whip_lash + security   448

GitHub - dzonerzy/winescalation: Python based module to find common vulnerabilities which lead to Windows privilege escalation
This is a Python based module for fast checking of common vulnerabilities affecting windows which lead to privilege escalation
python  windows  privilegeescalation  privesc  pentest  security 
2 days ago by whip_lash
evilsocket/bettercap: A complete, modular, portable and easily extensible MITM framework.
bettercap is a complete, modular, portable and easily extensible MITM tool and framework with every kind of diagnostic and offensive feature you could need in order to perform a man in the middle attack.
github  security  pentest  mitm 
3 days ago by whip_lash
Updated Hacking Challenge Site Links
These are 70 sites which offer free challenges for hackers to practice their skills. Some are web-based challenges, some require VPN access to private labs and some are downloadable ISOs and VMs. I’ve tested the links at the time of this posting and they work.
ctf  security 
3 days ago by whip_lash
RDP hijacking — how to hijack RDS and RemoteApp sessions transparently to move through an…
How you can very easily use Remote Desktop Services to gain lateral movement through a network, using no external software — and how to defend against it.
hacking  rdp  security  windows 
4 days ago by whip_lash
MITRE’s Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) is a curated knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary’s lifecycle and the platforms they are known to target. ATT&CK is useful for understanding security risk against known adversary behavior, for planning security improvements, and verifying defenses work as expected.
dfir  security 
6 days ago by whip_lash
mitm6 – compromising IPv4 networks via IPv6 | Fox-IT International blog
Running the attack itself is quite straightforward. First we start mitm6, which will start replying to DHCPv6 requests and afterwards to DNS queries requesting names in the internal network. For the second part of our attack, we use our favorite relaying tool, ntlmrelayx. This tool is part of the impacket Python library by Core Security and is an improvement on the well-known smbrelayx tool, supporting several protocols to relay to. Core Security and Fox-IT recently worked together on improving ntlmrelayx, adding several new features which (among others) enable it to relay via IPv6, serve the WPAD file, automatically detect proxy requests and prompt the victim for the correct authentication. If you want to check out some of the new features, have a look at the relay-experimental branch.

To serve the WPAD file, all we need to add to the command prompt is the host is the -wh parameter and with it specify the host that the WPAD file resides on. Since mitm6 gives us control over the DNS, any non-existing hostname in the victim network will do. To make sure ntlmrelayx listens on both IPv4 and IPv6, use the -6 parameter. The screenshots below show both tools in action, mitm6 selectively spoofing DNS replies and ntlmrelayx serving the WPAD file and then relaying authentication to other servers in the network.

hash  relay  ipv6  mitm  pentest  security 
6 days ago by whip_lash
ROP Emporium
Learn return-oriented programming through a series of challenges designed to teach ROP techniques in isolation, with minimal reverse-engineering and bug-hunting.
ctf  programming  security 
7 days ago by whip_lash
Thief found with master key to 6,000 Austin buildings - Austin Business Journal
More than 6,000 apartment, office and other large buildings in Austin have had their security compromised.

City officials are rushing to re-key thousands of hidden lock boxes used by emergency personnel after police caught a suspect accused of burglarizing two local businesses — including Dell Children's Medical Center, where $30,000 was stolen, police said.

The burglary suspect is behind bars and the master key to so-called Knox-Boxes has been recovered.
security  physical  lockpicking  austin 
7 days ago by whip_lash
I’m harvesting credit card numbers and passwords from your site. Here’s how.
Lucky for me, we live in an age where people install npm packages like they’re popping pain killers.
javascript  security  web 
7 days ago by whip_lash
"Reverse Engineering for Beginners" free book
Topics discussed: x86/x64, ARM/ARM64, MIPS, Java/JVM.

Topics touched: Oracle RDBMS, Itanium, copy-protection dongles, LD_PRELOAD, stack overflow, ELF, win32 PE file format, x86-64, critical sections, syscalls, TLS, position-independent code (PIC), profile-guided optimization, C++ STL, OpenMP, win32 SEH.
assembly  book  engineering  security  reverseengineering 
9 days ago by whip_lash
Operation Cobalt Kitty: A large-scale APT in Asia carried out by the OceanLotus Group
The attackers arsenal consisted of modified publicly-available tools as well as six undocumented custom-built tools, which Cybereason considers the threat actor’s signature tools. Among these tools are two backdoors that exploited DLL sideloading attack in Microsoft, Google and Kaspersky applications. In addition, they developed a novel and stealthy backdoor that targets Microsoft Outlook for command-and-control channel and data exfiltration.

apt  security  pentest 
10 days ago by whip_lash
Who can add workstation to the domain – Dubai Security Blog
So taking into consideration above 2 items, by default any authenticated user can join up to 10 machines to the domain.
activedirectory  security  pentest 
10 days ago by whip_lash
Web Application Firewall (WAF) Evasion Techniques – secjuice™ – Medium
Why using ? instead of *? Because the asterisk (*) is widely used for comment syntax (something like /* hey I’m a comment */) and many WAF blocks it in order to avoid SQL Injection… something like UNION+SELECT+1,2,3/*
waf  hacking  pentest  security 
11 days ago by whip_lash
paralax/awesome-honeypots: an awesome list of honeypot resources
A curated list of awesome honeypots, tools, components and much more. The list is divided into categories such as web, services, and others, focusing on open source projects.
security  honeypot  activedefense 
12 days ago by whip_lash
Why Raspberry Pi isn't vulnerable to Spectre or Meltdown - Raspberry Pi
Now let’s look at how speculation and caching combine to permit a Meltdown-like attack on our processor. Consider the following example, which is a user program that sometimes reads from an illegal (kernel) address, resulting in a fault (crash):
programming  security  intel  bug 
12 days ago by whip_lash
PiKarma Python Script Helps You Identify Malicious WiFi Networks
The project is called PiKarma and it's a Python script created by Turkish security researcher Besim Altinok that can detect WiFi networks that are carrying KARMA attacks, a well-known form of WiFi Man-in-the-Middle attacks.
wifi  security 
14 days ago by whip_lash
IoT Privacy and Security Challenges for Smart Home Environments
In the case of the quote above, hackers attempted to steal data from a North American casino through a fish tank that was connected to the internet. Although the casino had implemented some security precautions, these hackers still managed to compromise the tank to send data to a device in Finland before the threat was discovered and the perpetrators were stopped.

iot  hacking  security 
14 days ago by whip_lash
Abusing Microsoft Word Features for Phishing: “subDoc” - Rhino Security Labs
In the above configuration, we’re telling Word to open a sub-document over the network using a UNC path which points external to their network. The destination IP address, in this case, is a VM instance that we control, hosted by a cloud provider which allows incoming SMB requests.

At this point, we’re able to load Responder.py which allows us to listen for incoming SMB requests and collect the respective NTLMv2 hashes.
hashes  Microsoft  office  vulnerability  pentest  responder  security 
14 days ago by whip_lash
Why Intel's 2015 CPU bugs should make us expect worse bugs in the future
Anyway, back to 2015. We’ve seen at least two serious bugs in Intel CPUs in the last quarter3, and it’s almost certain there are more bugs lurking.

hardware  intel  security  bug  vulnerability 
14 days ago by whip_lash
Attacking Read-Only Domain Controllers (RODCs) to Own Active Directory – Active Directory Security
RODCs are meant to be administered by almost anyone since they are standard servers. However, there is risk with this. If regular users are delegated admin access to one or more RODCs, these RODCs either shouldn’t cache passwords or allow only the minimum number of accounts required to cache passwords. Enabling the RODCs to cache a large number of account passwords in the domain effectively makes the RODC a junior DC and elevates the RODC admins to psuedo-Domain Admin status since they have access to many of the account passwords in the domain.
security  windows  activedirectory 
14 days ago by whip_lash
Cracking Encrypted PDFs – Part 1 | Didier Stevens
In this series of blog posts, I’ll explain how I decrypted the encrypted PDFs shared by John August (John wanted to know how easy it is to crack encrypted PDFs, and started a challenge).

Here is how I decrypted the “easy” PDF (encryption_test).
pdf  hacking  pentest  security 
14 days ago by whip_lash
Flaw In Major Browsers Allows 3rd-Party Scripts to Steal Your Saved Passwords
However, a team of researchers from Princeton's Center for Information Technology Policy has discovered that at least two marketing companies, AdThink and OnAudience, are actively exploiting such built-in password managers to track visitors of around 1,110 of the Alexa top 1 million sites across the Internet.
Third-party tracking scripts found by researchers on these websites inject invisible login forms in the background of the webpage, tricking browser-based password managers into auto-filling the form using the saved user's information.
browser  security  privacy 
14 days ago by whip_lash
Update: Two Years After Discovery Dangerous Security Hole Lingers in GPS Services | The Security Ledger
In all, the researchers identified more than 100 GPS services that were affected and unpatched. The number of devices that use these services isn’t known, but could number in the millions. Just one site, gpsui.net, acts as the master server for what Gruhn and Stykas estimate to be more 615,00 GSM and GPS location tracking devices.

The service is vulnerable to more than one authorization bypass attack – in which an attacker can access and interact with the GPS service without first entering a user name and password. Those, in turn, could open the door to so-called “privilege escalation” attacks that could expose all location tracking information stored by the site. Attackers could potentially send commands to and control all the connected devices that use the service.
gps  security  vulnerability 
14 days ago by whip_lash
India's National ID Database With Private Information Of Nearly 1.2 Billion People Was Reportedly Breached
The Tribune, a local Indian newspaper, published a report claiming its reporters paid Rs. 500 (approximately $8) to a person who said his name was Anil Kumar, and who they contacted through WhatsApp. Kumar was able to create a username and password that gave them access to the demographic information of nearly 1.2 billion Indians who have currently enrolled in Aadhaar, simply by entering a person’s unique 12-digit Aadhaar number. Regional officers working with the Unique Identification Authority of India (UIDAI), the government agency responsible for Aadhaar, told the Tribune the access was “illegal,” and a “major national security breach.”
india  security 
14 days ago by whip_lash
SSH Security and You - /bin/false is *not* security :: semicomplete.com - Jordan Sissel
Whatever sysadmin was tasked with securing these machines forgot something very important about ssh2: channels. I use them often for doing agent, x11, or port forwarding. You probably use them too, right? So what happens if we try to port forward without requesting a shell (ssh -N)? You might not have guessed that it allows you to do the requested port forward and keeps the connection alive. SSH stays connected because it never executes the shell, so it never gets told to die. Whoops!
ssh  security  shell  linux  unix 
20 days ago by whip_lash
Users Have Reported the Same Chrome Bug 43 Times. Actually Not a Bug.
Password asterisks were added to prevent nosey roommates trying to get a peek at your passwords while you were logging in. They're not an indicator of actual security nor do they hide the password from everything and everyone.
browser  security 
20 days ago by whip_lash
Famed Hacker Kevin Mitnick Shows You How to Go Invisible Online | WIRED
After using Tor to randomize your IP address, and after creating a Gmail account that has nothing to do with your real phone number, Google sends your phone a verification code or a voice call. Now you have a Gmail account that is virtually untraceable. We can produce reasonably secure emails whose IP address—thanks to Tor—is anonymous (although you don’t have control over the exit nodes) and whose contents, thanks to PGP, can’t be read except by the intended recipient.

email  encryption  privacy  security 
20 days ago by whip_lash
Security Engineering - A Guide to Building Dependable Distributed Systems
When I wrote the first edition, we put the chapters online free after four years and found that this boosted sales of the paper edition. People would find a useful chapter online and then buy the book to have it as a reference. Wiley and I agreed to do the same with the second edition, and now, four years after publication, I am putting all the chapters online for free.
book  security  sysadmin 
20 days ago by whip_lash
GitHub - docker/docker-bench-security: The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production.
The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production.
docker  github  security 
22 days ago by whip_lash
The strange story of “Extended Random” – A Few Thoughts on Cryptographic Engineering
Those fossilized printers confirmed a theory we’d developed in 2014, but had been unable to prove: namely, the existence of a specific feature in RSA’s BSAFE TLS library called “Extended Random” — one that we believe to be evidence of a concerted effort by the NSA to backdoor U.S. cryptographic technology.
cryptography  nsa  security 
22 days ago by whip_lash
Introducing Merlin — A cross-platform post-exploitation HTTP/2 Command & Control Tool
tl;dr Evade network detection during a penetration test/red team exercise by using a protocol that existing tools aren’t equipped to understand or inspect. Merlin is post-exploitation tool that is easily cross-compiled to run on any platform to achieve command and control of a host.
pentest  security  c2  c&c 
28 days ago by whip_lash
Security Pros Waste 40 Hours Per Month Thanks to Inefficient Systems - Infosecurity Magazine
The majority of IT decision-makers think the average cybersecurity professional wastes as much as 10 hours a week due to inadequate software.

According to a LogRhythm-sponsored survey of 751 IT decision-makers from the US, UK and Asia/Pacific, more than one-third of them also say their teams spend at least three hours a day on tasks that could be handled by better software.

29 days ago by whip_lash
Security firm Keeper sues news reporter over vulnerability story | ZDNet
Keeper said in its lawsuit that Goodin and his employer, tech site Ars Technica, also named as defendant, "made false and misleading statements about the Keeper software application suggesting that it had a 16-month old bug that allowed sites to steal user passwords."

security  news  law 
29 days ago by whip_lash
Mailsploit: The Undetectable Spoofing Attack
Mailsploit easily passes through email servers and circumvents established spoofing protection tools like DMARC and spam filters. Emails sent with Mailsploit appear to come from totally legitimate senders. In most cases, unless email headers are inspected by technicians, emails sent using Mailsploit are undetectable.
email  security  exploit 
6 weeks ago by whip_lash
In case you haven't heard the new there is a massive security flaw in macOS, which allows anybody to log into the root account with a blank password...
I was intrigued by this bug, so decided to track down it's root cause!
apple  bug  security 
7 weeks ago by whip_lash
XPN InfoSec Blog
For many pentesters, Meterpreter's getsystem command has become the default method of gaining SYSTEM account privileges, but have you ever have wondered just how this works behind the scenes?

In this post I will show the details of how this technique works, and explore a couple of methods which are not quite as popular, but may help evade detection on those tricky redteam engagements.
pentest  security  privesc  privilegeescalation 
8 weeks ago by whip_lash
SSL spy boxes on your network getting you down? But wait, here's an IETF draft to fix that • The Register
Before you get too excited though, it's worth noting that security considerations to this approach have yet to be considered: the relevant section is listed as simply "To do."
encryption  security 
10 weeks ago by whip_lash
DUHK Attack
Developers of cryptographic software should stop using the X9.31 generator. It was removed from the list of FIPS-approved random number generation algorithms in January 2016. If you must use a block cipher-based RNG, don't use a hard-coded key, and regenerate the key frequently.
security  cryptography  crypto 
12 weeks ago by whip_lash
IoT Cybersecurity: What's Plan B? - Schneier on Security
What the bill does do is leverage the government's buying power to nudge the market: any IoT product that the government buys must meet minimum security standards. It requires vendors to ensure that devices can not only be patched, but are patched in an authenticated and timely manner; don't have unchangeable default passwords; and are free from known vulnerabilities. It's about as low a security bar as you can set, and that it will considerably improve security speaks volumes about the current state of IoT security.
law  security  iot 
october 2017 by whip_lash
Attackers Start Scans for SSH Keys After Report on Lack of SSH Security Controls
Website owners are advised to check if they haven't accidentally uploaded their SSH private key on their public servers, or committed the SSH private key to Git or SVN repositories. Setting a passphrase to access the private SSH key also prevents an attacker from using the key, even if he manages to get his hands on it.
ssh  security 
october 2017 by whip_lash
Ichidan Is a Shodan-Like Search Engine for the Dark Web
'Ichidan Is a Shodan-Like Search Engine for the Dark Web'. Useful.
security  tor  ichidan  osint  darkweb 
october 2017 by whip_lash
Threat Dragon is a free, open-source threat modeling tool from OWASP.
analysis  security 
september 2017 by whip_lash
« earlier      
per page:    204080120160

related tags

2fa  activedefense  activedirectory  afghanistan  aircraft  analysis  android  ansible  antivirus  app  apple  apps  apt  ascii  assembly  austin  authentication  aws  banking  base64  bash  bigbrother  binary  biology  bitcoin  blogs  bloodhound  board  book  books  Brazil  britain  browser  bruteforce  bufferoverflow  bug  bugbounty  burp  c  c&c  c++  c2  career  certification  cheatsheet  china  cis  cisco  cissp  class  cloud  code  coldfusion  commandinjection  communications  compliance  compromise  conference  consulting  conversion  courses  crackmapexec  craigslist  creepy  crime  crypto  cryptography  ctf  culture  darkweb  data  database  debugging  defcon  defense  design  devops  dfir  diamond  dictionary  disassembler  diy  dns  docker  domain  dos  download  drive  drm  economics  education  egypt  elasticsearch  electricity  elkstack  email  encryption  engineering  ethics  events  exchange  exfiltration  exploit  facebook  fbi  firewall  foreignpolicy  forum  fraud  free  freebsd  freeware  fuzzing  gadgets  games  gigs  github  glba  goldenticket  google  government  gps  guide  hacking  hardening  hardware  hash  hashcat  hashes  hex  hipaa  honeypot  howto  hping3  html  http  https  humor  i2p  ichidan  icmp  ida  idiocracy  ids  iis  india  indicators  infraguard  injection  intel  intelligence  internet  intrusionanalysis  ios  iot  iphone  ipsec  ipv6  java  javascipt  javascript  joke  juniper  kali  keepass  kerberoast  kerberos  lab  laps  law  learning  lemons  lfi  library  linux  literature  localadmin  lockpicking  logging  mac  mainframe  malware  messaging  metasploit  mexico  mfa  microsoft  military  mimikatz  mindmap  mitm  mobile  monitoring  moonlighting  music  netcat  netripper  networengineering  network  networking  news  nmap  nsa  ntlm  obama  office  online  openbsd  opensource  opsec  oscp  osint  p2p  packetcapture  passports  Password  passwords  pcap  pdf  penest  pentest  pentesting  pgp  php  phy  physical  pivoting  plugin  police  politics  postexploitation  postscript  powershell  privacy  privesc  privilegeescalation  privitization  programming  promiscuous  proxcard  proxy  psychology  python  radio  rails  rdp  recommended  recon  redis  reference  registry  relay  report  responder  reverseengineering  reverseshell  rfi  rmi  router  ruby  sanbox  sans  sarbanes-oxley  scanner  schneier  science  Scripting  sdn  sdr  search  secrecy  secure  security  securityonion  sensepost  server  services  shell  shellcode  shodan  siem  sign  signature  smtp  socks  software  solaris  spam  splunk  sql  sqli  ssh  ssl  ssrf  sudo  swift  sysadmin  sysinternals  sysmon  taliban  tech  technology  terrorism  testing  tips  tool  tools  tor  torrent  training  transportation  travel  troubleshooting  tty  tutorial  tutorials  uac  ubuntu  unicornscan  unix  urldecode  usb  utilities  video  virtualization  vmware  voip  vpn  vulnerability  waf  war  wargames  web  webapp  webdav  webdev  webshell  wifi  windows  wireless  wireshark  wordpress  workstation  wpad  wps  xml  xss  xxe  yara  youtube  yubikey 

Copy this bookmark: