Smuggling HTA files in Internet Explorer/Edge
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2017/august/smuggling-hta-files-in-internet-exploreredge/

Hunting Malicious npm Packages

https://duo.com/blog/hunting-malicious-npm-packages

Microsoft Issues Security Patches for 25 Critical Vulnerabilities.

http://thehackernews.com/2017/08/microsoft-security-patch.html

CVE-2017-8620: Windows Search Remote Code Execution Vulnerability
⚠️Disable WSearch service now!
https://portal.msrc.microsoft.com/en-US/eula

Crack WPA/WPA2 Wi-Fi Routers with Airodump-ng and Aircrack-ng/Hashcat

https://github.com/brannondorsey/wifi-cracking

Chat de tpx Security.
Las reglas son simples, el chat es para compartir conocimiento, preguntas, dudas de temas de CiberSeguridad y otras existenciales !!

+ No Porno
+ No Insultar (serás baneado)

https://t.me/tpxChat

Some Chinese USB adapters have a hidden SIM that will send a text message with GPS coordinates to track an unknowing victim…

https://twitter.com/wk_tyn/status/894789440584929281

... OMG

SSL Domain Fronting 101
If you’re new to the domain fronting concept, I suggest you start by reading Simplifying Domain Fronting .
http://www.rvrsh3ll.net/blog/offensive/ssl-domain-fronting-101/

TUTELAGE: Malware Defense Infrastructure (NSA/CSS)

https://www.slideshare.net/kibyesUn/nsa-css-tutelage

#tutelage #malware

Anonymous and the Low Orbit Ion Cannon (LOIC) are mentioned in a new NSA document from the Snowden trove published by Der Spiegel. LOIC is software that has been used in the past by the hacktivist .

#Bitcoin !!
1 #bitcoin = $59800.00 MXN | $3331.11 USD
1 USD = 17.95MXN

Tracking terrorists online might invade your #privacy

http://www.bbc.com/future/story/20170808-tracking-terrorists-online-might-invade-your-privacy

WPScripts

Coleccion de Scripts para auditar redes WiFi con el Protocolo WPS activo

https://github.com/0x90/wps-scripts

Enviado por @Drok3r

Malicious code written into DNA infects the computer that reads it

https://techcrunch.com/2017/08/09/malicious-code-written-into-dna-infects-the-computer-that-reads-it/amp/

How to Calculate Network Addresses with ipcalc

https://www.linux.com/learn/intro-to-linux/2017/8/how-calculate-network-addresses-ipcalc

Pafish - Tool to Detect Sandboxes and Analysis Environments in the Same Way as… https://github.com/a0rtega/pafish #Malware #MalwareAnalysis

New Type of Brute Force Attack on Office 365 Accounts

Sophisticated and coordinated hackers are constantly adapting and using innovative techniques to gain unauthorized access to corporate data. Recently, 48 Office 365 customers experienced exactly this kind of threat where an attacker implemented a new strategy to try to access high-level information.

The brute force login attack was unique in that it was directed against a few key targets across multiple companies instead of casting a wider net against as many users as possible. There were 100,000 failed-login attempts originating from 67 IPs and 12 networks over a period of nearly 7 months.

https://www.tripwire.com/state-of-security/featured/new-type-brute-force-attack-office-365-accounts/

APT28 Targets Hospitality Sector, Presents Threat to Travelers.

The malicious document – Hotel_Reservation_Form.doc (MD5: 9b10685b774a783eabfecdb6119a8aa3), as seen in Figure 1 – contains a macro that base64 decodes a dropper that then deploys APT28’s signature GAMEFISH malware (MD5: 1421419d1be31f1f9ea60e8ed87277db), which uses mvband.net and mvtband.net as command and control (C2) domains.

https://www.fireeye.com/blog/threat-research/2017/08/apt28-targets-hospitality-sector.html

Safari null ptr crash:
<script>var s = new window.webkitOfflineAudioContext(2,44100*0x41414141, 44100);</script>