Hacker News
- SMTP Smuggling – Spoofing Emails Worldwide https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/ 73 comments
- The Art of Fuzzing (2017) [pdf] https://sec-consult.com/wp-content/uploads/files/vulnlab/the_art_of_fuzzing_slides.pdf 2 comments
- Windows NTFS Tricks Collection https://sec-consult.com/en/blog/2018/06/pentesters-windows-ntfs-tricks-collection/ 101 comments
- When baby monitors fail to be smart https://www.sec-consult.com/en/blog/2018/02/internet-of-babies-when-baby-monitors-fail-to-be-smart/index.html 60 comments
- Ubiquiti device command injection vulnerability granting root access https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170316-0_Ubiquiti_Networks_authenticated_command_injection_v10.txt 3 comments
- TRAP; RESET; POISON; - Taking over a country Kaminsky style https://sec-consult.com/blog/detail/taking-over-a-country-kaminsky-style/ 4 comments netsec
- Introducing DNS Analyzer: A Burp Suite extension for finding DNS vulnerabilities in web applications https://sec-consult.com/blog/detail/dns-analyzer-finding-dns-vulnerabilities-with-burp-suite/ 23 comments netsec
- Longest timeline ever, critical vulns in Trend Micro security product IWSVA https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-trend-micro-interscan-web-security-virtual-appliance/ 4 comments netsec
- Bug or Feature: Privilege Escalation in Windows Autopilot https://sec-consult.com/en/blog/2020/11/bug-oder-feature-privilege-escalation-in-windows-autopilot/ 4 comments netsec
- XOR "encryption" in Forticlient/FortiGate used for FortiGuard Web Filter cloud lookups, leak full HTTP URLs of web surfing activity https://sec-consult.com/en/blog/advisories/weak-encryption-cipher-and-hardcoded-cryptographic-keys-in-fortinet-products/ 58 comments netsec
- Signature bypass vulnerability in library used for online German ID card authentication (allows impersonating any citizen) https://www.sec-consult.com/en/blog/2018/11/my-name-is-johann-wolfgang-von-goethe-i-can-prove-it/ 4 comments netsec
- Local root jailbreak, authorization bypass & privilege escalation security vulnerabilities in all ADB broadband router / gateways / modems https://www.sec-consult.com/en/blog/advisories/local-root-jailbreak-via-network-file-sharing-flaw-in-all-adb-broadband-gateways-routers/ 5 comments netsec
- True Story: The Case of a Hacked Baby Monitor https://www.sec-consult.com/en/blog/2018/06/true-story-the-case-of-a-hacked-baby-monitor-gwelltimes-p2p-cloud/ 3 comments netsec
- Pentester's NTFS Tricks Collection (CVE-2018-1036, NTFS Elevation of Privileges) https://sec-consult.com/en/blog/2018/06/pentesters-windows-ntfs-tricks-collection/ 6 comments netsec
- Authentication bypass in Oracle Access Manager SSO solution via padding oracle attack https://www.sec-consult.com/en/blog/advisories/authentication-bypass-in-oracle-access-manager/ 4 comments crypto
- Internet of Baby Monitors: 56.000 Baby Monitors Can Be Spied On With Ease https://www.sec-consult.com/en/blog/2018/02/internet-of-babies-when-baby-monitors-fail-to-be-smart/index.html 39 comments netsec
- Security alert for iot sex toys https://www.sec-consult.com/en/blog/2018/02/internet-of-dildos-a-long-way-to-a-vibrant-future-from-iot-to-iod/index.html 35 comments netsec
- The Art of Fuzzing – Slides and Demos (Workflow AFL&WinAFL, Taint Analysis in Fuzzing, In-Memory Fuzzing, Reversing Tricks for Fuzzing, ...) https://sec-consult.com/en/blog/2017/11/the-art-of-fuzzing-slides-and-demos/index.html 3 comments netsec
- Used Outlook's S/MIME feature in the past 6 months? Your mails were probably not sent encrypted https://www.sec-consult.com/en/blog/2017/10/fake-crypto-microsoft-outlook-smime-cleartext-disclosure-cve-2017-11776/index.html 17 comments netsec
- Hack the Hacker – Fuzzing Mimikatz On Windows With WinAFL & Heatmaps (0day) https://www.sec-consult.com/en/blog/2017/09/hack-the-hacker-fuzzing-mimikatz-on-windows-with-winafl-heatmaps-0day/index.html 8 comments netsec
- Backdoor and unauthenticated access to voice recordings in Israeli surveillance gear (NICE Recording eXpress) https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140528-0_nice_recording_express_multiple_critical_vulnerabilities_v10.txt 10 comments netsec
- Multiple critical vulnerabilities in AVG Remote Administration https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140508-0_avg_remote_administration_multiple_critical_vulnerabilities_v10.txt 14 comments netsec
- Multiple critical vulnerabilities in AVG Remote Administration https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140508-0_AVG_Remote_Administration_Multiple_critical_vulnerabilities_v10.txt 3 comments sysadmin
- Dissecting Blackberry 10 – An initial analysis https://www.sec-consult.com/fxdata/seccons/prod/downloads/sec_consult_vulnerability_lab_blackberry_z10_initial_analysis_v10.pdf 5 comments netsec