Category: Random Musings

Facebook Collected Contacts from 1.5 Million Email Accounts Without Users’ Permission
https://thehackernews.com/2019/04/facebook-email-database.html
#hackerstuff #HackThePlanet

---

Drop-by-Drop: Bleeding through libvips (CVE-2019-6976)

Drop-by-Drop: Bleeding through libvips

#hackerstuff #HackThePlanet

---

pipetap.sh – This script invokes tcpdump over ssh piping to STDOUT, allowing remote use of wireshark
https://github.com/ShadowHatesYou/pipetap.sh
#hackerstuff #HackThePlanet

---

Reverse-engineering Broadcom wireless chipsets
https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html
#hackerstuff #HackThePlanet

---

Over 100 Million JustDial Users’ Personal Data Found Exposed On the Internet
https://thehackernews.com/2019/04/justdial-hacked-data-breach.html
#hackerstuff #HackThePlanet

---

Hackers exploiting unpatched Chrome bug to target 500M iPhone users

Hackers exploiting unpatched Chrome bug to target 500M iPhone users

#hackerstuff #HackThePlanet

---

“Digital Doppelgangers” to bypass anti-fraud protection

Crooks are selling “Digital Doppelgangers” to bypass anti-fraud protection

#hackerstuff #HackThePlanet

---

Password Spraying- Common mistakes and how to avoid them
https://medium.com/@adam.toscher/password-spraying-common-mistakes-and-how-to-avoid-them-3fd16b1a352b
#hackerstuff #HackThePlanet

---

Microsoft Edge Uses a Secret Trick And Breaks Internet Explorer’s Security
https://blog.0patch.com/2019/04/microsoft-edge-uses-secret-trick-and.html
#hackerstuff #HackThePlanet

---

Arjun – HTTP parameter discovery suite
https://github.com/s0md3v/Arjun
#hackerstuff #HackThePlanet

---

My Personal OSINT Techniques, Part 1 of 2: Key & Layer, Contingency Seeding
https://0x00sec.org/t/my-personal-osint-techniques-part-1-of-2-key-layer-contingency-seeding/13033
#hackerstuff #HackThePlanet

---

Explicit is better than implicit.
Simple is better than complex.
Complex is better than complicated.
Flat is better than nested.
Sparse is better than dense.
Readability counts.
Special cases aren’t special enough to break the rules.
Although practicality beats purity.
Errors should never pass silently.
Unless explicitly silenced.
In the face of ambiguity, refuse the temptation to guess.
There should be one — and preferably only one — obvious way to do it.
Although that way may not be obvious at first unless you’re Dutch.
Now is better than never.
Although never is often better than “right” now.
If the implementation is hard to explain, it’s a bad idea.
If the implementation is easy to explain, it may not be a good idea.
Namespaces are one honking great idea — let’s do more of those!

---

How NOT to use the PAM trust – Leveraging Shadow Principals for Cross Forest Attacks
https://www.labofapenetrationtester.com/2019/04/abusing-PAM.html
#hackerstuff #HackThePlanet

---

Forgot about this site… 😀
Hacker Test – Test your hacking skills
http://www.hackertest.net/
#hackerstuff #HackThePlanet

---

Scranos: New Rapidly Evolving Rootkit-Enabled Spyware Discovered
https://thehackernews.com/2019/04/scranos-rootkit-spyware.html
#hackerstuff #HackThePlanet

---

Top VPNs found improperly securing cookies & tokens

Top VPNs found improperly securing cookies & tokens

#hackerstuff #HackThePlanet

---

Federal jury convicts malware creators of hijacking 400,000 computers
https://www.digitaltrends.com/computing/malware-creators-convicted-hijacked-40k-computers/
#hackerstuff #HackThePlanet

---

Privilege Escalation in ManageEngine ADManager Plus 6.6
https://research.digitalinterruption.com/2019/04/15/privilege-escalation-in-manageengine-admanager-plus-6/
#hackerstuff #HackThePlanet

---

DACL Permissions Overwrite Privilege Escalation (CVE-2019-0841)
https://krbtgt.pw/dacl-permissions-overwrite-privilege-escalation-cve-2019-0841/
#hackerstuff #HackThePlanet

---

How does Tor really work?
https://skerritt.blog/how-does-tor-really-work/
#hackerstuff #HackThePlanet #TOR

---

Apache Tomcat Patches Important Remote Code Execution Flaw
https://thehackernews.com/2019/04/apache-tomcat-security-flaw.html
#hackerstuff #HackThePlanet

---

Hackers Compromise Microsoft Support Agent to Access Outlook Email Accounts
https://thehackernews.com/2019/04/microsoft-outlook-email-hack.html
#hackerstuff #HackThePlanet

---

IoT Security- it’s complicated

IoT Security- it’s complicated

#hackerstuff #HackThePlanet

---

PartyLoud – A simple tool to do several HTTP / HTTPS requests and simulate navigation
https://github.com/realtho/PartyLoud
#hackerstuff #HackThePlanet

---

Quantum Cryptography
https://arxiv.org/pdf/quant-ph/9504002.pdf
#hackerstuff #HackThePlanet

---

Timing Attacks using Machine Learning
https://parzelsec.de/timing-attacks-with-machine-learning/
#hackerstuff #HackThePlanet

---

Google Helps Police Identify Devices Close to Crime Scenes Using Location Data
https://thehackernews.com/2019/04/google-location-tracking.html
#hackerstuff #HackThePlanet

---

CVE-2019-9730: Local Privilege Elevation in Synaptics Sound Device Driver (Write-Up + Exploit)
http://jackson-t.ca/synaptics-cxutilsvc-lpe.html
#hackerstuff #HackThePlanet

---