Lucene search
K

118 matches found

OSV
OSV
added 2021/05/24 6:15 p.m.38 views

CVE-2020-26558

Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing in the Passkey authentication procedure by reflection of the public key and the authentication evidence of the initiati...

4.2CVSS6.7AI score
Exploits0References11
Debian CVE
Debian CVE
added 2021/05/24 5:22 p.m.41 views

CVE-2020-26558

Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing in the Passkey authentication procedure by reflection of the public key and the authentication evidence of the initiati...

4.3CVSS7.1AI score0.00872EPSS
Exploits0
Akamai Blog
Akamai Blog
added 2021/03/09 4:30 p.m.18 views

Finding the Best Servers to Answer Queries -- Edge DNS and Anycast

TL;DR IP Anycast is a network addressing and routing methodology that allows IP addresses to be announced from multiple points on the internet With the proper implementation, Anycast can reduce DNS RTTs and offer innate DDoS protection Akamai's authoritative name service, Edge DNS, combines globa...

0.1AI score
Exploits0
Kitploit
Kitploit
added 2020/12/19 8:30 p.m.74 views

Bheem - Simple Collection Of Small Bash-Scripts Which Runs Iteratively To Carry Out Various Tools And Recon Process

Project Bheem is a simple collection of small bash-scripts which runs iteratively to carry out various tools and recon process & store output in an organized way. This project was created initially for automation of Recon for personal usage and was never meant to be public as there is nothing fan...

7.4AI score
Exploits0References1
Akamai Blog
Akamai Blog
added 2020/12/15 2:0 p.m.98 views

Stopping Active Attacks with Penalty Box

A web application firewall WAF is most often used by organizations for external security controls to detect and block individual attack attempts against target web application assets. Open Web Application Security Project OWASP risk rating methodology Unfortunately, today's sophisticated web...

7.7AI score
Exploits0
Kitploit
Kitploit
added 2020/05/10 9:30 p.m.172 views

PayloadsAllTheThings - A List Of Useful Payloads And Bypass For Web Application Security And Pentest/CTF

A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques ! Every section contains the following files, you can use the templatevuln folder to create a new chapter: README.md - vulnerability description and how to exploit it Intrud...

7.3AI score
Exploits0References23
Securelist
Securelist
added 2020/01/08 10:0 a.m.87 views

Operation AppleJeus Sequel

The Lazarus group is currently one of the most active and prolific APT actors. In 2018, Kaspersky published a report on one of their campaigns, named Operation AppleJeus. Notably, this operation marked the first time Lazarus had targeted macOS users, with the group inventing a fake company in ord...

8.2AI score
Exploits0
exploitpack
exploitpack
added 2019/10/04 12:0 a.m.207 views

Android - Binder Driver Use-After-Free

Android - Binder Driver Use-After-Free The following issue exists in the android-msm-wahoo-4.4-pie branch of https://android.googlesource.com/kernel/msm and possibly others: There is a use-after-free of the wait member in the binderthread struct in the binder driver at /drivers/android/binder.c. ...

4.6CVSS0.3AI score0.72105EPSS
Exploits27
Exploit DB
Exploit DB
added 2019/10/04 12:0 a.m.1194 views

Android - Binder Driver Use-After-Free

The following issue exists in the android-msm-wahoo-4.4-pie branch of https://android.googlesource.com/kernel/msm and possibly others: There is a use-after-free of the wait member in the binderthread struct in the binder driver at /drivers/android/binder.c. As described in the upstream commit:...

7.8CVSS8.1AI score0.72105EPSS
Exploits27
Kitploit
Kitploit
added 2019/09/06 9:54 p.m.217 views

PingCastle - Get Active Directory Security At 80% In 20% Of The Time

The risk level regarding Active Directory security has changed. Several vulnerabilities have been made popular with tools like mimikatz or sites likes adsecurity.org. Ping Castle is a tool designed to assess quickly the Active Directory security level with a methodology based on risk assessment a...

7.7AI score
Exploits0References2
FireEye
FireEye
added 2019/06/11 3:15 p.m.86 views

Hunting COM Objects (Part Two)

Background As a follow up to Part One in this blog series on COM object hunting, this post will talk about taking the COM object hunting methodology deeper by looking at interesting COM object methods exposed in properties and sub-properties of COM objects. What is a COM Object? According to...

0.7AI score
Exploits0References7
Kitploit
Kitploit
added 2018/02/16 1:23 p.m.554 views

IntruderPayloads - A Collection Of Burpsuite Intruder Payloads, Fuzz Lists And File Uploads

A collection of Burpsuite Intruder payloads and fuzz lists and pentesting methodology. To pull down all 3rd party repos, run install.sh in the same directory of the IntruderPayloads folder. Author: 1N3@CrowdShield https://crowdshield.com PENTEST METHODOLOGY v2.0 BASIC PASSIVE AND ACTIVE CHECKS:...

8.3AI score
Exploits0References1
n0where
n0where
added 2018/02/07 5:41 a.m.26 views

Automating Cracking Methodologies Through Hashcat: hate_crack

A tool for automating cracking methodologies through Hashcat from the TrustedSec team. Installation Get the latest hashcat binaries https://hashcat.net/hashcat/ OSX Install https://www.phillips321.co.uk/2016/07/09/hashcat-on-os-x-getting-it-going/ mkdir -p hashcat/deps git clone...

7.2AI score
Exploits0References1
Schneier on Security
Schneier on Security
added 2018/01/29 12:18 p.m.37 views

Estimating the Cost of Internet Insecurity

It's really hard to estimate the cost of an insecure Internet. Studies are all over the map. A methodical study by RAND is the best work I've seen at trying to put a number on this. The results are, well, all over the map: "Estimating the Global Cost of Cyber Risk: Methodology and Examples":...

6.8AI score
Exploits0
Kitploit
Kitploit
added 2018/01/11 1:7 p.m.52 views

Recon-ng - Full-Featured Web Reconnaissance Framework

Recon-ng is a full-featured Web Reconnaissance framework written in Python. Complete with independent modules, database interaction, built in convenience functions, interactive help, and command completion, Recon-ng provides a powerful environment in which open source web-based reconnaissance can...

7.5AI score
Exploits0References3
Imperva Blog
Imperva Blog
added 2017/12/05 3:49 p.m.15 views

Q3 2017 Global DDoS Threat Landscape Report

Today we are releasing our latest Global DDoS Threat Landscape Report, a statistical analysis of 5,765 network and application layer DDoS attacks mitigated by Imperva Incapsula services during Q3 2017. Before diving into the report’s highlights, it should be mentioned that this quarter was marked...

6.7AI score
Exploits0
Vulnrichment
Vulnrichment
added 2017/05/24 4:0 p.m.11 views

CVE-2017-9230

The Bitcoin Proof-of-Work algorithm does not consider a certain attack methodology related to 80-byte block headers with a variety of initial 64-byte chunks followed by the same 16-byte chunk, multiple candidate root values ending with the same 4 bytes, and calculations involving sqrt numbers. Th...

7.1AI score0.03251EPSS
Exploits0References7
FireEye
FireEye
added 2017/04/26 8:0 a.m.26 views

Evolving Analytics for Execution Trace Data

Five years ago, Mandiant released a proof of concept tool named ShimCacheParser, along with a blog post titled “Leveraging the Application Compatibility Cache in Forensic Investigations”. Since then, ShimCache metadata has become increasingly popular as a source of forensic evidence, both for...

7AI score
Exploits0
Prion
Prion
added 2017/03/10 10:59 a.m.13 views

Buffer overflow

A Buffer Overflow was discovered in EvoStream Media Server 1.7.1. A crafted HTTP request with a malicious header will cause a crash. An example attack methodology may include a long message-body in a GET request...

5CVSS7.5AI score0.07234EPSS
Exploits5References2Affected Software1
NVD
NVD
added 2017/03/10 10:59 a.m.19 views

CVE-2017-6427

A Buffer Overflow was discovered in EvoStream Media Server 1.7.1. A crafted HTTP request with a malicious header will cause a crash. An example attack methodology may include a long message-body in a GET request...

7.5CVSS7.5AI score0.07234EPSS
Exploits5References2
Rows per page
Query Builder