New Windows 10 zero-day gets published to Github by SandboxEscaper Security News & Discussion

---

• New Windows 10 zero-day gets published to Github by SandboxEscaper
• Sophisticated Phishing Using Homograph Attacks
• Fuzz a WebSocket with the Python Kitty Fuzzing Framework (OWASP ZAP didn't work for this case)
• Building backdoors for Apache (PoC inside with socks5 support, root shell, hiding logs...)
• Unauthenticated CVE-2019-0708 (RDP RCE) scanner PoC
• No, 2FA Does Not Stop Credential Stuffing Attacks
• Introducing py-ews: A cross-platform Python package to interact with eDiscovery endpoints using Exchange Web Services for Exchange 2010 to 2019 and Office 365
• My first professional article: "Static Code Analysis — A Personal Research Story"
• Write-up | WD My Cloud RCE
• UXSS in Safari

New Windows 10 zero-day gets published to Github by SandboxEscaper Posted: 22 May 2019 08:11 AM PDT submitted by /u/ThrowAway823434-234 [link] [comments]

Sophisticated Phishing Using Homograph Attacks Posted: 22 May 2019 07:26 AM PDT submitted by /u/slashcrypto [link] [comments]

Fuzz a WebSocket with the Python Kitty Fuzzing Framework (OWASP ZAP didn't work for this case) Posted: 22 May 2019 09:16 AM PDT submitted by /u/andreashappe [link] [comments]

Building backdoors for Apache (PoC inside with socks5 support, root shell, hiding logs...) Posted: 22 May 2019 07:55 AM PDT submitted by /u/gid0rah [link] [comments]

Unauthenticated CVE-2019-0708 (RDP RCE) scanner PoC Posted: 22 May 2019 12:11 AM PDT submitted by /u/Fugitif [link] [comments]

No, 2FA Does Not Stop Credential Stuffing Attacks Posted: 22 May 2019 09:54 AM PDT submitted by /u/jsoverson [link] [comments]

Introducing py-ews: A cross-platform Python package to interact with eDiscovery endpoints using Exchange Web Services for Exchange 2010 to 2019 and Office 365 Posted: 22 May 2019 09:03 AM PDT Hello Everyone, I recently released an open-source Python package called py-ews. Py-ews allows you to (at this time) interact with the Exchange 2010 to 2019 (on-premises) and Office 365 eDiscovery endpoints to: ​ GetSearchableMailboxes: Automatically identify all mailboxes in your environment that you have access rights to search. SearchMailboxes: By using Microsoft's Advanced Query Syntax you can search a single or all mailboxes in your environment. DeleteItem: You can HardDelete, SoftDelete or MoveToDeletedItems a mail item. Autodiscover: Autodiscover enables you to call a single endpoint when communicating with EWS. ResolveNames: Translate a users email address into a detailed user object to retrieve properties from. GetInboxRules: Determine the inbox rules of a single mailbox. ​ You can read more about it with this blog post: https://swimlane.com/blog/swimlane-research-team-py-ews/ The official documentation is here: https://py-ews.readthedocs.io/en/latest/ ​ Also, this is my first pypi python package (I previously have wrote and distributed a lot of PowerShell modules). ​ I hope this helps some of you out there! Cheers! submitted by /u/_Unas_ [link] [comments]

My first professional article: "Static Code Analysis — A Personal Research Story" Posted: 22 May 2019 07:04 AM PDT submitted by /u/mjalt96 [link] [comments]

Write-up | WD My Cloud RCE Posted: 22 May 2019 12:49 PM PDT submitted by /u/bnbdr [link] [comments]

UXSS in Safari Posted: 22 May 2019 12:33 AM PDT submitted by /u/i_bo0om [link] [comments]

You are subscribed to email updates from /r/netsec - Information Security News & Discussion. To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States