Link: Apple XNU ICMP Error CVE-2018-4407

CVE-2018-4407 is a kernel RCE caused by a heap buffer overflow affecting multiple apple devices. A patch has been released by Apple, so be sure to update before it is too late. This exploit could potentially allow attackers to run arbitraty code in the kernel. As a proof of concept, Kevin Backhouse, who initially found the vulnerability, has written up a proof-of-concept to show how you can reboot Apple devices without any user interaction. Here is the video:



Read More   
as1x752    30th Oct 2018   

Link: Bugbounty Cheatsheet

What is it?

Bugbounty Cheatsheep repository is a collection of resources for new or current bug bounty hunters. Resources are seperated in to two categories; References and Vulnerabilities. 

In the references column, you will find resources such as books, tools, platforms, and tips.

In the vulnerabilities column, you will see various code snippets for common vulnerabilities along with their respective applications that are affected by said vulnerabilities. You might also get some external links to blogs, write-ups, or proof of concenpts to better understand the vulnerability and how it can be implemented.

Who is it for?

Anyone looking to get a foot in the door for bug bounty hunting, but even seasoned vets might find this repository useful. Sometimes…


Read More   
as1x752    22nd Oct 2018   

Link: Awesome Infosec

What is it?

In this repository you will find links to various websites and resources for learning about information/cyber security. Some of the resources you will have to pay for, others are free.

Who is it for?

This repo is for anyone who is getting into penetration testing, but might also prove useful to those who either need a refresher, or would like to expand their knowledge regarding the subject. These resources might also be useful to web application developers to get an idea of how they can code with security in mind.

Who is it not for?

Most of these resources would probably not be used by veterans in the industry, unless they are being used to teach…


Read More   
as1x752    19th Oct 2018   

Link: Red Teaming Toolkit

What is it?

This repo is a collection of tools for Red Team/Penetration testers. The repo provides tool recommendations for Reconnaissance (for probing targets and intelligence gathering), Privilege Escalation, Data Exfiltration, et cetera.

Who is it for?

This repo is for anyone who is into penetration testing and would like to have a ready list of tools for getting the job done. Even if you are a beginner and don't know much about penetration testing, learning how each tool operates and what it can be used for is invaluable information.

Who is it not for?

Considering the repo includes some of the most common tools used for pen testing, I would imagine even hardened veterans might get some…


Read More   
as1x752    17th Sep 2018   

B-Sides DFW 2018

The date is set! Are you ready?

I, for one, am pretty excited to see what B-Sides is going to have ready for us this year. I missed last years conference and kicked myself for it. If you are planning on going, make sure to register!

B-Sides DFW Registration

Whether you're going for educational purposes, or for fun, the event should prove to be both. Be sure to say hello if you are going and, if not, I'll be sure to post some pictures of the event for those who don't get a chance to go.


Read More   

Showing 1 - 5 of 13 articles.

Search
Categories
  
Store
Social Media
Donate