hacker5.org is a blog providing bite-size information about five recent things happened in netsec that update not so frequently as compared with other security news site. Data are mostly collected from here (r/netsec) and ycombinator hackernews.
https://hacker5.org/
Submitted July 08, 2021 at 12:36PM by MilonMaze
via reddit https://ift.tt/3dPDRBl
https://hacker5.org/
Submitted July 08, 2021 at 12:36PM by MilonMaze
via reddit https://ift.tt/3dPDRBl
reddit
hacker5.org is a blog providing bite-size information about five...
Posted in r/netsec by u/MilonMaze • 0 points and 0 comments
A series of free interactive AWS security training modules that teach developers how to identify and mitigate security vulnerabilities in their AWS hosted cloud applications.
https://ift.tt/2SW8j5r
Submitted July 08, 2021 at 08:03PM by Cool-Return
via reddit https://ift.tt/3hrW3Dn
https://ift.tt/2SW8j5r
Submitted July 08, 2021 at 08:03PM by Cool-Return
via reddit https://ift.tt/3hrW3Dn
Kontra
Application Security Training For Developers | Kontra
Kontra is an Application Security Training platform built for modern development teams.
Global Phishing Campaign Targets Energy Sector and its Suppliers
https://ift.tt/36plE9s
Submitted July 08, 2021 at 08:03PM by Milafasents
via reddit https://ift.tt/3yyidta
https://ift.tt/36plE9s
Submitted July 08, 2021 at 08:03PM by Milafasents
via reddit https://ift.tt/3yyidta
Intezer
Global Phishing Campaign Targets Energy Sector and its Suppliers
Attack also targets oil & gas suppliers likely as a stepping-stone to infect companies that work with the suppliers.
Conti Unpacked | Understanding Ransomware Development As a Response to Detection
https://ift.tt/3jYsR8o
Submitted July 08, 2021 at 09:32PM by Cyberthere
via reddit https://ift.tt/3qVVJzK
https://ift.tt/3jYsR8o
Submitted July 08, 2021 at 09:32PM by Cyberthere
via reddit https://ift.tt/3qVVJzK
SentinelOne
Conti Unpacked | Understanding Ransomware Development As a Response to Detection - SentinelLabs
Conti's rapid encryption speed is matched only by its rapid evolution. SentinelLabs' deep dive explores its development in unprecedented detail.
NIST CSF Framework Benchmark (85 open source controls for AWS)
https://ift.tt/3wv6Mku
Submitted July 09, 2021 at 12:51AM by CloudSpout
via reddit https://ift.tt/3k1rlT4
https://ift.tt/3wv6Mku
Submitted July 09, 2021 at 12:51AM by CloudSpout
via reddit https://ift.tt/3k1rlT4
Steampipe Hub
AWS Compliance Mod for Steampipe
Run individual configuration, compliance and security controls or full compliance benchmarks for CIS, PCI, NIST, HIPAA, RBI CSF, and AWS Foundational Security Best Practices controls across all your AWS accounts using Steampipe.
Sneaky malware reconfigures Hive OS wallet so attacker gets mined coins
https://ift.tt/3dYcTY8
Submitted July 09, 2021 at 02:07AM by securehoney
via reddit https://ift.tt/2T1svTE
https://ift.tt/3dYcTY8
Submitted July 09, 2021 at 02:07AM by securehoney
via reddit https://ift.tt/2T1svTE
Secure Honey
Sneaky Malware Reconfigures Hive OS Wallet for Profit | Secure Honey
I recently observed some malware (uploaded to my honeypot) that targets Hive OS's wallet configuration -- to redirect mined coins to the attacker.
Previous WhyNotWin11 Releases Vulnerable to DLL Hijacking, Priviledge Escalatoin
https://ift.tt/3wsECXm
Submitted July 09, 2021 at 12:10PM by rcmaehl
via reddit https://ift.tt/3ATsi6b
https://ift.tt/3wsECXm
Submitted July 09, 2021 at 12:10PM by rcmaehl
via reddit https://ift.tt/3ATsi6b
GitHub
Vulnerability Disclosure 07 09 2021
Detection Script to help identify why your PC isn't Windows 11 Release Ready - rcmaehl/WhyNotWin11
Previous WhyNotWin11 Releases Vulnerable to DLL Hijacking, Privilege Escalation
https://ift.tt/3wsECXm
Submitted July 09, 2021 at 12:13PM by rcmaehl
via reddit https://ift.tt/3AKwrsP
https://ift.tt/3wsECXm
Submitted July 09, 2021 at 12:13PM by rcmaehl
via reddit https://ift.tt/3AKwrsP
GitHub
Vulnerability Disclosure 07 09 2021
Detection Script to help identify why your PC isn't Windows 11 Release Ready - rcmaehl/WhyNotWin11
UDP Technology IP Camera vulnerabilities - unauthenticated RCE Root.
https://ift.tt/2TJIiXH
Submitted July 09, 2021 at 02:35PM by M0t0k0Kus4n4g1
via reddit https://ift.tt/3jWfxSd
https://ift.tt/2TJIiXH
Submitted July 09, 2021 at 02:35PM by M0t0k0Kus4n4g1
via reddit https://ift.tt/3jWfxSd
Hacking Rendertron and Puppeteer, what to expect if you put a browser on the internet. - even recent version of Rendertron runs outdated browser with no-sandbox by default; you have to keep it safe
https://ift.tt/3ejAu63
Submitted July 09, 2021 at 05:48PM by 4lreadytekken
via reddit https://ift.tt/3yH2XKw
https://ift.tt/3ejAu63
Submitted July 09, 2021 at 05:48PM by 4lreadytekken
via reddit https://ift.tt/3yH2XKw
Medium
Hacking Rendertron and Puppeteer— What to expect if you put a browser on the internet
tldr: do not expose Rendertron! If you run headless browsers for things other than testing, design the infra expecting they will get owned.
"Surveilling the Gamers": New research paper illustrates how video games can be exploited for illegitimate surveillance and user profiling
https://ift.tt/3hVJHSG
Submitted July 09, 2021 at 05:44PM by bayashad
via reddit https://ift.tt/3hN8tEG
https://ift.tt/3hVJHSG
Submitted July 09, 2021 at 05:44PM by bayashad
via reddit https://ift.tt/3hN8tEG
Ssrn
Surveilling the Gamers: Privacy Impacts of the Video Game Industry by Jacob Leon Kröger, Philip Raschke, Jessica Percy Campbell…
With many million users across all age groups and income levels, video games have become the world’s leading entertainment industry. Behind the fun experience t
Analysing an O.MG cable
https://ift.tt/3dXy78r
Submitted July 09, 2021 at 06:52PM by kev-thehermit
via reddit https://ift.tt/2UCGgbS
https://ift.tt/3dXy78r
Submitted July 09, 2021 at 06:52PM by kev-thehermit
via reddit https://ift.tt/2UCGgbS
TechAnarchy
Analysing an O.MG cable
Setting up an O.MG cable for keystroke injection attacks, and then forensically dumping the firmware for analysis.
I wrote a local browser tool to query Nessus reports via SQL for easy analysis and reporting.
https://ift.tt/3htVfxC
Submitted July 10, 2021 at 06:38PM by The_Login
via reddit https://ift.tt/3xwhGYH
https://ift.tt/3htVfxC
Submitted July 10, 2021 at 06:38PM by The_Login
via reddit https://ift.tt/3xwhGYH
GitHub
GitHub - The-Login/nessSQL: Query nessus reports via SQL!
Query nessus reports via SQL! Contribute to The-Login/nessSQL development by creating an account on GitHub.
Getting Partial AWS Account IDs for any Cloudfront Website
https://ift.tt/2VmVUs1
Submitted July 10, 2021 at 06:48PM by arkadiyt
via reddit https://ift.tt/3wyslAC
https://ift.tt/2VmVUs1
Submitted July 10, 2021 at 06:48PM by arkadiyt
via reddit https://ift.tt/3wyslAC
Arkadiyt
Getting Partial AWS Account IDs for any Cloudfront Website
A bug in AWS ACM allows you to import valid TLS certificates for domains you don't own. Combined with a new Cloudfront feature this lets you extract AWS Account IDs for websites hosted on CloudFront.
This article was written for high schoolers that have heard of InfoSec at the surface and are unsure if it is for them. I was in that scenario in high school at one point and I hope to help others. This is my first ever blog post. Hold me to my word, I will never blog for monetary gain. Love you all
https://ift.tt/3k5HsiI
Submitted July 10, 2021 at 11:41PM by cradersec
via reddit https://ift.tt/3r1K2aD
https://ift.tt/3k5HsiI
Submitted July 10, 2021 at 11:41PM by cradersec
via reddit https://ift.tt/3r1K2aD
I created a program that automatically creates fuzzing harnesses for any library or program.
https://ift.tt/3e4blft
Submitted July 11, 2021 at 04:07AM by Green_Same
via reddit https://ift.tt/3r2c0Dk
https://ift.tt/3e4blft
Submitted July 11, 2021 at 04:07AM by Green_Same
via reddit https://ift.tt/3r2c0Dk
GitHub
GitHub - parikhakshat/autoharness: A tool that automatically creates fuzzing harnesses based on a library
A tool that automatically creates fuzzing harnesses based on a library - GitHub - parikhakshat/autoharness: A tool that automatically creates fuzzing harnesses based on a library
Whose app are you downloading? Link hijacking Binance’s shortlinks through AppsFlyer
https://ift.tt/2VtVYXc
Submitted July 11, 2021 at 08:05AM by samwcurry
via reddit https://ift.tt/3qZAcGu
https://ift.tt/2VtVYXc
Submitted July 11, 2021 at 08:05AM by samwcurry
via reddit https://ift.tt/3qZAcGu
Palisade
Link hijacking Binance’s shortlinks through AppsFlyer — Palisade
While auditing the Binance program through their public bug bounty program, we noticed that some of the site’s shortlinks were being routed through a third-party app analytics platform called AppsFlyer. The shortlinks were available after authenticating to…
Wrote a small, portable and fast PowerShell portscanner
https://ift.tt/3e6yVIm
Submitted July 11, 2021 at 01:13PM by The-Luemmel
via reddit https://ift.tt/3wrNP2g
https://ift.tt/3e6yVIm
Submitted July 11, 2021 at 01:13PM by The-Luemmel
via reddit https://ift.tt/3wrNP2g
GitHub
Pentest-Tools-Collection/portscan.ps1 at main · LuemmelSec/Pentest-Tools-Collection
Contribute to LuemmelSec/Pentest-Tools-Collection development by creating an account on GitHub.
Adding a native sniffer to your implants: decomposing and recomposing PktMon
https://ift.tt/3hVUexh
Submitted July 11, 2021 at 04:52PM by gid0rah
via reddit https://ift.tt/3hwV0lp
https://ift.tt/3hVUexh
Submitted July 11, 2021 at 04:52PM by gid0rah
via reddit https://ift.tt/3hwV0lp
reddit
Adding a native sniffer to your implants: decomposing and...
Posted in r/netsec by u/gid0rah • 73 points and 2 comments
BSides Charlotte CFP Is Now Open
https://ift.tt/2VuHCWy
Submitted July 11, 2021 at 05:08PM by agreenbhm
via reddit https://ift.tt/3k7cQgM
https://ift.tt/2VuHCWy
Submitted July 11, 2021 at 05:08PM by agreenbhm
via reddit https://ift.tt/3k7cQgM
Google Docs
BSides Charlotte 2021 Call for Papers (CFP)
User enumeration on Microsoft Teams
https://ift.tt/3hxnH1L
Submitted July 11, 2021 at 09:59PM by nodauf
via reddit https://ift.tt/2VqAk5X
https://ift.tt/3hxnH1L
Submitted July 11, 2021 at 09:59PM by nodauf
via reddit https://ift.tt/2VqAk5X
GitHub
GitHub - immunIT/TeamsUserEnum: User enumeration with Microsoft Teams API
User enumeration with Microsoft Teams API. Contribute to immunIT/TeamsUserEnum development by creating an account on GitHub.