Clever Phishing Attack Enlists Google Translate to Spoof Login Page | Threatpost | The first stop for security news
https://threatpost.com/clever-phishing-attack-enlists-google-translate-to-spoof-facebook-login-page/141571/
https://threatpost.com/clever-phishing-attack-enlists-google-translate-to-spoof-facebook-login-page/141571/
Threat Post
Clever Phishing Attack Enlists Google Translate to Spoof Login Page
A tricky two-stage phishing scam is targeting Facebook and Google credentials using a landing page that hides behind Google's translate feature.
[PoC] [CVE-2018-18354] Chrome remote code execution attack chain
Ignore Sandbox , Ignore Applock , Ignore download restriction
combined 3 bugs into logical vulnerability attack chain
https://t.co/IUWnx1mgZM
Ignore Sandbox , Ignore Applock , Ignore download restriction
combined 3 bugs into logical vulnerability attack chain
https://t.co/IUWnx1mgZM
How Android Q improves privacy and permission controls over Android Pie
https://www.xda-developers.com/android-q-privacy-permission-controls/
https://www.xda-developers.com/android-q-privacy-permission-controls/
XDA Developers
How Android Q improves Privacy and Permission Controls over Android Pie
Android Q will bring a revamp to permission management and enhancements to protect user privacy. Here's what Google has changed since Android Pie.
ClusterFuzz, an infrastructure used for fuzzing Chrome and OSS-Fuzz, is open source now! Enjoy responsibly :)
Blog: https://t.co/v6ywgccmRH
Code: https://t.co/lO9ACd7FY8
Blog: https://t.co/v6ywgccmRH
Code: https://t.co/lO9ACd7FY8
Google Open Source Blog
Open sourcing ClusterFuzz
The latest news from Google on open source releases, major projects, events, and student outreach programs.
Remote Code Execution via Path Traversal in the Device Metadata Authoring Wizard
https://posts.specterops.io/remote-code-execution-via-path-traversal-in-the-device-metadata-authoring-wizard-a0d5839fc54f
https://posts.specterops.io/remote-code-execution-via-path-traversal-in-the-device-metadata-authoring-wizard-a0d5839fc54f
Medium
Remote Code Execution via Path Traversal in the Device Metadata Authoring Wizard
Attackers can use the .devicemanifest-ms and .devicemetadata-ms file extensions for phishing if the Windows Driver Kit is installed.
DnsCache. reference example for how to call the Windows API to enumerate cached DNS records in the Windows resolver
https://t.co/YDhPvp9LKU
https://t.co/YDhPvp9LKU
Discovering and Exploiting a Vulnerability in Android’s Personal Dictionary (CVE-2018-9375) | IOActive
https://ioactive.com/discovering-and-exploiting-a-vulnerability-in-androids-personal-dictionary/
https://ioactive.com/discovering-and-exploiting-a-vulnerability-in-androids-personal-dictionary/
Frida 12.3 Debuts New Crash Reporting Feature - NowSecure
https://www.nowsecure.com/blog/2019/02/07/frida-12-3-debuts-new-crash-reporting-feature/
https://www.nowsecure.com/blog/2019/02/07/frida-12-3-debuts-new-crash-reporting-feature/
NowSecure
Frida 12.3 Debuts New Crash Reporting Feature
The Frida 12.3 open-source software dynamic instrumentation toolkit offers an exciting new app crash reporting feature that provides more details about... #Frida #OpenSourceTools #ProductUpdates
A guide to HTTP security headers for better web browser security | Detectify Blog
https://blog.detectify.com/2019/02/05/guide-http-security-headers-for-better-web-browser-security/
https://blog.detectify.com/2019/02/05/guide-http-security-headers-for-better-web-browser-security/
Detectify Blog
A guide to HTTP security headers for better web browser security - Detectify Blog
A guide on different response HTTP-headers that a web server can include in a request in order to prevent XSS attacks, protecting the web browser user.
Evil Twin Attack - The Definitive Guide (Updated 2019)
https://rootsh3ll.com/evil-twin-attack/
https://rootsh3ll.com/evil-twin-attack/
Remote Code Execution - Explaination, Writeups and Tools.
https://medium.com/@ashishrohra/remote-code-execution-explaination-writeups-and-tools-a8e4c3362259
https://medium.com/@ashishrohra/remote-code-execution-explaination-writeups-and-tools-a8e4c3362259
Medium
Introduction
Hey fellow hackers today in this post we will talk about Remote Code Execution, its types and will see some POC’s related to it. All these…
Introduction to IoT Reverse Engineering - with an example on a home router
[SLIDES]
https://t.co/nzrulHpKsg
[SLIDES]
https://t.co/nzrulHpKsg
Making Meterpreter Look Google-Signed (Using MSI & JAR Files)
https://medium.com/forensicitguy/making-meterpreter-look-google-signed-using-msi-jar-files-c0a7970ff8b7
https://medium.com/forensicitguy/making-meterpreter-look-google-signed-using-msi-jar-files-c0a7970ff8b7
Medium
Making Meterpreter Look Google-Signed (Using MSI & JAR Files)
In this post I’ll use some of the information made public by VirusTotal in a recent blog post and show how you can easily create a…
Remote Code Execution with Groovy console in Jenkins
https://medium.com/@_bl4de/remote-code-execution-with-groovy-console-in-jenkins-bd6ef55c285b
https://medium.com/@_bl4de/remote-code-execution-with-groovy-console-in-jenkins-bd6ef55c285b
Make It Rain with MikroTik – Tenable TechBlog – Medium
https://medium.com/tenable-techblog/make-it-rain-with-mikrotik-c90705459bc6
https://medium.com/tenable-techblog/make-it-rain-with-mikrotik-c90705459bc6
Medium
Make It Rain with MikroTik
Not a Coinhive Writeup
Privilege Escalation in Ubuntu Linux (dirty_sock exploit) | Shenanigans Labs
https://shenaniganslabs.io/2019/02/13/Dirty-Sock.html
https://shenaniganslabs.io/2019/02/13/Dirty-Sock.html
Shenanigans Labs
Privilege Escalation in Ubuntu Linux (dirty_sock exploit)
In January 2019, I discovered a privilege escalation vulnerability in default installations of Ubuntu Linux. This was due to a bug in the snapd API, a default service. Any local user could exploit this vulnerability to obtain immediate root access to the…
Recon-ng Tutorial
Part 1 Install and Setup
https://t.co/6KmMj59yCO
Part 2 Workspaces and Import
https://t.co/kua3VB200g
Part 3 Usage and Reporting
https://t.co/gHBp5lw8KK
Part 1 Install and Setup
https://t.co/6KmMj59yCO
Part 2 Workspaces and Import
https://t.co/kua3VB200g
Part 3 Usage and Reporting
https://t.co/gHBp5lw8KK
Pwning WPA/WPA2 Networks With Bettercap and the PMKID Client-Less Attack
https://www.evilsocket.net/2019/02/13/Pwning-WiFi-networks-with-bettercap-and-the-PMKID-client-less-attack/#.XGRV3mo06jA.twitter
https://www.evilsocket.net/2019/02/13/Pwning-WiFi-networks-with-bettercap-and-the-PMKID-client-less-attack/#.XGRV3mo06jA.twitter
Disclose private attachments in Facebook Messenger Infrastructure - 15,000$
https://medium.com/bugbountywriteup/disclose-private-attachments-in-facebook-messenger-infrastructure-15-000-ae13602aa486
https://medium.com/bugbountywriteup/disclose-private-attachments-in-facebook-messenger-infrastructure-15-000-ae13602aa486
Medium
Disclose private attachments in Facebook Messenger Infrastructure - 15,000$
Hello community, today I would like to share with you my most critical bug that I found in Facebook so far, so let’s get started :)
Pass the Hash Attack Tutorial | Lateral Movement using LanMan or NTLM hashes
https://attack.stealthbits.com/pass-the-hash-attack-explained
https://attack.stealthbits.com/pass-the-hash-attack-explained
Netwrix
Pass the Hash Attack
This tutorial explains how Pass the Hash attacks work, and how to detect, mitigate and respond to them.