Hacking News-- A serious vulnerability exists in Google Drive that still awaits a fix. As discovered, the vulnerability allows an adversary to Google Drive Vulnerability Allows Spearphishing Attacks on Latest Hacking News. View original article on Latest Hacking News
Popular iOS SDK Caught Spying on Billions of Users and Committing Ad Fraud
The Hacker News-- A popular iOS software development kit (SDK) used by over 1,200 apps—with a total of more than a billion mobile users—is said to contain malicious code with the goal of perpetrating mobile ad-click fraud and capturing sensitive information. According to a report published by cybersecurity firm Snyk, Mintegral — a mobile programmatic … Continue reading Popular iOS SDK Caught Spying on Billions of Users and Committing Ad Fraud
Google Researcher Reported 3 Flaws in Apache Web Server Software
The Hacker News-- If your web-server runs on Apache, you should immediately install the latest available version of the server application to prevent hackers from taking unauthorized control over it. Apache recently fixed multiple vulnerabilities in its web server software that could have potentially led to the execution of arbitrary code and, in specific scenarios, … Continue reading Google Researcher Reported 3 Flaws in Apache Web Server Software
How to Conduct a Pentest Like a Pro in 6 Phases
Penetration testing, or pentesting, is the process of probing a network or system by simulating an attack, which is used to find vulnerabilities that could be exploited by a malicious actor. The main goal of a pentest is to identify security holes and weaknesses so that the organization being tested can fix any potential issues. … Continue reading How to Conduct a Pentest Like a Pro in 6 Phases
Yeti – Your Everyday Threat Intelligence
Yeti is a platform meant to organize observables, indicators of compromise, TTPs, and knowledge on threats in a single, unified repository. Yeti will also automatically enrich observables (e.g. resolve domains, geolocate IPs) so that you don't have to. Yeti provides an interface for humans (shiny Bootstrap-based UI) and one for machines (web API) so that … Continue reading Yeti – Your Everyday Threat Intelligence
Write-Up 12- THM- Bolt
Learn to exploit a vulnerable CMS(Content Management System) using Remote Code ExecutionContinue reading on InfoSec Write-ups » View original article on InfoSec Write-ups - Medium
[ExpDev] Vulnserver — Part 7
[ExpDev] Vulnserver — Part 7Vulnserver — Part 7 (LTER — SEH Overwrite + Restricted Character Set)This will be the 7th vulnserver exploit series. We will be fuzzing and exploiting the vulnerable command LTER this time. We will identify a crash point with an SEH overwrite and circumvent the restricted character sets to introduce our encoded shellcode to gain shell access.Lab EnvironmentOS: Windows 7 (x86)Debugger: … Continue reading [ExpDev] Vulnserver — Part 7
TryHackMe: Overpass 2 — Hacked Walkthrough
TryHackMe: Overpass 2 — Hacked WalkthroughIn this article, I will be providing a walkthrough for the Overpass 2 — Hacked room, a free room available on the TryHackMe platform created by NinjaJc01. I have provided a link to the TryHackMe platform in the references below for anyone interested in trying out this free room.DisclaimerThis is a walkthrough room and not … Continue reading TryHackMe: Overpass 2 — Hacked Walkthrough
How I failed in GCB exam yet won a Brand new expensive Sony TV.
Yeah that’s a story to tell you know.. when you lose yet you win… story of life :PSO let’s get started.. to make it more interesting and to save you time based on your preference to read, I am segregating this blog into three sections, where one talks about the reasons I had not to take … Continue reading How I failed in GCB exam yet won a Brand new expensive Sony TV.
A week in security (August 17 – 23)
Last week on Malwarebytes Labs, we looked at the impact of COVID-19 on healthcare cybersecurity, dug into some pandemic stats in terms of how workforces coped with going remote, and served up a crash course on malware detection. Our most recent Lock and Code podcast explored the safety of parental monitoring apps. Other cybersecurity news … Continue reading A week in security (August 17 – 23)
Hacker's Directory 