Application Security This Week for June 2

Accidentally Took Memorial Day Weekend Off Edition

 

New tool: FinalRecon- OSINT Tool For All-In-One Web Reconnaissance

https://blog.hackersonlineclub.com/2019/05/finalrecon-osint-tool-for-all-in-one.html?m=1

 

Permanent URL Hijack Through 301 HTTP Redirect Cache Poisoning

https://blog.duszynski.eu/domain-hijack-through-http-301-cache-poisoning/

 

Didier Stevens, one of my favorite researchers, mentioned that one of his readers has made a docker container with all of his tools.

https://blog.didierstevens.com/2019/05/27/dssuite-a-docker-container-with-my-tools/

 

There is a POC for CVE-2019-0708. Certainly is worth a look.

https://github.com/Ekultek/BlueKeep

 

Speaking of Docker, there is a bug that allows a hypervisor jump.

https://duo.com/decipher/docker-bug-allows-root-access-to-host-file-system

https://nakedsecurity.sophos.com/2019/05/31/unpatched-docker-bug-allows-read-write-access-to-host-os/

 

Finally, the always-wonderful folks at Portswigger have a cool analysis of Behavioral Fuzzing.

https://portswigger.net/blog/provoking-browser-quirks-with-behavioural-fuzzing

 

And that's the news! Have a great week.

Add comment

Bill Sempf

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

 

 

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList