Gaining Access to Card Data Using the Windows Domain to Bypass Firewallsmarkitzeroday.com2 points·by timewarp256·vor 7 Jahren·0 comments
Pwning Active Directory using non-domain machinesmarkitzeroday.com1 points·by timewarp256·vor 8 Jahren·0 comments
timewarp256·vor 7 Jahren·discussClicking links can be a problem in corporate environments where automatic login has been enabled on Internet Explorer and outbound SMB not blocked.The phishing site immediately gets their domain ntlm hash, which can often be cracked to gain a password.This can also be a problem in PDF and Word docs without the need to employ a 0 day. https://resources.infosecinstitute.com/steal-windows-login-c...Also to note that password managers can help mitigate phishing, as they will not offer to complete passwords if the domain does not match.
timewarp256·vor 9 Jahren·discussIn both Gmail and Inbox I miss emails when two come in at once in the same thread - wish they could solve that without turning off convos altogether.
timewarp256·vor 10 Jahren·discussNever knew guest mode would allow access to Safari only. Probably worth enabling for incidents like these.http://apple.stackexchange.com/a/82707/145499Done!
timewarp256·vor 11 Jahren·discussAccording to this http://stackoverflow.com/q/7328295/413180 there's no known way to prevent both Clickjacking and CSRF at the same time in a widget - unless you have an ugly popup asking the user to confirm the like.
The phishing site immediately gets their domain ntlm hash, which can often be cracked to gain a password.
This can also be a problem in PDF and Word docs without the need to employ a 0 day. https://resources.infosecinstitute.com/steal-windows-login-c...
Also to note that password managers can help mitigate phishing, as they will not offer to complete passwords if the domain does not match.