How to Extract HTTP Requests From Packet Captures As cURL Commands
http://ift.tt/2yJvP62
Submitted October 05, 2017 at 08:02PM by dentalfoss
via reddit http://ift.tt/2gddCqI
http://ift.tt/2yJvP62
Submitted October 05, 2017 at 08:02PM by dentalfoss
via reddit http://ift.tt/2gddCqI
GitHub
jullrich/pcap2curl
pcap2curl - Read a packet capture, extract HTTP requests and turn them into cURL commands for replay.
homemade virustotal (opensource)
http://ift.tt/2duqgOe
Submitted October 05, 2017 at 08:33PM by blackout-314
via reddit http://ift.tt/2yrVILw
http://ift.tt/2duqgOe
Submitted October 05, 2017 at 08:33PM by blackout-314
via reddit http://ift.tt/2yrVILw
GitHub
maliceio/malice
malice - VirusTotal Wanna Be - Now with 100% more Hipster
Cyber Threats and Russian Information Warfare – Timely on CyberWar
http://ift.tt/2o7d8aq
Submitted October 05, 2017 at 10:00PM by SecurityTrust
via reddit http://ift.tt/2y2pEfZ
http://ift.tt/2o7d8aq
Submitted October 05, 2017 at 10:00PM by SecurityTrust
via reddit http://ift.tt/2y2pEfZ
Jewish Policy Center
Cyber Threats and Russian Information Warfare – Jewish Policy Center
In his confirmation hearing to be Chairman of the Joint Chiefs of Staff, Gen. Joseph Dunford on July 9, 2015, told the U.S. Senate Armed Services committee that Russia currently poses the greatest global threat to the United States. While many understood…
In Chakra, the amount of memory reserved is unrelated to the amount requested. ZDI researcher does deep dive into the enforcement of bounds checks in native JIT code to explain why.
http://ift.tt/2fNeiCx
Submitted October 05, 2017 at 10:46PM by RedmondSecGnome
via reddit http://ift.tt/2xkblQi
http://ift.tt/2fNeiCx
Submitted October 05, 2017 at 10:46PM by RedmondSecGnome
via reddit http://ift.tt/2xkblQi
Zero Day Initiative
Check it Out: Enforcement of Bounds Checks in Native JIT Code
In my previous post, I described how the history of JavaScript has led to
the mushrooming complexity – and corresponding attack surface – of modern
JavaScript engines. Judging from submissions to the Zero Day Initiative
(ZDI), the JavaScript engine…
the mushrooming complexity – and corresponding attack surface – of modern
JavaScript engines. Judging from submissions to the Zero Day Initiative
(ZDI), the JavaScript engine…
Lessons from France's first cyber-attack, nearly two centuries ago
http://ift.tt/2yicoVQ
Submitted October 05, 2017 at 11:13PM by redditor_1234
via reddit http://ift.tt/2fOvAiq
http://ift.tt/2yicoVQ
Submitted October 05, 2017 at 11:13PM by redditor_1234
via reddit http://ift.tt/2fOvAiq
1843
The crooked timber of humanity
Nearly two centuries ago, France was hit by the world’s first cyber-attack. Tom Standage argues that it holds lessons for us today
Russian Hackers Stole NSA Data on U.S. Cyber Defense via Kaspersky Labs - The breach, considered the most serious in years, could enable Russia to evade NSA surveillance and more easily infiltrate U.S. networks
http://ift.tt/2fN5uMZ
Submitted October 05, 2017 at 10:42PM by SuccessfulOperation
via reddit http://ift.tt/2yqXVGX
http://ift.tt/2fN5uMZ
Submitted October 05, 2017 at 10:42PM by SuccessfulOperation
via reddit http://ift.tt/2yqXVGX
WSJ
Russian Hackers Stole NSA Data on U.S. Cyber Defense
Hackers working for the Russian government stole a vast collection of highly classified material from the home computer of a National Security Agency contractor, said people familiar with the matter. The breach could enable Russia to evade NSA surveillance…
New to the world of contracting/staff augmentation. What is a good hourly rate to ask for in the US (Midwest specifically)?
I am about to go through a staffing agency for a senior security risk analyst position. They offered $54 an hour as a passing comment in the conversation, so now I know that is the low ball number. I am curious to know what is a good hourly rate for staffing a security position in the Midwest. I don’t have any clue what the market rate is now so I would hate to ask for astronomical number and price myself out of a job.
Submitted October 05, 2017 at 10:22PM by ghostmanure
via reddit http://ift.tt/2fN16NR
I am about to go through a staffing agency for a senior security risk analyst position. They offered $54 an hour as a passing comment in the conversation, so now I know that is the low ball number. I am curious to know what is a good hourly rate for staffing a security position in the Midwest. I don’t have any clue what the market rate is now so I would hate to ask for astronomical number and price myself out of a job.
Submitted October 05, 2017 at 10:22PM by ghostmanure
via reddit http://ift.tt/2fN16NR
reddit
New to the world of contracting/staff augmentation.... • r/security
I am about to go through a staffing agency for a senior security risk analyst position. They offered $54 an hour as a passing comment in the...
Russian hackers stole NSA tools using Kaspersky antivirus: report
http://ift.tt/2xXhmEh
Submitted October 06, 2017 at 12:01AM by SecurityTrust
via reddit http://ift.tt/2fNGsgG
http://ift.tt/2xXhmEh
Submitted October 06, 2017 at 12:01AM by SecurityTrust
via reddit http://ift.tt/2fNGsgG
TheHill
Russian hackers stole NSA tools using Kaspersky antivirus: report
Russian state hackers stole a collection of National Security Agency hacking tools and other documents from the personal computer of an agency contractor who had taken the classified documents home from work,
Russian Hackers Reportedly Stole Sensitive Secrets From The NSA
http://ift.tt/2z1tKmL
Submitted October 05, 2017 at 11:42PM by winflare
via reddit http://ift.tt/2hPlzWJ
http://ift.tt/2z1tKmL
Submitted October 05, 2017 at 11:42PM by winflare
via reddit http://ift.tt/2hPlzWJ
Winflare
Russian Hackers Reportedly Stole Sensitive Secrets From The NSA - Winflare
Between breathing new life into North Korea’s internet connection and allegedly hacking NATO soldiers’ smartphones, Russia’s ongoing efforts in cyber espionage and warfare seemingly know no end. Then again, considering the ever-increasing scope of the country’s use…
Russia and Saudi Arabia to develop space exploration and nuclear power
http://ift.tt/2hPlD8V
Submitted October 05, 2017 at 11:21PM by Bastet1
via reddit http://ift.tt/2xkX71n
http://ift.tt/2hPlD8V
Submitted October 05, 2017 at 11:21PM by Bastet1
via reddit http://ift.tt/2xkX71n
Mail Online
Russia and Saudi Arabia to develop space exploration and nuclear power
The monarch had touched down in Moscow to sign a space exploration and nuclear deal with President Vladimir Putin when the malfunction took place.
Protecting the Software Supply Chain: Deep Insights into the CCleaner Backdoor Vulnerability
http://ift.tt/2xUcU9g
Submitted October 05, 2017 at 09:10PM by majorllama
via reddit http://ift.tt/2xlm3Wp
http://ift.tt/2xUcU9g
Submitted October 05, 2017 at 09:10PM by majorllama
via reddit http://ift.tt/2xlm3Wp
Crowdstrike
Protecting the Software Supply Chain: Deep Insights into the CCleaner Backdoor Vulnerability
Get in-depth analysis of the CCleaner 5.33 backdoor found embedded in signed versions of the software
Is Facebook Messenger end to end encrypted and safe by default now?
Title.
Submitted October 06, 2017 at 02:33AM by ynotplay
via reddit http://ift.tt/2ggbvSZ
Title.
Submitted October 06, 2017 at 02:33AM by ynotplay
via reddit http://ift.tt/2ggbvSZ
reddit
Is Facebook Messenger end to end encrypted and safe... • r/security
Title.
The Flusihoc Dynasty, A Long Standing DDoS Botnet
http://ift.tt/2yGRs6S
Submitted October 06, 2017 at 06:17AM by mikiozen
via reddit http://ift.tt/2fPePnp
http://ift.tt/2yGRs6S
Submitted October 06, 2017 at 06:17AM by mikiozen
via reddit http://ift.tt/2fPePnp
Arbor Networks Threat Intelligence
The Flusihoc Dynasty, A Long Standing DDoS Botnet
Since 2015, ASERT has observed and followed a DDoS Botnet named Flusihoc. To date very little has been published about this family, despite numerous anti-v
Apache Tomcat Patch for Remote Code Execution
http://ift.tt/2fVyxld
Submitted October 06, 2017 at 07:22AM by securitynewsIO
via reddit http://ift.tt/2y3iRmA
http://ift.tt/2fVyxld
Submitted October 06, 2017 at 07:22AM by securitynewsIO
via reddit http://ift.tt/2y3iRmA
Security News iO
Apache Tomcat Patch for Remote Code Execution | Security News iO
The team at Apache issued a Tomcat patch for important remote code execution vulnerabilities. 70% of webservers were uncovered the past few weeks.
Best Dolphin Security Guards Services Provider Company in Ahmedabad
https://www.youtube.com/watch?v=-oKkU4psAeY&feature=youtu.be
Submitted October 06, 2017 at 10:37AM by dolphinsecurity
via reddit http://ift.tt/2fVBLoQ
https://www.youtube.com/watch?v=-oKkU4psAeY&feature=youtu.be
Submitted October 06, 2017 at 10:37AM by dolphinsecurity
via reddit http://ift.tt/2fVBLoQ
YouTube
Best Dolphin Security Guards Services Provider Company in Ahmedabad
Dolphin Group is the Best Security Guards Services Provider Company in Ahmedabad.
A Question about Replay Attacks
I was reading an article about windows audit policies- Audit Other Account Logon Events here: http://ift.tt/2xlw3UG and one of the features of this policy got my attention, the one that says A replay attack is detected. This event indicates that a Kerberos request was received twice with identical information. This condition could also be caused by network misconfiguration.I know what replay attack is, and how it works. What I want to ask you guys is how a misconfiguration such this can happen? What can you do in your network to send the packets twice and mess with event viewer like this?
Submitted October 06, 2017 at 12:06PM by arsalanjp
via reddit http://ift.tt/2fN7hRW
I was reading an article about windows audit policies- Audit Other Account Logon Events here: http://ift.tt/2xlw3UG and one of the features of this policy got my attention, the one that says A replay attack is detected. This event indicates that a Kerberos request was received twice with identical information. This condition could also be caused by network misconfiguration.I know what replay attack is, and how it works. What I want to ask you guys is how a misconfiguration such this can happen? What can you do in your network to send the packets twice and mess with event viewer like this?
Submitted October 06, 2017 at 12:06PM by arsalanjp
via reddit http://ift.tt/2fN7hRW
Hunting With Active Directory Replication Metadata
http://ift.tt/2fP55tk
Submitted October 06, 2017 at 12:26PM by campuscodi
via reddit http://ift.tt/2y521DF
http://ift.tt/2fP55tk
Submitted October 06, 2017 at 12:26PM by campuscodi
via reddit http://ift.tt/2y521DF
Posts By SpecterOps Team Members
Hunting With Active Directory Replication Metadata
With the recent release of BloodHound’s ACL Attack Path Update as well as the work on Active Directory DACL backdooring by @_wald0 and myself (whitepaper here), I started to investigate ACL-based…
Apache Releases Security Updates for Apache Tomcat
http://ift.tt/2wEs9Rm
Submitted October 06, 2017 at 12:43PM by i-bar
via reddit http://ift.tt/2y50P3a
http://ift.tt/2wEs9Rm
Submitted October 06, 2017 at 12:43PM by i-bar
via reddit http://ift.tt/2y50P3a
www.us-cert.gov
Apache Releases Security Updates for Apache Tomcat | US-CERT
The Apache Foundation has released security updates to address vulnerabilities in Apache Tomcat. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected server.
Apple gave Uber's app 'unprecedented' access to a secret backdoor that can record iPhone screens
http://ift.tt/2fO7WTd
Submitted October 06, 2017 at 01:30PM by GemmaJ123
via reddit http://ift.tt/2kpzsM9
http://ift.tt/2fO7WTd
Submitted October 06, 2017 at 01:30PM by GemmaJ123
via reddit http://ift.tt/2kpzsM9
Business Insider
Apple gave Uber's app 'unprecedented' access to a secret backdoor that can record iPhone screens
The existence of Uber's access to special iPhone functions is not disclosed in any consumer-facing information included with its app.
Security Industry | Security Market Research Reports | Online Market Research
http://ift.tt/2y5bc75
Submitted October 06, 2017 at 02:15PM by tinapp1417
via reddit http://ift.tt/2fYtSyN
http://ift.tt/2y5bc75
Submitted October 06, 2017 at 02:15PM by tinapp1417
via reddit http://ift.tt/2fYtSyN
More questions than answers after a third data breach at the NSA is revealed
http://ift.tt/2y5oUqE
Submitted October 06, 2017 at 02:11PM by MicheeLengronne
via reddit http://ift.tt/2fW0hGv
http://ift.tt/2y5oUqE
Submitted October 06, 2017 at 02:11PM by MicheeLengronne
via reddit http://ift.tt/2fW0hGv
CSO Online
More questions than answers after a third data breach at the NSA is revealed
A report in The Wall Street Journal says that hackers working for the Russian government stole sensitive documents from a NSA contractor's home computer. The story goes on to say the contractor was targeted after the files were discovered by Kaspersky's Anti…