d@n3n
138.4K views | +28 today
Follow
 
Scooped by Danen Raas
onto d@n3n
Scoop.it!

Chrome XSS Bypass - Fooling the Interpreter

Chrome XSS Bypass - Fooling the Interpreter | d@n3n | Scoop.it

If you ever tried to XSS something using the Google Chrome browser you have noticed that it usually doesn’t work. This is due to a native filter named XSS Auditor.

more...
No comment yet.
d@n3n
Your new post is loading...
Your new post is loading...
Scooped by Danen Raas
Scoop.it!

Meraki RCE: When Red Team and Vulnerability Research fell in love. Part 1

Meraki RCE: When Red Team and Vulnerability Research fell in love. Part 1 | d@n3n | Scoop.it

When I joined Salesforce, before moving over to vulnerability research, I worked in the Red Team. Our mission was to strengthen Salesforce’s security posture by acting as an external attacker.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Multiple Vulnerabilities in Citrix Provisioning Services

Back in August 2016, we conducted a pentest on a Citrix infrastructure, which allowed us to find various critical vulnerabilities in Citrix Provisioning Services. We contacted Citrix Security Response Team to responsibly disclose these vulnerabilities back in September, and they quickly acknowledged the issues and worked on fix.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

How to Use C++ STL Queue with an Example Program

If you stand in a queue at a grocery store (or anywhere else), the first customer in the queue will be served, and then the next, and so on. In programming terminology, especially in data structure, this concept is called FIFO (first in first out) queue.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Breaking Metasploitable3: The King of Clubs | Rapid7

Breaking Metasploitable3: The King of Clubs | Rapid7 | d@n3n | Scoop.it

Metasploitable3 is a free virtual machine that we have recently created to allow people to simulate attacks using Metasploit. In it, we have planted multiple flags throughout the whole system; they are basically collectable poker card images of some of the Rapid7/Metasploit developers.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Metasploitable 2 enumeration

Metasploitable 2 enumeration | d@n3n | Scoop.it

Step-by-Step Metasploitable 2 enumeration. In this hacking tutorial we will be enumerating Metasploitable 2 user accounts, shares, open ports and services. 

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

The Problem With AMP

Google’s Accelerated Mobile Pages or AMP is a markup language similar to HTML that allows publishers to write mobile optimized content that loads “instantly”. AMP is Google’s response to both the Apple News Format and Facebook’s Instant Articles.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Set Date and Time for Each Command You Execute in Bash History

Set Date and Time for Each Command You Execute in Bash History | d@n3n | Scoop.it

In this article, we will explain how to configure time stamp information when each command in the Bash history was executed to be displayed with date and time. 

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Everything you need to know about HTTP security headers

Some physicists 28 years ago needed a way to easily share experimental data and thus the web was born. This was generally considered to be a good move. Unfortunately, everything physicists touch — from trigonometry to the strong nuclear force — eventually becomes weaponized and so too has the Hypertext Transfer Protocol.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Penetration-Testing

Penetration-Testing | d@n3n | Scoop.it

Penetration-Testing - List of awesome penetration testing resources, tools and other shiny things.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

7 Awesome Open Source Web Performance Software For Linux and Unix-like Systems

Top seven awesome open source web performance software for Linux and Unix-like systems. 

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Practical Android Debugging Via KGDB

Practical Android Debugging Via KGDB | d@n3n | Scoop.it

Kernel debugging gives security researchers a tool to monitor and control a device under analysis. On desktop platforms such as Windows, macOS, and Linux, this is easy to perform.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Standard Notes

Standard Notes is a basic notes app that delivers only the essentials in note taking. Because of its simplicity and resistance to growth, users can count on:

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Bluetooth scanner: Bluelog

Bluetooth scanner: Bluelog | d@n3n | Scoop.it

Bluelog is a Linux Bluetooth scanner written to do a single task, log devices that are in discoverable mode. It is intended to be used as a site survey tool, determining how many discoverable Bluetooth devices there are in the area. It has also proven to be very well suited to Bluetooth traffic monitoring applications.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Integrate WHONIX with Kali Linux to Achieve Anonymity- InfoSec

Integrate WHONIX with Kali Linux to Achieve Anonymity- InfoSec | d@n3n | Scoop.it

How to become anonymous is the most common question that everybody asks on the internet. There could be many reasons to be an anonymous user; you are a journalist, and you want to get in touch with a whistleblower, or maybe you just care about your privacy.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Targeted Threat Leads to Keylogger via Fake Silverlight Update

Targeted Threat Leads to Keylogger via Fake Silverlight Update | d@n3n | Scoop.it

Proofpoint researchers track a targeted keylogger campaign using embedded Visual Basic objects and a fake Silverlight update lure. 

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Preventing Cross-Site Scripting

Preventing Cross-Site Scripting | d@n3n | Scoop.it

Cross-Site Scripting (XSS) is a security vulnerability which enables an attacker to place client side scripts (usually JavaScript) into web pages. When other users load affected pages the attackers scripts will run, enabling the attacher to steal cookies and session tokens, change the contents of the web page through DOM manipulation or redirect the browser to another page.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

CAN and CAN FD - a brief tutorial for Embedded Engineers

CAN and CAN FD - a brief tutorial for Embedded Engineers | d@n3n | Scoop.it

A short tutorial on the main features of the CAN bus and its extension CAN FD allowing embedded engineers to rapidly see what they need to CAN enable their applications. One of a series of embedded tutorials from COMSOL suppliers of Europes widest range of tools for embedded microprocessor/microcontroller developers.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

How to Encrypt Your Hard Disk in Ubuntu

How to Encrypt Your Hard Disk in Ubuntu | d@n3n | Scoop.it

We'll go over the benefits and downsides of encrypting an entire hard drive as well as the steps to encrypt a hard disk in Ubuntu. Let's get started! 

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

New Variant of Ploutus ATM Malware Observed in the Wild in Latin America

New Variant of Ploutus ATM Malware Observed in the Wild in Latin America | d@n3n | Scoop.it

Ploutus is one of the most advanced ATM malware families we’ve seen in the last few years. Discovered for the first time in Mexico back in 2013, Ploutus enabled criminals to empty ATMs using either an external keyboard attached to the machine or via SMS message, a technique that had never been seen before.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

BlockBlock - Objective-See

BlockBlock - Objective-See | d@n3n | Scoop.it

Malware installs itself persistently, to ensure it's automatically re-executed at reboot. BlockBlock continually monitors common persistence locations and displays an alert whenever a persistent component is added to the OS.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

A Search Engine for Programming Language Syntax Is a Pretty Good Idea

A Search Engine for Programming Language Syntax Is a Pretty Good Idea | d@n3n | Scoop.it

The current search engine for programming language syntax is Google. Knowing how to search for information is a key skill in knowing how to program at all.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Streamlining Exploit Development Processes Through Vulnerability and Exploit Databases - InfoSec

An exploit is designed to take advantage of certain vulnerabilities in software products, hardware devices, digital tools or electronic equipment. These exploits are software codes or command sequences that can cause computer networks, standalone digital devices, other software products and electronic tools to behave abnormally.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Bypassing Control Flow Guard in Windows 10

Bypassing Control Flow Guard in Windows 10 | d@n3n | Scoop.it

Control Flow Guard (CFG) is a mitigation implemented by Microsoft in Windows 8.1 Update 3 and Windows 10 which attempts to protect indirect calls at the assembly level.

more...
No comment yet.