Bypass XSS filters using JavaScript global variables
https://www.secjuice.com/bypass-xss-filters-using-javascript-global-variables/
https://www.secjuice.com/bypass-xss-filters-using-javascript-global-variables/
Want to take over the Java ecosystem? All you need is a MITM!
https://medium.com/@jonathan.leitschuh/want-to-take-over-the-java-ecosystem-all-you-need-is-a-mitm-1fc329d898fb
https://medium.com/@jonathan.leitschuh/want-to-take-over-the-java-ecosystem-all-you-need-is-a-mitm-1fc329d898fb
Medium
Want to take over the Java ecosystem? All you need is a MITM!
Hundreds of incredibly popular and widely deployed Java libraries & JVM compilers are still downloading their dependencies over HTTP with…
Forwarded from r0 Crew (Channel)
Heap Overflow Exploitation on Windows 10 Explained https://blog.rapid7.com/2019/06/12/heap-overflow-exploitation-on-windows-10-explained/ #exploitation #dukeBarman
Digging up the Past: OS X File Versioning
https://versprite.com/blog/security-research/file-versioning-mac-os-x/
https://versprite.com/blog/security-research/file-versioning-mac-os-x/
VerSprite
Digging up the Past: OS X File Versioning
In this case study of OS X digital forensics, we were tasked to recover the version history of documents created using Apple’s TextEdit application.
Exploiting CVE-2019-1040 - Combining relay vulnerabilities for RCE and Domain Admin
https://dirkjanm.io/exploiting-CVE-2019-1040-relay-vulnerabilities-for-rce-and-domain-admin/
https://dirkjanm.io/exploiting-CVE-2019-1040-relay-vulnerabilities-for-rce-and-domain-admin/
dirkjanm.io
Exploiting CVE-2019-1040 - Combining relay vulnerabilities for RCE and Domain Admin
Earlier this week, Microsoft issued patches for CVE-2019-1040, which is a vulnerability that allows for bypassing of NTLM relay mitigations. The vulnerability was discovered by Marina Simakov and Yaron Zinar (as well as several others credited in the Microsoft…
AESDDoS Botnet Malware Infiltrates Containers via Exposed Docker APIs
https://blog.trendmicro.com/trendlabs-security-intelligence/aesddos-botnet-malware-infiltrates-containers-via-exposed-docker-apis/
https://blog.trendmicro.com/trendlabs-security-intelligence/aesddos-botnet-malware-infiltrates-containers-via-exposed-docker-apis/
Trend Micro
AESDDoS Botnet, Containers, Exposed Docker APIs
An API misconfiguration in the open-source version of the popular DevOps tool Docker Engine-Community allows attackers to infiltrate containers and run a variant of AESDDoS.
Реализация файловой системы поверх системных артефактов (Windows и macOS)
https://github.com/SafeBreach-Labs/AltFS
https://github.com/SafeBreach-Labs/AltFS
GitHub
GitHub - SafeBreach-Labs/AltFS: The Alternative Fileless File System
The Alternative Fileless File System. Contribute to SafeBreach-Labs/AltFS development by creating an account on GitHub.
How I Hacked the Microsoft Outlook Android App and Found CVE-2019-1105
https://www.f5.com/labs/articles/threat-intelligence/how-i-hacked-the-microsoft-outlook-android-app-and-found-cve-2019-1105#.XRCqdjj5OfA.twitter
https://www.f5.com/labs/articles/threat-intelligence/how-i-hacked-the-microsoft-outlook-android-app-and-found-cve-2019-1105#.XRCqdjj5OfA.twitter
F5 Labs
How I Hacked the Microsoft Outlook Android App and Found CVE-2019-1105
It looked like a simple XSS in the Outlook Android app, but the app developers couldn’t reproduce it so they didn’t fix it. Then things got interesting. Here’s the story of how I discovered CVE-2019-1105.
Немного о написании шеллкодов для Windows x64
https://nytrosecurity.com/2019/06/30/writing-shellcodes-for-windows-x64/
https://nytrosecurity.com/2019/06/30/writing-shellcodes-for-windows-x64/
Nytro Security
Writing shellcodes for Windows x64
Long time ago I wrote three detailed blog posts about how to write shellcodes for Windows (x86 – 32 bits). The articles are beginner friendly and contain a lot of details. First part explains…
amass — Automated Attack Surface Mapping
https://danielmiessler.com/study/amass/
https://danielmiessler.com/study/amass/
Danielmiessler
amass — Automated Attack Surface Mapping | Daniel Miessler
Security, technology, and humans
Инструмент для исследования сетей с помощью скомпрометированных машин
https://github.com/RedTeamOperations/PivotSuite/blob/master/README.md
https://github.com/RedTeamOperations/PivotSuite/blob/master/README.md
GitHub
RedTeamOperations/PivotSuite
Network Pivoting Toolkit. Contribute to RedTeamOperations/PivotSuite development by creating an account on GitHub.