An In-Depth Technical Analysis of CurveBall (CVE-2020-0601)
https://ift.tt/2SnOUaB
Submitted February 13, 2020 at 09:38PM by thracky
via reddit https://ift.tt/2OSi27I
https://ift.tt/2SnOUaB
Submitted February 13, 2020 at 09:38PM by thracky
via reddit https://ift.tt/2OSi27I
Trendmicro
An In-Depth Technical Analysis of CurveBall (CVE-2020-0601) - TrendLabs Security Intelligence Blog
A code-level root cause analysis of CVE-2020-0601 in the context of how applications are likely to use CryptoAPI to handle certificates — more specifically in the context of applications communicating via Transport Layer Security (TLS).
From S3 bucket to Laravel unserialize RCE
https://ift.tt/37liEZP
Submitted February 13, 2020 at 01:01AM by n0psled_
via reddit https://ift.tt/39vb1S8
https://ift.tt/37liEZP
Submitted February 13, 2020 at 01:01AM by n0psled_
via reddit https://ift.tt/39vb1S8
TRUESEC Blog
From S3 bucket to Laravel unserialize RCE
Insecure deserialization is a common vulnerability (OWASP TOP10) that very often leads to arbitrary code execution. Today, I'm going to explain how to turn a seemingly harmless deserialization into code execution. This recently came in handy for me in a penetration…
Splunk Tutorial - Introduction For Beginners - Setting up environment
https://youtu.be/Ob9iEYF3oMk
Submitted February 13, 2020 at 03:37AM by leooister
via reddit https://ift.tt/2HjXmBt
https://youtu.be/Ob9iEYF3oMk
Submitted February 13, 2020 at 03:37AM by leooister
via reddit https://ift.tt/2HjXmBt
YouTube
Splunk Tutorial - Introduction For Beginners - Setting up environment
For more see: https://vinsloev.com/
What is Splunk?
Splunk is a company specializing in data use and processing “Splunk turns machine data into answers” Splunk Software aggregates, processes, analyze and helps you use small to massive amounts of data.
Link…
What is Splunk?
Splunk is a company specializing in data use and processing “Splunk turns machine data into answers” Splunk Software aggregates, processes, analyze and helps you use small to massive amounts of data.
Link…
Proof-of-Concept Video: LPC Bus Sniffing Attack against Microsoft BitLocker in TPM-only Mode
https://www.youtube.com/watch?v=-Fj3SeZww3M
Submitted February 13, 2020 at 03:54PM by Radi0activeM0use
via reddit https://ift.tt/2tU8OR0
https://www.youtube.com/watch?v=-Fj3SeZww3M
Submitted February 13, 2020 at 03:54PM by Radi0activeM0use
via reddit https://ift.tt/2tU8OR0
YouTube
LPC Bus Sniffing Attack against Microsoft BitLocker in TPM-only Mode
In this SySS (https://www.syss.de/) proof-of-concept video, a sniffing attack against the Low Pin Count (LPC) bus communication of a trusted platform module (TPM) is demonstrated using the developed iCEstick LPC TPM Sniffer for the Lattice iCEstick Evaluation…
Online Brute Force WPA Cracking Tool - Kraken
I made a distributed online brute force WPA cracking tool called kraken to make it super easy to audit your WiFi passwords against famous wordlists (and you can use crunch word list generator too) in a manner that an attacker would use (mandatory please don't misuse it). All cracking happens on your own machine(s) so your data is never exposed. Im especially happy that you can use your web browser to crack using CPU but there is also a desktop client you can download from github that uses hashcat under the hood. Im still trying to refine it so any feedback will be appreciated. Also, if you guys know of more password lists I should be keeping, please let me know. Here is a .cap file to test with on github.
Submitted February 14, 2020 at 02:34AM by arcaneiceman
via reddit https://ift.tt/2OTDVmW
I made a distributed online brute force WPA cracking tool called kraken to make it super easy to audit your WiFi passwords against famous wordlists (and you can use crunch word list generator too) in a manner that an attacker would use (mandatory please don't misuse it). All cracking happens on your own machine(s) so your data is never exposed. Im especially happy that you can use your web browser to crack using CPU but there is also a desktop client you can download from github that uses hashcat under the hood. Im still trying to refine it so any feedback will be appreciated. Also, if you guys know of more password lists I should be keeping, please let me know. Here is a .cap file to test with on github.
Submitted February 14, 2020 at 02:34AM by arcaneiceman
via reddit https://ift.tt/2OTDVmW
GitHub
arcaneiceman/kraken-client
Kraken: A multi-platform distributed brute-force password cracking system - arcaneiceman/kraken-client
ModSecurity Vulnerability & PoC (CVE-2019-19886)
https://ift.tt/2OFPVZg
Submitted February 14, 2020 at 02:41AM by theMiddleBlue
via reddit https://ift.tt/2tVdW7r
https://ift.tt/2OFPVZg
Submitted February 14, 2020 at 02:41AM by theMiddleBlue
via reddit https://ift.tt/2tVdW7r
Secjuice
ModSecurity Vulnerability & PoC (CVE-2019-19886)
Security researcher Andrea Menin tells us the story of vulnerabilities he found in libModSecurity (CVE-2019-19886).
Re: phpList's Authentication Bypass (CVE-2020-8547). Here's a phpList Hardening Guide.
https://ift.tt/3bwpCP7
Submitted February 14, 2020 at 01:44PM by maltfield
via reddit https://ift.tt/2Hn1rET
https://ift.tt/3bwpCP7
Submitted February 14, 2020 at 01:44PM by maltfield
via reddit https://ift.tt/2Hn1rET
Michael Altfield's Tech Blog
Hardening Guide for phpList - Michael Altfield's Tech Blog
This post will outline recommended steps to harden phpList after install to make it reasonably secure. phpList is the most popular open-source software for managing mailing lists. Like wordpress, they have a phplist.com for paid hosting services and phplist.org…
OpenSSH release (8.2) with FIDO/U2F support
https://ift.tt/2HpaK7o
Submitted February 14, 2020 at 04:30PM by c0r0n3r
via reddit https://ift.tt/2uNOFMO
https://ift.tt/2HpaK7o
Submitted February 14, 2020 at 04:30PM by c0r0n3r
via reddit https://ift.tt/2uNOFMO
reddit
OpenSSH release (8.2) with FIDO/U2F support
Posted in r/netsec by u/c0r0n3r • 2 points and 0 comments
CVE-2020-0618: RCE in SQL Server Reporting Services (SSRS)
https://ift.tt/2SqaiMa
Submitted February 14, 2020 at 05:51PM by DebugDucky
via reddit https://ift.tt/38rvwz7
https://ift.tt/2SqaiMa
Submitted February 14, 2020 at 05:51PM by DebugDucky
via reddit https://ift.tt/38rvwz7
www.mdsec.co.uk
CVE-2020-0618: RCE in SQL Server Reporting Services (SSRS) – MDSec
Shodan Hacking Guide
https://ift.tt/39xMGLu
Submitted February 14, 2020 at 06:57PM by rowdyintellectual
via reddit https://ift.tt/2Ss1B41
https://ift.tt/39xMGLu
Submitted February 14, 2020 at 06:57PM by rowdyintellectual
via reddit https://ift.tt/2Ss1B41
TurgenSec Community
Shodan Pentesting Guide
Shodan is a tool for searching devices connected to the internet. Unlike search engines which help you find websites, Shodan helps you find information about desktops, servers, IoT devices, and more. This information includes metadata
Securing the Boot Process
https://ift.tt/2Snvdzt
Submitted February 14, 2020 at 07:45PM by eberkut
via reddit https://ift.tt/37qe0tB
https://ift.tt/2Snvdzt
Submitted February 14, 2020 at 07:45PM by eberkut
via reddit https://ift.tt/37qe0tB
queue.acm.org
Securing the Boot Process - ACM Queue
The goal of a hardware root of trust is to verify that the software installed in every component of the hardware is the software that was intended. This way you can verify and know without a doubt whether a machine
Amazon Echo Auto Shenanigans.
https://ift.tt/31UWqN7
Submitted February 14, 2020 at 11:36PM by neko2314
via reddit https://ift.tt/2vuG9Td
https://ift.tt/31UWqN7
Submitted February 14, 2020 at 11:36PM by neko2314
via reddit https://ift.tt/2vuG9Td
Hypervisor Necromancy; Reanimating Kernel Protectors
https://ift.tt/2USwmRy
Submitted February 15, 2020 at 09:37AM by numberbuzy
via reddit https://ift.tt/38yz6Y8
https://ift.tt/2USwmRy
Submitted February 15, 2020 at 09:37AM by numberbuzy
via reddit https://ift.tt/38yz6Y8
www.phrack.org
.:: Phrack Magazine ::.
Phrack staff website.
CVE-2020-0668 - A Trivial Privilege Escalation Bug in Windows Service Tracing
https://ift.tt/3bHS2FG
Submitted February 15, 2020 at 06:02PM by TPAB80
via reddit https://ift.tt/2OVSOFg
https://ift.tt/3bHS2FG
Submitted February 15, 2020 at 06:02PM by TPAB80
via reddit https://ift.tt/2OVSOFg
itm4n.github.io
CVE-2020-0668 - A Trivial Privilege Escalation Bug in Windows Service Tracing | PS C:\Users\itm4n\> _
In this post, I’ll discuss an arbitrary file move vulnerability I found in Windows Service Tracing. From my testing, it affected all versions of Windows from...
Content Security Policy (CSP) Bypasses
https://ift.tt/389EpNw
Submitted February 15, 2020 at 09:10PM by ghostlulz
via reddit https://ift.tt/2uE9lHm
https://ift.tt/389EpNw
Submitted February 15, 2020 at 09:10PM by ghostlulz
via reddit https://ift.tt/2uE9lHm
Ghostlulz Hacks
Content Security Policy (CSP) Bypasses - Ghostlulz Hacks
Bypass the content security policy (CSP) via JSONP endpoints, CSP injection, wildcards *, and other misconfigurations.
HackTheBox: Json - Writeup by rizemon
https://ift.tt/31XgLkT
Submitted February 15, 2020 at 11:14PM by rizemon
via reddit https://ift.tt/2SQq6XN
https://ift.tt/31XgLkT
Submitted February 15, 2020 at 11:14PM by rizemon
via reddit https://ift.tt/2SQq6XN
2019 Breach Trends - Based on Open Source Data
https://ift.tt/2uFlZG5
Submitted February 16, 2020 at 02:59AM by ericalexander303
via reddit https://ift.tt/323STfB
https://ift.tt/2uFlZG5
Submitted February 16, 2020 at 02:59AM by ericalexander303
via reddit https://ift.tt/323STfB
Eric Alexander
2019 Breach Trends - Based on Open Source Data
It’s that time of year again, time to look back on breach data from the previous year, and reflect on trends. A little history is needed before jumping in. I started cataloging breach data about 3 years ago and have tried to capture 3 critical attributes…
How to DOS (Denial of Service) Attack Your Own Wifi with Kali Linux
https://ift.tt/2SuWdgv
Submitted February 16, 2020 at 06:01AM by the_mountain_dewd
via reddit https://ift.tt/37yMPwK
https://ift.tt/2SuWdgv
Submitted February 16, 2020 at 06:01AM by the_mountain_dewd
via reddit https://ift.tt/37yMPwK
Wealthy Roads
How to DOS (Denial of Service) Attack Your Own Wifi with Kali Linux - Wealthy Roads
Learn how to disable or DOS (Denial of Serice) attack your own wifi. Using Kali Linux you will be able to completely disable all connections to your wifi.
Top 7 IMSI Catcher Detection Solutions for 2020
https://ift.tt/2Hp0ADL
Submitted February 16, 2020 at 02:35PM by weoter
via reddit https://ift.tt/2SNYD95
https://ift.tt/2Hp0ADL
Submitted February 16, 2020 at 02:35PM by weoter
via reddit https://ift.tt/2SNYD95
FirstPoint
Top 7 IMSI Catcher Detection Solutions for 2020 - FirstPoint
This is why the IMSI Catcher is so effective. It simply pretends to be a cell tower near your phone, then seamlessly connects to it, and starts to harvest information.
Vulnhub writeup: Five86-1 ( no metasploit )
https://ift.tt/2wixa7Y
Submitted February 16, 2020 at 04:28PM by kolima_
via reddit https://ift.tt/38wG00b
https://ift.tt/2wixa7Y
Submitted February 16, 2020 at 04:28PM by kolima_
via reddit https://ift.tt/38wG00b
Medium
Vulnhub write-up: Five86–1
After the classic VM bootstrap the first thing that I had to do is to obtain the IP of the target machine. Then I needed to use nmap…
VTSCAN - scan a malicious file from terminal using VirusTotal API
https://ift.tt/3bKX2JE
Submitted February 17, 2020 at 03:13AM by _____WINTERMUTE_____
via reddit https://ift.tt/2SNDtYB
https://ift.tt/3bKX2JE
Submitted February 17, 2020 at 03:13AM by _____WINTERMUTE_____
via reddit https://ift.tt/2SNDtYB