exploit   3431

« earlier    

eslint-scope attack
Because it doesn't wait for the request to complete, it is possible for the reqeuest to only send part of the script and the eval call to fail with a SyntaxError, which is how the issue was discovered.

attack  exploit  eslint 
9 days ago by blurback
Microsoft COM for Windows - Privilege Escalation
The keywords "COM" and "serialized" pretty much jumped into my face when the advisory came out. Since I had already spent several months of research time on Microsoft COM last year I decided to look into it. Although the vulnerability can result in remote code execution, I'm only interested in the privilege escalation aspects.
privesc  windows  pentest  exploit  security 
26 days ago by whip_lash
Attacking Private Networks from the Internet with DNS Rebinding
The home WiFi network is a sacred place; your own local neighborhood of cyberspace. There we connect our phones, laptops, and “smart” devices to each other and to the Internet and in turn we improve…
dns  exploit  hack  hacking  network 
4 weeks ago by nharbour

« earlier    

related tags

2018  advisory  ai  alarm-clock  alarm  alexa  amazon  android  angler  antivirus  assembly  attack  attacks  audio  autosploit  awareness  bash  binaries  binary  binwalk  bitcoin  blockchain  browser  bug-bounty  bug  bugbounty  certificate  check  cisco  cloud  code  codeislaw  coding  cognition  computer  cool  cors  cpu  crisis  crypto  css  ctf  cve  cyberark  cybersecurity  danderspritz  database  debugger  deserialization  development  dhcp  dma  dns  dot-net  edge  education  efail  email  embedded  emotion  encryption  enterprise  eslint  eternalblue  example  exploitation  exploitdb  exploits  fail  firefox  flash  forensics  frequency  gdb  gef  github  gnupg  google  gpg  hack  hacker  hacking  heartbleed  homebrew  ifttt  immunity  infosec  ios  ip  iphone  isc  itunes  jailbreaking  java  keepfamiliestogether  kernel  keylogger  kubernetes  lab  leak  learning  led  linux  malvertising  media  meltdown  metasploit  microsoft  mitigation  mitm  modern  mona  moral  msoffice  msword  mysql  netsec  network  nintendo  nintendoswitch  noisnotenough  nsa  ntlm  openpgp  opensource  osint  pdf  pen_testing  pentest  pentesting  pgp  php  playing  plugin  poc  post  privacy  privesc  productivity  programming  proof-of-concept  proof_of_concept  pwn2own  python  radio  range  rce  rdp  recon  redteam  reference  remote  research  reverse-engineering  reverseengineering  reversing  rop  router  rowhammer  ruby  search  security  serialization  service  shellshock  shodan  siri  smartcontract  smartcontracts  smartinstall  smartspeaker  smb  social  software  speaker  sql  study  subliminal  switch  sync  technology  telnet  tls  tools  transmission  trump  trusted  trustjacking  tutorials  utilities  videogames  virtualassitant  voice  vpnfilter  vulndev  vulnerabilities  vulnerability  walkthrough  web  webrtc  whitehat  wifi  windbg  windows  worstpractice  x64dbg  xen  xss  yourexpert 

Copy this bookmark: