How I exploited ACME TLS-SNI-01 issuing Let’s Encrypt SSL-certs for any domain using shared hosting Security News & Discussion

---

• How I exploited ACME TLS-SNI-01 issuing Let’s Encrypt SSL-certs for any domain using shared hosting
• Chaining Bugs to Steal Yahoo Contacts!
• 34C3 Tool Release: Cachegrab for TrustZone
• Zone transfers in The Netherlands
• FILE Structure Exploitation - 'vtable' check bypass
• Libc Realpath Buffer Underflow CVE-2018-1000001
• No boundaries for user identities: Web trackers exploit browser login managers
• Analyzing an Agent Tesla campaign: from a word document to the attacker credentials
• Ay MaMi › Analyzing a (new?) macOS DNS Hijacker: OSX/MaMi
• Reviewing AlwaysOnSSL - The new free & automated Certificate Authority
• Polymorphic and smaller versions of three shell-storm’s x64 shellcodes, including the smallest execve /bin/sh
• Tool from MITRE/IAD for analysis based on MITRE ATT&CK.
• iOS kernel exploitation archaeology (34th Chaos Communication Congress) -- slide deck
• Sharing info-sec snippets with everyone.

How I exploited ACME TLS-SNI-01 issuing Let’s Encrypt SSL-certs for any domain using shared hosting Posted: 12 Jan 2018 08:17 AM PST submitted by /u/tunnelshade [link] [comments]

Chaining Bugs to Steal Yahoo Contacts! Posted: 12 Jan 2018 07:48 AM PST submitted by /u/sxcurity [link] [comments]

34C3 Tool Release: Cachegrab for TrustZone Posted: 12 Jan 2018 08:17 AM PST submitted by /u/digicat [link] [comments]

Zone transfers in The Netherlands Posted: 12 Jan 2018 03:57 AM PST submitted by /u/binaryfigments [link] [comments]

FILE Structure Exploitation - 'vtable' check bypass Posted: 12 Jan 2018 08:57 AM PST submitted by /u/dhavalkapil [link] [comments]

Libc Realpath Buffer Underflow CVE-2018-1000001 Posted: 12 Jan 2018 03:30 AM PST submitted by /u/the_gnarts [link] [comments]

No boundaries for user identities: Web trackers exploit browser login managers Posted: 11 Jan 2018 11:12 PM PST submitted by /u/kink0 [link] [comments]

Analyzing an Agent Tesla campaign: from a word document to the attacker credentials Posted: 12 Jan 2018 01:26 AM PST submitted by /u/_cacao [link] [comments]

Ay MaMi › Analyzing a (new?) macOS DNS Hijacker: OSX/MaMi Posted: 12 Jan 2018 02:49 AM PST submitted by /u/moviuro [link] [comments]

Reviewing AlwaysOnSSL - The new free & automated Certificate Authority Posted: 12 Jan 2018 05:30 AM PST submitted by /u/ayeshrajans [link] [comments]

Polymorphic and smaller versions of three shell-storm’s x64 shellcodes, including the smallest execve /bin/sh Posted: 12 Jan 2018 06:14 AM PST submitted by /u/0x4ndr3 [link] [comments]

Tool from MITRE/IAD for analysis based on MITRE ATT&CK. Posted: 11 Jan 2018 07:57 PM PST submitted by /u/tarzaninjanesjungle [link] [comments]

iOS kernel exploitation archaeology (34th Chaos Communication Congress) -- slide deck Posted: 12 Jan 2018 12:38 AM PST submitted by /u/pwnwaffe [link] [comments]

Sharing info-sec snippets with everyone. Posted: 12 Jan 2018 12:31 AM PST submitted by /u/PinVie [link] [comments]

You are subscribed to email updates from /r/netsec - Information Security News & Discussion. To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States