Understanding how Kerberos works, but also WHY it works the way it does Security News & Discussion

---

• Understanding how Kerberos works, but also WHY it works the way it does
• Kinsing Malware. Uses Shakespear's Hamlet to bypass static detection engines.
• Overview of dnsmasq Vulnerabilities: The Dangers of DNS Cache Poisoning
• CVE-2020-5377: Dell OpenManage Server Administrator File Read
• Run .Net assemblies using rundll32.exe
• Exploring Nim language - Writing a ransomware
• The great SameSite confusion
• Dangling DNS: Amazon EC2 IPs (Current State)
• CORS Misconfiguration in Verizon’s Residential Account Portal [2020]
• MSDAT v2.1 (& 2.0) is released. Many improvements in OLE automation, reverse shell, etc. New features and Python 3 compatible only now.
• GitHub security update: A bug related to handling of authenticated sessions
• VOOdoo - Remotely Compromising VOO Cable Modems
• Prime+Probe 1, JavaScript 0: Overcoming Browser-based Side-Channel Defenses
• Fuzzing grub: part 1
• Activists turn hacktivists - new ransomware that does not demand money [Article on SARBLOH Ransomware]
• BruteShark Version v1.2.0 Released: BruteShark is now can operate a Sniffer :-) live capture and build a visual network diagram, extract credentials and hashes including Kerberos and NTLM hashes on real time. I would love to get your feedback's! (p.s, contributors are also welcome)
• dwisiswant0/proxylogscan - A fast tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin (CVE-2021-26855) / ProxyLogon.

Understanding how Kerberos works, but also WHY it works the way it does Posted: 09 Mar 2021 12:40 AM PST submitted by /u/attl4s [link] [comments]

Kinsing Malware. Uses Shakespear's Hamlet to bypass static detection engines. Posted: 09 Mar 2021 10:40 AM PST submitted by /u/jat0369 [link] [comments]

Overview of dnsmasq Vulnerabilities: The Dangers of DNS Cache Poisoning Posted: 09 Mar 2021 11:23 AM PST submitted by /u/bfft [link] [comments]

CVE-2020-5377: Dell OpenManage Server Administrator File Read Posted: 09 Mar 2021 09:49 AM PST submitted by /u/hackers_and_builders [link] [comments]

Run .Net assemblies using rundll32.exe Posted: 08 Mar 2021 04:23 PM PST submitted by /u/p3nt4 [link] [comments]

Exploring Nim language - Writing a ransomware Posted: 09 Mar 2021 05:33 AM PST submitted by /u/Fun_Preference1113 [link] [comments]

The great SameSite confusion Posted: 09 Mar 2021 08:07 AM PST submitted by /u/lamintak [link] [comments]

Dangling DNS: Amazon EC2 IPs (Current State) Posted: 09 Mar 2021 06:01 AM PST submitted by /u/melbadry9 [link] [comments]

CORS Misconfiguration in Verizon’s Residential Account Portal [2020] Posted: 09 Mar 2021 06:36 AM PST submitted by /u/nightwatchcyber [link] [comments]

MSDAT v2.1 (& 2.0) is released. Many improvements in OLE automation, reverse shell, etc. New features and Python 3 compatible only now. Posted: 09 Mar 2021 01:09 AM PST submitted by /u/HeadProfessional [link] [comments]

GitHub security update: A bug related to handling of authenticated sessions Posted: 08 Mar 2021 07:43 PM PST submitted by /u/Gallus [link] [comments]

VOOdoo - Remotely Compromising VOO Cable Modems Posted: 08 Mar 2021 11:33 PM PST submitted by /u/movr0spblxr2 [link] [comments]

Prime+Probe 1, JavaScript 0: Overcoming Browser-based Side-Channel Defenses Posted: 08 Mar 2021 04:41 PM PST submitted by /u/Gallus [link] [comments]

Fuzzing grub: part 1 Posted: 08 Mar 2021 08:05 PM PST submitted by /u/Gallus [link] [comments]

Activists turn hacktivists - new ransomware that does not demand money [Article on SARBLOH Ransomware] Posted: 08 Mar 2021 02:03 PM PST submitted by /u/accountisreadonly [link] [comments]

BruteShark Version v1.2.0 Released: BruteShark is now can operate a Sniffer :-) live capture and build a visual network diagram, extract credentials and hashes including Kerberos and NTLM hashes on real time. I would love to get your feedback's! (p.s, contributors are also welcome) Posted: 08 Mar 2021 01:24 PM PST submitted by /u/BruteShark [link] [comments]

dwisiswant0/proxylogscan - A fast tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin (CVE-2021-26855) / ProxyLogon. Posted: 08 Mar 2021 06:54 AM PST submitted by /u/dwisiswant0 [link] [comments]

You are subscribed to email updates from /r/netsec - Information Security News & Discussion. To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States