OpenSSH 7.x Mass Username Enumeration Tool: https://github.com/trimstray/massh-enum #unix #openbsd #linux
@sec_nerd_en
@sec_nerd_en
Why it is important to always use htmlentities() in a context sensitive way #PHP #security
https://blog.ripstech.com/2016/freepbx-from-cross-site-scripting-to-remote-command-execution/
@sec_nerd_en
https://blog.ripstech.com/2016/freepbx-from-cross-site-scripting-to-remote-command-execution/
@sec_nerd_en
North Korea claims hacker responsible for WannaCry outbreak does not exist
A North Korean hacker allegedly responsible for debilitating cyberattacks against Sony and the global WannaCry ransomware outbreak does not exist, the country has claimed.
Park Jin Hyok, the hacker reportedly responsible for the series of attacks, was indicted by the US Department of Justice (DoJ) last week.
However, if North Korea is to be believed, the hacker is nothing more than a figment of the US law enforcement's imagination.
In a statement on Friday, as reported by the Associated Press, the country -- colloquially known as the Hermit Kingdom -- denied claims that North Korea was involved in either the Sony data breach or WannaCry outbreak.
https://www.zdnet.com/article/north-korea-claims-hacker-responsible-for-sony-breach-does-not-exist/
#news
#nk
#usa
#wannacry
@sec_nerd_en
A North Korean hacker allegedly responsible for debilitating cyberattacks against Sony and the global WannaCry ransomware outbreak does not exist, the country has claimed.
Park Jin Hyok, the hacker reportedly responsible for the series of attacks, was indicted by the US Department of Justice (DoJ) last week.
However, if North Korea is to be believed, the hacker is nothing more than a figment of the US law enforcement's imagination.
In a statement on Friday, as reported by the Associated Press, the country -- colloquially known as the Hermit Kingdom -- denied claims that North Korea was involved in either the Sony data breach or WannaCry outbreak.
https://www.zdnet.com/article/north-korea-claims-hacker-responsible-for-sony-breach-does-not-exist/
#news
#nk
#usa
#wannacry
@sec_nerd_en
ZDNET
North Korea claims hacker responsible for WannaCry outbreak does not exist
The country insists the indictment of the hacker is nothing more than a smear campaign.
Kick my seat one more time and I swear to Lenin’s beard, both of you will get Novichoked before you can say Nyet!
#fun
#russia
#skripal
@sec_nerd_en
#fun
#russia
#skripal
@sec_nerd_en
“#BugBounty —’ Database hacked of India’s Popular Sports company’-Bypassing Host Header to SQL…” @logicbomb_1 https://blog.usejournal.com/bugbounty-database-hacked-of-indias-popular-sports-company-bypassing-host-header-to-sql-7b9af997c610
@sec_nerd_en
@sec_nerd_en
Medium
#BugBounty —” Database hacked of India’s Popular Sports company”-Bypassing Host Header to SQL injection to dumping Database — An…
Hi Guys,
Invoke-DOSfuscation is a PowerShell v2.0+ compatible cmd.exe command obfuscation framework
https://github.com/danielbohannon/Invoke-DOSfuscation
@sec_nerd_en
https://github.com/danielbohannon/Invoke-DOSfuscation
@sec_nerd_en
New CSS Attack Restarts an iPhone or Freezes a Mac
A new attack has been discovered that will cause iOS to restart or respring and macOS to freeze simply by visiting a web page that contains certain CSS & HTML. Windows and Linux users are not affected by this bug.
"The attack uses a weakness in the -webkit-backdrop-filter CSS property," Haddouche told BleepingComputer. "By using nested divs with that property, we can quickly consume all graphic resources and crash or freeze the OS. The attack does not require Javascript to be enabled therefore it also works in Mail. On macOS, the UI freeze. On iOS, the device restart."
This attack affects all browsers on iOS, as well as Safari and Mail in macOS, because they all use the WebKit rendering engine.
"All browsers on iOS are affected because the underlying rendering engine is WebKit," Haddouche explained. "As per App Store rules, it is forbidden to bring your own rendering engine."
source on github: https://gist.github.com/pwnsdx/ce64de2760996a6c432f06d612e33aea
poc on youtube: https://www.youtube.com/watch?v=9FthGZ6GhfU
https://www.bleepingcomputer.com/news/security/new-css-attack-restarts-an-iphone-or-freezes-a-mac/
#mac
#apple
#iphone
#css
#html
@sec_nerd_en
A new attack has been discovered that will cause iOS to restart or respring and macOS to freeze simply by visiting a web page that contains certain CSS & HTML. Windows and Linux users are not affected by this bug.
"The attack uses a weakness in the -webkit-backdrop-filter CSS property," Haddouche told BleepingComputer. "By using nested divs with that property, we can quickly consume all graphic resources and crash or freeze the OS. The attack does not require Javascript to be enabled therefore it also works in Mail. On macOS, the UI freeze. On iOS, the device restart."
This attack affects all browsers on iOS, as well as Safari and Mail in macOS, because they all use the WebKit rendering engine.
"All browsers on iOS are affected because the underlying rendering engine is WebKit," Haddouche explained. "As per App Store rules, it is forbidden to bring your own rendering engine."
source on github: https://gist.github.com/pwnsdx/ce64de2760996a6c432f06d612e33aea
poc on youtube: https://www.youtube.com/watch?v=9FthGZ6GhfU
https://www.bleepingcomputer.com/news/security/new-css-attack-restarts-an-iphone-or-freezes-a-mac/
#mac
#apple
#iphone
#css
#html
@sec_nerd_en
Malicious Command Execution via bash-completion (CVE-2018-7738)
https://blog.grimm-co.com/post/malicious-command-execution-via-bash-completion-cve-2018-7738/
#linux
#bash
#exploit
@sec_nerd_en
https://blog.grimm-co.com/post/malicious-command-execution-via-bash-completion-cve-2018-7738/
#linux
#bash
#exploit
@sec_nerd_en
Pentesting IoT devices (Part 1: Static Analysis)
https://blog.mindedsecurity.com/2018/09/pentesting-iot-devices-part-1-static.html
#iot
@sec_nerd_en
https://blog.mindedsecurity.com/2018/09/pentesting-iot-devices-part-1-static.html
#iot
@sec_nerd_en
DDoS attack from Anonymous Catalonia cripples Bank of Spain website
The official website of Banco de España (Bank of Spain), which is the central bank of the country, was hit by a Distributed Denial of Service (DDoS) attack on Sunday. The attack potentially disrupted the website’s operations and it became inaccessible at the beginning of the week. The attack, reportedly, has been claimed by the notorious hackers collective Anonymous Catalonia.
https://www.hackread.com/ddos-attack-anonymous-catalonia-cripples-bank-of-spain-website/
#ddos
#anonymous
@sec_nerd_en
The official website of Banco de España (Bank of Spain), which is the central bank of the country, was hit by a Distributed Denial of Service (DDoS) attack on Sunday. The attack potentially disrupted the website’s operations and it became inaccessible at the beginning of the week. The attack, reportedly, has been claimed by the notorious hackers collective Anonymous Catalonia.
https://www.hackread.com/ddos-attack-anonymous-catalonia-cripples-bank-of-spain-website/
#ddos
#anonymous
@sec_nerd_en
HackRead
DDoS attack from Anonymous Catalonia cripples Bank of Spain website
They did it for #OpCatalonia.
nmap-bootstrap-xsl
A Nmap XSL implementation with Bootstrap.
https://github.com/honze-net/nmap-bootstrap-xsl
#nmap
@sec_nerd_en
A Nmap XSL implementation with Bootstrap.
https://github.com/honze-net/nmap-bootstrap-xsl
#nmap
@sec_nerd_en
IDOR: Insecure Direct Object Reference
https://www.gracefulsecurity.com/idor-insecure-direct-object-reference/
#idor
#pentest
#web
@sec_nerd_en
https://www.gracefulsecurity.com/idor-insecure-direct-object-reference/
#idor
#pentest
#web
@sec_nerd_en
https://insights.sei.cmu.edu/cert/2018/08/when-aslr-is-not-really-aslr---the-case-of-incorrect-assumptions-and-bad-defaults.html
#ASLR
#Pentesting
#ASLR
#Pentesting
SEI Blog
When
As a vulnerability analyst at the CERT Coordination Center, I am interested not only in software vulnerabilities themselves, but also exploits and exploit mitigations....
#Heap #exploitation Intro Series: Used and Abused -> UaF (#Linux)
https://sensepost.com/blog/2017/linux-heap-exploitation-intro-series-used-and-abused-use-after-free/
@sec_nerd_en
https://sensepost.com/blog/2017/linux-heap-exploitation-intro-series-used-and-abused-use-after-free/
@sec_nerd_en
Sensepost
SensePost | Linux heap exploitation intro series: used and abused – use after free
Leaders in Information Security