BSidesSF 2018 - Crimeware Chaos: Empirical Analysis of HTTP-Based Botnet C&C Panels
https://youtu.be/QnFOuDiihpU
Cybercriminals deploy crimeware for conducting nefarious operations on the Internet. Crimeware is managed on a large scale through deployment of centralized portals known as Command and Control (C&C) panels. C&C panels are considered as attackers’ primary operating environment through which crimewave is controlled and updated at regular intervals of time. C&C panels also store information stolen from the compromised machines as a part of the data exfiltration activity. This empirical study highlights the analysis of thousands of real world C&C web Uniform Resource Locators (URLs) used for deployment of Crimeware such as botnets, key-loggers, ransomware, Point-of-Sales (PoS) malware, etc., to unearth the characteristics of HTTP-based C&C panels. This study gives a statistical view on design and technologies opted by the crimeware authors to deploy HTTP-based C&C panels.https://youtu.be/QnFOuDiihpU
YouTube
BSidesSF 2018 - Crimeware Chaos: Empirical Analysis of HTTP-Based Botnet C&C Panels (Aditya K Sood)
Aditya K Sood - Crimeware Chaos: Empirical Analysis of HTTP-Based Botnet C&C Panels Cybercriminals deploy crimeware for conducting nefarious operations on th...
Forwarded from Netsec
Trump administration may throw out PPD-20, the approval process for cyber warfare - CyberScoop
https://ift.tt/2KtUwKs
Submitted May 02, 2018 at 08:46PM by ga-vu
via reddit https://ift.tt/2w8chvG
https://ift.tt/2KtUwKs
Submitted May 02, 2018 at 08:46PM by ga-vu
via reddit https://ift.tt/2w8chvG
Cyberscoop
Trump administration may throw out the approval process for cyberwarfare
The White House is looking to rescind PPD-20, a memorandum that helps guide the use of government-backed hacking operations.
Secure your Cookies (Secure and HttpOnly flags)
https://blog.dareboost.com/en/2016/12/secure-cookies-secure-httponly-flags/
Cookies are omnipresent all over the web as they let publishers store data directly on the user’s web browser. Especially used to identify the user session allowing the web server to recognize him all along his browsing, cookies usually contain sensitive data. You have to properly protect them.https://blog.dareboost.com/en/2016/12/secure-cookies-secure-httponly-flags/
Dareboost Blog
Secure your Cookies (Secure and HttpOnly flags)
Cookies are widely used throughout the Web because they allow publishers to store data directly on the user's Web browser. They're particularly used to identify the user's session, allowing the web server to recognize the user as they navigate through the…
Campus Party Brasilia 2018
🕴🏼 Mais informações: @Alcyon_Junior
Pessoal, a OWASP Brasília, tem mais uma boa noticia hoje para todos os nossos integrantes ... chegou os códigos de desconto para quem quiser participar da Campus Party Brasília 2018!!!!!!Para ganhar o desconto, basta usar o link http://quero.party/cpbsb2codigo com o código: OWASP-CPBSB2Informações importantes!- O valor do link já esta com o desconto aplicado, porém você só consegue efetuar a compra com o seu código.- Para adquirir o camping, você tem que ativar primeiro o ingresso individual, depois a opção para adquirir o camping separadamente ira aparecer no dashboard do campuse.roAbraços e curta seu desconto!🕴🏼 Mais informações: @Alcyon_Junior
Forwarded from Full Python Alchemist
GRequests: Asynchronous Requests
https://github.com/kennethreitz/grequests
🐍 @FullPythonAlchemist
GRequests allows you to use Requests with Gevent to make asynchronous HTTP Requests easily.https://github.com/kennethreitz/grequests
🐍 @FullPythonAlchemist
GitHub
GitHub - spyoungtech/grequests: Requests + Gevent = <3
Requests + Gevent = <3. Contribute to spyoungtech/grequests development by creating an account on GitHub.
HttpWatch
https://www.httpwatch.com/httpgallery/
🕴🏼 @Phantasm_Lab
This gallery provides an overview of HTTP, from its basic operation to more complex techniques used on commercial web sites. Each section describes how a particular aspect of HTTP works and provides working examples that you can try with HttpWatch.https://www.httpwatch.com/httpgallery/
🕴🏼 @Phantasm_Lab
Forwarded from Zer0 to her0
Red team tips
The following "red team tips" were posted by Vincent Yiu (@vysecurity) over Twitter for about a year.
Including tools, exploitation and intelligence tips.
https://vincentyiu.co.uk/red-team-tips/
@fromzer0tohero
The following "red team tips" were posted by Vincent Yiu (@vysecurity) over Twitter for about a year.
Including tools, exploitation and intelligence tips.
https://vincentyiu.co.uk/red-team-tips/
@fromzer0tohero
Forwarded from Pavel Durov
Thank you, each and every one of the 12,000+ people who stood up to support the freedom of internet and Telegram today in central Moscow.
https://goo.gl/fEFtQb
https://goo.gl/fEFtQb
Forwarded from Pavel Durov
This media is not supported in your browser
VIEW IN TELEGRAM
Moscow today.
MySQL username and password leaked in developer.valvesoftware.com via source code dislosure
https://hackerone.com/reports/291057
🕴🏼 @Phantasm_Lab
Hey there it looks like you are relying on a noscript that cleans up your backup process on developer.valvesoftware.comhttps://hackerone.com/reports/291057
🕴🏼 @Phantasm_Lab
HackerOne
Valve disclosed on HackerOne: MySQL username and password leaked in...
Hey there it looks like you are relying on a noscript that cleans up your backup process on developer.valvesoftware.com:
`/noscripts/final_cleanup.sh`:
```
# Remove files post cleanup
rm -r...
`/noscripts/final_cleanup.sh`:
```
# Remove files post cleanup
rm -r...
Hard Coded username and password in registry
https://hackerone.com/reports/291200
🕴🏼 @Phantasm_Lab
I was using a tool called RegShot to take a snap shot of the registry before and after installation in order to see what changes were being made in the registry and I discovered hard-coded credentialshttps://hackerone.com/reports/291200
🕴🏼 @Phantasm_Lab
HackerOne
Kaspersky disclosed on HackerOne: Hard Coded username and password...
I was using a tool called RegShot to take a snap shot of the registry before and after installation in order to see what changes were being made in the registry and I discovered hard-coded...
Hardcoded Credentials Stored in Registry Kaspersky Lab
https://medium.com/@bluedangerforyou/hardcoded-credentials-stored-in-registry-kaspersky-lab-849ee7ea19e0
https://medium.com/@bluedangerforyou/hardcoded-credentials-stored-in-registry-kaspersky-lab-849ee7ea19e0
Medium
Hardcoded Credentials Stored in Registry Kaspersky Lab
I was using a tool called RegShot to take a snap shot of the registry before and after installation in order to see what changes were…
#Perfil #HackerOne #Series
exploitprotocol
https://hackerone.com/exploitprotocol
🕴🏽 @Phantasm_Lab
exploitprotocol
Reputation: 6363 Rank: 34thhttps://hackerone.com/exploitprotocol
🕴🏽 @Phantasm_Lab
HackerOne
HackerOne profile - exploitprotocol
Aditya is an application security consultant with over 5 years of experience. He has experience and expertise in web, mobile applications, OSINT, External Network Pentest. He is the author of some...
Forwarded from Netsec
Python exploit for Remote Code Execution on GPON home routers (CVE-2018-10562)
https://ift.tt/2rv6HOj
Submitted May 10, 2018 at 04:46AM by Prav123
via reddit https://ift.tt/2jMJOCK
https://ift.tt/2rv6HOj
Submitted May 10, 2018 at 04:46AM by Prav123
via reddit https://ift.tt/2jMJOCK
GitHub
f3d0x0/GPON
Python exploit for Remote Code Executuion on GPON home routers (CVE-2018-10562). Initially disclosed by VPNMentor (https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/), kudos for the...
Hacking Brasil
t.me/HackingBr4sil
Hacking Brasil é o título de um projeto que visa compartilhar de forma gratuita conteúdos sobre segurança cibernética e outras tecnologias. Pense corretamente sobre Hacking.t.me/HackingBr4sil