New CSS Attack Restarts an iPhone or Freezes a Mac
A new attack has been discovered that will cause iOS to restart or respring and macOS to freeze simply by visiting a web page that contains certain CSS & HTML. Windows and Linux users are not affected by this bug.
"The attack uses a weakness in the -webkit-backdrop-filter CSS property," Haddouche told BleepingComputer. "By using nested divs with that property, we can quickly consume all graphic resources and crash or freeze the OS. The attack does not require Javascript to be enabled therefore it also works in Mail. On macOS, the UI freeze. On iOS, the device restart."
This attack affects all browsers on iOS, as well as Safari and Mail in macOS, because they all use the WebKit rendering engine.
"All browsers on iOS are affected because the underlying rendering engine is WebKit," Haddouche explained. "As per App Store rules, it is forbidden to bring your own rendering engine."
source on github: https://gist.github.com/pwnsdx/ce64de2760996a6c432f06d612e33aea
poc on youtube: https://www.youtube.com/watch?v=9FthGZ6GhfU
https://www.bleepingcomputer.com/news/security/new-css-attack-restarts-an-iphone-or-freezes-a-mac/
#mac
#apple
#iphone
#css
#html
@sec_nerd_en
A new attack has been discovered that will cause iOS to restart or respring and macOS to freeze simply by visiting a web page that contains certain CSS & HTML. Windows and Linux users are not affected by this bug.
"The attack uses a weakness in the -webkit-backdrop-filter CSS property," Haddouche told BleepingComputer. "By using nested divs with that property, we can quickly consume all graphic resources and crash or freeze the OS. The attack does not require Javascript to be enabled therefore it also works in Mail. On macOS, the UI freeze. On iOS, the device restart."
This attack affects all browsers on iOS, as well as Safari and Mail in macOS, because they all use the WebKit rendering engine.
"All browsers on iOS are affected because the underlying rendering engine is WebKit," Haddouche explained. "As per App Store rules, it is forbidden to bring your own rendering engine."
source on github: https://gist.github.com/pwnsdx/ce64de2760996a6c432f06d612e33aea
poc on youtube: https://www.youtube.com/watch?v=9FthGZ6GhfU
https://www.bleepingcomputer.com/news/security/new-css-attack-restarts-an-iphone-or-freezes-a-mac/
#mac
#apple
#iphone
#css
#html
@sec_nerd_en
Malicious Command Execution via bash-completion (CVE-2018-7738)
https://blog.grimm-co.com/post/malicious-command-execution-via-bash-completion-cve-2018-7738/
#linux
#bash
#exploit
@sec_nerd_en
https://blog.grimm-co.com/post/malicious-command-execution-via-bash-completion-cve-2018-7738/
#linux
#bash
#exploit
@sec_nerd_en
Pentesting IoT devices (Part 1: Static Analysis)
https://blog.mindedsecurity.com/2018/09/pentesting-iot-devices-part-1-static.html
#iot
@sec_nerd_en
https://blog.mindedsecurity.com/2018/09/pentesting-iot-devices-part-1-static.html
#iot
@sec_nerd_en
DDoS attack from Anonymous Catalonia cripples Bank of Spain website
The official website of Banco de España (Bank of Spain), which is the central bank of the country, was hit by a Distributed Denial of Service (DDoS) attack on Sunday. The attack potentially disrupted the website’s operations and it became inaccessible at the beginning of the week. The attack, reportedly, has been claimed by the notorious hackers collective Anonymous Catalonia.
https://www.hackread.com/ddos-attack-anonymous-catalonia-cripples-bank-of-spain-website/
#ddos
#anonymous
@sec_nerd_en
The official website of Banco de España (Bank of Spain), which is the central bank of the country, was hit by a Distributed Denial of Service (DDoS) attack on Sunday. The attack potentially disrupted the website’s operations and it became inaccessible at the beginning of the week. The attack, reportedly, has been claimed by the notorious hackers collective Anonymous Catalonia.
https://www.hackread.com/ddos-attack-anonymous-catalonia-cripples-bank-of-spain-website/
#ddos
#anonymous
@sec_nerd_en
HackRead
DDoS attack from Anonymous Catalonia cripples Bank of Spain website
They did it for #OpCatalonia.
nmap-bootstrap-xsl
A Nmap XSL implementation with Bootstrap.
https://github.com/honze-net/nmap-bootstrap-xsl
#nmap
@sec_nerd_en
A Nmap XSL implementation with Bootstrap.
https://github.com/honze-net/nmap-bootstrap-xsl
#nmap
@sec_nerd_en
IDOR: Insecure Direct Object Reference
https://www.gracefulsecurity.com/idor-insecure-direct-object-reference/
#idor
#pentest
#web
@sec_nerd_en
https://www.gracefulsecurity.com/idor-insecure-direct-object-reference/
#idor
#pentest
#web
@sec_nerd_en
https://insights.sei.cmu.edu/cert/2018/08/when-aslr-is-not-really-aslr---the-case-of-incorrect-assumptions-and-bad-defaults.html
#ASLR
#Pentesting
#ASLR
#Pentesting
SEI Blog
When
As a vulnerability analyst at the CERT Coordination Center, I am interested not only in software vulnerabilities themselves, but also exploits and exploit mitigations....
#Heap #exploitation Intro Series: Used and Abused -> UaF (#Linux)
https://sensepost.com/blog/2017/linux-heap-exploitation-intro-series-used-and-abused-use-after-free/
@sec_nerd_en
https://sensepost.com/blog/2017/linux-heap-exploitation-intro-series-used-and-abused-use-after-free/
@sec_nerd_en
Sensepost
SensePost | Linux heap exploitation intro series: used and abused – use after free
Leaders in Information Security
RemoteRecon
RemoteRecon provides the ability to execute post-exploitation capabilities against a remote host, without having to expose your complete toolkit/agent.
https://github.com/xorrior/Remo
RemoteRecon provides the ability to execute post-exploitation capabilities against a remote host, without having to expose your complete toolkit/agent.
https://github.com/xorrior/Remo
EDM proxy for infecting files on-the-fly
Offensive Proxy server
POC for infecting PE files, ZIP files, Office documents on the fly during a HTTP MitM.
https://github.com/LeonardoNve/edm
#wtf
#mitm
#windows
@sec_nerd_en
Offensive Proxy server
POC for infecting PE files, ZIP files, Office documents on the fly during a HTTP MitM.
https://github.com/LeonardoNve/edm
#wtf
#mitm
#windows
@sec_nerd_en
GitHub
LeonardoNve/edm
Encima De la Mosca HTTP proxy POC for infecting files on-the-fly and SSLstrip2 - LeonardoNve/edm
https://www.nytimes.com/2018/09/09/world/europe/sergei-skripal-russian-spy-poisoning.html
#Skripal_case
#Spy_stories
#Skripal_case
#Spy_stories
NY Times
A Spy Story: Sergei Skripal Was a Little Fish. He Had a Big Enemy. (Published 2018)
Sergei Skripal and Vladimir Putin, Soviet men of the same age, were raised to wage war against the West. After the Soviet Union collapsed, one rose. And one fell.
Penetration Testing/Security Cheatsheets a huge list.
https://raw.githubusercontent.com/n00py/ReadingList/master/gunsafe.txt
#pentest
@sec_nerd_en
https://raw.githubusercontent.com/n00py/ReadingList/master/gunsafe.txt
#pentest
@sec_nerd_en
Use PowerShell to Find the History of USB Flash Drive Usage
https://blogs.technet.microsoft.com/heyscriptingguy/2012/05/18/use-powershell-to-find-the-history-of-usb-flash-drive-usage/
#windows
#ps
#enum
@sec_nerd_en
https://blogs.technet.microsoft.com/heyscriptingguy/2012/05/18/use-powershell-to-find-the-history-of-usb-flash-drive-usage/
#windows
#ps
#enum
@sec_nerd_en
Droidefense Engine
Advance Android Malware Analysis Framework
https://github.com/droidefense/engine
#android
#malware
@sec_nerd_en
Advance Android Malware Analysis Framework
https://github.com/droidefense/engine
#android
#malware
@sec_nerd_en