New web skimmer steals credit card data, sends to crooks via Telegram

September 1, 2020 ~ Dade Murphy ~ Leave a comment

Malwarebytes Labs-- The digital credit card skimming landscape keeps evolving, often borrowing techniques used by other malware authors in order to avoid detection. As defenders, we look for any kind of artifacts and malicious infrastructure that we might be able to identify to protect our users and alert affected merchants. These malicious artifacts can range … Continue reading New web skimmer steals credit card data, sends to crooks via Telegram

HackTheBox: Popcorn

September 1, 2020September 1, 2020 ~ Dade Murphy ~ Leave a comment

InfoSec Write-ups - Medium-- How To Hack: Popcorn From HackTheBoxMy Journey On Achieving The OSCP CertificationPopcornIntroductionSome of you must be thinking, not another HTB writeup. But that’s not the case here. Let me elaborate:My goal is to document my journey on achieving the OSCP Certification. This Medium blog is not the place where you can … Continue reading HackTheBox: Popcorn

TryHackMe: Reversing ELF Writeup

September 1, 2020September 1, 2020 ~ Dade Murphy ~ Leave a comment

InfoSec Write-ups - Medium-- This article demonstrates my approach to solving the Reversing ELF room created by mrpvr, available for free on the TryHackMe platform. This room contains 8 beginner crackme challenges which increase in difficulty as you progress. I have provided a link to the TryHackMe platform below for anyone interested in trying these … Continue reading TryHackMe: Reversing ELF Writeup

CrossC2 – Generate CobaltStrike’s Cross-Platform Payload

September 1, 2020 ~ Dade Murphy ~ Leave a comment

KitPloit - PenTest Tools!-- A security framework for enterprises and Red Team personnel, supports CobaltStrike's penetration testing of other platforms (Linux / MacOS / ...), supports custom modules, and includes some commonly used penetration modules.Only for internal use by enterprises and organizations, this framework has a certain degree of instability. Non-professionals are not allowed to … Continue reading CrossC2 – Generate CobaltStrike’s Cross-Platform Payload

Unhiding the hidden

September 1, 2020September 1, 2020 ~ Dade Murphy ~ Leave a comment

InfoSec Write-ups - Medium-- First bug bounty experience — $530This blog aims to help developers understand how attackers can take advantage of security misconfigurations to gain unauthorized access to restricted functionalities. A pretty simple vulnerability (if I come to think of it now), but most of my time and effort went into finding the right point of … Continue reading Unhiding the hidden

Vulnerability In wolfSSL Could Allow MiTM Attacks – Patch Available

September 1, 2020 ~ Dade Murphy ~ Leave a comment

Latest Hacking News-- A researcher found a vulnerability in the wolfSSL library that posed a threat to users’ privacy. Exploiting the bug could Vulnerability In wolfSSL Could Allow MiTM Attacks – Patch Available on Latest Hacking News. View original article on Latest Hacking News

Android Bug Could Allow Malicious Apps To Steal User Data From Other Apps

September 1, 2020 ~ Dade Murphy ~ Leave a comment

Latest Hacking News-- Once again, Android has made it to the news due to a not so good reason. A researcher has discovered Android Bug Could Allow Malicious Apps To Steal User Data From Other Apps on Latest Hacking News. View original article on Latest Hacking News

Maximum Lifespan of SSL/TLS Certificates is 398 Days Starting Today

September 1, 2020 ~ Dade Murphy ~ Leave a comment

The Hacker News-- Starting today, the lifespan of new TLS certificates will be limited to 398 days, a little over a year, from the previous maximum certificate lifetime of 27 months (825 days). In a move that's meant to boost security, Apple, Google, and Mozilla are set to reject publicly rooted digital certificates in their … Continue reading Maximum Lifespan of SSL/TLS Certificates is 398 Days Starting Today

VPS Cheatsheet for bug hunting

September 1, 2020September 1, 2020 ~ Dade Murphy ~ Leave a comment

InfoSec Write-ups - Medium-- I have found myself way too many times forgetting certain commands, or how to perform specific actions related to bug hunting.Continue reading on InfoSec Write-ups » View original article on InfoSec Write-ups - Medium

Cisco Issues Warning Over IOS XR Zero-Day Flaw Being Targeted in the Wild

September 1, 2020 ~ Dade Murphy ~ Leave a comment

The Hacker News-- Cisco has warned of an active zero-day vulnerability in its router software that's being exploited in the wild and could allow a remote, authenticated attacker to carry out memory exhaustion attacks on an affected device. "An attacker could exploit these vulnerabilities by sending crafted IGMP traffic to an affected device," Cisco said … Continue reading Cisco Issues Warning Over IOS XR Zero-Day Flaw Being Targeted in the Wild