Hacking, AppSec, and Bug Bounty newsletter
2018-12-07 | Hacktivity highlights, Red teaming mind map, and In defense of Mimikatz
Friday, December 7
Please try this at home: how @natashenka fuzzed the encrypted traffic of a FaceTime call
JBoss Seam 2 RCE (CVE-2010–1871) by @r0t1v
TWEET OF THE DAY
Today I found out that ftp.exe can be used as a #lolbin. run ftp.exe, type "!" (calls the shell() function inside ftp.exe) followed by whatever it is that you want to run, i.e "!powershell"
File under: Things that my teammates and I are finding when looking at windows binaries. - @0xAmit
OTHER ARTICLES WE’RE READING
Red Teaming Mind Map from The Hacker Playbook 3 by Marco Lancini.
Casey Smith in defense of Mimikatz
Metacert wants to use the blockchain to stop phishing
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: email@example.com
Checksum verification of downloaded files is a totally failed security control.