Pentester Lab Pro Subscription Giveaway

October 2, 2020October 2, 2020 ~ Dade Murphy ~ Leave a comment

InfoSec Write-ups - Medium-- InfoSec Writeups’ first collaboration with PentesterLabHello folks!We are super excited to announce that Infosec Write-ups is conducting its first-ever competition in collaboration with PentesterLab — the biggest and best online resource that makes learning web hacking easier!The winners will receive 1-month PentesterLab Pro Lab Coupons, using which they can access all the pro labs … Continue reading Pentester Lab Pro Subscription Giveaway

VideoBytes: Ransomware gets wasted!

October 2, 2020 ~ Dade Murphy ~ Leave a comment

Malwarebytes Labs-- Hello dear readers, and welcome to the latest edition of VideoBytes! On today’s episode, we’re talking about how ransomware is on the rise again, focused on attacking corporations with malware that not only encrypts files, but also steals it. The tactics used to deploy these forms of ransomware have become more capable and … Continue reading VideoBytes: Ransomware gets wasted!

Increasing XSS impact using XSScope

October 2, 2020October 2, 2020 ~ Dade Murphy ~ Leave a comment

InfoSec Write-ups - Medium-- During Bug Hunting, everyone aims for triggering the “1” alert. However, if you want to escalate your impact of XSS, now you can do this easily by using XSScope.What is XSScope?What is XSScope? XSScope is an advanced XSS payload generator platform for Client-Side attacks and also with an aim of increaing the impact … Continue reading Increasing XSS impact using XSScope

HP Device Manager Backdoor Could Allow Privilege Escalation To Remote Attackers

October 2, 2020 ~ Dade Murphy ~ Leave a comment

Latest Hacking News-- HP Device Manager Backdoor Security researcher Nicky Bloor found a backdoor in HP Device Manager. The product allows IT admins HP Device Manager Backdoor Could Allow Privilege Escalation To Remote Attackers on Latest Hacking News. View original article on Latest Hacking News

Prototype Pollution Vulnerability Indirectly Affected HackerOne Platform

October 2, 2020 ~ Dade Murphy ~ Leave a comment

Latest Hacking News-- A serious security flaw potentially affected the bug bounty platform HackerOne. Identified as pollution prototype vulnerability, the bug indirectly affected Prototype Pollution Vulnerability Indirectly Affected HackerOne Platform on Latest Hacking News. View original article on Latest Hacking News

Researchers Fingerprint Exploit Developers Who Help Several Malware Authors

October 2, 2020 ~ Dade Murphy ~ Leave a comment

The Hacker News-- Writing advanced malware for a threat actor requires different groups of people with diverse technical expertise to put them all together. But can the code leave enough clues to reveal the person behind it? To this effect, cybersecurity researchers on Friday detailed a new methodology to identify exploit authors that use their … Continue reading Researchers Fingerprint Exploit Developers Who Help Several Malware Authors

Explore Data Analysis & Deep Learning with This $40 Training Bundle

October 1, 2020 ~ Dade Murphy ~ Leave a comment

Null Byte « WonderHowTo-- Data makes the world go round. It has gotten to the point that it's considered the most valuable resource, perhaps even more important than oil. Businesses use data to collect critical information about their users and improve their services; governments utilize it to improve things like public transportation; doctors analyze data … Continue reading Explore Data Analysis & Deep Learning with This $40 Training Bundle

How to Escape Restricted Shell Environments on Linux

October 1, 2020 ~ Dade Murphy ~ Leave a comment

Null Byte « WonderHowTo-- The moment arrives when you finally pop a shell on the web server you've been working on, only you find yourself in a strange environment with limited functionality. Restricted shells are often used as an additional line of defense and can be frustrating for an attacker to stumble upon. But with … Continue reading How to Escape Restricted Shell Environments on Linux

Exploiting AWS IAM permissions for total cloud compromise: a real world example (part 2/2)

October 1, 2020October 1, 2020 ~ Dade Murphy ~ Leave a comment

InfoSec Write-ups - Medium-- IntroductionIn part 1 we compromised an account with multiple permissions, but no Administrator access. We found a potential role that would allow us to escalate privileges, following one of the methods in Rhinosecuritylab’s post. Briefly explained, we’ll try to create an instance and attach to it a privileged role at creation … Continue reading Exploiting AWS IAM permissions for total cloud compromise: a real world example (part 2/2)

Chaos in a cup: When ransomware creeps into your smart coffee maker

October 1, 2020 ~ Dade Murphy ~ Leave a comment

Malwarebytes Labs-- When the fledgling concept of the Internet of Things (IoT) was beginning to excite the world almost a decade ago, perhaps no coffee lover at that time would’ve imagined including the coffee machine in the roster of internet-connected devices—even in jest. True, the simple, utilitarian coffee machine may not be as popular now … Continue reading Chaos in a cup: When ransomware creeps into your smart coffee maker