Post by (@david-maas) on Wed, 13 May 20 21:09:36 +0000 View Full Post Top most exploited vulnerabilities by CVE, according to various parts of the US govt: https://www.zdnet.com/article/dhs-cisa-and-fbi-share-list-of-top-10-mos...
Post by (@david-maas) on Fri, 03 Apr 20 15:51:53 +0000 View Full Post Link to javascript code for uploading a shell to wordpress via an XSS: http://dumpco.re/blog/xss2rce
Post by (@david-maas) on Mon, 16 Mar 20 22:08:24 +0000 View Full Post I just read (reddit/r/asknetsec) about a way of unmasking Wordpress sites behind load balancers that requires no SSL sea...
Post by (@david-maas) on Fri, 07 Feb 20 19:58:03 +0000 View Full Post There's a pretty interesting post about a Craigslist Rental Scam that includes a lot of information about a solid social engineering attempt. It's got a few soc...
Post by (@david-maas) on Tue, 04 Feb 20 23:06:59 +0000 View Full Post I just noticed .jpe is a valid extension for a jpeg file.
Post by (@david-maas) on Mon, 02 Dec 19 18:12:17 +0000 View Full Post I automated the Fortigate VPN exploit a bit more so it can automatically find the devices, run the exploit, extract lists of un/pws from the dump and verify the...
Post by (@david-maas) on Tue, 19 Nov 19 17:56:43 +0000 View Full Post Phineas Fisher, the notorious hacker of Hacking Team and Gamma Group, really outdid himself this time. He totally hacked...
Post by (@david-maas) on Tue, 22 Oct 19 18:17:54 +0000 View Full Post Did you know that Terraform (Infrastructure as Code language) will store username and password variables in a tfstate fi...
Post by (@david-maas) on Fri, 18 Oct 19 15:13:04 +0000 View Full Post If you're like me you've spent a lot of time wondering how Linux and Android permissions vary. Someone posted an explanation as part of a discussion of a recent...
Post by (@david-maas) on Tue, 10 Sep 19 16:24:18 +0000 View Full Post Metasploit released the first 100% public BlueKeep exploit. https://blog.rapid7.com/2019/09/06/initial-metasploit-exploit-module-for-bluekeep-cve-2019-0708/ ...
