[Sharing]Offensive Security Training Videos
check here: http://ift.tt/2zI0N2Q
Submitted November 10, 2017 at 12:01AM by fastrls
via reddit http://ift.tt/2AoMhcA
check here: http://ift.tt/2zI0N2Q
Submitted November 10, 2017 at 12:01AM by fastrls
via reddit http://ift.tt/2AoMhcA
FAST RELEASE
[Download] Offensive Security Training Videos - FAST RELEASE
BASELINE – SANS & Offensive-Security File size: 85 GB
Server Side Request Forgery (SSRF) Tricks
http://ift.tt/2zvyMsy
Submitted November 09, 2017 at 06:37AM by awqufohlmkse
via reddit http://ift.tt/2jemArS
http://ift.tt/2zvyMsy
Submitted November 09, 2017 at 06:37AM by awqufohlmkse
via reddit http://ift.tt/2jemArS
Pedro's blog
Server Side Request Forgery (SSRF)
This is a blog post summarising a few notes I’ve gathered around the internet, with the purpose of cementing them in my mind rather than adding anything new or attempting to broadcast them to…
0patching a Pretty Nasty Microsoft Word Type Confusion Vulnerability (CVE-2017-11826)
http://ift.tt/2yo88Ac
Submitted November 09, 2017 at 11:10PM by dielel
via reddit http://ift.tt/2AoOYLh
http://ift.tt/2yo88Ac
Submitted November 09, 2017 at 11:10PM by dielel
via reddit http://ift.tt/2AoOYLh
0patch.blogspot.co.uk
0patching a Pretty Nasty Microsoft Word Type Confusion Vulnerability (CVE-2017-11826)
by Mitja Kolsek, the 0patch Team In September 2017, Qihoo 360 Core Security detected an in-the-wild attack that leveraged an Office 0day ...
2017 Collegiate Penetration Testing Competition (CPTC) Review
http://ift.tt/2hhI03g
Submitted November 09, 2017 at 09:43PM by utmp
via reddit http://ift.tt/2hrLaoJ
http://ift.tt/2hhI03g
Submitted November 09, 2017 at 09:43PM by utmp
via reddit http://ift.tt/2hrLaoJ
lockboxx.blogspot.co.uk
Collegiate Penetration Testing Competition (CPTC) 2017 Review
A blog about information security, hacking, and protecting digital infrastructure. Penetration testing, malware analysis, and intrusion detection.
ROCA vulnerability - there is 59,446,254 Spanish e-IDs - but last 2 years' worth had their certificates revoked
http://ift.tt/2AwsCsm[translation with Google Translate]To strengthen the security of electronic certificates of the e-ID cards ... the functionality of the digital certificates will be deactivated ......Until the necessary technical solutions are implemented (which will be done in the near future) ..More information about the vulnerability is at http://ift.tt/2goKrUN.On-line certificate test is at http://ift.tt/2ylpMrM - including links to off-line tester and an email responder (roca@keychest.net)
Submitted November 10, 2017 at 02:27AM by dc352
via reddit http://ift.tt/2map4sn
http://ift.tt/2AwsCsm[translation with Google Translate]To strengthen the security of electronic certificates of the e-ID cards ... the functionality of the digital certificates will be deactivated ......Until the necessary technical solutions are implemented (which will be done in the near future) ..More information about the vulnerability is at http://ift.tt/2goKrUN.On-line certificate test is at http://ift.tt/2ylpMrM - including links to off-line tester and an email responder (roca@keychest.net)
Submitted November 10, 2017 at 02:27AM by dc352
via reddit http://ift.tt/2map4sn
www.dnielectronico.es
Portal del DNI Electronico, Cuerpo Nacional de Policía
WEB OFICIAL DNIE ELECTRONICO Y PASAPORTE
Attacking .NET Serialization
http://ift.tt/2iIeKD0
Submitted November 10, 2017 at 03:59AM by overflowingInt
via reddit http://ift.tt/2hot7jl
http://ift.tt/2iIeKD0
Submitted November 10, 2017 at 03:59AM by overflowingInt
via reddit http://ift.tt/2hot7jl
Speaker Deck
Attacking .NET Serialization
2016 was the year of Java deserialization apocalypse. Although Java Deserialization attacks were known for years, the publication of the Apache Commons Collection Remote Code Execution (RCE from now on) gadget finally brought this forgotten vulnerability…
Weaponization of social media and search engines may spark ultimate cyberwar - SiliconANGLE
http://ift.tt/2ApysLh
Submitted November 10, 2017 at 04:16AM by SecurityTrust
via reddit http://ift.tt/2iJC97k
http://ift.tt/2ApysLh
Submitted November 10, 2017 at 04:16AM by SecurityTrust
via reddit http://ift.tt/2iJC97k
SiliconANGLE
Weaponization of social media and search engines may spark ultimate cyberwar
The co-founder of an influential cybersecurity think thank believes that weaponization of major social media websites and search engines will lay the foundation for cyberwarfare on a scale unimaginabl
Dashlane-2017 Password Power Rankings
http://ift.tt/2uHT4Ls
Submitted November 10, 2017 at 06:08AM by DarkWorld25
via reddit http://ift.tt/2jeUEUM
http://ift.tt/2uHT4Ls
Submitted November 10, 2017 at 06:08AM by DarkWorld25
via reddit http://ift.tt/2jeUEUM
Dashlane Blog
Dashlane’s 2017 Password Power Rankings: How Consumer & Enterprise Websites Handle User Security
We examined the password policies of 40 popular consumer & enterprise websites. Today, we’re sharing the results in our 2017 Password Power Rankings.
How We Deliver Global SSL with Let's Encrypt
http://ift.tt/2jgIevX
Submitted November 10, 2017 at 07:27AM by rmddos
via reddit http://ift.tt/2jgBRst
http://ift.tt/2jgIevX
Submitted November 10, 2017 at 07:27AM by rmddos
via reddit http://ift.tt/2jgBRst
Fly Articles
How We Deliver Global SSL with Let's Encrypt
Fly is proud to sponsor Let's Encrypt. We've been hard at work making Let's Encrypt TLS certificates as simple and safe as possible for developers and creators of all kinds. Within this article we'll explore how Fly applies Let's Encrypt certificates to servers…
Some Tips on Spotting the Fake Netflix Phishing Attack
http://ift.tt/2yMuBeI
Submitted November 10, 2017 at 07:01AM by abhishekiyer
via reddit http://ift.tt/2m96rFj
http://ift.tt/2yMuBeI
Submitted November 10, 2017 at 07:01AM by abhishekiyer
via reddit http://ift.tt/2m96rFj
Demisto
Three Easy Ways to Spot the Fake Netflix Phishing Attack
With the recent Netflix phishing attack wreaking havoc on subscribers, here are 3 easy checks you can run to separate the genuine wheat from the phishing chaff.
What is ARP Spoofing Attack? Also, How to Detect and Prevent Arp Spoof Attacks!
http://ift.tt/2zyEbPE
Submitted November 10, 2017 at 01:42PM by rwtechsec
via reddit http://ift.tt/2iJ1yhc
http://ift.tt/2zyEbPE
Submitted November 10, 2017 at 01:42PM by rwtechsec
via reddit http://ift.tt/2iJ1yhc
Rwtechsec
What is ARP Spoofing Attack? Also, How to Detect and Prevent Arp Spoof Attacks!
Want to know What is ARP Spoofing? How ARP Cache Poisoning or ARP Poison Routing Attack occurs? How Address Resolution Protocol Attacks c...
x86_64 TCP bind shellcode with basic authentication on Linux with 136 bytes explained
http://ift.tt/2zxHAy4
Submitted November 10, 2017 at 05:34PM by 0x4ndr3
via reddit http://ift.tt/2zwwc7x
http://ift.tt/2zxHAy4
Submitted November 10, 2017 at 05:34PM by 0x4ndr3
via reddit http://ift.tt/2zwwc7x
Pentester's life
x86_64 TCP bind shellcode with basic authentication on Linux systems
The objective here is to create a tcp_bind_shell using Assembly x64, which will ask for a passcode, and have no null bytes in it.
arlo sign in
Arlo.netgear.com is the default web address that is used to manage the login access for arlo advance camera. Just like all other networking devices , Arlo camera itself doesn’t with any kind of user interface that means you will need a smart device for accessing the configuration for your arlo camera.http://ift.tt/2zMbRw6
Submitted November 10, 2017 at 05:35PM by miarobberts
via reddit http://ift.tt/2zvhrSB
Arlo.netgear.com is the default web address that is used to manage the login access for arlo advance camera. Just like all other networking devices , Arlo camera itself doesn’t with any kind of user interface that means you will need a smart device for accessing the configuration for your arlo camera.http://ift.tt/2zMbRw6
Submitted November 10, 2017 at 05:35PM by miarobberts
via reddit http://ift.tt/2zvhrSB
Arlo
Arlo.netgear.com - Arlo
Arlo.netgear.com is the default web address that is used to manage the login access for Arlo advance camera. Just like all other networking devices, Arlo camera itself doesn’t with any kind of user interface that means, you will need a smart device for accessing…
MineSweepR - detecting embedded cryptocurrency miners using PhantomJS and CPU monitoring
http://ift.tt/2yqgszL
Submitted November 10, 2017 at 06:36PM by alexshatberg
via reddit http://ift.tt/2zsOMhq
http://ift.tt/2yqgszL
Submitted November 10, 2017 at 06:36PM by alexshatberg
via reddit http://ift.tt/2zsOMhq
GitHub
wrinkl3/MineSweepR
MineSweepR - Detect embedded cryptocurrency miners based on CPU usage
Cisco ASA series part eight: Exploiting the CVE-2016-1287 heap overflow over IKEv1
http://ift.tt/2zypN9M
Submitted November 10, 2017 at 06:17PM by digicat
via reddit http://ift.tt/2mbmVwO
http://ift.tt/2zypN9M
Submitted November 10, 2017 at 06:17PM by digicat
via reddit http://ift.tt/2mbmVwO
reddit
Cisco ASA series part eight: Exploiting the... • r/netsec
1 points and 0 comments so far on reddit
Security In 5: Episode 109 - Tools, Tips and Tricks - DuckDuckGo
http://ift.tt/2Azwp7U
Submitted November 10, 2017 at 07:43PM by BinaryBlog
via reddit http://ift.tt/2yq0ci6
http://ift.tt/2Azwp7U
Submitted November 10, 2017 at 07:43PM by BinaryBlog
via reddit http://ift.tt/2yq0ci6
Libsyn
Security In Five Podcast: Episode 109 - Tools, Tips and Tricks - DuckDuckGo
This week's TTT episode talks about the search engine DuckDuckGo. If you want to search without being tracked, recorded and followed then you should use DuckDuckGo. This episode goes into the details of how other search engines work and why DuckDuckGo is…
Eavesdropper: The Mobile Vulnerability Exposing Millions of Conversations
http://ift.tt/2jeQv3p
Submitted November 10, 2017 at 08:30PM by EvanConover
via reddit http://ift.tt/2iJKTdA
http://ift.tt/2jeQv3p
Submitted November 10, 2017 at 08:30PM by EvanConover
via reddit http://ift.tt/2iJKTdA
Appthority
Eavesdropper: The Mobile Vulnerability Exposing Millions of Conversations - Appthority
Appthority has discovered a significant data exposure vulnerability we’ve named Eavesdropper that affects almost 700 apps in enterprise environments. The vulnerability is caused by including hard coded credentials in mobile applications that are using the…
#AVGater: Getting Local Admin by Abusing the Anti-Virus Quarantine
http://ift.tt/2jhYe0n
Submitted November 10, 2017 at 08:11PM by stevewatson301
via reddit http://ift.tt/2zzHWUY
http://ift.tt/2jhYe0n
Submitted November 10, 2017 at 08:11PM by stevewatson301
via reddit http://ift.tt/2zzHWUY
Linux Process Hunter
http://ift.tt/2ma4bNV
Submitted November 10, 2017 at 08:27PM by _spartak
via reddit http://ift.tt/2zsP0oA
http://ift.tt/2ma4bNV
Submitted November 10, 2017 at 08:27PM by _spartak
via reddit http://ift.tt/2zsP0oA
GitLab
nowayout / prochunter
Linux Process Hunter
How to solve the Malwarebytes CrackMe: a step-by-step tutorial
http://ift.tt/2hZK8NZ
Submitted November 10, 2017 at 08:39PM by EvanConover
via reddit http://ift.tt/2zKVek9
http://ift.tt/2hZK8NZ
Submitted November 10, 2017 at 08:39PM by EvanConover
via reddit http://ift.tt/2zKVek9
Malwarebytes Labs
How to solve the Malwarebytes CrackMe: a step-by-step tutorial
One of our analysts created a Malwarebytes CrackMe—an exercise in malware analysis—that was released to Twitter and triggered a positive response.
Reverse Engineering and Exploiting a Smart Massager
http://ift.tt/2hkrakq
Submitted November 10, 2017 at 09:41PM by rwestergren
via reddit http://ift.tt/2zvuzHM
http://ift.tt/2hkrakq
Submitted November 10, 2017 at 09:41PM by rwestergren
via reddit http://ift.tt/2zvuzHM
Medium
How I Reverse Engineered and Exploited a Smart Massager
Hello people, I am writing a blog post after a long time.