SensePost | Linux heap exploitation intro series: Used and Abused - use-after-free [mini-challenge inside]
http://ift.tt/2uJiAD4
Submitted July 31, 2017 at 10:25PM by NeomindMusic
via reddit http://ift.tt/2f1XtXk
http://ift.tt/2uJiAD4
Submitted July 31, 2017 at 10:25PM by NeomindMusic
via reddit http://ift.tt/2f1XtXk
Sensepost
SensePost | Linux heap exploitation intro series: used and abused – use after free
Leaders in Information Security
The adventures of xss vectors in curious places
http://ift.tt/2v9bkBr
Submitted July 30, 2017 at 09:55PM by i_bo0om
via reddit http://ift.tt/2vmlMpI
http://ift.tt/2v9bkBr
Submitted July 30, 2017 at 09:55PM by i_bo0om
via reddit http://ift.tt/2vmlMpI
reddit
The adventures of xss vectors in curious places • r/netsec
1 points and 0 comments so far on reddit
We all use perfectly entropic, 48-character passwords for every account we own, obviously. But did you always? I sure didn't.
http://ift.tt/2udlyfF
Submitted August 01, 2017 at 01:10AM by heyitsmikeyv
via reddit http://ift.tt/2vcgqx3
http://ift.tt/2udlyfF
Submitted August 01, 2017 at 01:10AM by heyitsmikeyv
via reddit http://ift.tt/2vcgqx3
Michael Veenstra
How Your Terrible Old Password Could Come Back To Haunt You | Michael Veenstra
"daredevi1" There it is, folks. My everything-password from my school days.
BadIntent: Integrating Android with Burp
http://ift.tt/2gQYimo
Submitted August 01, 2017 at 01:08AM by mat3_
via reddit http://ift.tt/2hid2uR
http://ift.tt/2gQYimo
Submitted August 01, 2017 at 01:08AM by mat3_
via reddit http://ift.tt/2hid2uR
GitHub
mateuszk87/BadIntent
BadIntent - Intercept, modify, repeat and attack Android's Binder transactions using Burp Suite
Reverse Engineering a JavaScript Obfuscated Dropper
http://ift.tt/2uN6IQt
Submitted July 31, 2017 at 06:35PM by splinter_code
via reddit http://ift.tt/2w0dlgO
http://ift.tt/2uN6IQt
Submitted July 31, 2017 at 06:35PM by splinter_code
via reddit http://ift.tt/2w0dlgO
InfoSec Resources
Reverse Engineering a JavaScript Obfuscated Dropper
1. Introduction Nowadays one of the techniques most used to spread malware on windows systems is using a JavaScript (js) dropper. A js dropper represents,
WiFiBeat: Store 802.11 frames in Elasticsearch Visualize with Kibana
http://ift.tt/2vczlaM
Submitted August 01, 2017 at 07:00AM by p339
via reddit http://ift.tt/2hiwhEw
http://ift.tt/2vczlaM
Submitted August 01, 2017 at 07:00AM by p339
via reddit http://ift.tt/2hiwhEw
WiFiBeat
Store 802.11 frames in Elasticsearch. Visualize them with Kibana.
I wrote this post about HSTS.
http://ift.tt/2rYxYdR
Submitted August 01, 2017 at 02:03PM by MicheeLengronne
via reddit http://ift.tt/2f4bFyV
http://ift.tt/2rYxYdR
Submitted August 01, 2017 at 02:03PM by MicheeLengronne
via reddit http://ift.tt/2f4bFyV
Limawi
SSL/TLS and HSTS, what is that ?
Our websites are made safe with https. That means that we use SSL/TLS. But what is that ? And what is the HSTS extension ?
Cobalt strikes back: an evolving multinational threat to finance
http://ift.tt/2uTolww
Submitted August 01, 2017 at 01:55PM by alexlash
via reddit http://ift.tt/2f4bGTv
http://ift.tt/2uTolww
Submitted August 01, 2017 at 01:55PM by alexlash
via reddit http://ift.tt/2f4bGTv
Ptsecurity
Cobalt strikes back: an evolving multinational threat to finance
1. Introduction Bank robbery is perhaps the quintessential crime. The promise of immense, instant riches has lured many a criminal to tar...
[Pay What You Want] WiFi Pentesting and Security eBook
https://gum.co/nGMWf
Submitted August 01, 2017 at 01:48PM by rootsh3ll
via reddit http://ift.tt/2ufCLVQ
https://gum.co/nGMWf
Submitted August 01, 2017 at 01:48PM by rootsh3ll
via reddit http://ift.tt/2ufCLVQ
Gumroad
Kali Linux Wireless Pentesting and Security eBook
For eye friendly product denoscription, go here. In this 165+ Pages eBook you will Learn: 1. Kali Linux Installation. 2. Configuring the wireless card3. Basics of Wi-Fi networks. 4. Cracking the Wire...
Exploiting Second Order SQLi Flaws by using Burp & Custom Sqlmap Tamper
http://ift.tt/2voZkMS
Submitted August 01, 2017 at 04:19PM by wtfse
via reddit http://ift.tt/2whwZnY
http://ift.tt/2voZkMS
Submitted August 01, 2017 at 04:19PM by wtfse
via reddit http://ift.tt/2whwZnY
UK home secretary Amber Rudd says 'real people' don't need end-to-end encryption
http://ift.tt/2viNLGi
Submitted August 01, 2017 at 03:52PM by Reece-Happi
via reddit http://ift.tt/2ug3DVK
http://ift.tt/2viNLGi
Submitted August 01, 2017 at 03:52PM by Reece-Happi
via reddit http://ift.tt/2ug3DVK
Business Insider
UK home secretary Amber Rudd says 'real people' don't need end-to-end encryption
The Conservative minister argues that the security measure aids terrorists, and wants WhatsApp and others to voluntarily stop using it.
Rooting the Amazon Echo
http://ift.tt/2tUV1o2
Submitted August 01, 2017 at 05:49PM by juken
via reddit http://ift.tt/2ufKZwY
http://ift.tt/2tUV1o2
Submitted August 01, 2017 at 05:49PM by juken
via reddit http://ift.tt/2ufKZwY
Startcom CA reapplies for inclusion in Mozilla Firefox/Suite
http://ift.tt/2w26GTu
Submitted August 01, 2017 at 07:52PM by Kinost
via reddit http://ift.tt/2f4k1qx
http://ift.tt/2w26GTu
Submitted August 01, 2017 at 07:52PM by Kinost
via reddit http://ift.tt/2f4k1qx
bugzilla.mozilla.org
1311832 - StartCom: Action Items
An extra bit of analysis for cLEMENCy, the DEFCON CTF architecture
http://ift.tt/2eZvHdY
Submitted August 01, 2017 at 08:27PM by ryan0rz
via reddit http://ift.tt/2veOtoa
http://ift.tt/2eZvHdY
Submitted August 01, 2017 at 08:27PM by ryan0rz
via reddit http://ift.tt/2veOtoa
Trail of Bits Blog
An extra bit of analysis for Clemency
This year’s DEF CON CTF used a unique hardware architecture, cLEMENCy, and only released a specification and reference tooling for it 24 hours before the final event began. cLEMENCy was purposefull…
Silently Fixed Unauthorized Command Injection in WAGO PLC Ethernet
http://ift.tt/2wibHGH
Submitted August 01, 2017 at 07:27PM by cbolat
via reddit http://ift.tt/2uSm9Hh
http://ift.tt/2wibHGH
Submitted August 01, 2017 at 07:27PM by cbolat
via reddit http://ift.tt/2uSm9Hh
cbolat.blogspot.co.uk
Silently Fixed Unauthorized Command Injection in WAGO PLC Ethernet
Canberk Bolat, Information Security Researcher
CableTap White Paper - 26 CVEs for exploiting cable modems and set top boxes
http://ift.tt/2vpPNoU
Submitted August 01, 2017 at 10:02PM by but_im_made_of_lava
via reddit http://ift.tt/2f5YduB
http://ift.tt/2vpPNoU
Submitted August 01, 2017 at 10:02PM by but_im_made_of_lava
via reddit http://ift.tt/2f5YduB
GitHub
BastilleResearch/CableTap
CableTap public disclosure documents.
Detection and response platform Helix boosts FireEye's product subnoscription sales to $86 million
http://ift.tt/2uhARnB
Submitted August 02, 2017 at 02:40AM by Madhan58
via reddit http://ift.tt/2vlm1Aw
http://ift.tt/2uhARnB
Submitted August 02, 2017 at 02:40AM by Madhan58
via reddit http://ift.tt/2vlm1Aw
AlphaStreet.com
FEYE - Infographic
AlphaStreet is a complete social ecosystem that significantly reduces the complexity and friction in making investment decisions.
Extract passwords from TeamViewer memory using Frida
http://ift.tt/2u1zH4z
Submitted August 02, 2017 at 03:46AM by vah_13
via reddit http://ift.tt/2uhz1TD
http://ift.tt/2u1zH4z
Submitted August 02, 2017 at 03:46AM by vah_13
via reddit http://ift.tt/2uhz1TD
GitHub
vah13/extractTVpasswords
extractTVpasswords - tool to extract passwords from TeamViewer memory using Frida
Evading Machine Learning Malware Detection
http://ift.tt/2uTtCpj
Submitted August 02, 2017 at 11:37AM by UmamiSalami
via reddit http://ift.tt/2vn2C26
http://ift.tt/2uTtCpj
Submitted August 02, 2017 at 11:37AM by UmamiSalami
via reddit http://ift.tt/2vn2C26
A quick look at an Android RAT named DroidJack. This article describes what it can do and how to detect it. If you're an Android user, you're going to want to read this...
http://ift.tt/2hmDtiP
Submitted August 02, 2017 at 01:16PM by InfoSecJim
via reddit http://ift.tt/2w5eTXa
http://ift.tt/2hmDtiP
Submitted August 02, 2017 at 01:16PM by InfoSecJim
via reddit http://ift.tt/2w5eTXa
Jim Wilbur's Blog
DroidJack- A Look at an Android RAT
A quick look at DroidJack an Android RAT. DroidJack is a RAT that can build and bind Android Packages (APK) for install on any Android device.
A quick look at an Android RAT named DroidJack. This article explains what it can do and how to detect its use. Key take-aways 1. Don't check the allow unknown sources checkbox and 2. Install AV
http://ift.tt/2hmDtiP
Submitted August 02, 2017 at 02:16PM by InfoSecJim
via reddit http://ift.tt/2uiZ1y0
http://ift.tt/2hmDtiP
Submitted August 02, 2017 at 02:16PM by InfoSecJim
via reddit http://ift.tt/2uiZ1y0
Jim Wilbur's Blog
DroidJack- A Look at an Android RAT
A quick look at DroidJack an Android RAT. DroidJack is a RAT that can build and bind Android Packages (APK) for install on any Android device.