin ids [+] [INFO] traceroute_information [+] [INFO] nessus_scan_information [+] [INFO] additional_dns_hostnames [+] [INFO] tls_version_1_1_protocol_detection [+] [INFO] tls_npn_supported_protocol_enumeration [+] [INFO] tls_next_protocols_supported [+] [INFO] tls_alpn_supported_protocol_enumeration [+] [INFO] ssl_root_certification_authority_certificate_infor [+] [INFO] ssl_perfect_forward_secrecy_cipher_suites_supporte [+] [INFO] ssl_cipher_suites_supported [+] [INFO] ssl_cipher_block_chaining_cipher_suites_supported [+] [INFO] ssl_certificate_signed_using_weak_hashing_algorith [+] [INFO] ssl_certificate_information [+] [INFO] ssl_tls_versions_supported [+] [INFO] hsts_missing_from_https_server [+] [INFO] nessus_tcp_scanner [+] [INFO] hypertext_transfer_protocol_http_information [+] [INFO] http_server_type_and_version [+] [INFO] service_detection [+] Module execution complete. Exiting. ```...and the directory structure looks like``` archangel@deskjet~> head nessus_output/info/additional_dns_hostnames/additional_informationPlugin Name: Additional DNS HostnamesPlugin ID: 46180Severity: INFODescription:Hostnames different from the current hostname have been collected by miscellaneous plugins. Nessus has generated a list of hostnames that point to the remote host. Note that these are only the alternate hostnames for vhosts discovered on a web server.Different web servers may be hosted on name-based virtual hosts. ```xml_dumperExtract output from NMap, Nessus, and Masscan XML files in various formats.Here's an example of dumping records in URI format while searching for HTTP services.<code>root@deskjet:recon~> parsuite xml_dumper -ifs full_aggressive.xml --format uri --sreg --service-search 'https?' [+] Starting the parser [+] Loading…
GitHub
GitHub - ImpostorKeanu/parsuite: Simple parser framework.
Simple parser framework. Contribute to ImpostorKeanu/parsuite development by creating an account on GitHub.
endlessh: SSH tarpit that slowly sends an endless banner
https://ift.tt/2WgSvGv
Submitted December 28, 2019 at 04:51PM by drspeaker
via reddit https://ift.tt/2Ztt8UP
https://ift.tt/2WgSvGv
Submitted December 28, 2019 at 04:51PM by drspeaker
via reddit https://ift.tt/2Ztt8UP
GitHub
skeeto/endlessh
SSH tarpit that slowly sends an endless banner. Contribute to skeeto/endlessh development by creating an account on GitHub.
CORS Misconfigurations
https://ift.tt/2QuPFMD
Submitted December 28, 2019 at 09:55PM by ghostlulz
via reddit https://ift.tt/2QqzHn0
https://ift.tt/2QuPFMD
Submitted December 28, 2019 at 09:55PM by ghostlulz
via reddit https://ift.tt/2QqzHn0
Ghostlulz Hacks
Cross-Origin Resource Sharing (CORS) - Ghostlulz Hacks
Cross-Origin Resource Sharing (CORS) can be used to bypass the Same Origin Policy(SOP) and read sensitive user data.
Bumble: Finding dates and WiFi access points
https://ift.tt/2QsYpD5
Submitted December 28, 2019 at 10:25PM by theappanalyst
via reddit https://ift.tt/2Q5GKT9
https://ift.tt/2QsYpD5
Submitted December 28, 2019 at 10:25PM by theappanalyst
via reddit https://ift.tt/2Q5GKT9
reddit
Bumble: Finding dates and WiFi access points
Posted in r/netsec by u/theappanalyst • 2 points and 0 comments
Sleuthing from public sources to figure out how the Hateful Eight leaker was caught
https://ift.tt/37fzmKq
Submitted December 29, 2019 at 01:24AM by jjj98
via reddit https://ift.tt/2rA8q98
https://ift.tt/37fzmKq
Submitted December 29, 2019 at 01:24AM by jjj98
via reddit https://ift.tt/2rA8q98
Boing Boing
Sleuthing from public sources to figure out how the Hateful Eight leaker was caught
In 2014, Quentin Tarantino sued Gawker for publishing a link to a leaked pre-release screener of his movie “The Hateful Eight.” The ensuing court-case revealed that the screeners Tarant…
D-Link DIR-859 — Unautenticated RCE (CVE-2019–17621)
https://ift.tt/2t7ntYu
Submitted December 27, 2019 at 07:45AM by secenv
via reddit https://ift.tt/37eoSev
https://ift.tt/2t7ntYu
Submitted December 27, 2019 at 07:45AM by secenv
via reddit https://ift.tt/37eoSev
Medium
D-Link DIR-859 — Unautenticated RCE (CVE-2019–17621) [EN]
Researchers
NCSC Cyber Security Body Of Knowledge Published.
https://ift.tt/2oNGdu4
Submitted December 29, 2019 at 06:41AM by 1nt3rnalv01d
via reddit https://ift.tt/2Q5wKcj
https://ift.tt/2oNGdu4
Submitted December 29, 2019 at 06:41AM by 1nt3rnalv01d
via reddit https://ift.tt/2Q5wKcj
www.ncsc.gov.uk
First full version of the Cyber Security Body of Knowledge published
Authoritative guide to the foundational knowledge underpinning cyber security.
Demonstrating the Capital One breach on your own AWS account
https://ift.tt/2MBpX8d
Submitted December 29, 2019 at 04:40PM by sanitybit
via reddit https://ift.tt/37huqol
https://ift.tt/2MBpX8d
Submitted December 29, 2019 at 04:40PM by sanitybit
via reddit https://ift.tt/37huqol
GitHub
avishayil/caponeme
Repository demonstrating the Capital One breach on your AWS account - avishayil/caponeme
Various Android Apps allow anyone to remotely edit db/prefs due to debugging library in prod
https://ift.tt/354L618
Submitted December 29, 2019 at 04:16PM by Deletescape
via reddit https://ift.tt/2QvKMD8
https://ift.tt/354L618
Submitted December 29, 2019 at 04:16PM by Deletescape
via reddit https://ift.tt/2QvKMD8
deletescape
Debugging in prod: Maximizing user attack surface
Some people really just want to see their users and the world burn.
cve-search/git-vuln-finder - Finding potential software vulnerabilities from git commit messages
Finding potential software vulnerabilities from git commit messages. The output format is a JSON with the associated commits which could contain a fix regarding a software vulnerability. The search is based on a set of regular expressions against the commit messages only. If CVE IDs are present, those are added automatically in the output.https://github.com/cve-search/git-vuln-finder
Submitted December 28, 2019 at 08:40PM by adulau
via reddit https://ift.tt/37gFkuG
Finding potential software vulnerabilities from git commit messages. The output format is a JSON with the associated commits which could contain a fix regarding a software vulnerability. The search is based on a set of regular expressions against the commit messages only. If CVE IDs are present, those are added automatically in the output.https://github.com/cve-search/git-vuln-finder
Submitted December 28, 2019 at 08:40PM by adulau
via reddit https://ift.tt/37gFkuG
GitHub
GitHub - cve-search/git-vuln-finder: Finding potential software vulnerabilities from git commit messages
Finding potential software vulnerabilities from git commit messages - cve-search/git-vuln-finder
PCG Random number generators are flawed and easy to predict
https://ift.tt/2rFRGKD
Submitted December 29, 2019 at 11:36PM by mgostIH
via reddit https://ift.tt/2thPnkj
https://ift.tt/2rFRGKD
Submitted December 29, 2019 at 11:36PM by mgostIH
via reddit https://ift.tt/2thPnkj
reddit
PCG Random number generators are flawed and easy to predict
Posted in r/netsec by u/mgostIH • 5 points and 2 comments
Threat intelligence, building your citadel
https://ift.tt/39jI1O5
Submitted December 29, 2019 at 11:58PM by 0xsha
via reddit https://ift.tt/2F5uvQc
https://ift.tt/39jI1O5
Submitted December 29, 2019 at 11:58PM by 0xsha
via reddit https://ift.tt/2F5uvQc
reddit
Threat intelligence, building your citadel
Posted in r/netsec by u/0xsha • 7 points and 0 comments
Call your tier-one support engineer a "hacker" for fixing a problem your system designers couldn't figure out? Good luck finding that zero-day exploit I told you about.
/r/ProRevenge/comments/eh89df/call_your_tierone_support_engineer_a_hacker_for/
Submitted December 30, 2019 at 03:17AM by _vavkamil_
via reddit https://ift.tt/2rCkvdV
/r/ProRevenge/comments/eh89df/call_your_tierone_support_engineer_a_hacker_for/
Submitted December 30, 2019 at 03:17AM by _vavkamil_
via reddit https://ift.tt/2rCkvdV
reddit
Call your tier-one support engineer a "hacker" for fixing a...
A community for technical news and discussion of information security and closely related topics.
An attacker logged into the RDP Honeypot a few weeks ago and was able to dump credentials and move laterally in 36 minutes. They used Advanced Scanner + ProcDump + PsExec to move laterally to a Domain Controller. Would you have detected and responded to this activity?
https://ift.tt/2F5sB1W
Submitted December 30, 2019 at 02:48AM by InfoSecJim
via reddit https://ift.tt/36a0avt
https://ift.tt/2F5sB1W
Submitted December 30, 2019 at 02:48AM by InfoSecJim
via reddit https://ift.tt/36a0avt
Some LOLbin Examples for Antivirus Evasion - Silly Rabbit, Trix are for Kids
https://ift.tt/2Q8Wyob
Submitted December 30, 2019 at 07:52AM by thickofits
via reddit https://ift.tt/2MIbkQG
https://ift.tt/2Q8Wyob
Submitted December 30, 2019 at 07:52AM by thickofits
via reddit https://ift.tt/2MIbkQG
reddit
Some LOLbin Examples for Antivirus Evasion - Silly Rabbit, Trix...
Posted in r/netsec by u/thickofits • 29 points and 4 comments
Bashar Bachir Infection Chain Analysis
https://ift.tt/354eVyy
Submitted December 30, 2019 at 09:15AM by kindredsec
via reddit https://ift.tt/359tj8V
https://ift.tt/354eVyy
Submitted December 30, 2019 at 09:15AM by kindredsec
via reddit https://ift.tt/359tj8V
GitHub
itsKindred/malware-analysis-writeups
A repository of my completed writeups, along with the samples themselves. - itsKindred/malware-analysis-writeups
Compatible Wireless Penetration Hardware for Rolling Kali
https://ift.tt/369ai7N
Submitted December 30, 2019 at 09:59AM by pentest4life
via reddit https://ift.tt/2FgFeYd
https://ift.tt/369ai7N
Submitted December 30, 2019 at 09:59AM by pentest4life
via reddit https://ift.tt/2FgFeYd
Medium
Compatible Wireless Penetration Hardware for Kali Rolling
This post will talk about what USB devices are supported out of the box for Kali in the year 2020, include a quick cheat sheet, and and…
In the face of password breaches, we are equal - A quick study of data breaches vs. decision-makers in 11 top market cap companies in Finland
https://ift.tt/37psn1x
Submitted December 30, 2019 at 12:04PM by btriani
via reddit https://ift.tt/36jDl93
https://ift.tt/37psn1x
Submitted December 30, 2019 at 12:04PM by btriani
via reddit https://ift.tt/36jDl93
Medium
In the face of password breaches, we are equal
A quick study of data breaches vs. decision-makers in 11 top market cap companies in Finland