Article: FLARE Script Series: Recovering Stackstrings Using Emulation with ironstrings - published about 5 years ago. Content: This blog post continues our Script Series where the FireEye Labs Advanced Reverse Engineering (FLARE) team shares tools to aid the malware analysis community. Today, we release ironstrings: a new IDAPython script to recover stackstrings from malware. The script leverages code emulation to overcome this common string obfuscation technique. More preci... https://www.fireeye.com/blog/threat-research/2019/02/recovering-stackstrings-using-emulation-with-ironstrings.html Published: 2019 02 28 16:30:00 Received: 2022 05 23 16:06:45 Feed: FireEye Blog Source: FireEye Blog Category: Cyber Security Topic: Cyber Security |
Article: Jenkins - decrypting credentials.xml - published about 5 years ago. Content: If you find yourself on a Jenkins box with script console access you can decrypt the saved passwords in credentials.xml in the following way: hashed_pw='$PASSWORDHASH' passwd = hudson.util.Secret.decrypt(hashed_pw) println(passwd) You need to perform this on the the Jenkins system itself as it's using the local master.key and hudson.util.Secret Screenshot... https://blog.carnal0wnage.com/2019/02/jenkins-decrypting-credentialsxml.html Published: 2019 02 28 15:22:00 Received: 2024 02 19 11:44:45 Feed: Carnal0wnage and Attack Research Blog Source: Carnal0wnage and Attack Research Blog Category: News Topic: Hacking |
|
Article: Protecting system administration with PAM - published about 5 years ago. Content: https://www.ncsc.gov.uk/blog-post/protecting-system-administration-with-pam Published: 2019 02 28 12:33:44 Received: 2024 03 19 14:41:08 Feed: NCSC – Blog Feed Source: National Cyber Security Centre (NCSC) Category: Blogs Topic: Cyber Security |
|
Article: Jenkins - SECURITY-180/CVE-2015-1814 PoC - published about 5 years ago. Content: Forced API token change SECURITY-180/CVE-2015-1814 https://jenkins.io/security/advisory/2015-03-23/#security-180cve-2015-1814-forced-api-token-change Affected Versions All Jenkins releases <= 1.605 All LTS releases <= 1.596.1 PoC Tested against Jenkins 1.605 Burp output Validate new token works ... https://blog.carnal0wnage.com/2019/02/jenkins-security-180cve-2015-1814-poc.html Published: 2019 02 28 00:51:00 Received: 2024 02 19 11:44:45 Feed: Carnal0wnage and Attack Research Blog Source: Carnal0wnage and Attack Research Blog Category: News Topic: Hacking |
Article: Jenkins - SECURITY-200 / CVE-2015-5323 PoC - published about 5 years ago. Content: API tokens of other users available to admins SECURITY-200 / CVE-2015-5323 API tokens of other users were exposed to admins by default. On instances that don’t implicitly grant RunScripts permission to admins, this allowed admins to run scripts with another user’s credentials. Affected versions All Jenkins main line releases up to and including 1.63... https://blog.carnal0wnage.com/2019/02/jenkins-security-200-cve-2015-5323-poc.html Published: 2019 02 28 00:14:00 Received: 2024 02 19 11:44:45 Feed: Carnal0wnage and Attack Research Blog Source: Carnal0wnage and Attack Research Blog Category: News Topic: Hacking |
Article: Jenkins Master Post - published about 5 years ago. Content: A collection of posts on attacking Jenkins http://www.labofapenetrationtester.com/2014/08/script-execution-and-privilege-esc-jenkins.html Manipulating build steps to get RCE https://medium.com/@uranium238/shodan-jenkins-to-get-rces-on-servers-6b6ec7c960e2 Using the terminal plugin to get RCE https://sharadchhetri.com/2018/12/02/managing-jenkins-plugins... https://blog.carnal0wnage.com/2019/02/jenkins-master-post.html Published: 2019 02 27 21:46:00 Received: 2023 03 31 08:24:32 Feed: Carnal0wnage and Attack Research Blog Source: Carnal0wnage and Attack Research Blog Category: News Topic: Hacking |
Article: Jenkins - messing with exploits pt2 - CVE-2019-1003000 - published about 5 years ago. Content: After the release of Orange Tsai's exploit for Jenkins. I've been doing some poking. PreAuth RCE against Jenkins is something everyone wants. While not totally related to the blog post and tweet the following exploit came up while searching. What I have figured out that is important is the plug versions as it relates to these latest round of Jenkins exploi... https://blog.carnal0wnage.com/2019/02/jenkins-messing-with-exploits-pt2-cve.html Published: 2019 02 27 20:23:00 Received: 2024 02 19 11:44:45 Feed: Carnal0wnage and Attack Research Blog Source: Carnal0wnage and Attack Research Blog Category: News Topic: Hacking |
|
Article: NCSC advice for Uber customers and drivers - published about 5 years ago. Content: httpss://www.ncsc.gov.uk/guidance/ncsc-advice-uber-customers-and-drivers Published: 2019 02 27 11:27:09 Received: 2024 03 06 17:21:32 Feed: NCSC – All Feeds Source: National Cyber Security Centre (NCSC) Category: All Topic: Cyber Security |
|
Article: NCSC advice for Reddit users - published about 5 years ago. Content: httpss://www.ncsc.gov.uk/guidance/ncsc-advice-reddit-users Published: 2019 02 27 11:22:07 Received: 2024 03 06 17:21:32 Feed: NCSC – All Feeds Source: National Cyber Security Centre (NCSC) Category: All Topic: Cyber Security |
Article: Security and usability: you CAN have it all! - published about 5 years ago. Content: https://www.ncsc.gov.uk/blog-post/security-and-usability--you-can-have-it-all- Published: 2019 02 27 09:34:00 Received: 2024 01 31 09:21:11 Feed: NCSC – Blog Feed Source: National Cyber Security Centre (NCSC) Category: Blogs Topic: Cyber Security |
|
Article: Shining a light on the cyber security marketplace - published about 5 years ago. Content: https://www.ncsc.gov.uk/blog-post/shining-a-light-on-the-cyber-security-marketplace Published: 2019 02 27 00:00:00 Received: 2022 11 07 17:22:04 Feed: NCSC – All Feeds Source: National Cyber Security Centre (NCSC) Category: All Topic: Cyber Security |
|
Article: Transforming the user experience: the new NCSC website has launched - published about 5 years ago. Content: https://www.ncsc.gov.uk/blog-post/transforming-user-experience Published: 2019 02 27 00:00:00 Received: 2021 04 18 14:04:46 Feed: NCSC – All Feeds Source: National Cyber Security Centre (NCSC) Category: All Topic: Cyber Security |
Article: Jenkins - messing with new exploits pt1 - published about 5 years ago. Content: Jenkins notes for: https://blog.orange.tw/2019/01/hacking-jenkins-part-1-play-with-dynamic-routing.html http://blog.orange.tw/2019/02/abusing-meta-programming-for-unauthenticated-rce.html to download old jenkins WAR files http://updates.jenkins-ci.org/download/war/ 1st bug in the blog is a username enumeration bug in Jenkins weekly up to and including ... https://blog.carnal0wnage.com/2019/02/jenkins-messing-with-new-exploits-pt1.html Published: 2019 02 26 18:46:00 Received: 2024 02 19 11:44:45 Feed: Carnal0wnage and Attack Research Blog Source: Carnal0wnage and Attack Research Blog Category: News Topic: Hacking |
|
Article: Updating our malware & ransomware guidance - published about 5 years ago. Content: https://www.ncsc.gov.uk/blog-post/updating-malware-ransomware-guidance Published: 2019 02 26 00:00:00 Received: 2022 12 09 15:21:55 Feed: NCSC – All Feeds Source: National Cyber Security Centre (NCSC) Category: All Topic: Cyber Security |
|
Article: Secure File Deletion - published about 5 years ago. Content: Today I received an email inviting me to buy a Easy File Shredder product for a special price of $15 instead of the usual price of $50. Securely deleting sensitive data is really important. But is buying a product really needed? This type of thing has generally been needed because when you delete a file, you are essentially marking the file space as... https://www.infosecblog.org/2019/02/secure-file-deletion/ Published: 2019 02 23 19:12:08 Received: 2021 06 06 09:04:46 Feed: Roger's Information Security Blog Source: Roger's Information Security Blog Category: Cyber Security Topic: Cyber Security |
Article: Weekly Threat Report 22nd February 2019 - published about 5 years ago. Content: https://www.ncsc.gov.uk/report/weekly-threat-report-22nd-february-2019 Published: 2019 02 22 00:00:00 Received: 2021 04 18 14:04:46 Feed: NCSC – All Feeds Source: National Cyber Security Centre (NCSC) Category: All Topic: Cyber Security |
|
Article: Security, complexity and Huawei; protecting the UK's telecoms networks - published about 5 years ago. Content: https://www.ncsc.gov.uk/blog-post/blog-post-security-complexity-and-huawei-protecting-uks-telecoms-networks Published: 2019 02 22 00:00:00 Received: 2021 04 18 14:04:46 Feed: NCSC – All Feeds Source: National Cyber Security Centre (NCSC) Category: All Topic: Cyber Security |
|
Article: Weekly Threat Report 22nd February 2019 - published about 5 years ago. Content: https://www.ncsc.gov.uk/report/weekly-threat-report-22nd-february-2019 Published: 2019 02 22 00:00:00 Received: 2021 04 18 14:04:42 Feed: NCSC – Report Feed Source: National Cyber Security Centre (NCSC) Category: Reports Topic: Cyber Security |
Article: Security, complexity and Huawei; protecting the UK's telecoms networks - published about 5 years ago. Content: https://www.ncsc.gov.uk/blog-post/blog-post-security-complexity-and-huawei-protecting-uks-telecoms-networks Published: 2019 02 22 00:00:00 Received: 2021 04 18 14:04:39 Feed: NCSC – Blog Feed Source: National Cyber Security Centre (NCSC) Category: Blogs Topic: Cyber Security |
|
Article: NCSC advice for Dixons Carphone plc customers - published about 5 years ago. Content: httpss://www.ncsc.gov.uk/guidance/ncsc-advice-dixons-carphone-plc-customers Published: 2019 02 21 13:12:03 Received: 2024 03 06 17:21:33 Feed: NCSC – All Feeds Source: National Cyber Security Centre (NCSC) Category: All Topic: Cyber Security |
|
Article: NCSC advice for British Airways customers - published about 5 years ago. Content: httpss://www.ncsc.gov.uk/guidance/ncsc-advice-british-airways-customers Published: 2019 02 21 12:57:56 Received: 2024 03 06 17:21:33 Feed: NCSC – All Feeds Source: National Cyber Security Centre (NCSC) Category: All Topic: Cyber Security |
Article: Macro Security for Microsoft Office - published about 5 years ago. Content: https://www.ncsc.gov.uk/guidance/macro-security-for-microsoft-office Published: 2019 02 21 00:00:00 Received: 2023 10 11 07:22:00 Feed: NCSC – All Feeds Source: National Cyber Security Centre (NCSC) Category: All Topic: Cyber Security |
|
Article: Macro Security for Microsoft Office (2019 Update) - published about 5 years ago. Content: https://www.ncsc.gov.uk/guidance/macro-security-for-microsoft-office Published: 2019 02 21 00:00:00 Received: 2021 04 18 14:04:46 Feed: NCSC – All Feeds Source: National Cyber Security Centre (NCSC) Category: All Topic: Cyber Security |
Article: Are security questions leaving a gap in your security? - published about 5 years ago. Content: httpss://www.ncsc.gov.uk/blog-post/are-security-questions-leaving-gap-your-security Published: 2019 02 19 11:56:04 Received: 2024 03 06 17:21:33 Feed: NCSC – All Feeds Source: National Cyber Security Centre (NCSC) Category: All Topic: Cyber Security |
|
Article: People: the unsung heroes of cyber security - published about 5 years ago. Content: https://www.ncsc.gov.uk/blog-post/people-unsung-heroes-cyber-security Published: 2019 02 19 11:55:22 Received: 2024 03 22 11:22:47 Feed: NCSC – All Feeds Source: National Cyber Security Centre (NCSC) Category: All Topic: Cyber Security |
Article: Transforming the user experience: the new NCSC website has launched - published about 5 years ago. Content: https://www.ncsc.gov.uk/blog-post/transforming-user-experience Published: 2019 02 17 00:00:00 Received: 2023 03 30 11:41:58 Feed: NCSC – All Feeds Source: National Cyber Security Centre (NCSC) Category: All Topic: Cyber Security |
|
Article: Cyber resilience - nothing to sneeze at - published about 5 years ago. Content: httpss://www.ncsc.gov.uk/blog-post/cyber-resilience-nothing-sneeze Published: 2019 02 15 09:57:39 Received: 2024 03 06 17:21:33 Feed: NCSC – All Feeds Source: National Cyber Security Centre (NCSC) Category: All Topic: Cyber Security |
Article: Please stop saying 'it depends'! - published about 5 years ago. Content: httpss://www.ncsc.gov.uk/blog-post/please-stop-saying-it-depends Published: 2019 02 15 08:57:35 Received: 2024 03 06 17:21:33 Feed: NCSC – All Feeds Source: National Cyber Security Centre (NCSC) Category: All Topic: Cyber Security |
|
Article: Smart devices: using them safely in your home - published about 5 years ago. Content: https://www.ncsc.gov.uk/guidance/smart-devices-in-the-home Published: 2019 02 15 00:00:00 Received: 2021 04 18 14:04:46 Feed: NCSC – All Feeds Source: National Cyber Security Centre (NCSC) Category: All Topic: Cyber Security |
|
Article: Weekly Threat Report 15th February 2019 - published about 5 years ago. Content: https://www.ncsc.gov.uk/report/weekly-threat-report-15th-february-2019 Published: 2019 02 15 00:00:00 Received: 2021 04 18 14:04:46 Feed: NCSC – All Feeds Source: National Cyber Security Centre (NCSC) Category: All Topic: Cyber Security |
Article: Smart devices: using them safely in your home - published about 5 years ago. Content: https://www.ncsc.gov.uk/guidance/smart-devices-in-the-home Published: 2019 02 15 00:00:00 Received: 2021 04 18 14:04:37 Feed: NCSC – Guidance Feed Source: National Cyber Security Centre (NCSC) Category: Guidance Topic: Cyber Security |
|
Article: Security and usability: you CAN have it all! - published about 5 years ago. Content: https://www.ncsc.gov.uk/blog-post/security-and-usability--you-can-have-it-all- Published: 2019 02 14 16:21:00 Received: 2024 02 12 09:42:52 Feed: NCSC – All Feeds Source: National Cyber Security Centre (NCSC) Category: All Topic: Cyber Security |
Article: Protecting system administration with PAM - published about 5 years ago. Content: httpss://www.ncsc.gov.uk/blog-post/protecting-system-administration-with-pam Published: 2019 02 14 14:21:50 Received: 2024 03 06 17:21:33 Feed: NCSC – All Feeds Source: National Cyber Security Centre (NCSC) Category: All Topic: Cyber Security |
|
Article: Security and usability: you CAN have it all! - published about 5 years ago. Content: httpss://www.ncsc.gov.uk/blog-post/security-and-usability--you-can-have-it-all- Published: 2019 02 14 09:34:00 Received: 2024 03 06 17:21:33 Feed: NCSC – All Feeds Source: National Cyber Security Centre (NCSC) Category: All Topic: Cyber Security |
|
Article: Industry 100: FS-ISAC in NCSC and it's XLNT - published about 5 years ago. Content: https://www.ncsc.gov.uk/blog-post/industry-100-fs-isac-ncsc-and-its-xlnt Published: 2019 02 14 03:55:06 Received: 2023 12 05 16:42:33 Feed: NCSC – All Feeds Source: National Cyber Security Centre (NCSC) Category: All Topic: Cyber Security |
Article: Rating hackers, rating defences - published about 5 years ago. Content: https://www.ncsc.gov.uk/blog-post/rating-hackers-rating-defences Published: 2019 02 13 13:01:12 Received: 2024 01 18 10:22:50 Feed: NCSC – All Feeds Source: National Cyber Security Centre (NCSC) Category: All Topic: Cyber Security |
|
Article: Preparing for denial of service (DoS) attacks - published about 5 years ago. Content: httpss://www.ncsc.gov.uk/guidance/preparing-denial-service-dos-attacks Published: 2019 02 13 12:39:49 Received: 2024 03 06 17:21:34 Feed: NCSC – All Feeds Source: National Cyber Security Centre (NCSC) Category: All Topic: Cyber Security |
Article: Protective DNS service for the public sector is now live - published about 5 years ago. Content: httpss://www.ncsc.gov.uk/blog-post/protective-dns-service-public-sector-now-live Published: 2019 02 13 12:39:04 Received: 2024 03 06 17:21:34 Feed: NCSC – All Feeds Source: National Cyber Security Centre (NCSC) Category: All Topic: Cyber Security |
|
Article: Putting the consultancy community at its heart - published about 5 years ago. Content: https://www.ncsc.gov.uk/blog-post/putting-the-consultancy-community-at-its-heart Published: 2019 02 13 12:39:04 Received: 2024 01 31 09:21:12 Feed: NCSC – Blog Feed Source: National Cyber Security Centre (NCSC) Category: Blogs Topic: Cyber Security |
Article: Protective DNS service for the public sector is now live - published about 5 years ago. Content: https://www.ncsc.gov.uk/blog-post/protective-dns-service-public-sector-now-live Published: 2019 02 13 12:39:04 Received: 2023 11 22 12:21:56 Feed: NCSC – All Feeds Source: National Cyber Security Centre (NCSC) Category: All Topic: Cyber Security |
|
Article: Keeping your security monitoring effective - published about 5 years ago. Content: https://www.ncsc.gov.uk/blog-post/keeping-your-security-monitoring-effective Published: 2019 02 13 10:15:42 Received: 2024 04 30 06:03:26 Feed: NCSC – All Feeds Source: National Cyber Security Centre (NCSC) Category: All Topic: Cyber Security |
Click to Open Code Editor