d@n3n
138.8K views | +42 today
Follow
 
Scooped by Danen Raas
onto d@n3n
Scoop.it!

CORS Enabled XSS

CORS Enabled XSS | d@n3n | Scoop.it

Misconfigured CORS (Cross Origin Resource Sharing) headers can’t be abused to trigger javascript in a target website. But there’s an interesting and useful way to use it in an existing XSS scenario. One page websites, by their very nature, make heavy use of javascript.

more...
No comment yet.
d@n3n
Your new post is loading...
Your new post is loading...
Scooped by Danen Raas
Scoop.it!

flatbuffers

flatbuffers | d@n3n | Scoop.it

flatbuffers - Memory Efficient Serialization Library.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Making Raw Syscalls on Windows From Python

Often times while writing a proof of concept for an exploit or doing vulnerability research its necessary to make a raw syscall on Windows. Usually syscalls are called by a thin wrapping function in userland, often provided as an exported function from within a DLL.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

TLS/SSL Vulnerabilities

A client recently gave me a list of their supported ciphers and asked me which SSL ciphers they should disable – effectively looking for the most secure SSL ciphers they can use. Instead of the fast answer of “disable the insecure ones”, I thought I’d try and write up something useful.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

peloton

peloton | d@n3n | Scoop.it

peloton - The Self-Driving Database Management System.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Kano review

Kano review | d@n3n | Scoop.it

The kano computer is a raspberry pi based computer that is meant for kids to put together and build themselves. Looks a bit like this:

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

OWASP Secure Headers

OWASP Secure Headers Project involves setting headers from the server is easy and often doesn’t require any code changes. Once set, they can restrict modern browsers from running into easily preventable vulnerabilities.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

pics

pics | d@n3n | Scoop.it

pics - Posters. ELF, Mach-O and PE (SVG and PDF available)

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

onionmx

onionmx | d@n3n | Scoop.it

onionmx - Onion delivery, so delicious. Even if you use TLS for your connections they are opportunistic. Even if you use OpenPGP for your connections, it is relatively easy for someone passively monitoring email traffic to correlate interesting metadata: who is communicating with whom, when and how much. Worse, it is trivial for a third party to know that two people are communicating.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Hacking Tutorials 2017

Hacking Tutorials 2017 | d@n3n | Scoop.it

Hacking Tutorials 2017 mission, vision, plans. In 2017 we will be focusing on penetration testing tutorials and training in virtual labs.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Containers - MozillaWiki

Containers - MozillaWiki | d@n3n | Scoop.it

Individuals behave differently in the world when they are in different contexts. The way they act at work may differ from how they act with their family. Similarly, users have different contexts when they browse the web. They may not want to mix their social network context with their work context.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

vFeed Vulnerability & Threat Database Build 01212017 available – vFeed IO

The vFeed vulnerability & threat intelligence Consultancy & Integrator Plans database has been updated with +90 new CVEs and hundreds of cross-links references (Metasploit, OpenVAS, Nessus, Nmap, OVAL, Snort, Suricata and more)

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Bypassing Anti-viruses with transfer Backdoor Payloads by DNS traffic

Bypassing Anti-viruses with transfer Backdoor Payloads by DNS traffic | d@n3n | Scoop.it
In this article I want to explain how can bypass anti-viruses without encryption method for payloads also I want to share source code for this Article in my github.
more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

A Tour of Machine Learning Algorithms

A Tour of Machine Learning Algorithms | d@n3n | Scoop.it

Take a tour of the most popular machine learning algorithms. In this post, we take a tour of the most popular machine learning algorithms. It is useful to tour the main algorithms in the field to get a feeling of what methods are available.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Spora - the Shortcut Worm that is also a Ransomware

Spora - the Shortcut Worm that is also a Ransomware | d@n3n | Scoop.it

Ransomware is a serious digital threat nowadays. Spora, a new malware family, combines encryption techniques with worm-like behavior in a remarkable manner. 

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Evil: A poor man's ransomware in JavaScript

Introduction Initially Evil was brought to our attention by an incident reported on 2017-01-08. By that time the Internet was completely silent on that threat and we had nothing to analyze. We found first working sample day later, on 2017-01-09. In this article we will shortly summarize our analysis and conclusions.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

How To Change The Sudo Prompt In Linux And Unix

How To Change The Sudo Prompt In Linux And Unix | d@n3n | Scoop.it

I felt a bit bored today. While digging in Google, I found this cool and useless hack. There is an option to change the sudo prompt to something cool or funny.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

LUKS Support - hashcat Forum

LUKS offers a set of "crypto items" (hashes, ciphers, blockmodes and keysizes) which can be used to configure an encrypted block device. The user can freely select them which then creates a large number of possible crypto relevant combinations. This made it a very work intensive implementation especially without a crypto library and on GPU.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

A theme pack to system privilege

Android users may be familiar with theme packs, which is a major advantage for android over iOS. Two years ago we conducted a review of Huawei’s EMUI on a cooperation project, discovering dozens of vulnerabilities, including DOS to system/kernel code execution, which were of course already reported and fixed.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

A tiny zine about machine learning

The other day I gave a talk on doing machine learning in production. It was a short talk at a local meetup, and I felt like trying something new.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Driver Development Part 2: Introduction to Implementing IOCTLs

Driver Development Part 2: Introduction to Implementing IOCTLs | d@n3n | Scoop.it

This is the second tutorial of the Writing Device Drivers series. There seems to be a lot of interest in the topic, so this article will pick up where the first left off.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Find Linux Exploits by Kernel version

Find Linux Exploits by Kernel version | d@n3n | Scoop.it

Sometimes it's really hard to find the correct exploit. This would help to find Linux Exploits by Kernel version. 

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

This is not an EXE, this is not a DLL, This is a Windows App

This is not an EXE, this is not a DLL, This is a Windows App | d@n3n | Scoop.it

I normally don’t pay much attention to Windows apps, but since I knew calc.exe is just a dumb redirector that loads a Calculator app I eventually got curious and loaded the app into IDA. What caught my eye immediately was a number of exported functions:

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Pwnable.tw

Pwnable.tw | d@n3n | Scoop.it

Pwnable.tw is a wargame site for hackers to test and expand their exploiting skills. 

more...
No comment yet.