Gaining Access to Card Data Using the Windows Domain to Bypass Firewallsmarkitzeroday.com2 points·by timewarp256·قبل 7 سنوات·0 comments
Pwning Active Directory using non-domain machinesmarkitzeroday.com1 points·by timewarp256·قبل 8 سنوات·0 comments
timewarp256·قبل 7 سنوات·discussClicking links can be a problem in corporate environments where automatic login has been enabled on Internet Explorer and outbound SMB not blocked.The phishing site immediately gets their domain ntlm hash, which can often be cracked to gain a password.This can also be a problem in PDF and Word docs without the need to employ a 0 day. https://resources.infosecinstitute.com/steal-windows-login-c...Also to note that password managers can help mitigate phishing, as they will not offer to complete passwords if the domain does not match.
timewarp256·قبل 9 سنوات·discussIn both Gmail and Inbox I miss emails when two come in at once in the same thread - wish they could solve that without turning off convos altogether.
timewarp256·قبل 10 سنوات·discussNever knew guest mode would allow access to Safari only. Probably worth enabling for incidents like these.http://apple.stackexchange.com/a/82707/145499Done!
timewarp256·قبل 11 سنة·discussAccording to this http://stackoverflow.com/q/7328295/413180 there's no known way to prevent both Clickjacking and CSRF at the same time in a widget - unless you have an ugly popup asking the user to confirm the like.
The phishing site immediately gets their domain ntlm hash, which can often be cracked to gain a password.
This can also be a problem in PDF and Word docs without the need to employ a 0 day. https://resources.infosecinstitute.com/steal-windows-login-c...
Also to note that password managers can help mitigate phishing, as they will not offer to complete passwords if the domain does not match.