recentpopularlog in
« earlier  
Twitter
Eris...

~= 9-Character Passwords are Dead=~

Using Coalfire’s NPK hashcracking software suite & Amazon AWS GPU ins…
12 hours ago
Twitter
Also, happy to release Kerbrute, a cross platform standalone binary for bruteforcing and enumerating AD users throu…
yesterday
Twitter
"Cybersecurity is not very important... In general, we should adopt the Dr. Strangelove approach, which is to stop…
2 days ago
Twitter
SilkETW is now available ✍️🧐💡! Check out my short introduction post here => , you can find t…
2 days ago
Twitter
Solve this college admissions problem:
3 days ago
Twitter
RT : the sexiest job of the 22nd century will be either 'warlord' or 'water smuggler'
3 days ago
Twitter
I put people I don't like on a private list on Twitter so I can see what they're up to without catching…
3 days ago
Twitter
One small change and AMSI bypass works on Server 2019.
3 days ago
Twitter
JUST RELEASED: Our 2019 Threat Detection Report offers detection strategies for the most prevalent tec…
3 days ago
Twitter
This write up of the 2016 Bangladesh SWIFT hack from end to end including technical & criminal info is amazing…
3 days ago
Twitter
I made a bunch of Ansible playbooks the other day in order to streamline/automate my workflow during engagements. S…
4 days ago
Untitled (https://raw.githubusercontent.com/vulhub/vulhub/master/rails/CVE-2019-5418/Dockerfile)
Ruby on Rails CVE-2019-5418 tweet-PoC

curl -sL > /tmp/NFR6fJ; docker build -f /tmp/NFR6fJ…
4 days ago
Twitter
Ruby on Rails CVE-2019-5418 tweet-PoC

curl -sL > /tmp/NFR6fJ; docker build -f /tmp/NFR6fJ…
4 days ago
Twitter
Monsters in the Middleboxes: a new blog post by and highlighting recent work on the measure…
4 days ago
Twitter
How Do I Prepare to Join a Red Team?

I go over the skills which make you valuable in this article, the result of n…
4 days ago
Twitter
(1/3) EXTRACT HASHES FROM VMWARE .vmem FILE:

STEP 1: Install WinDbg & bin2dmp.exe:
4 days ago
Twitter
Since everyone loves dumping credentials, I've put together a tool for remotely dumping Azure AD Connect credential…
5 days ago
Twitter
RT : I think when you believe in freedom of information you have to take the rough with the smooth.

I don't like that C…
5 days ago
Update PoC code to try /sbin/ip if /sbin/ifconfig is not available. Tested with Ubuntu 18.04, 4.8.0-34-generic #36~16.04.1-Ubuntu and Docker 18.09.3 · GitHub
// This exploit combines exploitation of two vulnerabilities:
// - CVE-2017-18344 (OOB read in proc timers)
// - CVE-2017-1000112 (OOB write due to UFO packet fragmentation management)
// Both original exploits were written by Andrey Konovalov.
linux  kernel  privesc  privilegeescalation  pentest 
6 days ago
Twitter
Nice find! WSReset.exe
6 days ago
Twitter
Stickers, anyone?
7 days ago
Twitter
Hey, remember when Kamala Harris prosecuted the parents of children who skipped school? Well, neither does she!
7 days ago
Twitter
"Let me put this another way. Given the type of people you are and the environment you're in, you guys have to admi…
7 days ago
Best Zero-Knowledge Cloud Services 2019
Sync.com has been one of our favorite cloud storage services for years now, and that’s an opinion largely propelled by the service’s unmatched approach to security.   First of all, you’re not charged extra for zero-knowledge encryption like your are with our second pick on this list, pCloud.
storage 
7 days ago
How a Bitcoin Evangelist Made Himself Vanish, in 15 (Not So Easy) Steps - The New York Times
Mr. Lopp viewed the exercise as something of an experiment, to find out the lengths he’d have to go to extricate himself from the databases and other repositories that hold our personal information and make it available to anyone willing to pay for it. That helps explain why he was willing to describe the steps he’s taken with me (though he did so from a burner phone, without disclosing his new location).
privacy  security  technology 
8 days ago
DLL Hijacking | Liberty
Using Procmon, open targeted PE and identify DLLs attempting to load from a writable path.
Using Ghidra identify valid entry points of said DLL.
Create DLL with a valid entry point(s) function. Within the function will be your payload.
Rename compiled DLL respectively, and place in writable directory.
Execute the PE and watch the show.
dll  dllhijack  reverse-engineering  reverseengineering 
8 days ago
Twitter
Just migrated CrackMapExec away from PyCrypto, you should have a *lot* less dependency woes when installing the ble…
8 days ago
Twitter
To be fair, my theory is it took so long because even five years ago it wasn't really true yet.
9 days ago
Huawei Lawsuits Showcase China's Foreign PR Drive - Bloomberg
When an open society with free speech and rule of law engages with one that has neither, that relationship is invariably lop-sided. China’s Communist Party sees control of information as an issue of survival. It’s unlikely that Washington will be able to easily redress the balance by persuading China to adopt freedom of speech, open access to foreign media, or the rule of law.
china 
9 days ago
Peak California – Byrne Hobart – Medium
Once upon a time, California was cheap. In the 50s and 60s, it was a place where you could work part-time to fund your biker gang. In the 70s, you could work part-time to fund your revolutionary terrorist cell. Such side projects are infeasible today. If you’re going to run a massive bombing campaign out of a house in San Francisco, you’ll need to raise at least a mid-six figure seed round.
business  california  economics 
9 days ago
wp_the_ropemaker_email_exploit.pdf
People commonly expect the content of Web pages to be dynamic - able to change
moment-to-moment - but do not expect their email to do so as well. Email in many cases is treated more like
a snail mail letter – once sent never changing - whereas Web pages are understood to be more like TV stations
with a continuously changing flow of visual, audio, and text content. The techniques behind ROPEMAKER are
thus another potential email-based attack vector that we expect attackers to leverage as they continually
evolve from one technique to the next.
phishing  ropemaker  pentest 
10 days ago
(429) https://twitter.com/i/web/status/1105571884542779392
MY DAD: So how does this work?

COMMUNITY COLLEGE COUNSELOR: Well, he fills out these forms...

MY DAD: [slides env…
10 days ago
Penetration Testing Active Directory, Part II – root@Hausec
Privilege escalation in Windows can of course come from a missing patch or unquoted service paths, but since this is pentesting AD, we’re going to exploit some AD things in order to elevate privileges.
activedirectory  privilegeescalation  windows  pentest 
10 days ago
(429) https://twitter.com/i/web/status/1105538854088466432
Thanks to research and work by and , has a new generic computer takeover attack. T…
10 days ago
(429) https://twitter.com/i/web/status/1105533384057647104
There is more! downloaded photon to brute force GET parameters on the '/test' directory and found an 'id' parameter…
10 days ago
(429) https://twitter.com/i/web/status/1105510282707853313
I found a '/test' dir that allowed me to upload malicious files.

How:
1) Get
2) gobuster -…
10 days ago
Twitter
Fun party trick: Most kiosks hide a settings/backend panel you can access by either tapping on a logo or the corner…
11 days ago
Learning to Learn | CSS-Tricks
When you’re learning on your own, this part can sometimes be tough — you don’t know what you don’t know. If you’re starting from scratch, learning web development or computer science, here are some resources that might help:
learning  development 
11 days ago
How to pass a programming interview - Triplebyte Blog
I fundamentally do not believe that good programmers should have to learn special interviewing skills to do well on interviews. But the status quo is what it is. We’re working at Triplebyte to change this.
career  interview  jobs  programming 
11 days ago
Pmarchive - Guide to Personal Productivity
Keep three and only three lists: a Todo List, a Watch List, and a Later List.
The more into lists you are, the more important this is.

Into the Todo List goes all the stuff you "must" do -- commitments, obligations, things that have to be done. A single list, possibly subcategorized by timeframe (today, this week, next week, next month).

Into the Watch List goes all the stuff going on in your life that you have to follow up on, wait for someone else to get back to you on, remind yo...
Productivity 
11 days ago
DTrace on Windows - Microsoft Tech Community - 362902
There are a lot of websites and resources from the community to learn about DTrace. One of the most comprehensive one is the Dynamic Tracing Guide html book available on dtrace.org website. This ebook describes DTrace in detail and is the authoritative guide for DTrace. We also have Windows specific examples below which will provide more info.
debugging  dtrace  windows 
11 days ago
In Khao Noodle, Old East Dallas Gets a Hub For Laotian Food - D Magazine
Donny Sirisavath gives honor to his mother's recipes at his small new noodle shop. You want to hear his story.
dallas  restaurant  laotian 
11 days ago
GitHub - kelseyhightower/kubernetes-the-hard-way: Bootstrap Kubernetes the hard way on Google Cloud Platform. No scripts.
Kubernetes The Hard Way guides you through bootstrapping a highly available Kubernetes cluster with end-to-end encryption between components and RBAC authentication.
tutorial  devops  kubernetes 
11 days ago
Twitter
Until recently, Ethereal was the hardest box I'd completed on . I'm a huge fan, great work by
13 days ago
Twitter
One of the longest posts I've done on my blog in a while, it's a long read but hopefully it helps someone…
13 days ago
Twitter
RT : This should be a mandatory read for every IT person who thinks they’re suddenly a forensics expert ready to judge f…
13 days ago
Twitter
A flexible Windows Backdoor with Koadic and P4wnP1 via
13 days ago
Twitter
SMU introduces new major in Bugatti studies
13 days ago
Twitter
There is no right answer. People will tell you that it's both awesome and terrible, that certs are…
14 days ago
GitHub - TH3xACE/SUDO_KILLER: Script written in bash to exploit sudo misconfigurations and vulnerabilities
Script written in bash to assist in the exploitaton of sudo (Misconfiguration + Vulnerabilities)
sudo  vulnerability  pentest 
14 days ago
Twitter
Got to meet ⁦⁩ working the floor ⁦⁩ Great guy. One of the best.
14 days ago
Twitter
Sometimes the best Disney moment isn’t on a ride.
14 days ago
Twitter
Giveaway! This NSA swag will go to the most interesting project done with Ghidra. Post a link here to a blo…
14 days ago
Twitter
Remote (wireless) USB HID attack using either the victim’s own innocuous Logitech dongle or a planted one, no custo…
14 days ago
Twitter
Finished up a new release today.

Enjoy ! (Typo fixed)
14 days ago
Twitter
firmware reverse engineering tip: Make sure to set your flash memory segment to read/execute-only, so that…
15 days ago
Twitter
rlwrap is just awesome. With linux shells, its usually better just to upgrade to a solid tty. But with windows... j…
15 days ago
Twitter
Six steps to progress:
1. Open PS
2. wmic /node:localhost process call create "cmd.exe /c notepad"
3. wi…
16 days ago
Twitter
Starting a new tutorial series on Heap Exploitation. Part 1 is live! ✨

“Understanding the Glibc Heap Implementatio…
16 days ago
Twitter
Dropping the first part of the Heap Exploitation series today.

The heap is a beautifully complex construct. Yet mo…
17 days ago
An Indian Restaurant From An Overseas Celebrity Chef Heads to Plano - Eater Dallas
Diners will find a rather lengthy menu with dishes like shaam savera (spinach koftas filled with creamed cottage cheese, served floating on a tomato butter gravy) alongside puran singh da tariwala murgh (a chicken gravy), plus a long list of curries, soups, salads, rice dishes, Indian flatbreads, and entrees featuring chicken, fish, lamb or vegetarian options.
indian  restaurant 
17 days ago
Twitter
Wrote a custom exe which dumps the lsass.exe process without any detection, bypassing the EDR soltions. Its useful…
17 days ago
Here's the CIA's "Phoenix Checklist" for thinking about problems / Boing Boing
The "Phoenix Checklist" is a set of questions developed by the CIA to define and think about a problem, and how to develop a solution.
cia  thinking  problemsolving  productivity  checklist 
17 days ago
Home
This book is an introduction to programming in C, and system programming (processes, threads, synchronization, networking and more!). We assume you’ve already had some programming experience, in an earlier computer science course.
compsci  systems  programming  c 
17 days ago
Using Pyzmq For Inter-Process Communication: Part 1 | Python For The Lab
We are going to develop a program to acquire images from a webcam continuously and share the data between different terminals. We are going to explore different patterns provided by the excellent pyZMQ library, focusing on practical examples and discussing the benefits and limitations of them. The examples are going to be the base of the next part of this tutorial, in which we are going to focus on how to implement the same patterns using the multi-threading and multi-processing libr...
python  0mq  pyzmq  ZeroMQ  programming 
17 days ago
GitHub - stevenaldinger/decker: Declarative penetration testing orchestration framework
Decker is a penetration testing orchestration framework. It leverages HashiCorp Configuration Language 2 (the same config language as Terraform) to allow declarative penetration testing as code, so your tests can be versioned, shared, reused, and collaborated on with your team or the community.
pentest  devsecops  security  tools 
17 days ago
tor_ssh.sh · master · Grownetics / DevOps · GitLab
This file is meant to get SSH access via Tor to a server in one command.
ssh  tor 
17 days ago
Twitter
Thanks to 's research, network access once again means RCE against Windows hosts in that (V)LAN. Combin…
18 days ago
NASM Tutorial
This tutorial will show you how to write assembly language programs on the x86-64 architecture.
assembly  programming  tutorial  nasm  assembler  c 
18 days ago
TLDR Stock Options
An easy tool to ballpark the value of startup options.
calculator  equity  finance  money  options  startups  startup  stock  tools 
18 days ago
Twitter
Sophisticated -> Excel VBA-> register COM {e7790f00-694d-438a-868c-b62c27f24aa0}-> reg run val: explorer…
19 days ago
« earlier      
per page:    204080120160

Copy this bookmark:





to read