441K RedLine Malware affected accounts are included by Have I Been Pwned
https://ift.tt/32S6I5r
Submitted December 31, 2021 at 02:20PM by IT_band
via reddit https://ift.tt/32KGtxE
https://ift.tt/32S6I5r
Submitted December 31, 2021 at 02:20PM by IT_band
via reddit https://ift.tt/32KGtxE
The Cybersecurity Times
441K RedLine Malware affected accounts are included by Have I Been Pwned - The Cybersecurity Times
If you're wondering whether your email account is compromised by RedLine malware, you can check the same with 'Have I Been Pwned' website as RedLine malware has now 441,000 accounts that are compromised.
New year, new password habit
https://ift.tt/3JzWJme
Submitted December 31, 2021 at 08:07PM by Novel_Author
via reddit https://ift.tt/3mOa4xr
https://ift.tt/3JzWJme
Submitted December 31, 2021 at 08:07PM by Novel_Author
via reddit https://ift.tt/3mOa4xr
reddit
New year, new password habit
Posted in r/netsec by u/Novel_Author • 0 points and 3 comments
New year, new password habit
https://ift.tt/3JuSM1W
Submitted December 31, 2021 at 08:05PM by Novel_Author
via reddit https://ift.tt/3mO9PCx
https://ift.tt/3JuSM1W
Submitted December 31, 2021 at 08:05PM by Novel_Author
via reddit https://ift.tt/3mO9PCx
GitHub
GitHub - eddiechu/passbox: Compose your complex password
Compose your complex password. Contribute to eddiechu/passbox development by creating an account on GitHub.
serpentine - C++/Win32/Boost Windows RAT (Remote Administration Tool) with a multiplatform Java/Spring RESTful C2 server and Go, C++/Qt5 frontends
https://ift.tt/3cMxbjX
Submitted December 31, 2021 at 11:50PM by jafarlihi
via reddit https://ift.tt/3zgYLm9
https://ift.tt/3cMxbjX
Submitted December 31, 2021 at 11:50PM by jafarlihi
via reddit https://ift.tt/3zgYLm9
GitHub
GitHub - jafarlihi/serpentine: C++/Win32/Boost Windows RAT (Remote Administration Tool) with a multiplatform Java/Spring RESTful…
C++/Win32/Boost Windows RAT (Remote Administration Tool) with a multiplatform Java/Spring RESTful C2 server and Go, C++/Qt5 frontends - GitHub - jafarlihi/serpentine: C++/Win32/Boost Windows RAT (R...
Build your own reconnaissance system with Osmedeus Next Generation
https://ift.tt/3JzF7a0
Submitted January 01, 2022 at 02:30PM by j3ssiejjj
via reddit https://ift.tt/3Jqptxs
https://ift.tt/3JzF7a0
Submitted January 01, 2022 at 02:30PM by j3ssiejjj
via reddit https://ift.tt/3Jqptxs
reddit
Build your own reconnaissance system with Osmedeus Next Generation
Posted in r/netsec by u/j3ssiejjj • 54 points and 5 comments
Fixing the Unfixable: Story of a Google Cloud SSRF
https://ift.tt/3EIw0zW
Submitted January 01, 2022 at 07:52PM by xdavidhu
via reddit https://ift.tt/3pHMq7B
https://ift.tt/3EIw0zW
Submitted January 01, 2022 at 07:52PM by xdavidhu
via reddit https://ift.tt/3pHMq7B
bugs.xdavidhu.me
Fixing the Unfixable: Story of a Google Cloud SSRF
David Schütz's bug bounty writeups
I found and fixed a vulnerability in Python's source code
https://ift.tt/3EtHasa
Submitted January 01, 2022 at 11:07PM by sn1pr0s
via reddit https://ift.tt/3mNvE5g
https://ift.tt/3EtHasa
Submitted January 01, 2022 at 11:07PM by sn1pr0s
via reddit https://ift.tt/3mNvE5g
ExpiredDomains.com
tldr.engineering is for sale! Check it out on ExpiredDomains.com
tldr.engineering is available for sale! Check it out on ExpiredDomains.com. tldr.engineering is in high demand, secure it today!
How to Detect DNS Tunneling in the Network
https://ift.tt/3xTwrpA
Submitted January 02, 2022 at 02:59PM by whyisvan
via reddit https://ift.tt/3pLu19P
https://ift.tt/3xTwrpA
Submitted January 02, 2022 at 02:59PM by whyisvan
via reddit https://ift.tt/3pLu19P
Cato Networks
How to Detect DNS Tunneling in the Network?
In the past several years, we have seen multiple malware samples using DNS tunneling to exfiltrate data. In June, Microsoft Security Intelligence warned about BazarCall (or BazaLoader), a scam infecting victims with malware to get them to call a phony call…
Kickstop the Blind Ego (BlindEagle writeup by sn0wmonster from 2016)
https://ift.tt/3eN6xL6
Submitted January 02, 2022 at 04:25PM by sn0wm0nster
via reddit https://ift.tt/3EMVU5y
https://ift.tt/3eN6xL6
Submitted January 02, 2022 at 04:25PM by sn0wm0nster
via reddit https://ift.tt/3EMVU5y
Gist
Kickstop the Blind Ego (BlindEagle writeup)
Kickstop the Blind Ego (BlindEagle writeup). GitHub Gist: instantly share code, notes, and snippets.
A simple, high-level framework on how & when to effectively use WAFs
https://ift.tt/3EM632s
Submitted January 02, 2022 at 05:21PM by jubbaonjeans
via reddit https://ift.tt/3zkzNSV
https://ift.tt/3EM632s
Submitted January 02, 2022 at 05:21PM by jubbaonjeans
via reddit https://ift.tt/3zkzNSV
Substack
Edition 14: To WAF or not to WAF
Effectiveness of WAFs are a hotly debated subject in AppSec circles. This editions tries to bring a structure to that discussion.
Turning off Wi-Fi & Bluetooth interfaces automatically in iOS
https://ift.tt/3mOMLUh
Submitted January 03, 2022 at 01:20AM by hoytva
via reddit https://ift.tt/3G3D9g1
https://ift.tt/3mOMLUh
Submitted January 03, 2022 at 01:20AM by hoytva
via reddit https://ift.tt/3G3D9g1
Medium
Using iOS Shortcut Automations to Automatically Turn Off Wi-Fi & Bluetooth Interfaces
Automatically disable Wi-Fi & Bluetooth on iOS Based on Triggers
C++ Memory Corruption (std::vector) - part 2
https://ift.tt/3zhCrZX
Submitted January 03, 2022 at 11:08AM by Gallus
via reddit https://ift.tt/3qFwamR
https://ift.tt/3zhCrZX
Submitted January 03, 2022 at 11:08AM by Gallus
via reddit https://ift.tt/3qFwamR
blog.infosectcbr.com.au
C++ Memory Corruption (std::vector) - part 2
Summary This is the 2nd part of the C++ memory corruption series*. In this post, we'll look at corrupting the std::vector class in Linux and...
google/log4jscanner: A log4j vulnerability filesystem scanner and Go package for analyzing JAR files.
https://ift.tt/3JzNwdw
Submitted January 03, 2022 at 01:39PM by maryetan
via reddit https://ift.tt/3HpiyTo
https://ift.tt/3JzNwdw
Submitted January 03, 2022 at 01:39PM by maryetan
via reddit https://ift.tt/3HpiyTo
GitHub
GitHub - google/log4jscanner: A log4j vulnerability filesystem scanner and Go package for analyzing JAR files.
A log4j vulnerability filesystem scanner and Go package for analyzing JAR files. - GitHub - google/log4jscanner: A log4j vulnerability filesystem scanner and Go package for analyzing JAR files.
/r/netsec's Q1 2022 Information Security Hiring Thread
OverviewIf you have open positions at your company for information security professionals and would like to hire from the /r/netsec user base, please leave a comment detailing any open job listings at your company.We would also like to encourage you to post internship positions as well. Many of our readers are currently in school or are just finishing their education.Please reserve top level comments for those posting open positions.Rules & GuidelinesInclude the company name in the post. If you want to be topsykret, go recruit elsewhere. Include the geographic location of the position along with the availability of relocation assistance or remote work.If you are a third party recruiter, you must disclose this in your posting.Please be thorough and upfront with the position details.Use of non-hr'd (realistic) requirements is encouraged.While it's fine to link to the position on your companies website, provide the important details in the comment.Mention if applicants should apply officially through HR, or directly through you.Please clearly list citizenship, visa, and security clearance requirements.You can see an example of acceptable posts by perusing past hiring threads.FeedbackFeedback and suggestions are welcome, but please don't hijack this thread (use moderator mail instead.)
Submitted January 03, 2022 at 08:45PM by ranok
via reddit https://ift.tt/3qCOqgs
OverviewIf you have open positions at your company for information security professionals and would like to hire from the /r/netsec user base, please leave a comment detailing any open job listings at your company.We would also like to encourage you to post internship positions as well. Many of our readers are currently in school or are just finishing their education.Please reserve top level comments for those posting open positions.Rules & GuidelinesInclude the company name in the post. If you want to be topsykret, go recruit elsewhere. Include the geographic location of the position along with the availability of relocation assistance or remote work.If you are a third party recruiter, you must disclose this in your posting.Please be thorough and upfront with the position details.Use of non-hr'd (realistic) requirements is encouraged.While it's fine to link to the position on your companies website, provide the important details in the comment.Mention if applicants should apply officially through HR, or directly through you.Please clearly list citizenship, visa, and security clearance requirements.You can see an example of acceptable posts by perusing past hiring threads.FeedbackFeedback and suggestions are welcome, but please don't hijack this thread (use moderator mail instead.)
Submitted January 03, 2022 at 08:45PM by ranok
via reddit https://ift.tt/3qCOqgs
Malicious Telegram Installer Drops Purple Fox Rootkit
https://ift.tt/3zkRceo
Submitted January 03, 2022 at 08:09PM by woja111
via reddit https://ift.tt/31lR9CD
https://ift.tt/3zkRceo
Submitted January 03, 2022 at 08:09PM by woja111
via reddit https://ift.tt/31lR9CD
Minerva-Labs
Malicious Telegram Installer Drops Purple Fox Rootkit
A new malware which drops a Purple Fox rootkit is spreading through a malicious Telegram installer.
Vulnerability in log4j 2.17.0 more hype than substance | LunaSec
https://ift.tt/3ELXhBF
Submitted January 03, 2022 at 09:58PM by breadchris
via reddit https://ift.tt/3pNy59C
https://ift.tt/3ELXhBF
Submitted January 03, 2022 at 09:58PM by breadchris
via reddit https://ift.tt/3pNy59C
www.lunasec.io
Vulnerability in log4j 2.17.0 more hype than substance | LunaSec
Understanding what is important to focus on when fixing Log4j vulnerabilities at your company.
One of my better-documented exploits, CVE-2017-5816 whitepaper
https://ift.tt/3JDK6X5
Submitted January 03, 2022 at 11:53PM by oxagast
via reddit https://ift.tt/3qOiczf
https://ift.tt/3JDK6X5
Submitted January 03, 2022 at 11:53PM by oxagast
via reddit https://ift.tt/3qOiczf
oxagast.org oxasploits
CVE-2017-5816 Whitepaper
Background
A Beginner's Story on How a Cheapo Standard Issue Router was hacked.
https://ift.tt/3zkg1XG
Submitted January 03, 2022 at 11:58PM by secnigma
via reddit https://ift.tt/3pOa8yZ
https://ift.tt/3zkg1XG
Submitted January 03, 2022 at 11:58PM by secnigma
via reddit https://ift.tt/3pOa8yZ
SecNigma
The Story of How I Hacked my ISP’s Cheapo Standard Issue Router
Prelude OptiLink is a company based on India that specializes in manufacturing Networking Devices. Two of the largest Internet Service Providers in this country have provided / still providing Opti…
Domain Persistence - AdminSDHolder
https://ift.tt/3JDchpd
Submitted January 04, 2022 at 06:37PM by netbiosX
via reddit https://ift.tt/3mV28dw
https://ift.tt/3JDchpd
Submitted January 04, 2022 at 06:37PM by netbiosX
via reddit https://ift.tt/3mV28dw
Penetration Testing Lab
Domain Persistence – AdminSDHolder
Utilizing existing Microsoft features for offensive operations is very common during red team assessments as it provides the opportunity to blend in with the environment and stay undetected. Micros…
Cache Poisoning at Scale
https://ift.tt/3JeJp6e
Submitted January 04, 2022 at 06:33PM by albinowax
via reddit https://ift.tt/3JHQv3o
https://ift.tt/3JeJp6e
Submitted January 04, 2022 at 06:33PM by albinowax
via reddit https://ift.tt/3JHQv3o
Sears Garage Door Signal Reverse Engineering
https://ift.tt/3HBmKzs
Submitted January 04, 2022 at 09:30PM by mdulin2
via reddit https://ift.tt/3eMS3Lq
https://ift.tt/3HBmKzs
Submitted January 04, 2022 at 09:30PM by mdulin2
via reddit https://ift.tt/3eMS3Lq
reddit
Sears Garage Door Signal Reverse Engineering
Posted in r/netsec by u/mdulin2 • 2 points and 0 comments