ADV170014 NTLM SSO: Exploitation Guide
http://ift.tt/2yMQZmS
Submitted October 24, 2017 at 05:15PM by galapag0
via reddit http://ift.tt/2ixMkPH
http://ift.tt/2yMQZmS
Submitted October 24, 2017 at 05:15PM by galapag0
via reddit http://ift.tt/2ixMkPH
Sysadmin Life...
ADV170014 NTLM SSO: Exploitation Guide
October 2017, Microsoft patch Tuesday included an optional security advisory, ADV170014, this advisory makes reference to a bug on the NTLM authentication scheme, that allows a malicious attacker t…
You need more than one AWS account: AWS bastions and assume-role
http://ift.tt/2gt2dWS
Submitted October 24, 2017 at 05:44PM by speckz
via reddit http://ift.tt/2gxZaZY
http://ift.tt/2gt2dWS
Submitted October 24, 2017 at 05:44PM by speckz
via reddit http://ift.tt/2gxZaZY
The Coinbase Engineering Blog
You need more than one AWS account: AWS bastions and assume-role
You need more than one AWS account. This is to isolate production resources, manage limits (especially API rate limiting), handle costs…
Reverse Engineering an Integrated Circuit for Pwn2Win 2017 CTF
http://ift.tt/2h19SsE
Submitted October 24, 2017 at 05:43PM by Involder
via reddit http://ift.tt/2yLcdQg
http://ift.tt/2h19SsE
Submitted October 24, 2017 at 05:43PM by Involder
via reddit http://ift.tt/2yLcdQg
blog.dragonsector.pl
Pwn2Win 2017 - Shift Register
Disclaimer : I am not an electronics engineer. I just play one on Twitter. A lot of the following might be heresy to someone who ever ...
Automating The GRC Checkbox Game
http://ift.tt/2h3S6Vx
Submitted October 24, 2017 at 06:10PM by Uminekoshi
via reddit http://ift.tt/2xk0SFg
http://ift.tt/2h3S6Vx
Submitted October 24, 2017 at 06:10PM by Uminekoshi
via reddit http://ift.tt/2xk0SFg
Nehemiah Security
Automating the GRC Checkbox Game - Nehemiah Security
It is time to sunset the practice of producing reports for reporting’s sake to satisfy regulators. Organizations need to go beyond just producing reports to continuous monitoring of their compliance position. Automation becomes key here. In my post I discuss…
Security In 5: Episode 96 - OWASP A2 - Broken Authentication And Session Management
http://ift.tt/2iwjsHA
Submitted October 24, 2017 at 06:36PM by BinaryBlog
via reddit http://ift.tt/2z2l032
http://ift.tt/2iwjsHA
Submitted October 24, 2017 at 06:36PM by BinaryBlog
via reddit http://ift.tt/2z2l032
Libsyn
Security In Five Podcast: Episode 96 - OWASP A2 - Broken Authentication And Session Management
Continuing with the OWASP Top 10 series we are on number 2, Broken Authentication and Session Management. What is it? How can be exploited? This episode breaks down what this covers and why it's number two in the Top 10. OWAPS A2 - Broken Authentication…
Introducing New Packing Method: First Reflective PE Packer Amber
http://ift.tt/2zySi6g
Submitted October 24, 2017 at 06:43PM by wtfse
via reddit http://ift.tt/2yJrLUF
http://ift.tt/2zySi6g
Submitted October 24, 2017 at 06:43PM by wtfse
via reddit http://ift.tt/2yJrLUF
"Three Commandments to Building a Mature Awareness Program"
http://ift.tt/2yFt0GD
Submitted October 24, 2017 at 07:20PM by volci
via reddit http://ift.tt/2gA7Dfh
http://ift.tt/2yFt0GD
Submitted October 24, 2017 at 07:20PM by volci
via reddit http://ift.tt/2gA7Dfh
securingthehuman.sans.org
Security Awareness Blog | Three Commandments to Building a Mature Awareness Program
Security Awareness Blog blog pertaining to Three Commandments to Building a Mature Awareness Program
Unpatched 17 Year Old Windows Kernel Bug Could Help Malware Hinder Detection - Part 2
http://ift.tt/2eZAQ6r
Submitted October 24, 2017 at 11:55AM by tal_liberman
via reddit http://ift.tt/2leNpgo
http://ift.tt/2eZAQ6r
Submitted October 24, 2017 at 11:55AM by tal_liberman
via reddit http://ift.tt/2leNpgo
A short story about CCTV cameras in hotels and how to hack them.
http://ift.tt/2leRu4i
Submitted October 24, 2017 at 08:47PM by MD3XTER
via reddit http://ift.tt/2z4t7wc
http://ift.tt/2leRu4i
Submitted October 24, 2017 at 08:47PM by MD3XTER
via reddit http://ift.tt/2z4t7wc
AZ - Blog
Such CCTV Cameras - Much Security
A short story about CCTV cameras in hotels and how to hack them.
Do WAFs dream of static analyzers?
http://ift.tt/2iyItCd
Submitted October 24, 2017 at 06:28PM by imr2017
via reddit http://ift.tt/2y16s3Q
http://ift.tt/2iyItCd
Submitted October 24, 2017 at 06:28PM by imr2017
via reddit http://ift.tt/2y16s3Q
Ptsecurity
Do WAFs dream of static analyzers?
Virtual patching (VP) has been one of the most popular trends in application protection in recent years. Implemented at the level of a w...
A short story about CCTV cameras in hotels and how to hack them.
http://ift.tt/2gyrM5k
Submitted October 24, 2017 at 09:17PM by MD3XTER
via reddit http://ift.tt/2yLt9aL
http://ift.tt/2gyrM5k
Submitted October 24, 2017 at 09:17PM by MD3XTER
via reddit http://ift.tt/2yLt9aL
AZ - Blog
Such CCTV Cameras - Much Security
A short story about CCTV cameras in hotels and how to hack them.
7 Strategies to Secure Enterprise IoT
http://ift.tt/2gygFcF
Submitted October 24, 2017 at 08:23PM by CrankyBear
via reddit http://ift.tt/2i1oGay
http://ift.tt/2gygFcF
Submitted October 24, 2017 at 08:23PM by CrankyBear
via reddit http://ift.tt/2i1oGay
Security Boulevard
7 Strategies to Secure Enterprise IoT - Security Boulevard
The internet of things (IoT) is opening a whole new world of possibilities. Unfortunately, it also is creating a whole new world of threats too, such as ransomware of things (RoT). Here are seven things enterprises can do to better secure their IoT. Know…
New Tool Debuts for Hacking Back at Hackers in Your Network
http://ift.tt/2x1K3hX
Submitted October 24, 2017 at 09:56PM by cymmetria
via reddit http://ift.tt/2yIjTT7
http://ift.tt/2x1K3hX
Submitted October 24, 2017 at 09:56PM by cymmetria
via reddit http://ift.tt/2yIjTT7
Dark Reading
New Tool Debuts for Hacking Back at Hackers in Your Network
Deception technology firm Cymmetria offers a new offense option for defenders.
Solution for Exploit Exercises Fusion 4. Buffer Overflow, Canary, Timing side channel and other good stuff :)
http://ift.tt/2gAHe0T
Submitted October 24, 2017 at 11:28PM by NadavClaudeCohen
via reddit http://ift.tt/2yJI9o3
http://ift.tt/2gAHe0T
Submitted October 24, 2017 at 11:28PM by NadavClaudeCohen
via reddit http://ift.tt/2yJI9o3
Nadav Claude Cohen
Fusion 4
Today we will try to solve Fusion 4. This level is a lot more complicated than the previous ones, so I might split it into 2 articles. What we will do: Read and understand the program well. Find th…
Note to the CISO: Part 2 - Contextually Aware Security Analysis is Here
http://ift.tt/2i24GEO
Submitted October 25, 2017 at 12:26AM by Mi3Security
via reddit http://ift.tt/2gAim9r
http://ift.tt/2i24GEO
Submitted October 25, 2017 at 12:26AM by Mi3Security
via reddit http://ift.tt/2gAim9r
Mi3 Security
Note to the CISO: Part 2 - Contextually Aware Security Analysis is Here
Contextually Aware Security testing is MI3 Security’s answer to the
limitations of one time application specific scans.
limitations of one time application specific scans.
3.54 Terabyte Rainbow Table
https://infocon.org/
Submitted October 25, 2017 at 12:59AM by stbernardy
via reddit http://ift.tt/2xl0Ixk
https://infocon.org/
Submitted October 25, 2017 at 12:59AM by stbernardy
via reddit http://ift.tt/2xl0Ixk
infocon.org
InfoCon.org is an archive of hacking and security conference videos, documentaries, rainbow tables, word lists and podcasts.
DUHK Attack Lets Hackers Recover Encryption Key Used in VPNs & Web Sessions
http://ift.tt/2yHyVLf
Submitted October 25, 2017 at 12:43AM by jinxrr
via reddit http://ift.tt/2gG8dvP
http://ift.tt/2yHyVLf
Submitted October 25, 2017 at 12:43AM by jinxrr
via reddit http://ift.tt/2gG8dvP
SemFuzz: Semantics-based Automatic Generation of Proof-of-Concept Exploits
http://ift.tt/2zNBvgr
Submitted October 25, 2017 at 02:15AM by paFarb
via reddit http://ift.tt/2gGqmcW
http://ift.tt/2zNBvgr
Submitted October 25, 2017 at 02:15AM by paFarb
via reddit http://ift.tt/2gGqmcW
Google Docs
SemFuzz.pdf
DUHK: Vulnerability in ANSI X9.31 RNG allows a MITM to recover secret keys used for VPN connections.
https://duhkattack.com
Submitted October 25, 2017 at 02:15AM by SeventeenOhSeven
via reddit http://ift.tt/2yJfZvE
https://duhkattack.com
Submitted October 25, 2017 at 02:15AM by SeventeenOhSeven
via reddit http://ift.tt/2yJfZvE
reddit
DUHK: Vulnerability in ANSI X9.31 RNG allows a MITM to... • r/netsec
1 points and 0 comments so far on reddit
Multiple Vulnerabilities on CUF - Largest Portuguese Private Health Unit Web Services
http://ift.tt/2xm3hiC
Submitted October 25, 2017 at 01:52AM by salgfrancisco
via reddit http://ift.tt/2gFWNrR
http://ift.tt/2xm3hiC
Submitted October 25, 2017 at 01:52AM by salgfrancisco
via reddit http://ift.tt/2gFWNrR
Miguel de Moura
CUF - Largest Portuguese Private Health Unit Web Services - Multiple Vulnerabilities
Application DOS, Authenticated, Stored XSS and Email HTML Injection
Bad Rabbit ransomware technical dive
http://ift.tt/2zzScLB
Submitted October 25, 2017 at 12:49AM by exaltedgod
via reddit http://ift.tt/2gysbF4
http://ift.tt/2zzScLB
Submitted October 25, 2017 at 12:49AM by exaltedgod
via reddit http://ift.tt/2gysbF4
Securelist - Information about Viruses, Hackers and Spam
Bad Rabbit ransomware
On October 24th we observed notifications of mass attacks with ransomware called Bad Rabbit. It has been targeting organizations and consumers, mostly in Russia but there have also been reports of victims in Ukraine.