Pushing yourself through hard hunting days: A bug hunter perspective https://medium.com/bugbountywriteup/pushing-yourself-through-hard-hunting-days-a-bug-hunter-perspective-d03b4c16b04
Medium
Pushing yourself through hard hunting days: A bug hunter’s perspective
Today I am going to talk about the period when you don’t find bugs for several days, weeks or even months. This talk is going to be…
Zero-day in Sign in with Apple https://bhavukjain.com/blog/2020/05/30/zeroday-signin-with-apple/
Reverse Engineering Snapchat (Part I): Obfuscation Techniques https://hot3eed.github.io/snap_part1_obfuscations.html
“You’re Invited!” to Phishing Links Inside .ics Calendar Attachments https://cofense.com/youre-invited-phishing-links-inside-ics-calendar-attachments/
Cofense
Phishing Links Inside .ics Calendar Attachments | You’re Invited!
Cofense has unearthed a new email phishing campaign that delivers .ics calendar invite attachments containing phishing links in the body. Learn more.
[CVE-2020-1948] Apache Dubbo Provider default deserialization cause RCE https://www.mail-archive.com/dev@dubbo.apache.org/msg06544.html
TALOS-2020-1088
Mozilla Firefox URL mPath Information Disclosure Vulnerability https://talosintelligence.com/vulnerability_reports/TALOS-2020-1088
Mozilla Firefox URL mPath Information Disclosure Vulnerability https://talosintelligence.com/vulnerability_reports/TALOS-2020-1088
Windows Process Injection: PROPagate https://modexp.wordpress.com/2018/08/23/process-injection-propagate/
modexp
Windows Process Injection: PROPagate
Introduction In October 2017, Adam at Hexacorn published details of a process injection technique called PROPagate. In his post, he describes how any process that uses subclassed windows has the po…
A Second Look at CVE-2019-19781 (Citrix NetScaler / ADC) https://blog.fox-it.com/2020/07/01/a-second-look-at-cve-2019-19781-citrix-netscaler-adc
Fox-IT International blog
A Second Look at CVE-2019-19781 (Citrix NetScaler / ADC)
Authors: Rich Warren of NCC Group FSAS & Yun Zheng Hu of Fox-IT, in close collaboration with Fox-IT’s RIFT. About the Research and Intelligence Fusion Team (RIFT): RIFT leverages our strategic …
Android App Source code Extraction and Bypassing Root and SSL Pinning checks https://vj0shii.info/android-app-testing-initial-steps/
vj0shii.info
Android App Source code Extraction and Bypassing Root and SSL Pinning checks
In this blog I will be describing the pre-requesty steps I followed for one of the android application penetration testing
CVE-2020-1300: Remote Code Execution Through Microsoft Windows CAB Files https://www.zerodayinitiative.com/blog/2020/7/8/cve-2020-1300-remote-code-execution-through-microsoft-windows-cab-files
Zero Day Initiative
Zero Day Initiative — CVE-2020-1300: Remote Code Execution Through Microsoft Windows CAB Files
In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Pengsu Cheng and Yazhi Wang of the Trend Micro Research Team detail a recent code execution vulnerability in Microsoft Windows. The bug was originally discovered and reported…
Breaking HTTPS in the IoT: Practical Attacks For Reverse Engineers https://labs.bishopfox.com/tech-blog/breaking-https-in-the-iot
Bishop Fox
Breaking HTTPS in the IoT: Practical Attacks For Reverse Engineers
Bishop Fox's Nathan Elendt discusses three attack techniques for performing Man-in-the Middle attacks against production-grade, HTTPS-protected Things.
CVE-2020-14947 The official exploit for OCS Inventory NG v2.7 Remote Command Execution CVE-2020-14947 https://github.com/mhaskar/CVE-2020-14947
GitHub
GitHub - mhaskar/CVE-2020-14947: The official exploit for OCS Inventory NG v2.7 Remote Command Execution CVE-2020-14947
The official exploit for OCS Inventory NG v2.7 Remote Command Execution CVE-2020-14947 - mhaskar/CVE-2020-14947
US Local Government Services Targeted by New Magecart Credit Card Skimming Attack https://blog.trendmicro.com/trendlabs-security-intelligence/us-local-government-services-targeted-by-new-magecart-credit-card-skimming-attack
.net core evasion detection https://pentestlaboratories.com/2020/07/02/net-core-evasion-detection/
Pentest Laboratories
.NET Core Evasion Detection
Environments that have installed the .NET Core (version 3.11) are affected by a directory traversal vulnerability since the environment variable doesn’t sanitize user input and therefore cust…
Securing Critical Infrastructure: 4 Steps for Reducing Cyber Risk https://www.tenable.com/blog/securing-critical-infrastructure-four-steps-for-reducing-cyber-risk
Tenable®
Securing Critical Infrastructure: 4 Steps for Reducing Cyber Risk
For critical infrastructure organizations, the gains of automation and IoT technology have also meant heightened threats.
Would you like some RCE with your Guacamole? https://research.checkpoint.com/2020/apache-guacamole-rce/
Check Point Research
Would you like some RCE with your Guacamole? - Check Point Research
Research by: Eyal Itkin Overview In many companies, the daily routine involves coming to the office each day to work on your company computer, safely inside the corporate network. Once in a while, a worker may need special offsite access and will connect…