Dropgangs, or the future of darknet markets • Opaque Link
https://opaque.link/post/dropgang/
https://opaque.link/post/dropgang/
Gaining access to Uber's user data through AMPScript evaluation – Assetnote
http://blog.assetnote.io/bug-bounty/2019/01/14/gaining-access-to-ubers-user-data-through-ampscript-evaluation/
http://blog.assetnote.io/bug-bounty/2019/01/14/gaining-access-to-ubers-user-data-through-ampscript-evaluation/
Dokany/Google Drive File Stream Kernel Stack-based Buffer Overflow Vulnerability | GreyHatHacker.NET
http://www.greyhathacker.net/?p=1041
http://www.greyhathacker.net/?p=1041
GitHub - Bashfuscator/Bashfuscator: A fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red team and blue team.
https://github.com/Bashfuscator/Bashfuscator
https://github.com/Bashfuscator/Bashfuscator
GitHub
GitHub - Bashfuscator/Bashfuscator: A fully configurable and extendable Bash obfuscation framework. This tool is intended to help…
A fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red team and blue team. - Bashfuscator/Bashfuscator
SMB and the return of the worm
https://blogs.cisco.com/security/smb-and-the-return-of-the-worm
https://blogs.cisco.com/security/smb-and-the-return-of-the-worm
Cisco Blogs
SMB and the return of the worm
Watch the threat landscape long enough, and you’ll see that some things are cyclical. Threat types and attack methods fall in and out of fashion. As the use of one...
Introduction to WebAuthn API – Ackermann Yuriy – Medium
https://medium.com/@herrjemand/introduction-to-webauthn-api-5fd1fb46c285
https://medium.com/@herrjemand/introduction-to-webauthn-api-5fd1fb46c285
Medium
Introduction to WebAuthn API
…or Level 1 Credential Management API extension for Public Key Credentials, and the untold stories of managing credentials in the browser…
Are you submitting bugs for free when others are being paid? Welcome to BugBounties!
https://medium.com/@zseano/are-you-submitting-bugs-for-free-when-others-are-being-paid-welcome-to-bugbounties-9e0fdb40a837
https://medium.com/@zseano/are-you-submitting-bugs-for-free-when-others-are-being-paid-welcome-to-bugbounties-9e0fdb40a837
GitHub - nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters: A list of resources for those interested in getting started in bug bounties
https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters
https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters
GitHub
GitHub - nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters: A list of resources for those interested in getting started in bug…
A list of resources for those interested in getting started in bug bounties - nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters
PWK Notes: Tunneling and Pivoting | 0xdf hacks stuff
https://0xdf.gitlab.io/2018/11/02/pwk-notes-tunneling.html
https://0xdf.gitlab.io/2018/11/02/pwk-notes-tunneling.html
0xdf hacks stuff
PWK Notes: Tunneling and Pivoting
That beautiful feeling of shell on a box is such a high. But once you realize that you need to pivot through that host deeper into the network, it can take you a bit out of your comfort zone. I’ve run into this in Sans Netwars, Hackthebox, and now in PWK.…
(2018-12-30) PowerShell Script To Reset The KrbTgt Account Password/Keys For Both RWDCs And RODCs – Jorge's Quest For Knowledge!
https://jorgequestforknowledge.wordpress.com/2018/12/30/powershell-script-to-reset-the-krbtgt-account-password-keys-for-both-rwdcs-and-rodcs/
https://jorgequestforknowledge.wordpress.com/2018/12/30/powershell-script-to-reset-the-krbtgt-account-password-keys-for-both-rwdcs-and-rodcs/
Jorge's Quest For Knowledge!
(2018-12-30) PowerShell Script To Reset The KrbTgt Account Password/Keys For Both RWDCs And RODCs
Information provided by Microsoft explaining why this is important KRBTGT Account Password Reset Scripts now available for customers – The original script written by Jared Poeppelman, who wor…
Debugging Android and iOS like a real G's with Dwarf GUI - Giovanni Rocca
http://www.giovanni-rocca.com/debugging-android-and-ios-like-a-real-gs-with-dwarf-gui/
http://www.giovanni-rocca.com/debugging-android-and-ios-like-a-real-gs-with-dwarf-gui/
Researcher shows how popular app ES File Explorer exposes Android device data – TechCrunch
https://techcrunch.com/2019/01/16/android-app-es-file-explorer-expose-data/
https://techcrunch.com/2019/01/16/android-app-es-file-explorer-expose-data/
TechCrunch
Researcher shows how popular app ES File Explorer exposes Android device data | TechCrunch
Why is one of the most popular Android apps running a hidden web server in the background? ES File Explorer claims it has more than 500 million downloads
Powershell Payload Delivery via DNS using Invoke-PowerCloud - Red Teaming Experiments
https://ired.team/offensive-security-experiments/payload-delivery-via-dns-using-invoke-powercloud
https://ired.team/offensive-security-experiments/payload-delivery-via-dns-using-invoke-powercloud
A popular WordPress plugin leaked access tokens capable of hijacking Twitter accounts – TechCrunch
https://techcrunch.com/2019/01/17/wordpress-plugin-leaked-twitter-account-access-tokens/
https://techcrunch.com/2019/01/17/wordpress-plugin-leaked-twitter-account-access-tokens/
TechCrunch
A popular WordPress plugin leaked access tokens capable of hijacking Twitter accounts
A popular WordPress plugin, installed on thousands of websites to help users share content on social media sites, left linked Twitter accounts exposed to compromise.
How to Find Hidden Cameras and Spy Bugs (The Professional Way) - Sentel Tech Security
https://www.senteltechsecurity.com/blog/post/how-to-find-hidden-cameras/
https://www.senteltechsecurity.com/blog/post/how-to-find-hidden-cameras/
GitHub - kgretzky/evilginx2: Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
https://github.com/kgretzky/evilginx2
https://github.com/kgretzky/evilginx2
GitHub
GitHub - kgretzky/evilginx2: Standalone man-in-the-middle attack framework used for phishing login credentials along with session…
Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication - kgretzky/evilginx2
How to write a rootkit without really trying | Trail of Bits Blog
https://blog.trailofbits.com/2019/01/17/how-to-write-a-rootkit-without-really-trying/
https://blog.trailofbits.com/2019/01/17/how-to-write-a-rootkit-without-really-trying/
The Trail of Bits Blog
How to write a rootkit without really trying
We open-sourced a fault injection tool, KRF, that uses kernel-space syscall interception. You can use it today to find faulty assumptions (and resultant bugs) in your programs. Check it out! This post covers intercepting system calls from within the Linux…
Remotely compromise devices by using bugs in Marvell Avastar Wi-Fi: from zero knowledge to zero-click RCE – Embedi
https://embedi.org/blog/remotely-compromise-devices-by-using-bugs-in-marvell-avastar-wi-fi-from-zero-knowledge-to-zero-click-rce/
https://embedi.org/blog/remotely-compromise-devices-by-using-bugs-in-marvell-avastar-wi-fi-from-zero-knowledge-to-zero-click-rce/