Taking over instagram accounts
http://ift.tt/2lQnhsA
Submitted November 07, 2017 at 02:02AM by luc1o
via reddit http://ift.tt/2znapgH
http://ift.tt/2lQnhsA
Submitted November 07, 2017 at 02:02AM by luc1o
via reddit http://ift.tt/2znapgH
reddit
Taking over instagram accounts • r/netsec
1 points and 0 comments so far on reddit
Concerns about relative security of TOTP
I was reading the RFC for TOTP/HOTP and it seems the security relies entirely on SHA-1 remaining cryptographically secure. With shattered and SHA-1 being deprecated since 2011, should the RFC be updated/replaced? I understand there is no immediate threat, but all the same, shouldn't an alternative be implemented?
Submitted November 07, 2017 at 02:21AM by IronManMark20
via reddit http://ift.tt/2m0oo9c
I was reading the RFC for TOTP/HOTP and it seems the security relies entirely on SHA-1 remaining cryptographically secure. With shattered and SHA-1 being deprecated since 2011, should the RFC be updated/replaced? I understand there is no immediate threat, but all the same, shouldn't an alternative be implemented?
Submitted November 07, 2017 at 02:21AM by IronManMark20
via reddit http://ift.tt/2m0oo9c
reddit
Concerns about relative security of TOTP • r/security
I was reading the RFC for TOTP/HOTP and it seems the security relies entirely on SHA-1 remaining cryptographically secure. With shattered and...
PoC||GTFO 0x16 [pdf]
http://ift.tt/2y69D61
Submitted November 07, 2017 at 04:04AM by albinowax
via reddit http://ift.tt/2hc79Mx
http://ift.tt/2y69D61
Submitted November 07, 2017 at 04:04AM by albinowax
via reddit http://ift.tt/2hc79Mx
reddit
PoC||GTFO 0x16 [pdf] • r/netsec
4 points and 0 comments so far on reddit
PingCastle, a fast AD self-audit
http://ift.tt/2zinYjN
Submitted November 07, 2017 at 04:30AM by k3nnyfr
via reddit http://ift.tt/2hh71iA
http://ift.tt/2zinYjN
Submitted November 07, 2017 at 04:30AM by k3nnyfr
via reddit http://ift.tt/2hh71iA
PingCastle
Get Active Directory Security at 80% in 20% of the time - PingCastle
Because the Active Directory security lies in the process and not in expensive tools, our solution is simple: download PingCastle and apply its methodology.
Kerberoast Attack Techniques
http://ift.tt/2Agck5E
Submitted November 07, 2017 at 05:41AM by ju1i3k
via reddit http://ift.tt/2hNirb0
http://ift.tt/2Agck5E
Submitted November 07, 2017 at 05:41AM by ju1i3k
via reddit http://ift.tt/2hNirb0
Cobalt.io
Kerberoast Attack Techniques
In this blog we will focus on Kerberoast attack techniques (Old Technique and New Technique).
How to get my foot in the door? Masters in IT Security or Security certifications?
I'm a recent grad with a BS in Management Information Systems that is currently pursuing a security route but do not know where or how to start. I've been looking at masters programs as well as security certifications -- what's the best way to get my foot in the door? I'm a junior System Admin with experience in web dev etc. My question, 1. How do I get my foot in the door? 2. Is a masters a good idea? 3. What certifications should I study and take? 4. What type of jobs are hot in the market? 5. Your experience getting in the field.Thank you so much for reading and any comment is appreciated! Please give insight to this fellow newb - thanks.
Submitted November 07, 2017 at 10:32AM by bigpoppaash
via reddit http://ift.tt/2AfoiwD
I'm a recent grad with a BS in Management Information Systems that is currently pursuing a security route but do not know where or how to start. I've been looking at masters programs as well as security certifications -- what's the best way to get my foot in the door? I'm a junior System Admin with experience in web dev etc. My question, 1. How do I get my foot in the door? 2. Is a masters a good idea? 3. What certifications should I study and take? 4. What type of jobs are hot in the market? 5. Your experience getting in the field.Thank you so much for reading and any comment is appreciated! Please give insight to this fellow newb - thanks.
Submitted November 07, 2017 at 10:32AM by bigpoppaash
via reddit http://ift.tt/2AfoiwD
reddit
How to get my foot in the door? Masters in IT... • r/security
I'm a recent grad with a BS in Management Information Systems that is currently pursuing a security route but do not know where or how to start....
Fire Safety - Prevention, Protection & Extinction
http://ift.tt/2Aios6h
Submitted November 07, 2017 at 12:29PM by sdbworld
via reddit http://ift.tt/2hNHDhm
http://ift.tt/2Aios6h
Submitted November 07, 2017 at 12:29PM by sdbworld
via reddit http://ift.tt/2hNHDhm
SDB World
SDB World - Fire Safety - Prevention, Protection & Extinction
Fire Safety service intended to prevent the destruction caused by fire. It help to protect the people from the distractions.
Burp plugin to automatically fingerprint/evade web application firewalls using ML
http://ift.tt/2hKrWYA
Submitted November 07, 2017 at 01:38PM by pwnwaffe
via reddit http://ift.tt/2Af55Lk
http://ift.tt/2hKrWYA
Submitted November 07, 2017 at 01:38PM by pwnwaffe
via reddit http://ift.tt/2Af55Lk
Census-Labs
CENSUS | IT Security Works
This blog post serves as a followup to my summer B-Sides Athens 2017 talk ennoscriptd “Lightbulb framework – shedding light on the dark side of WAFs and Filters”.
Strange Attractors and TCP/IP Sequence Number Analysis - One Year Later (2001)
http://ift.tt/1vcKY7T
Submitted November 07, 2017 at 03:58PM by loselasso
via reddit http://ift.tt/2lZIDnd
http://ift.tt/1vcKY7T
Submitted November 07, 2017 at 03:58PM by loselasso
via reddit http://ift.tt/2lZIDnd
reddit
Strange Attractors and TCP/IP Sequence Number Analysis... • r/netsec
1 points and 0 comments so far on reddit
Phishing catcher: catch phishing domains in real time with certstream
http://ift.tt/2Aq7MdW
Submitted November 07, 2017 at 05:01PM by actually_NOLAN
via reddit http://ift.tt/2ArvMh1
http://ift.tt/2Aq7MdW
Submitted November 07, 2017 at 05:01PM by actually_NOLAN
via reddit http://ift.tt/2ArvMh1
GitHub
x0rz/phishing_catcher
phishing_catcher - Phishing catcher using Certstream
Cybercriminals Infiltrating E-Mail Networks to Divert Large Customer Payments
http://ift.tt/2iBluT8
Submitted November 07, 2017 at 06:19PM by volci
via reddit http://ift.tt/2ApTn1w
http://ift.tt/2iBluT8
Submitted November 07, 2017 at 06:19PM by volci
via reddit http://ift.tt/2ApTn1w
reddit
Cybercriminals Infiltrating E-Mail Networks to Divert... • r/security
2 points and 0 comments so far on reddit
CyberConnect 2017 - YouTube
https://www.youtube.com/playlist?list=PLenh213llmcZYmMZYE_x5W-j2WWfo6N44
Submitted November 07, 2017 at 07:16PM by WinglessIndependence
via reddit http://ift.tt/2zpM63t
https://www.youtube.com/playlist?list=PLenh213llmcZYmMZYE_x5W-j2WWfo6N44
Submitted November 07, 2017 at 07:16PM by WinglessIndependence
via reddit http://ift.tt/2zpM63t
YouTube
CyberConnect 2017 - YouTube
Security In 5: Episode 106 - OWASP Top 10 - A4 - Insecure Direct Object References
http://ift.tt/2hiD9Th
Submitted November 07, 2017 at 07:41PM by BinaryBlog
via reddit http://ift.tt/2zjAijM
http://ift.tt/2hiD9Th
Submitted November 07, 2017 at 07:41PM by BinaryBlog
via reddit http://ift.tt/2zjAijM
Libsyn
Security In Five Podcast: Episode 106 - OWASP Top 10 - A4 - Insecure Direct Object References
We continue with the OWASP Top 10 series and next up is number 4, Insecure Direct Object References. This episode gives a high overview of this control, how attackers exploit it and how you can work to prevent this from happening in your applications. OWASP…
A Mature Security Program at Any Size
http://ift.tt/2hbPDIu
Submitted November 07, 2017 at 08:14PM by HockeyInJune
via reddit http://ift.tt/2hQc2fb
http://ift.tt/2hbPDIu
Submitted November 07, 2017 at 08:14PM by HockeyInJune
via reddit http://ift.tt/2hQc2fb
Medium
A Mature Security Program at Any Size
Security processes your program must absolutely have. How to implement them correctly and how to scale them as your team grows.
Mobile Devices and Bootkits
http://ift.tt/2zpqN05
Submitted November 07, 2017 at 08:26PM by Mi3Security
via reddit http://ift.tt/2ye6JfP
http://ift.tt/2zpqN05
Submitted November 07, 2017 at 08:26PM by Mi3Security
via reddit http://ift.tt/2ye6JfP
Mi3 Security
Mobile Devices and Bootkits
Boot-kits are extremely difficult to remove because reinstalling the OS on your device will not remove the infection. Similarly, boot-kits are extremely difficult to detect because they reside outside the normal filesystem and can often hide from detection.
Built-in Keylogger Found in MantisTek GK2 Keyboards—Sends Data to China
http://ift.tt/2yesgoH
Submitted November 07, 2017 at 08:38PM by blackout-314
via reddit http://ift.tt/2hPkmvB
http://ift.tt/2yesgoH
Submitted November 07, 2017 at 08:38PM by blackout-314
via reddit http://ift.tt/2hPkmvB
The Hacker News
Built-in Keylogger Found in MantisTek GK2 Keyboards—Sends Data to China
Mantistek GK2 mechanical gaming keyboard have a built-in keylogger that silently records everything you type and sends data to a Chinese server.
AD Honey Accounts
http://ift.tt/2hhgzdu
Submitted November 07, 2017 at 09:12PM by ok_bye_now_
via reddit http://ift.tt/2hR13Cl
http://ift.tt/2hhgzdu
Submitted November 07, 2017 at 09:12PM by ok_bye_now_
via reddit http://ift.tt/2hR13Cl
JP
Honey Accounts
I recently saw a tweet mentioning the use of an AD account with the password in the denoscription attribute and logon hours set to none. I can’t find that tweet anymore so I apologize for the lack of…
Introducing Mentalist, a new way to graphically create custom wordlists and cracker rules.
http://ift.tt/2hPVrYR
Submitted November 07, 2017 at 09:02PM by sc0tfree
via reddit http://ift.tt/2Ahqjbt
http://ift.tt/2hPVrYR
Submitted November 07, 2017 at 09:02PM by sc0tfree
via reddit http://ift.tt/2Ahqjbt
GitHub
sc0tfree/mentalist
mentalist - Mentalist is a graphical tool for custom wordlist generation. It utilizes common human paradigms for constructing passwords and can output the full wordlist as well as rules compatible ...
25% of employees intentionally leak confidential company data
http://ift.tt/2j7QYUI
Submitted November 07, 2017 at 08:56PM by nzwasp
via reddit http://ift.tt/2iBKpWJ
http://ift.tt/2j7QYUI
Submitted November 07, 2017 at 08:56PM by nzwasp
via reddit http://ift.tt/2iBKpWJ
Security Breach Online
25% of employees intentionally leak confidential company data - Security Breach Online
One in four UK employees have intentionally leaked confidential business information to individuals outside their organisations, surprising new research has revealed. In a survey of 2,000 UK workers, data privacy and risk management company Egress Software…
Buried deep inside your computer's Intel chip is the MINIX operating system. It also has a software stack that includes networking and a web server. It's slow, hard to get at, and insecure as insecure can be.
http://ift.tt/2zjWMB2
Submitted November 07, 2017 at 09:37PM by yourbasicgeek
via reddit http://ift.tt/2zqRIbN
http://ift.tt/2zjWMB2
Submitted November 07, 2017 at 09:37PM by yourbasicgeek
via reddit http://ift.tt/2zqRIbN
ZDNet
MINIX: Intel's hidden in-chip operating system | ZDNet
Buried deep inside your computer's Intel chip is the MINIX operating system and a software stack, which includes networking and a web server. It's slow, hard to get at, and insecure as insecure can be.
Russia: Skilled Political Warfare Adversary - Security Boulevard
http://ift.tt/2lZU8LB
Submitted November 07, 2017 at 09:30PM by SecurityTrust
via reddit http://ift.tt/2yf9jlq
http://ift.tt/2lZU8LB
Submitted November 07, 2017 at 09:30PM by SecurityTrust
via reddit http://ift.tt/2yf9jlq
Security Boulevard
Russia: Skilled Political Warfare Adversary - Security Boulevard
Russian active measures are desigend to adjust perception, foment discord and inflame animus among targeted groups