NTP AMPLIFICATION DDoS ATTACK DDoS Saldırıları Standart DDoS saldırılarında amaç olabildiğince çok fazla sayıda sis...

tl;dr There was a vulnerability in CouchDB caused by a discrepancy between the database’s native JSON parser and the Javanoscript JSON parser used during docum...

What is the beginning of a typical research? Any research begins with detecting vulnerabilities with common tools. Although the process does not require much time and effort, it works well.Detection procedure is focused on vulnerabilities in third-party libraries…

For the past 6 years, private Github repositories using Travis CI have been vulnerable to a privilege escalation attack. Under certain configurations, an attacker with read-only access to the Github repo could change the code just by submitting a pull request.…

framework to rapidly implement custom droppers for all three major operating systems - gen0cide/gnoscript

Imgur: The most awesome images on the Internet.

0 points and 0 comments so far on reddit

It’s the first reported case of researchers apparently being able to fool the Face ID software.

According to trusted third-party reporting, HIDDEN COBRA actors have likely been using FALLCHILL malware since 2016 to target the aerospace, telecommunications, and finance industries. The malware is a fully functional RAT with multiple commands that the…

The issue of storing passwords securely is often overlooked. This blog post describes how a password can be stored securely even in the event of a breach.

1 points and 0 comments so far on reddit

Most of us have home Wi-Fi. When friends, family and visitors come over they may expect to get on your Wi-Fi to get Internet access. There are various reasons why you should not be allowing them access to your primary Wi-Fi network but instead use the Guest…

redsnarf - RedSnarf is a pen-testing / red-teaming tool for Windows environments

We discussed the re-emergence of banking malware EMOTET in September and how it has adopted a wider scope since it wasn’t picky about the industries it attacks. We recently discovered that EMOTET has a new iteration (detected as TSPY_EMOTET.SMD10) with a…

1 points and 0 comments so far on reddit

BSidesLisbon is the premier technical information security conference in Portugal. It is a community organized, not for profit, conference started in 2013 an...

Keying payloads is an effective method to evade sandbox detection, prevent antivirus detection, and slow down incident response. This post covers environmental keying and HTTP keying.

Prior to ZeroNights security conference, an ICO hacking contest had been announced. The first three contestants to solve the tasks could…