[OC] Multiple Exploits now out for CVE-2020-0688 - the Microsoft Exchange deserialization vuln
/r/blueteamsec/comments/fb8pum/oc_multiple_exploits_now_out_for_cve20200688_the/
Submitted February 29, 2020 at 12:12PM by digicat
via reddit https://ift.tt/2wdmDLa
/r/blueteamsec/comments/fb8pum/oc_multiple_exploits_now_out_for_cve20200688_the/
Submitted February 29, 2020 at 12:12PM by digicat
via reddit https://ift.tt/2wdmDLa
reddit
[OC] Multiple Exploits now out for CVE-2020-0688 - the Microsoft...
Posted in r/netsec by u/digicat • 3 points and 0 comments
11 New SpiderFoot 3.0 CLI tutorials
https://ift.tt/2fFkaRz
Submitted February 29, 2020 at 04:41PM by smicallef
via reddit https://ift.tt/32CF08i
https://ift.tt/2fFkaRz
Submitted February 29, 2020 at 04:41PM by smicallef
via reddit https://ift.tt/32CF08i
ADTimeline: Generates a timeline based on Active Directory replication metadata for objects considered of interest - suggested to use Splunk for analysis
https://ift.tt/3cim9Eb
Submitted February 29, 2020 at 09:14PM by digicat
via reddit https://ift.tt/2uEZ3qc
https://ift.tt/3cim9Eb
Submitted February 29, 2020 at 09:14PM by digicat
via reddit https://ift.tt/2uEZ3qc
GitHub
GitHub - ANSSI-FR/ADTimeline: Timeline of Active Directory changes with replication metadata
Timeline of Active Directory changes with replication metadata - GitHub - ANSSI-FR/ADTimeline: Timeline of Active Directory changes with replication metadata
A mysterious bug in the firmware of Google's Titan M chip (CVE-2019-9465)
https://ift.tt/2I6Z49K
Submitted February 29, 2020 at 10:26PM by clearlyarbitrary
via reddit https://ift.tt/2PCkAqZ
https://ift.tt/2I6Z49K
Submitted February 29, 2020 at 10:26PM by clearlyarbitrary
via reddit https://ift.tt/2PCkAqZ
Alexander Bakker's Blog
A mysterious bug in the firmware of Google's Titan M chip (CVE-2019-9465)
Starting with the release of the Pixel 3, all of Google's Pixel Android smartphones come with the Titan M security chip on board. When I realized the Pixel 3a XL I purchased also had it, I decided to try to take advantage of it in an app I work on. It turned…
CVE-2020-1938: Ghostcat aka Tomcat 9/8/7/6 in the default configuration (port 8009) leading to disclosure of configuration files and source code files of all webapps deployed and potentially code execution
/r/blueteamsec/comments/fbcrxu/cve20201938_ghostcat_aka_tomcat_9876_in_the/
Submitted February 29, 2020 at 10:14PM by digicat
via reddit https://ift.tt/2PDAIZk
/r/blueteamsec/comments/fbcrxu/cve20201938_ghostcat_aka_tomcat_9876_in_the/
Submitted February 29, 2020 at 10:14PM by digicat
via reddit https://ift.tt/2PDAIZk
reddit
CVE-2020-1938: Ghostcat aka Tomcat 9/8/7/6 in the default...
Posted in r/netsec by u/digicat • 2 points and 0 comments
Hyperion is a runtime encrypter for 32-bit and 64-bit portable executables. It is a reference implementation and bases on the paper "Hyperion: Implementation of a PE-Crypter". The current version (as of February 2020) is 2.2. Use this process to install and compile the zipped file.
https://ift.tt/2VuY1br
Submitted March 01, 2020 at 02:12AM by goobyplx
via reddit https://ift.tt/2vumsuR
https://ift.tt/2VuY1br
Submitted March 01, 2020 at 02:12AM by goobyplx
via reddit https://ift.tt/2vumsuR
Moe's Information Security and General News Blog
Installing and Compiling Hyperion 2.2
Older books refer to older version of Hyperion in Kali Linux. The current version (as of February 2020) is 2.2. Use below process to install and compile the zipped file: Download Hyperion 2.2 from:…
help us fight dis.cool, and stop the scraping, selling and recklessness with our personal data.
/r/privacy/comments/fbhv5t/help_us_fight_discool_and_stop_the_scraping/
Submitted March 01, 2020 at 04:24AM by resynth1943
via reddit https://ift.tt/2VAEPJ9
/r/privacy/comments/fbhv5t/help_us_fight_discool_and_stop_the_scraping/
Submitted March 01, 2020 at 04:24AM by resynth1943
via reddit https://ift.tt/2VAEPJ9
reddit
help us fight dis.cool, and stop the scraping, selling and...
Posted in r/netsec by u/resynth1943 • 3 points and 0 comments
centos 8, red hat 8, ubuntu 14.04 16.04 18.04 LPE n-day
https://ift.tt/386iBS4
Submitted March 01, 2020 at 06:14AM by ll0rtagem
via reddit https://ift.tt/3ahV5Dg
https://ift.tt/386iBS4
Submitted March 01, 2020 at 06:14AM by ll0rtagem
via reddit https://ift.tt/3ahV5Dg
GitHub
duasynt/xfrm_poc
Linux kernel XFRM UAF poc (3.x - 5.x kernels). Contribute to duasynt/xfrm_poc development by creating an account on GitHub.
Attention to Details : A Curious Case of Multiple IDORs
https://ift.tt/2vrssVk
Submitted March 01, 2020 at 11:21AM by LuD1161
via reddit https://ift.tt/3ckLrla
https://ift.tt/2vrssVk
Submitted March 01, 2020 at 11:21AM by LuD1161
via reddit https://ift.tt/3ckLrla
Medium
Attention to Details : Finding Hidden IDORs
How a huge travel portal’s customer PII data could’ve leaked through some remanant functionality.This lead me to discover a few IDORs.
Reverse Engineering Programmable Controllers using MPlab and Proteus
https://ift.tt/2T9VuBV
Submitted March 01, 2020 at 05:26PM by ISeeFacesInClouds
via reddit https://ift.tt/2TqhVSo
https://ift.tt/2T9VuBV
Submitted March 01, 2020 at 05:26PM by ISeeFacesInClouds
via reddit https://ift.tt/2TqhVSo
Medium
Reversing Programmable Interface Controllers
AeroCTF had a category of challenges revolving around PICs. The PIC code dump is given for us to analyze and extract the flag from it. ROM…
Intro to chrome's v8 from an exploit development angle
https://ift.tt/3cgY3tm
Submitted March 01, 2020 at 05:47PM by digicat
via reddit https://ift.tt/2PDh7sa
https://ift.tt/3cgY3tm
Submitted March 01, 2020 at 05:47PM by digicat
via reddit https://ift.tt/2PDh7sa
Sensepost
SensePost | Intro to chrome’s v8 from an exploit development angle
Leaders in Information Security
Evasion techniques - Malware Evasion Encyclopedia, which contains over 50 techniques used by various malwares to detect virtualized and sandboxed environments.
https://ift.tt/2Vy6kDm
Submitted March 01, 2020 at 08:10PM by digicat
via reddit https://ift.tt/2Ill5lj
https://ift.tt/2Vy6kDm
Submitted March 01, 2020 at 08:10PM by digicat
via reddit https://ift.tt/2Ill5lj
reddit
Evasion techniques - Malware Evasion Encyclopedia, which contains...
Posted in r/netsec by u/digicat • 390 points and 3 comments
Attacking and defending the GCP metadata API
https://ift.tt/38ap6Dz
Submitted March 02, 2020 at 11:11AM by wifihack
via reddit https://ift.tt/2uGcrua
https://ift.tt/38ap6Dz
Submitted March 02, 2020 at 11:11AM by wifihack
via reddit https://ift.tt/2uGcrua
GitHub
dxa4481/AttackingAndDefendingTheGCPMetadataAPI
This repo gives an overview of some GCP metadata API attack and defend patterns - dxa4481/AttackingAndDefendingTheGCPMetadataAPI
Alert Correlation Algorithms: A Survey and Taxonomy
/user/sajjadium/comments/fb39mt/alert_correlation_algorithms_a_survey_and_taxonomy/
Submitted March 02, 2020 at 02:10PM by sajjadium
via reddit https://ift.tt/38dJ6VG
/user/sajjadium/comments/fb39mt/alert_correlation_algorithms_a_survey_and_taxonomy/
Submitted March 02, 2020 at 02:10PM by sajjadium
via reddit https://ift.tt/38dJ6VG
reddit
Alert Correlation Algorithms: A Survey and Taxonomy
Posted in r/netsec by u/sajjadium • 0 points and 0 comments
An Anomaly-based Botnet Detection Approach for Identifying Stealthy Botnets
/user/sajjadium/comments/faja07/an_anomalybased_botnet_detection_approach_for/
Submitted March 02, 2020 at 02:05PM by sajjadium
via reddit https://ift.tt/2Te9Jph
/user/sajjadium/comments/faja07/an_anomalybased_botnet_detection_approach_for/
Submitted March 02, 2020 at 02:05PM by sajjadium
via reddit https://ift.tt/2Te9Jph
reddit
An Anomaly-based Botnet Detection Approach for Identifying...
Posted in r/netsec by u/sajjadium • 0 points and 0 comments
Phishing Windows Credentials
https://ift.tt/2vzcit5
Submitted March 02, 2020 at 04:09PM by netbiosX
via reddit https://ift.tt/2TzjqNU
https://ift.tt/2vzcit5
Submitted March 02, 2020 at 04:09PM by netbiosX
via reddit https://ift.tt/2TzjqNU
Penetration Testing Lab
Phishing Windows Credentials
It is very common in Windows environments when programs are executed to require from the user to enter his domain credentials for authentication like Outlook, authorization of elevation of privileg…
A Security Review of SharePoint Site Pages
https://ift.tt/3cpp8uo
Submitted March 02, 2020 at 05:28PM by gid0rah
via reddit https://ift.tt/2TdgkjK
https://ift.tt/3cpp8uo
Submitted March 02, 2020 at 05:28PM by gid0rah
via reddit https://ift.tt/2TdgkjK
MDSec
A Security Review of SharePoint Site Pages - MDSec
Introduction If you have worked with SharePoint, you have seen two types of ASPX pages: Application pages Site pages Application pages are not customisable. They are stored on the file...
Hacking Unicode Like a Boss
https://ift.tt/2wocdIU
Submitted March 02, 2020 at 05:22PM by DebugDucky
via reddit https://ift.tt/38hdChk
https://ift.tt/2wocdIU
Submitted March 02, 2020 at 05:22PM by DebugDucky
via reddit https://ift.tt/38hdChk
Bugcrowd
Hacking Unicode Like a Boss | @Bugcrowd
This guest post was authored by Charlie Eriksen, Bugcrowd researcher and CTO of Adversary. Adversary delivers a platform that provides technical security traini
Empire 3.1 has been released with new features. These include multi-user API support, function name aliasing for Mimikatz and Invoke-Empire, and several others
https://ift.tt/2wVrm4q
Submitted March 02, 2020 at 06:25PM by Hubble_BC_Security
via reddit https://ift.tt/32F0dib
https://ift.tt/2wVrm4q
Submitted March 02, 2020 at 06:25PM by Hubble_BC_Security
via reddit https://ift.tt/32F0dib
GitHub
Release v3.1.0 · BC-SECURITY/Empire
Empire 3.1.0
- Added Multi-user Collaboration to API - #105 (@Cx01N & @vinnybod)
- Updated to Mimikatz 2.2.0 20200208 - #104 (@Cx01N)
- Fixed incorrect header on python response packet (@Cx01N)...
- Added Multi-user Collaboration to API - #105 (@Cx01N & @vinnybod)
- Updated to Mimikatz 2.2.0 20200208 - #104 (@Cx01N)
- Fixed incorrect header on python response packet (@Cx01N)...
SPN (Service Principal Names) demystified!
https://ift.tt/38jJFgB
Submitted March 02, 2020 at 07:21PM by hackndo
via reddit https://ift.tt/39rpSO1
https://ift.tt/38jJFgB
Submitted March 02, 2020 at 07:21PM by hackndo
via reddit https://ift.tt/39rpSO1
A-Z guide on setting up Graylog Part 4: File and Print Servers
/r/sysadmin/comments/fcdxvt/az_guide_on_setting_up_graylog_part_4_file_and/
Submitted March 02, 2020 at 09:24PM by HanSolo71
via reddit https://ift.tt/32GKq2p
/r/sysadmin/comments/fcdxvt/az_guide_on_setting_up_graylog_part_4_file_and/
Submitted March 02, 2020 at 09:24PM by HanSolo71
via reddit https://ift.tt/32GKq2p
reddit
A-Z guide on setting up Graylog Part 4: File and Print Servers
Posted in r/netsec by u/HanSolo71 • 2 points and 0 comments