CVE-2018-4407 is a kernel RCE caused by a heap buffer overflow affecting multiple apple devices. A patch has been released by Apple, so be sure to update before it is too late. This exploit could potentially allow attackers to run arbitraty code in the kernel. As a proof of concept, Kevin Backhouse, who initially found the vulnerability, has written up a proof-of-concept to show how you can reboot Apple devices without any user interaction. Here is the video:
Link: Bugbounty Cheatsheet
Bugbounty Cheatsheep repository is a collection of resources for new or current bug bounty hunters. Resources are seperated in to two categories; References and Vulnerabilities.
In the references column, you will find resources such as books, tools, platforms, and tips.
In the vulnerabilities column, you will see various code snippets for common vulnerabilities along with their respective applications that are affected by said vulnerabilities. You might also get some external links to blogs, write-ups, or proof of concenpts to better understand the vulnerability and how it can be implemented.
Anyone looking to get a foot in the door for bug bounty hunting, but even seasoned vets might find this repository useful. Sometimes…
Link: Awesome Infosec
In this repository you will find links to various websites and resources for learning about information/cyber security. Some of the resources you will have to pay for, others are free.
This repo is for anyone who is getting into penetration testing, but might also prove useful to those who either need a refresher, or would like to expand their knowledge regarding the subject. These resources might also be useful to web application developers to get an idea of how they can code with security in mind.
Most of these resources would probably not be used by veterans in the industry, unless they are being used to teach…
Link: Red Teaming Toolkit
This repo is a collection of tools for Red Team/Penetration testers. The repo provides tool recommendations for Reconnaissance (for probing targets and intelligence gathering), Privilege Escalation, Data Exfiltration, et cetera.
This repo is for anyone who is into penetration testing and would like to have a ready list of tools for getting the job done. Even if you are a beginner and don't know much about penetration testing, learning how each tool operates and what it can be used for is invaluable information.
Considering the repo includes some of the most common tools used for pen testing, I would imagine even hardened veterans might get some…
I, for one, am pretty excited to see what B-Sides is going to have ready for us this year. I missed last years conference and kicked myself for it. If you are planning on going, make sure to register!
Whether you're going for educational purposes, or for fun, the event should prove to be both. Be sure to say hello if you are going and, if not, I'll be sure to post some pictures of the event for those who don't get a chance to go.
Showing 1 - 5 of 13 articles.