2019-04-18 Random Interesting Shit

Categories Hacker Shit, News Feed Stuff, Random Musings, Security Stuff, Stuff To Learn

Facebook Collected Contacts from 1.5 Million Email Accounts Without Users’ Permission
https://thehackernews.com/2019/04/facebook-email-database.html
#hackerstuff #HackThePlanet


Drop-by-Drop: Bleeding through libvips (CVE-2019-6976)

Drop-by-Drop: Bleeding through libvips


#hackerstuff #HackThePlanet


pipetap.sh – This script invokes tcpdump over ssh piping to STDOUT, allowing remote use of wireshark
https://github.com/ShadowHatesYou/pipetap.sh
#hackerstuff #HackThePlanet


Reverse-engineering Broadcom wireless chipsets
https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html
#hackerstuff #HackThePlanet


2019-04-17 Random Interesting Shit

Categories Hacker Shit, News Feed Stuff, Random Musings, Security Stuff, Stuff To Learn

Over 100 Million JustDial Users’ Personal Data Found Exposed On the Internet
https://thehackernews.com/2019/04/justdial-hacked-data-breach.html
#hackerstuff #HackThePlanet


Hackers exploiting unpatched Chrome bug to target 500M iPhone users

Hackers exploiting unpatched Chrome bug to target 500M iPhone users


#hackerstuff #HackThePlanet


“Digital Doppelgangers” to bypass anti-fraud protection

Crooks are selling “Digital Doppelgangers” to bypass anti-fraud protection


#hackerstuff #HackThePlanet


Password Spraying- Common mistakes and how to avoid them
https://medium.com/@adam.toscher/password-spraying-common-mistakes-and-how-to-avoid-them-3fd16b1a352b
#hackerstuff #HackThePlanet


Microsoft Edge Uses a Secret Trick And Breaks Internet Explorer’s Security
https://blog.0patch.com/2019/04/microsoft-edge-uses-secret-trick-and.html
#hackerstuff #HackThePlanet


Arjun – HTTP parameter discovery suite
https://github.com/s0md3v/Arjun
#hackerstuff #HackThePlanet


My Personal OSINT Techniques, Part 1 of 2: Key & Layer, Contingency Seeding
https://0x00sec.org/t/my-personal-osint-techniques-part-1-of-2-key-layer-contingency-seeding/13033
#hackerstuff #HackThePlanet


Explicit is better than implicit.
Simple is better than complex.
Complex is better than complicated.
Flat is better than nested.
Sparse is better than dense.
Readability counts.
Special cases aren’t special enough to break the rules.
Although practicality beats purity.
Errors should never pass silently.
Unless explicitly silenced.
In the face of ambiguity, refuse the temptation to guess.
There should be one — and preferably only one — obvious way to do it.
Although that way may not be obvious at first unless you’re Dutch.
Now is better than never.
Although never is often better than “right” now.
If the implementation is hard to explain, it’s a bad idea.
If the implementation is easy to explain, it may not be a good idea.
Namespaces are one honking great idea — let’s do more of those!


How NOT to use the PAM trust – Leveraging Shadow Principals for Cross Forest Attacks
https://www.labofapenetrationtester.com/2019/04/abusing-PAM.html
#hackerstuff #HackThePlanet


Forgot about this site… 😀
Hacker Test – Test your hacking skills
http://www.hackertest.net/
#hackerstuff #HackThePlanet


2019-04-16 Random Interesting Shit

Categories Hacker Shit, News Feed Stuff, Random Musings, Security Stuff, Stuff To Learn

Scranos: New Rapidly Evolving Rootkit-Enabled Spyware Discovered
https://thehackernews.com/2019/04/scranos-rootkit-spyware.html
#hackerstuff #HackThePlanet


Top VPNs found improperly securing cookies & tokens

Top VPNs found improperly securing cookies & tokens


#hackerstuff #HackThePlanet


Federal jury convicts malware creators of hijacking 400,000 computers
https://www.digitaltrends.com/computing/malware-creators-convicted-hijacked-40k-computers/
#hackerstuff #HackThePlanet


Privilege Escalation in ManageEngine ADManager Plus 6.6
https://research.digitalinterruption.com/2019/04/15/privilege-escalation-in-manageengine-admanager-plus-6/
#hackerstuff #HackThePlanet


DACL Permissions Overwrite Privilege Escalation (CVE-2019-0841)
https://krbtgt.pw/dacl-permissions-overwrite-privilege-escalation-cve-2019-0841/
#hackerstuff #HackThePlanet


How does Tor really work?
https://skerritt.blog/how-does-tor-really-work/
#hackerstuff #HackThePlanet #TOR


2019-04-15 Random Interesting Shit

Categories Hacker Shit, News Feed Stuff, Random Musings, Security Stuff, Stuff To Learn

Apache Tomcat Patches Important Remote Code Execution Flaw
https://thehackernews.com/2019/04/apache-tomcat-security-flaw.html
#hackerstuff #HackThePlanet


Hackers Compromise Microsoft Support Agent to Access Outlook Email Accounts
https://thehackernews.com/2019/04/microsoft-outlook-email-hack.html
#hackerstuff #HackThePlanet


IoT Security- it’s complicated

IoT Security- it’s complicated


#hackerstuff #HackThePlanet


PartyLoud – A simple tool to do several HTTP / HTTPS requests and simulate navigation
https://github.com/realtho/PartyLoud
#hackerstuff #HackThePlanet


Quantum Cryptography
https://arxiv.org/pdf/quant-ph/9504002.pdf
#hackerstuff #HackThePlanet


Timing Attacks using Machine Learning
https://parzelsec.de/timing-attacks-with-machine-learning/
#hackerstuff #HackThePlanet


Google Helps Police Identify Devices Close to Crime Scenes Using Location Data
https://thehackernews.com/2019/04/google-location-tracking.html
#hackerstuff #HackThePlanet


CVE-2019-9730: Local Privilege Elevation in Synaptics Sound Device Driver (Write-Up + Exploit)
http://jackson-t.ca/synaptics-cxutilsvc-lpe.html
#hackerstuff #HackThePlanet


2019-04-12 Random Interesting Shit

Categories Hacker Shit, News Feed Stuff, Random Musings, Security Stuff, Stuff To Learn

Fucking Homepage – Words of Wisdom of the Fucking Day:
Today Think About All That You Are, Not All That You Are Not.


Popular Video Editing Software Website Hacked to Spread Banking Trojan
https://thehackernews.com/2019/04/free-video-editing-malware.html
#hackerstuff #HackThePlanet


$177.5 M Settlement Proposal: The Second Possible Big Dent In Yahoo’s Treasury For 2013-16 Data Breach Incident

$177.5 M Settlement Proposal: The Second Possible Big Dent In Yahoo’s Treasury For 2013-16 Data Breach Incident


#hackerstuff #HackThePlanet


The Danger of Exposing Docker.sock
https://dejandayoff.com/the-danger-of-exposing-docker.sock/
#hackerstuff #HackThePlanet


New hijack attack in the wild
https://habr.com/en/company/qrator/blog/447776/
#hackerstuff #HackThePlanet


Security Enhanced Linux (SELinux): From Concepts to Code Flow by J.C. Scaly
https://drive.google.com/file/d/1WNcPYUL3Zf2y7BYXH2z_1LMqzzAZdmc8/view
#hackerstuff #HackThePlanet


New research: we discover how to avoid SmartScreen via COM Hijacking and with no privileges
https://blog.en.elevenpaths.com/2019/04/hijacking-research-smartscreen.html
#hackerstuff #HackThePlanet