Great tech blog for securing AWS EC2 Instances with Microsoft Defender https://ift.tt/3BJgt1x
https://ift.tt/3BJgt1x
Submitted November 03, 2021 at 11:27PM by or-lightspin
via reddit https://ift.tt/3CI7qPv
https://ift.tt/3BJgt1x
Submitted November 03, 2021 at 11:27PM by or-lightspin
via reddit https://ift.tt/3CI7qPv
blog.lightspin.io
Microsoft Defender for Endpoint on AWS: Part 1
This blog serves as the first part of our series that deep dives into Microsoft Defender for Endpoint on AWS.
BugBuntu is a customized distro based on Ubuntu 18.04 and focused on Bug Bounty tools.
https://ift.tt/3Ez5cme
Submitted November 04, 2021 at 12:46AM by halencarjunior
via reddit https://ift.tt/3bFQVri
https://ift.tt/3Ez5cme
Submitted November 04, 2021 at 12:46AM by halencarjunior
via reddit https://ift.tt/3bFQVri
GitHub
GitHub - halencarjunior/BugBuntu: BugBuntu Linux
BugBuntu Linux. Contribute to halencarjunior/BugBuntu development by creating an account on GitHub.
SSS3 is a simple S3 Bucket testing software. It uses aws cli to search for public buckets in a list of domains/subdomains.
https://ift.tt/3q1spt5
Submitted November 04, 2021 at 12:45AM by halencarjunior
via reddit https://ift.tt/3wfAhIt
https://ift.tt/3q1spt5
Submitted November 04, 2021 at 12:45AM by halencarjunior
via reddit https://ift.tt/3wfAhIt
GitHub
GitHub - halencarjunior/sss3: Simple S3 Bucket Testing Software
Simple S3 Bucket Testing Software. Contribute to halencarjunior/sss3 development by creating an account on GitHub.
Getting DDoS everyday by a competitor, I have a dedicated server with OVH and have CSF Firewall and Mod Security installed and configurated to CT Limit 25 + Check every minute, but my competitor is still able to just keep changing the attack IP's and putting my site offline around 60-70% of the time
https://ift.tt/3bETytK
Submitted November 04, 2021 at 07:47AM by philkk
via reddit https://ift.tt/2ZUpJmx
https://ift.tt/3bETytK
Submitted November 04, 2021 at 07:47AM by philkk
via reddit https://ift.tt/2ZUpJmx
VESlocker: Hardware-grade PIN security API
https://veslocker.com
Submitted November 04, 2021 at 10:01AM by vesvault
via reddit https://ift.tt/3BIDTnM
https://veslocker.com
Submitted November 04, 2021 at 10:01AM by vesvault
via reddit https://ift.tt/3BIDTnM
reddit
VESlocker: Hardware-grade PIN security API
Posted in r/netsec by u/vesvault • 1 point and 0 comments
Finding and Fixing DOM-based XSS with Static Analysis
https://ift.tt/3nTKref
Submitted November 03, 2021 at 08:43PM by mozfreddyb
via reddit https://ift.tt/3q4uVPg
https://ift.tt/3nTKref
Submitted November 03, 2021 at 08:43PM by mozfreddyb
via reddit https://ift.tt/3q4uVPg
Attack & Defense
Finding and Fixing DOM-based XSS with Static Analysis
Despite all the efforts of fixing Cross-Site Scripting (XSS) on the web, it continuously ranks as one of the most dangerous security issues in software. In particular, DOM-based XSS is ...
WordPress and the new vulnerability Trojan Source (CVE-2021-42694 and CVE-2021-42574)
https://ift.tt/3q6tccv
Submitted November 04, 2021 at 08:40PM by jonas02
via reddit https://ift.tt/3o1rIxz
https://ift.tt/3q6tccv
Submitted November 04, 2021 at 08:40PM by jonas02
via reddit https://ift.tt/3o1rIxz
WPSec
WordPress and Trojan Source - WPSec
TL;DR: We have found no evidence that the new Trojan Source method has been used to sneak in backdoors in any of the WordPress plugins listed on WordPress.org (CVE-2021-42694 and CVE-2021-42574) A new vulnerability affecting the supply chain of Source Code…
Cloud Shadow Admins Revisited in Light of Nobelium
https://ift.tt/3wkm6Ci
Submitted November 04, 2021 at 10:39PM by jat0369
via reddit https://ift.tt/3GOEcRv
https://ift.tt/3wkm6Ci
Submitted November 04, 2021 at 10:39PM by jat0369
via reddit https://ift.tt/3GOEcRv
Cyberark
Cloud Shadow Admins Revisited in Light of Nobelium
A recently detected attack campaign involving threat actor Nobelium has caught our attention due to an attack vector our team has previously researched – Cloud Shadow Admins – that the adversary...
Widespread Security Risk Identified in Phones and Bluetooth Devices
https://ift.tt/3mJagOS
Submitted November 05, 2021 at 01:48PM by bunnyhoperornoter
via reddit https://ift.tt/3k96M6u
https://ift.tt/3mJagOS
Submitted November 05, 2021 at 01:48PM by bunnyhoperornoter
via reddit https://ift.tt/3k96M6u
IEEE Spectrum
Widespread Vulnerability Identified in Phones and Bluetooth Devices
Approximately 40 percent of mobile phones may be uniquely identified via Bluetooth signals
Chishing - An Emerging Threat to Business Chat Applications
https://ift.tt/31ywbQG
Submitted November 05, 2021 at 05:40PM by pizzahax
via reddit https://ift.tt/31yCIe9
https://ift.tt/31ywbQG
Submitted November 05, 2021 at 05:40PM by pizzahax
via reddit https://ift.tt/31yCIe9
Community-Driven Open Database of Vulnerability Exploitation inTheWild
https://inthewild.io/
Submitted November 05, 2021 at 07:41PM by 4lreadytekken
via reddit https://ift.tt/3C01NLH
https://inthewild.io/
Submitted November 05, 2021 at 07:41PM by 4lreadytekken
via reddit https://ift.tt/3C01NLH
reddit
Community-Driven Open Database of Vulnerability Exploitation inTheWild
Posted in r/netsec by u/4lreadytekken • 12 points and 9 comments
"Architecture 4001: x86-64 Intel Firmware Attack & Defense" free multi-day class
https://ift.tt/3q9oJpb
Submitted November 05, 2021 at 07:24PM by OpenSecurityTraining
via reddit https://ift.tt/3nV0use
https://ift.tt/3q9oJpb
Submitted November 05, 2021 at 07:24PM by OpenSecurityTraining
via reddit https://ift.tt/3nV0use
p.ost2.fyi
Architecture 4001: x86-64 Intel Firmware Attack & Defense
This class teaches Intel x86 reset vector firmware (aka BIOS). It requires you to have taken Arch1001, Arch2001, and Dbg1015.
A (free) Kubernetes Canarytoken - Get attackers to reveal themselves with a stray kubeconfig
https://ift.tt/3mK0Wdw
Submitted November 05, 2021 at 08:19PM by thinkst
via reddit https://ift.tt/3GTJxHl
https://ift.tt/3mK0Wdw
Submitted November 05, 2021 at 08:19PM by thinkst
via reddit https://ift.tt/3GTJxHl
Thinkst Thoughts
A Kubeconfig Canarytoken
Introducing the new Kubeconfig Canarytoken A while back we asked: “What will an attacker do if they find an AWS API key on your server?” (We are pretty convinced they will try to use it, and when t…
Threema: Three Strikes, You’re Out
https://ift.tt/3EHwAOM
Submitted November 05, 2021 at 09:35PM by moviuro
via reddit https://ift.tt/3mLbuJs
https://ift.tt/3EHwAOM
Submitted November 05, 2021 at 09:35PM by moviuro
via reddit https://ift.tt/3mLbuJs
Dhole Moments
Threema: Three Strikes, You’re Out - Dhole Moments
Threema boldly claims to be more secure than Signal. Does this hold up to scrutiny?
Why We Need mTLS in Kubernetes Service Meshes
https://ift.tt/3wnfLWz
Submitted November 05, 2021 at 09:30PM by chillysurfer
via reddit https://ift.tt/3EPAiGc
https://ift.tt/3wnfLWz
Submitted November 05, 2021 at 09:30PM by chillysurfer
via reddit https://ift.tt/3EPAiGc
Thomas Stringer
Why We Need mTLS in Kubernetes Service Meshes
One of the great features of service meshes in Kubernetes is the ability to have an out-of-the-box zero-application-changes solution that delivers a powerful security feature: mTLS (mutual Transport Layer Security). But… why do we need mTLS? It’s because…
show netsec: blint, a binary linter powered by lief
https://ift.tt/3CKTd4q
Submitted November 05, 2021 at 09:05PM by prabhus
via reddit https://ift.tt/3o1oXMv
https://ift.tt/3CKTd4q
Submitted November 05, 2021 at 09:05PM by prabhus
via reddit https://ift.tt/3o1oXMv
reddit
show netsec: blint, a binary linter powered by lief
Posted in r/netsec by u/prabhus • 1 point and 0 comments
Evaluating Physical-Layer BLE Location Tracking Attacks on Mobile Devices
https://ift.tt/3ESuvzV
Submitted November 05, 2021 at 10:38PM by dontbenebby
via reddit https://ift.tt/3ka74tR
https://ift.tt/3ESuvzV
Submitted November 05, 2021 at 10:38PM by dontbenebby
via reddit https://ift.tt/3ka74tR
A Konami Code for Vuln Chaining Combos
https://ift.tt/31AjIMl
Submitted November 06, 2021 at 01:58AM by IndySecMan
via reddit https://ift.tt/3qclq0K
https://ift.tt/31AjIMl
Submitted November 06, 2021 at 01:58AM by IndySecMan
via reddit https://ift.tt/3qclq0K
Medium
A Konami Code for Vuln Chaining Combos
Automate finding relational vulnerabilities for a more accurate risk rating
Verizon SIMs open their own TCP/IP sessions. And other stuff.
https://ift.tt/3BQMjtg
Submitted November 06, 2021 at 03:23AM by dburgess000
via reddit https://ift.tt/3wiVmSF
https://ift.tt/3BQMjtg
Submitted November 06, 2021 at 03:23AM by dburgess000
via reddit https://ift.tt/3wiVmSF
Medium
More Proactive SIMs
AT&T inspired me to explore a little more.
How to exploit CVE-2021-40539 on ManageEngine ADSelfService Plus
https://ift.tt/3CVumek
Submitted November 06, 2021 at 06:56AM by scopedsecurity
via reddit https://ift.tt/31v34O1
https://ift.tt/3CVumek
Submitted November 06, 2021 at 06:56AM by scopedsecurity
via reddit https://ift.tt/31v34O1
Synacktiv
How to exploit CVE-2021-40539 on ManageEngine ADSelfService Plus
A detailed analysis of the STOP/Djvu Ransomware
https://ift.tt/3BRtENO
Submitted November 07, 2021 at 02:06AM by CyberMasterV
via reddit https://ift.tt/3bOiNtw
https://ift.tt/3BRtENO
Submitted November 07, 2021 at 02:06AM by CyberMasterV
via reddit https://ift.tt/3bOiNtw
reddit
A detailed analysis of the STOP/Djvu Ransomware
Posted in r/netsec by u/CyberMasterV • 107 points and 3 comments