by Bill Sempf
21. July 2019 19:11
Awesome paper presented in France covering XXE - really good research. Worth a read.
https://www.gosecure.net/blog/2019/07/16/automating-local-dtd-discovery-for-xxe-exploitation
Those who have taken my training know how I talk about protecting the soft meaty middle - well, Slack is proving that user accounts are the gift that keeps on giving. They reset passwords - from a breach 4 years ago.
https://thehackernews.com/2019/07/slack-password-data-breach.html
https://www.theregister.co.uk/2019/07/19/2015_database_hack_slack/
Really neat tool for hooking executables in Windows. I tried it, it's super neat.
https://github.com/everdox/InfinityHook
Here's an I-wish-it-was-an-OWASP-project example. Tons of research on Command injection.
https://hackersonlineclub.com/command-injection-cheatsheet/
That's the news folks. Stay safe out there.
e3e2f60d-b674-4e1e-a546-7901358a1fcc|0|.0|96d5b379-7e1d-4dac-a6ba-1e50db561b04
Tags:
Subscribe