d@n3n
133.7K views | +98 today
Follow
d@n3n
Your new post is loading...
Your new post is loading...
Scooped by Danen Raas
Scoop.it!

The Orphaned Internet – Taking Over 120K Domains via a DNS Vulnerability in AWS, Google Cloud, Rackspace and Digital Ocean

Recently, I found that Digital Ocean suffered from a security vulnerability in their domain import system which allowed for the takeover of 20K domain names. If you haven’t given that post a read I recommend doing so before going through this write up. Originally I had assumed that this issue was specific to Digital Ocean but this couldn’t be farther from the truth as I’ve now learned.
more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Extracting Shellcode From JavaScript

Extracting Shellcode From JavaScript | d@n3n | Scoop.it

A global cooperative cyber threat / internet security monitor and alert system. Featuring daily handler diaries with summarizing and analyzing new threats to networks and internet security events.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Security for the High-Risk User

Security for the High-Risk User: Separate and Unequal John Scott-Railton | Citizen Lab, Munk School of Global Affairs, University of Toronto  Note: This is a slightly modified version of a paper of the same name submitted to IEEE Security & Privacy, and published in Spring 2016. 

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

ducible

A tool to make Windows builds reproducible. 

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Backdoor in Sony IPELA Engine IP Cameras

Backdoor in Sony IPELA Engine IP Cameras | d@n3n | Scoop.it

SEC Consult has found a backdoor in Sony IPELA Engine IP Cameras, mainly used professionally by enterprises and authorities.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

pina-colada

pina-colada - A powerful and extensible wifi pineapple.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

malboxes

malboxes - Builds malware analysis Windows VMs so that you don't have to. 

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

beamgun

beamgun | d@n3n | Scoop.it

beamgun - A rogue-USB-device defeat program for Windows. 

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Elixir, Ruby, don’t fight. Talk… with Erlix

Elixir, Ruby, don’t fight. Talk… with Erlix | d@n3n | Scoop.it

This article describes another way, how Elixir and Ruby can talk to each other. We will use Erlix this time. This method makes Ruby process act like the Erlang node, witch is connected to Erlang VM over the network.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

HTTP/2 Push: The details

HTTP/2 Push: The details | d@n3n | Scoop.it
HTTP/2 (h2) is here and it tastes good! One of the most interesting new features is h2 push, which allows the server to send data to the browser without having to wait for the browser to explicitly request it first.
more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Measuring GC latencies in Haskell, OCaml, Racket

James Fisher has a blog post on a case where GHC's runtime system imposed unpleasant latencies on their Haskell program: Low latency, large working set, and GHC's garbage collector: pick two of three.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Libcall

Libcall | d@n3n | Scoop.it

Libcall - a wrapper for different types of calls it can be used to spawn an external process or just python code from a new thread or dedicated process with timeout support. You will get a handle that you can use to retrieve the status of the running call or to order it to stop at any point in time always using the same API regardless of the call type.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Six seconds to hack a credit card

Six seconds to hack a credit card | d@n3n | Scoop.it

New research reveals the ease with which criminals can hack an account without any of the card details. 

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Visa Payment Cards Vulnerable to Brute-Forcing

A study released by researchers from Newcastle University shows that it could take an attacker around six seconds to guess payment card details, which he could later use to carry out fraudulent transactions.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Detect DNS Spoofing: dnstraceroute

Detect DNS Spoofing: dnstraceroute | d@n3n | Scoop.it

Another great tool from Babak Farrokhi is dnstraceroute. It is part of the DNSDiag toolkit from which I already showed the dnsping feature.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Firing Range - address sourced DOM vulnerabilities

These vulnerabilities source the payload from a component of the address bar, usually the fragment, and use javascript sinks to trigger DOM based XSS.
more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Tutorial - Write a Shell in C

It’s easy to view yourself as “not a real programmer.” There are programs out there that everyone uses, and it’s easy to put their developers on a pedestal.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

A Simple Explanation: VLC.js

A Simple Explanation: VLC.js | d@n3n | Scoop.it

The previous entry got the attention it needed, and the maintainers of the VLC project connected with both Emularity developers and Emscripten developers and the process has begun.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Following Process Hollowing in OllyDbg

Following Process Hollowing in OllyDbg | d@n3n | Scoop.it

Process Hollowing is a common technique used by modern malware to create a process which appears legitimate when viewed in tools such as Task Manager, but whose code has in fact been replaced with malicious content.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

 Windows ExploitDev: Part 11

 Windows ExploitDev: Part 11 | d@n3n | Scoop.it
Hola, and welcome back to part 11 of the Windows exploit development tutorial series. Today we will be exploiting a Kernel write-what-where vulnerability using @HackSysTeam's extreme vulnerable driver.
more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Announcing OSS-Fuzz: Continuous fuzzing for open source software

Announcing OSS-Fuzz: Continuous fuzzing for open source software | d@n3n | Scoop.it

We are happy to announce OSS-Fuzz, a new Beta program developed over the past years with the Core Infrastructure Initiative community. This program will provide continuous fuzzing for select core open source software.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Penetration Testing Benefits: Pen Testing for Risk Management

This article explores the probable benefits which result from the relationships between penetration testing and various other mechanisms for fortifying cybersecurity defenses, such as Vulnerability Management Program /Section 1/, Risk Assessment /Section 2/, and Business Continuity /Section 3/

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Minion – Mozilla Security Testing Framework

Minion – Mozilla Security Testing Framework | d@n3n | Scoop.it

Minion is a security testing framework built by Mozilla to bridge the gap between developers and security testers. To do so, it enables developers to scan their projects using a friendly interface.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

PentestBox

PentestBox is an Opensource PreConfigured Portable Penetration Testing Environment for the Windows Operating System 

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

"Sophisticated" and "Genius" Shamoon 2.0 Malware Analysis

"Sophisticated" and "Genius" Shamoon 2.0 Malware Analysis | d@n3n | Scoop.it

Seems like this not-sophisticated-at-all malware called Shamoon 2.0/Disttrack caused lots of damage across multiple government networks in Saudi Arabia.

more...
No comment yet.