WikiLeaks – Vault 7: AfterMidnight + Assassin implant : required reading for offense or defense teams.
Web Developer Security Checklist – Simple Security
Web Developer Security Checklist – Simple Security :
Appcanary – Everything you need to know about HTTP security headers
Appcanary – Everything you need to know about HTTP security headers :
The Increased Use Of Powershell In Attacks [Pdf]
THE INCREASED USE OF POWERSHELL IN ATTACKS [PDF] :
The Equation Group’s post-exploitation tools (DanderSpritz and more) Part 1
The Equation Group’s post-exploitation tools (DanderSpritz and more) Part 1 :
ewilded/psychoPATH
ewilded/psychoPATH : This tool is a customizable payload generator, initially designed to automate blind detection of web file upload implementations allowing to write files into the webroot (aka document root). The “blind” aspect is the key here and is inherent to dynamic testing usually conducted with no access to the source code or the filesystem.
At least 3 different groups have been leveraging the NSA EternalBlue exploit, what’s went wrong?
At least 3 different groups have been leveraging the NSA EternalBlue exploit weeks before the WannaCry attacks, here’s the evidence. In the last days, security experts discovered numerous attacks that have been leveraging the same EternalBlue exploit used by the notorious WannaCry ransomware .
Source: At least 3 different groups have been leveraging the NSA EternalBlue exploit, what’s went wrong?
NHS hit by ‘cyber attack’, at least one hospital shut down
GP told of ‘National hack of the computer health care system’ At least one NHS hospital has shut down systems and is telling patients not to come in, due to what is being described as a massive nationwide cyber attack.…
Source: NHS hit by ‘cyber attack’, at least one hospital shut down
New IoT malware targets 100000 IP cameras via known flaw
The malware , called Persirai, has been found infecting Chinese-made wireless cameras since last month, security firm Trend Micro said on Tuesday. The malware does so by exploiting flaws in the cameras that a security researcher reported back in March.
Source: New IoT malware targets 100000 IP cameras via known flaw
CIA zero-day that hijacked Cisco switches for years is finally dead
Ars Technica UK CIA zero – day that hijacked Cisco switches for years is finally dead Ars Technica UK CIA zero – day that hijacked Cisco switches for years is finally dead. Fix neutralises attack code that was put into the wild in early March.
Source: CIA zero-day that hijacked Cisco switches for years is finally dead
