Z0vsky  

RT @HanseSecure@twitter.com

Bypassing Two-Factor Authentication on Outlook Web Access


securityaffairs.co/wordpress/5

🐦🔗: twitter.com/HanseSecure/status

0
Z0vsky  

RT @gabsmashh@twitter.com

a good guide to the basics of offensive lateral movement/pivoting, including psexec, DCOM, WMI, winRM, etc. the guide uses cobaltstrike for most of the demo, which is superrrr fun (albeit noisy) to play with, if you haven't.
hausec.com/2019/08/12/offensiv

🐦🔗: twitter.com/gabsmashh/status/1

0
Z0vsky  

RT @PythonResponder@twitter.com

Responder 2.3.4.0 upcoming release will be supporting RDP ;)

🐦🔗: twitter.com/PythonResponder/st

0
Z0vsky  

RT @shishi0_@twitter.com

"Webmin 0day remote code execution"

Tl;Dr: Lack of input validation in the reset password function allows RCE (CVE-2019-15107). Over 13 0000 vulnerable on Shodan.

PoC:
/password_reset.cgi
user=root&pam&expired&old=wrong | id

pentest.com.tr/exploits/DEFCON

🐦🔗: twitter.com/shishi0_/status/11

0
Z0vsky  

RT @TencentTic@twitter.com

Tencent Security Team has worked out a stable POC of CVE-2019-1181/1182. It works on Win7 to Win10. Patch your system as soon as possible. REF:
s.tencent.com/research/bsafe/7

🐦🔗: twitter.com/TencentTic/status/

0
Z0vsky  

RT @huntingmalware@twitter.com

Hey hey hey, bored of infosec marketing bullshit? check our new post! blog.huntingmalware.com/notes/

🐦🔗: twitter.com/huntingmalware/sta

0
Z0vsky  

RT @GossiTheDog@twitter.com

“We accept the risk”

2 years later:

🐦🔗: twitter.com/GossiTheDog/status

0
Z0vsky  

RT @gentilkiwi@twitter.com

When your program name is more the new EICAR than a security tool twitter.com/ahakcil/status/116

🐦🔗: twitter.com/gentilkiwi/status/

0
Z0vsky  

RT @piotrcki@twitter.com

⚠️ Arretez tout et allez mettre à jour vos Windows. ⚠️ (Merci à @ANSSI_FR@twitter.com @CERT_FR@twitter.com)
cert.ssi.gouv.fr/alerte/CERTFR

🐦🔗: twitter.com/piotrcki/status/11

0
Z0vsky  

RT @5aelo@twitter.com

In case you missed @natashenka@twitter.com's talk at @BlackHatEvents@twitter.com this week, here is a video showing a remote exploit for one of the iMessage bugs we found: youtu.be/E_9kBFKNx54 Be sure to read googleprojectzero.blogspot.com if you are interested in these kinds of attacks!

🐦🔗: twitter.com/5aelo/status/11598

0
Z0vsky  

RT @PyroTek3@twitter.com

Today at Black Hat @markmorow@twitter.com
& I presented on "Attacking & Defending the Microsoft Cloud."

Slides are now available to download:
adsecurity.org/?p=4179

We covered several attacks (& defense): password spray, token theft, password reuse, on-prem cloud integration, & more!

🐦🔗: twitter.com/PyroTek3/status/11

0
Z0vsky  

RT @zackwhittaker@twitter.com

Hey @TimiHealth@twitter.com. You might want to check your email. I'm going to hazard a guess and say this is probably not good.

🐦🔗: twitter.com/zackwhittaker/stat

0
Z0vsky  

RT @campuscodi@twitter.com

IBM X-Force details new "warshipping" technique that relies on criminal groups shipping packages with malicious WiFi equipment within a company's network range, so they can perform wireless attacks on the internal network

securityintelligence.com/posts

🐦🔗: twitter.com/campuscodi/status/

0
Z0vsky  

Captain, we've detected a disturbance in space-time. It's coming from Earth. Someone audited the Kubernetes source • The Register theregister.co.uk/2019/08/06/k

0
Z0vsky  

RT @evilsocket@twitter.com

You can turn a cheap rpi0w into a plug and play ethernet gadget to upgrade any device to a pentest platform. Nexmon allows monitor mode on the default WiFi running @bettercap@twitter.com and its web UI. Boots in seconds, deauths and gets handshakes like a mf 😬

🐦🔗: twitter.com/evilsocket/status/

0
Z0vsky  

RT @_saadk@twitter.com

Interesting: ‘“GitHub knew or should have known that obviously hacked data had been posted to GitHub.com,” […] The plaintiffs believe that because Social Security numbers had a fixed format, GitHub should have been able to identify and remove this data’ twitter.com/jedisct1/status/11

🐦🔗: twitter.com/_saadk/status/1157

0
Z0vsky  

RT @philofishal@twitter.com

Thanks to @SentinelOne@twitter.com @patrickwardle@twitter.com, my free ebook of How To Reverse Malware is now available. Learn to set up a safe test lab, find samples, static + dynamic analysis. eBook is free; tools you need are free. 😁go.sentinelone.com/ebook-macos

🐦🔗: twitter.com/philofishal/status

0
Z0vsky  

RT @Hydraze@twitter.com

NIST has released a new document around best practices on MFA/Risk based auth. for e-commerce: nvlpubs.nist.gov/nistpubs/Spec
(Bonus: it aligns with SP-800-63 and is really detailed architecture-wise)

🐦🔗: twitter.com/Hydraze/status/115

0
Z0vsky  

RT @binitamshah@twitter.com

PowerHub : A post exploitation tool based on a web application, focusing on bypassing endpoint protection and application whitelisting : github.com/AdrianVollmer/Power

🐦🔗: twitter.com/binitamshah/status

0
Z0vsky  

RT @jupitersignal@twitter.com

A new @bsdnow@twitter.com is OUT! okt.to/ZoTCWB @dragonflybsd@twitter.com Project Update - colo upgrade, future trends, resuming ZFS send, realtime bandwidth terminal graph visualization, fixing telnet fixes, a chapter from the FBI’s history with @openbsd@twitter.com and an OpenSSH vuln.

🐦🔗: twitter.com/jupitersignal/stat

0
Show more
Mastodon

On « Tweet » sur Twitter ; on « Toot » sur Mastodon. Sur ce réseau social plein de libertés, TeDomum met à disposition une modeste instance. N'hésitez pas à nous solliciter pour la modération ou des ajustements de configuration.

Resources

Developers

What is Mastodon?

mastodon.tedomum.net

More…