The #DEFCON 25 video release train rolls on today with 11 talks from @WiFi_Village.
Enjoy, share and stay tuned!

https://m.youtube.com/playlist?list=PL9fPq3eQfaaCJs4xD6CVHws53uCAR2Qzz

Recovering a blurred QR Code to access a #bitcoin wallet private key … #fail https://medium.com/@SassanoM/lets-enhance-how-we-found-rogerkver-s-1000-wallet-obfuscated-private-key-8514e74a5433

PlayList Video #crypto-currency DEF CON 25

https://foro.tpx.mx/discussion/10/playlist-video-crypto-currency-def-con-25

Bad Rabbit !! #Ransomware

Cuidado donde das click, este ransomware se instala por error de capa 8 ... Aunque no lo creas !! ..
https://www.facebook.com/tpx.mx/videos/1717472511657123/

The @nytimes is now available on #Tor via their hidden service, works fine w/out JavaScript nytimes3xbfgragh.onion 👍

Dark Web Russian dating portal. Anyone looking for a Russian bride?

CrackMapExec (CME) Post-Exploitation Tool: A Swiss Army Knife for Pentesting Networks (developed by @byt3bl33d3r) https://github.com/byt3bl33d3r/CrackMapExec

Empire v2.3 is out. Please see the changelog for details https://github.com/EmpireProject/Empire/blob/master/changelog

Diary of an African Cryptocurrency Miner
https://medium.com/@bloomberg/diary-of-an-african-cryptocurrency-miner-50c15a2e5fd1

Lol

alfa_AWUS1900 driver #WifiHacking
https://github.com/tpxSecurity/alfa_AWUS1900_adapter

Listar todas las funciones en la consola de JS en chrome
https://foro.tpx.mx/discussion/12/listar-todas-las-funciones-en-la-consola-de-javascript-en-chrome

Payloads de msf venom https://foro.tpx.mx/discussion/11/payloads-de-metasploit-msf-venom

Today, 9 November 2017, WikiLeaks publishes the source code and development logs to Hive, a major component of the CIA infrastructure to control its malware.

https://wikileaks.org/vault8/#Hive

#HIVE : Certificados falsos, los cuales, hacían creer al objetivo que estaban firmados por Kaspersky Laboratory. #CA #HTTPS

https://twitter.com/Bucio/status/928877833690198016

¿Que es el SQL Injection?
https://foro.tpx.mx/discussion/14/que-es-el-sql-injection

¿Cómo Realizar un ERROR BASED SQL INJECTION Manualmente? [Parte 1]
https://foro.tpx.mx/categories/web

Oracle made the patches available Tuesday for Oracle Fusion Middleware, which address all vulnerabilities. Oracle Tuxedo is a component of Oracle Fusion Middleware. ERPScan released its research on JoltandBleed Thursday in a paper released at the the DeepSec conference in Vienna, Austria.

ERPScan said the vulnerabilities open up affected products to attackers gaining full access to all data. It describes the vulnerabilities as such:

CVE-2017-10272 is a vulnerability of memory disclosure; its exploitation gives an attacker a chance to remotely read the memory of the server (9.9 on CVSS scale)

CVE-2017-10267 is a vulneralility of stack overflows (7.5 on CVSS scale)

CVE-2017-10278 is a vulneralility of heap overflows (7.0 on CVSS scale)

CVE-2017-10266 is a vulnerability that makes it possible for a malicious actor to brute-force passwords of DomainPWD which is used for the Jolt Protocol authentication (5.3 on CVSS scale)

CVE-2017-10269 is a vulnerability affecting the Jolt Protocol; it enables an attacker to compromise the whole PeopleSoft system. (10 on CVSS scale)

“This error is originated with that how Jolt Handler processes a command with opcode 0x32. If the package structure is incorrect, a programmer has to provide a Jolt client with a certain Jolt response indicating there is an error in the communication process”

#update #oracle

Banking Trojan Gains Ability to Steal Facebook, Twitter and Gmail Accounts

https://thehackernews.com/2017/11/facebook-twitter-hack.html