AngularJs Client Side Template Injection (XSS)
https://ift.tt/3c119le
Submitted February 22, 2020 at 09:45PM by ghostlulz
via reddit https://ift.tt/2Vg5ZF8
https://ift.tt/3c119le
Submitted February 22, 2020 at 09:45PM by ghostlulz
via reddit https://ift.tt/2Vg5ZF8
Ghostlulz Hacks
AngularJS Client Side Template Injection (XSS) - Ghostlulz Hacks
Slack Group Before we get started I have started a slack group dedicated to hacking. We welcome everyone from beginner…
Working POC for CVE-2020-0668 local priv esc on all windows versions
https://github.com/RedCursorSecurityConsulting/CVE-2020-0668
Submitted February 21, 2020 at 05:14AM by gmad
via reddit https://ift.tt/2vT2RV8
https://github.com/RedCursorSecurityConsulting/CVE-2020-0668
Submitted February 21, 2020 at 05:14AM by gmad
via reddit https://ift.tt/2vT2RV8
reddit
Working POC for CVE-2020-0668 local priv esc on all windows versions
[https://github.com/RedCursorSecurityConsulting/CVE-2020-0668](https://www.google.com/url?q=https://github.com/RedCursorSecurityConsulting/CVE-2020...
CIA secretly owned world's top encryption supplier, read enemy and ally messages for decades
https://ift.tt/38jRm7B
Submitted February 23, 2020 at 12:09AM by MayonaiseRemover
via reddit https://ift.tt/2T5NmkL
https://ift.tt/38jRm7B
Submitted February 23, 2020 at 12:09AM by MayonaiseRemover
via reddit https://ift.tt/2T5NmkL
Boing Boing
CIA secretly owned world's top encryption supplier, read enemy and ally messages for decades
For more than half a century, governments all over the world trusted a single company to keep the communications of their spies, soldiers and diplomats secret. That company was secretly run by the …
Our First Weeks of Securing Windows 7 and Windows Server 2008 R2
https://ift.tt/38NhU16
Submitted February 23, 2020 at 05:58AM by dielel
via reddit https://ift.tt/38SKEFF
https://ift.tt/38NhU16
Submitted February 23, 2020 at 05:58AM by dielel
via reddit https://ift.tt/38SKEFF
0Patch
Our First Weeks of Securing Windows 7 and Windows Server 2008 R2
A quick status update by Mitja Kolsek, the 0patch Team [Update 2/22/2020: More details on the exploit code for CVE-2020-0674 were publis...
Zero Networks Access Orchestrator: Autonomous, airtight network access security at scale - Help Net Security
https://ift.tt/2PcQbiK
Submitted February 23, 2020 at 06:36PM by ZeroNetworks
via reddit https://ift.tt/2wGYFIv
https://ift.tt/2PcQbiK
Submitted February 23, 2020 at 06:36PM by ZeroNetworks
via reddit https://ift.tt/2wGYFIv
Help Net Security
Zero Networks Access Orchestrator: Autonomous, airtight network access security at scale - Help Net Security
Zero Networks Access Orchestrator is a network security platform that defines, enforces and adapts user- and machine-level network access policies.
Writing a GHIDRA Loader: STM32 Edition.
https://ift.tt/2VhK7Jp
Submitted February 23, 2020 at 08:20PM by wrongbaud
via reddit https://ift.tt/3c0lxCN
https://ift.tt/2VhK7Jp
Submitted February 23, 2020 at 08:20PM by wrongbaud
via reddit https://ift.tt/3c0lxCN
Reddit
From the netsec community on Reddit: Writing a GHIDRA Loader: STM32 Edition.
Posted by wrongbaud - 78 votes and no comments
OSWE/AWAE Preparation compiled reference Links
https://ift.tt/2T70Oou
Submitted February 23, 2020 at 10:02PM by 0crypt
via reddit https://ift.tt/3c0OQ8u
https://ift.tt/2T70Oou
Submitted February 23, 2020 at 10:02PM by 0crypt
via reddit https://ift.tt/3c0OQ8u
z-r0crypt.github.io
OSWE/AWAE Preparation · Z-r0crypt
Security Research Blog for learning and sharing
I just open-sourced sweetie data, a repo of multiple honeypot logs.
https://ift.tt/38TfduX
Submitted February 23, 2020 at 11:15PM by 0xsha
via reddit https://ift.tt/37Ofzlr
https://ift.tt/38TfduX
Submitted February 23, 2020 at 11:15PM by 0xsha
via reddit https://ift.tt/37Ofzlr
GitHub
GitHub - 0xsha/sweetie-data: This repo contains logstash of various honeypots
This repo contains logstash of various honeypots. Contribute to 0xsha/sweetie-data development by creating an account on GitHub.
B350 tomahawk scanned drive, what gives
/r/MSI_Gaming/comments/f8ib0x/b350_tomahawk_scanned_drive_what_gives/
Submitted February 24, 2020 at 05:53AM by 100GHz
via reddit https://ift.tt/37RpZRf
/r/MSI_Gaming/comments/f8ib0x/b350_tomahawk_scanned_drive_what_gives/
Submitted February 24, 2020 at 05:53AM by 100GHz
via reddit https://ift.tt/37RpZRf
reddit
B350 tomahawk scanned drive, what gives
Posted in r/netsec by u/100GHz • 0 points and 0 comments
Arrested on the Job: Penetration Testers Jailed, Charges Actually Brought Forth
https://ift.tt/2SRCQ1y
Submitted February 24, 2020 at 02:16PM by iamtherealmod
via reddit https://ift.tt/38Uo6Vd
https://ift.tt/2SRCQ1y
Submitted February 24, 2020 at 02:16PM by iamtherealmod
via reddit https://ift.tt/38Uo6Vd
Obsecurity
Arrested on the Job: Penetration Testers Jailed, Charges Actually Brought Forth
This week, we’re going to take a look at a story that–after a long and mind-bending road–finally came to a conclusion recently. One where two penetration testers from the security…
MyBB 1.8's vulnerability statistics (PHP forum software)
https://ift.tt/2PgisF0
Submitted February 23, 2020 at 10:02PM by HappyRise
via reddit https://ift.tt/2vWj0t5
https://ift.tt/2PgisF0
Submitted February 23, 2020 at 10:02PM by HappyRise
via reddit https://ift.tt/2vWj0t5
reddit
MyBB 1.8's vulnerability statistics (PHP forum software)
Posted in r/netsec by u/HappyRise • 1 point and 0 comments
Bypassing OkHttp Certificate Pinning
https://ift.tt/2vdsFex
Submitted February 24, 2020 at 04:04PM by CaptMeelo
via reddit https://ift.tt/390IrbC
https://ift.tt/2vdsFex
Submitted February 24, 2020 at 04:04PM by CaptMeelo
via reddit https://ift.tt/390IrbC
Hack.Learn.Share
Bypassing OkHttp Certificate Pinning
This blog contains write-ups of the things that I researched, learned, and wanted to share to others.
Malware and benign windows PE cuckoo reports
/r/datasets/comments/exhy38/malware_and_benign_windows_pe_cuckoo_reports/
Submitted February 24, 2020 at 05:48PM by themrzmaster
via reddit https://ift.tt/38URfQ9
/r/datasets/comments/exhy38/malware_and_benign_windows_pe_cuckoo_reports/
Submitted February 24, 2020 at 05:48PM by themrzmaster
via reddit https://ift.tt/38URfQ9
reddit
Malware and benign windows PE cuckoo reports
Posted in r/netsec by u/themrzmaster • 2 points and 0 comments
Releases 2.9.11 of MONARC
https://ift.tt/2w06Hf8
Submitted February 24, 2020 at 07:35PM by ecbo
via reddit https://ift.tt/2HP1I3s
https://ift.tt/2w06Hf8
Submitted February 24, 2020 at 07:35PM by ecbo
via reddit https://ift.tt/2HP1I3s
MONARC
MONARC 2.9.11 released
Release 2.9.11 of MONARC
We found 6 critical PayPal vulnerabilities, and PayPal punished us for it
https://ift.tt/2vX7GwG
Submitted February 24, 2020 at 09:08PM by pimterry
via reddit https://ift.tt/2SXPfRL
https://ift.tt/2vX7GwG
Submitted February 24, 2020 at 09:08PM by pimterry
via reddit https://ift.tt/2SXPfRL
CyberNews
We found 6 critical PayPal vulnerabilities - and PayPal punished us for it | CyberNews
CyberNews research analysts discovered 6 serious PayPal vulnerabilities and reported them. But instead of a bounty or thanks, we got punished by PayPal.
New Python django postgresql sql injection
https://ift.tt/3a6f33P
Submitted February 24, 2020 at 08:59PM by vulnwatcher
via reddit https://ift.tt/380tC7C
https://ift.tt/3a6f33P
Submitted February 24, 2020 at 08:59PM by vulnwatcher
via reddit https://ift.tt/380tC7C
Firo Solutions
Python django postgresql
Parent PID Spoofing
https://ift.tt/37Tvqiz
Submitted February 24, 2020 at 09:43PM by netbiosX
via reddit https://ift.tt/2umCVke
https://ift.tt/37Tvqiz
Submitted February 24, 2020 at 09:43PM by netbiosX
via reddit https://ift.tt/2umCVke
Penetration Testing Lab
Parent PID Spoofing
Monitoring the relationships between parent and child processes is very common technique for threat hunting teams to detect malicious activities. For example if PowerShell is the child process and …
Pass the Hash
https://ift.tt/350dSzH
Submitted February 24, 2020 at 09:33PM by hackndo
via reddit https://ift.tt/2T8Y89W
https://ift.tt/350dSzH
Submitted February 24, 2020 at 09:33PM by hackndo
via reddit https://ift.tt/2T8Y89W
hackndo
Pass the Hash
Pass the Hash is extremely used in internal pentests to get administrative rights on a set of hosts. We will detail here how this technique works.
OpenSMTPD: An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root.
https://ift.tt/37WtmWU
Submitted February 24, 2020 at 10:20PM by VerteFeuille
via reddit https://ift.tt/2TaQqvJ
https://ift.tt/37WtmWU
Submitted February 24, 2020 at 10:20PM by VerteFeuille
via reddit https://ift.tt/2TaQqvJ
GitHub
OpenSMTPD/OpenSMTPD
This is official OpenSMTPD Portable repository. Forks, pull requests and other contributions are welcome! - OpenSMTPD/OpenSMTPD
Analysis of a VBS Malware Dropper - VBS Malware still a threat in 2020
https://ift.tt/2vWgGSJ
Submitted February 24, 2020 at 10:01PM by cyberbutler
via reddit https://ift.tt/2TeVMWQ
https://ift.tt/2vWgGSJ
Submitted February 24, 2020 at 10:01PM by cyberbutler
via reddit https://ift.tt/2TeVMWQ
Medium
Analysis of a VBS Malware Dropper
Recently, I was willingly forwarded a phishing email (for science!) which contained a ZIP attachment, requesting the recipient to update…
Signature Validation Bypass Leading to RCE In Electron-Updater (also used by Trinity Wallet)
https://ift.tt/2uuNvpA
Submitted February 24, 2020 at 11:38PM by nibblesec
via reddit https://ift.tt/2TarBQP
https://ift.tt/2uuNvpA
Submitted February 24, 2020 at 11:38PM by nibblesec
via reddit https://ift.tt/2TarBQP
Doyensec
Signature Validation Bypass Leading to RCE In Electron-Updater · Doyensec's Blog
Doyensec's Blog :: Doyensec is an independent security research and development company focused on vulnerability discovery and remediation.