Z0vsky  

RT @FForEffort1@twitter.com

Mr X's identity is a complete mystery.

🐦🔗: twitter.com/FForEffort1/status

0
Z0vsky  

RT @cprofiler@twitter.com

Cerbero Suite 3.3 is out! - cerbero-blog.com/?p=1842 - Theme support, hugely improved native UI for Ghidra, MachO Carbon support, XP compatibility and a few bug fixes. Happy hacking!

🐦🔗: twitter.com/cprofiler/status/1

0
Z0vsky  

RT @Dinosn@twitter.com

CVE-2019-12527: Code Execution on Squid Proxy Through a Buffer Overflow zerodayinitiative.com/blog/201

🐦🔗: twitter.com/Dinosn/status/1164

0
Z0vsky  

RT @2xyo@twitter.com

Mitre ATT&CK Sub-Techniques Preview:
- New ID numbering
- New techniques
- Technique decomposition
- Technique realignment and deprecation
- Technique-to-sub-technique demotion

medium.com/mitre-attack/attack

By @MITREattack@twitter.com

🐦🔗: twitter.com/2xyo/status/116480

0
Z0vsky  

RT @GossiTheDog@twitter.com

Fortigate are calling this issue in FortiOS a “vulnerability” but to be clear it’s actually a major backdoor.

The backdoor code is flat out there in the OS, it even needs a ‘secret’ code typed to trigger it.

How did a major firewall vendor (almost 500k IPs) end up backdoored? twitter.com/gossithedog/status

🐦🔗: twitter.com/GossiTheDog/status

0
Z0vsky  

RT @Jipe_@twitter.com

« Hunting for Privilege Escalation in Windows Environment » 👍🏻👍🏻👍🏻👍🏻 speakerdeck.com/heirhabarov/hu

🐦🔗: twitter.com/Jipe_/status/11645

0
Z0vsky  

RT @driikolu@twitter.com

Apprendre à utiliser vim de manière ludique, c'est maintenant possible !
Les utilisateurs de nano n'ont plus d'excuse. twitter.com/MasteringVim/statu

🐦🔗: twitter.com/driikolu/status/11

0
Z0vsky  

RT @YaronZi@twitter.com

portal.msrc.microsoft.com/en-U great to see is taking action to reduce attack surface by advising customers to enable LDAP relay mitigations. We talked about these issues at our @defcon@twitter.com and @BlackHatEvents@twitter.com talks. @simakov_marina@twitter.com

🐦🔗: twitter.com/YaronZi/status/116

0
Z0vsky  

RT @ENOENT_@twitter.com

If you're interested in knowing how to solve RE tasks using cryptanalysis only, you should check out my new post. You'll see the methodology I applied to solve the micro-bit crackme of the challenge of @_leHACK_@twitter.com 2019 of @virtualabs@twitter.com @iotcert@twitter.com
bitsdeep.com/posts/solving-re-

🐦🔗: twitter.com/ENOENT_/status/116

0
Z0vsky  

RT @HanseSecure@twitter.com

Bypassing Two-Factor Authentication on Outlook Web Access


securityaffairs.co/wordpress/5

🐦🔗: twitter.com/HanseSecure/status

0
Z0vsky  

RT @gabsmashh@twitter.com

a good guide to the basics of offensive lateral movement/pivoting, including psexec, DCOM, WMI, winRM, etc. the guide uses cobaltstrike for most of the demo, which is superrrr fun (albeit noisy) to play with, if you haven't.
hausec.com/2019/08/12/offensiv

🐦🔗: twitter.com/gabsmashh/status/1

0
Z0vsky  

RT @PythonResponder@twitter.com

Responder 2.3.4.0 upcoming release will be supporting RDP ;)

🐦🔗: twitter.com/PythonResponder/st

0
Z0vsky  

RT @shishi0_@twitter.com

"Webmin 0day remote code execution"

Tl;Dr: Lack of input validation in the reset password function allows RCE (CVE-2019-15107). Over 13 0000 vulnerable on Shodan.

PoC:
/password_reset.cgi
user=root&pam&expired&old=wrong | id

pentest.com.tr/exploits/DEFCON

🐦🔗: twitter.com/shishi0_/status/11

0
Z0vsky  

RT @TencentTic@twitter.com

Tencent Security Team has worked out a stable POC of CVE-2019-1181/1182. It works on Win7 to Win10. Patch your system as soon as possible. REF:
s.tencent.com/research/bsafe/7

🐦🔗: twitter.com/TencentTic/status/

0
Z0vsky  

RT @huntingmalware@twitter.com

Hey hey hey, bored of infosec marketing bullshit? check our new post! blog.huntingmalware.com/notes/

🐦🔗: twitter.com/huntingmalware/sta

0
Z0vsky  

RT @GossiTheDog@twitter.com

“We accept the risk”

2 years later:

🐦🔗: twitter.com/GossiTheDog/status

0
Z0vsky  

RT @gentilkiwi@twitter.com

When your program name is more the new EICAR than a security tool twitter.com/ahakcil/status/116

🐦🔗: twitter.com/gentilkiwi/status/

0
Z0vsky  

RT @piotrcki@twitter.com

⚠️ Arretez tout et allez mettre à jour vos Windows. ⚠️ (Merci à @ANSSI_FR@twitter.com @CERT_FR@twitter.com)
cert.ssi.gouv.fr/alerte/CERTFR

🐦🔗: twitter.com/piotrcki/status/11

0
Z0vsky  

RT @5aelo@twitter.com

In case you missed @natashenka@twitter.com's talk at @BlackHatEvents@twitter.com this week, here is a video showing a remote exploit for one of the iMessage bugs we found: youtu.be/E_9kBFKNx54 Be sure to read googleprojectzero.blogspot.com if you are interested in these kinds of attacks!

🐦🔗: twitter.com/5aelo/status/11598

0
Z0vsky  

RT @PyroTek3@twitter.com

Today at Black Hat @markmorow@twitter.com
& I presented on "Attacking & Defending the Microsoft Cloud."

Slides are now available to download:
adsecurity.org/?p=4179

We covered several attacks (& defense): password spray, token theft, password reuse, on-prem cloud integration, & more!

🐦🔗: twitter.com/PyroTek3/status/11

0
Show more
Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!

Trending now

Resources

Developers

What is Mastodon?

mastodon.tedomum.net

More…