d@n3n
138.9K views | +19 today
Follow
 
Scooped by Danen Raas
onto d@n3n
Scoop.it!

Location Based Payloads - Part II - Fooling the Interpreter

Location Based Payloads - Part II - Fooling the Interpreter | d@n3n | Scoop.it

If you didn’t read it yet, I highly recommend the reading of part I. Without using parentheses to call functions and brackets to addressing chars in an array, we can only rely on document properties to make the XSS payload work.

more...
No comment yet.
d@n3n
Your new post is loading...
Your new post is loading...
Scooped by Danen Raas
Scoop.it!

Simple Wi-Fi Yagi

Simple Wi-Fi Yagi | d@n3n | Scoop.it

It's easy to make a small Yagi for a wireless router even if it lacks an antenna connector. The photo shows how I added two parasitic elements to the sleeve dipole of my Netgear WGR614.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Rust – memory safety without garbage collector

Rust – memory safety without garbage collector | d@n3n | Scoop.it

I’ve spent time with Rust at various points in the past, and being a language in development it was no surprise that every time I looked there were breaking changes and even the documentations look very different at every turn!

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Application-Security

Application-Security | d@n3n | Scoop.it

Application-Security - Resources for learning about application security.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Making Raw Syscalls on Windows From Python

Often times while writing a proof of concept for an exploit or doing vulnerability research its necessary to make a raw syscall on Windows. Usually syscalls are called by a thin wrapping function in userland, often provided as an exported function from within a DLL.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

TLS/SSL Vulnerabilities

A client recently gave me a list of their supported ciphers and asked me which SSL ciphers they should disable – effectively looking for the most secure SSL ciphers they can use. Instead of the fast answer of “disable the insecure ones”, I thought I’d try and write up something useful.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

peloton

peloton | d@n3n | Scoop.it

peloton - The Self-Driving Database Management System.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Kano review

Kano review | d@n3n | Scoop.it

The kano computer is a raspberry pi based computer that is meant for kids to put together and build themselves. Looks a bit like this:

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

OWASP Secure Headers

OWASP Secure Headers Project involves setting headers from the server is easy and often doesn’t require any code changes. Once set, they can restrict modern browsers from running into easily preventable vulnerabilities.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

pics

pics | d@n3n | Scoop.it

pics - Posters. ELF, Mach-O and PE (SVG and PDF available)

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

onionmx

onionmx | d@n3n | Scoop.it

onionmx - Onion delivery, so delicious. Even if you use TLS for your connections they are opportunistic. Even if you use OpenPGP for your connections, it is relatively easy for someone passively monitoring email traffic to correlate interesting metadata: who is communicating with whom, when and how much. Worse, it is trivial for a third party to know that two people are communicating.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Hacking Tutorials 2017

Hacking Tutorials 2017 | d@n3n | Scoop.it

Hacking Tutorials 2017 mission, vision, plans. In 2017 we will be focusing on penetration testing tutorials and training in virtual labs.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

automato

automato | d@n3n | Scoop.it

automato should help with automating some of the user-focused enumeration tasks during an internal penetration test. 

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

autovpn

autovpn - Easily connect to a VPN in a country of your choice.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

GoBooks

GoBooks | d@n3n | Scoop.it

GoBooks - List of Golang books.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

A Tour of Machine Learning Algorithms

A Tour of Machine Learning Algorithms | d@n3n | Scoop.it

Take a tour of the most popular machine learning algorithms. In this post, we take a tour of the most popular machine learning algorithms. It is useful to tour the main algorithms in the field to get a feeling of what methods are available.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Spora - the Shortcut Worm that is also a Ransomware

Spora - the Shortcut Worm that is also a Ransomware | d@n3n | Scoop.it

Ransomware is a serious digital threat nowadays. Spora, a new malware family, combines encryption techniques with worm-like behavior in a remarkable manner. 

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Evil: A poor man's ransomware in JavaScript

Introduction Initially Evil was brought to our attention by an incident reported on 2017-01-08. By that time the Internet was completely silent on that threat and we had nothing to analyze. We found first working sample day later, on 2017-01-09. In this article we will shortly summarize our analysis and conclusions.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

How To Change The Sudo Prompt In Linux And Unix

How To Change The Sudo Prompt In Linux And Unix | d@n3n | Scoop.it

I felt a bit bored today. While digging in Google, I found this cool and useless hack. There is an option to change the sudo prompt to something cool or funny.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

LUKS Support - hashcat Forum

LUKS offers a set of "crypto items" (hashes, ciphers, blockmodes and keysizes) which can be used to configure an encrypted block device. The user can freely select them which then creates a large number of possible crypto relevant combinations. This made it a very work intensive implementation especially without a crypto library and on GPU.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

A theme pack to system privilege

Android users may be familiar with theme packs, which is a major advantage for android over iOS. Two years ago we conducted a review of Huawei’s EMUI on a cooperation project, discovering dozens of vulnerabilities, including DOS to system/kernel code execution, which were of course already reported and fixed.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

A tiny zine about machine learning

The other day I gave a talk on doing machine learning in production. It was a short talk at a local meetup, and I felt like trying something new.

more...
No comment yet.
Scooped by Danen Raas
Scoop.it!

Driver Development Part 2: Introduction to Implementing IOCTLs

Driver Development Part 2: Introduction to Implementing IOCTLs | d@n3n | Scoop.it

This is the second tutorial of the Writing Device Drivers series. There seems to be a lot of interest in the topic, so this article will pick up where the first left off.

more...
No comment yet.