RT @cprofiler@twitter.com

Cerbero Suite 3.3 is out! - cerbero-blog.com/?p=1842 - Theme support, hugely improved native UI for Ghidra, MachO Carbon support, XP compatibility and a few bug fixes. Happy hacking!

🐦🔗: twitter.com/cprofiler/status/1

RT @2xyo@twitter.com

Mitre ATT&CK Sub-Techniques Preview:
- New ID numbering
- New techniques
- Technique decomposition
- Technique realignment and deprecation
- Technique-to-sub-technique demotion

medium.com/mitre-attack/attack

By @MITREattack@twitter.com

🐦🔗: twitter.com/2xyo/status/116480

RT @GossiTheDog@twitter.com

Fortigate are calling this issue in FortiOS a “vulnerability” but to be clear it’s actually a major backdoor.

The backdoor code is flat out there in the OS, it even needs a ‘secret’ code typed to trigger it.

How did a major firewall vendor (almost 500k IPs) end up backdoored? twitter.com/gossithedog/status

🐦🔗: twitter.com/GossiTheDog/status

RT @driikolu@twitter.com

Apprendre à utiliser vim de manière ludique, c'est maintenant possible !
Les utilisateurs de nano n'ont plus d'excuse. twitter.com/MasteringVim/statu

🐦🔗: twitter.com/driikolu/status/11

RT @YaronZi@twitter.com

portal.msrc.microsoft.com/en-U great to see is taking action to reduce attack surface by advising customers to enable LDAP relay mitigations. We talked about these issues at our @defcon@twitter.com and @BlackHatEvents@twitter.com talks. @simakov_marina@twitter.com

🐦🔗: twitter.com/YaronZi/status/116

RT @ENOENT_@twitter.com

If you're interested in knowing how to solve RE tasks using cryptanalysis only, you should check out my new post. You'll see the methodology I applied to solve the micro-bit crackme of the challenge of @_leHACK_@twitter.com 2019 of @virtualabs@twitter.com @iotcert@twitter.com
bitsdeep.com/posts/solving-re-

🐦🔗: twitter.com/ENOENT_/status/116

RT @gabsmashh@twitter.com

a good guide to the basics of offensive lateral movement/pivoting, including psexec, DCOM, WMI, winRM, etc. the guide uses cobaltstrike for most of the demo, which is superrrr fun (albeit noisy) to play with, if you haven't.
hausec.com/2019/08/12/offensiv

🐦🔗: twitter.com/gabsmashh/status/1

RT @shishi0_@twitter.com

"Webmin 0day remote code execution"

Tl;Dr: Lack of input validation in the reset password function allows RCE (CVE-2019-15107). Over 13 0000 vulnerable on Shodan.

PoC:
/password_reset.cgi
user=root&pam&expired&old=wrong | id

pentest.com.tr/exploits/DEFCON

🐦🔗: twitter.com/shishi0_/status/11

RT @TencentTic@twitter.com

Tencent Security Team has worked out a stable POC of CVE-2019-1181/1182. It works on Win7 to Win10. Patch your system as soon as possible. REF:
s.tencent.com/research/bsafe/7

🐦🔗: twitter.com/TencentTic/status/

RT @piotrcki@twitter.com

⚠️ Arretez tout et allez mettre à jour vos Windows. ⚠️ (Merci à @ANSSI_FR@twitter.com @CERT_FR@twitter.com)
cert.ssi.gouv.fr/alerte/CERTFR

🐦🔗: twitter.com/piotrcki/status/11

RT @5aelo@twitter.com

In case you missed @natashenka@twitter.com's talk at @BlackHatEvents@twitter.com this week, here is a video showing a remote exploit for one of the iMessage bugs we found: youtu.be/E_9kBFKNx54 Be sure to read googleprojectzero.blogspot.com if you are interested in these kinds of attacks!

🐦🔗: twitter.com/5aelo/status/11598

RT @PyroTek3@twitter.com

Today at Black Hat @markmorow@twitter.com
& I presented on "Attacking & Defending the Microsoft Cloud."

Slides are now available to download:
adsecurity.org/?p=4179

We covered several attacks (& defense): password spray, token theft, password reuse, on-prem cloud integration, & more!

🐦🔗: twitter.com/PyroTek3/status/11

Show more
Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!