The Art of Fuzzing – Slides and Demos (Workflow AFL&WinAFL, Taint Analysis in Fuzzing, In-Memory Fuzzing, Reversing Tricks for Fuzzing, ...)
http://ift.tt/2zZysEU
Submitted November 22, 2017 at 04:37PM by SecABC
via reddit http://ift.tt/2jepOrM
http://ift.tt/2zZysEU
Submitted November 22, 2017 at 04:37PM by SecABC
via reddit http://ift.tt/2jepOrM
reddit
The Art of Fuzzing – Slides and Demos (Workflow... • r/netsec
4 points and 0 comments so far on reddit
PC vendors scramble as Intel announces vulnerability in firmware
http://ift.tt/2zaiBQi
Submitted November 22, 2017 at 05:40PM by MrSnuffles101
via reddit http://ift.tt/2A0iSIX
http://ift.tt/2zaiBQi
Submitted November 22, 2017 at 05:40PM by MrSnuffles101
via reddit http://ift.tt/2A0iSIX
Ars Technica
PC vendors scramble as Intel announces vulnerability in firmware [Updated]
Millions of computers could be remotely hijacked through bug in firmware code.
Locate AV signature in a binary/payload
http://ift.tt/2B10WeA
Submitted November 22, 2017 at 05:24PM by hegusung
via reddit http://ift.tt/2BbsqPf
http://ift.tt/2B10WeA
Submitted November 22, 2017 at 05:24PM by hegusung
via reddit http://ift.tt/2BbsqPf
GitHub
hegusung/AVSignSeek
AVSignSeek - Tool written in python3 to determine where the AV signature is located in a binary/payload
As devastating as KRACK: New vulnerability undermines RSA encryption keys
http://ift.tt/2ytYEXi
Submitted November 22, 2017 at 07:33PM by wewewawa
via reddit http://ift.tt/2B35jpe
http://ift.tt/2ytYEXi
Submitted November 22, 2017 at 07:33PM by wewewawa
via reddit http://ift.tt/2B35jpe
ZDNet
As devastating as KRACK: New vulnerability undermines RSA encryption keys
A new security flaw has placed the security of RSA encryption in jeopardy.
Security In 5: Episode 117 - Top 10 Security Tips For Your Network - 4 - Cyber Rules For Your Employees
http://ift.tt/2iFDFrR
Submitted November 22, 2017 at 07:30PM by BinaryBlog
via reddit http://ift.tt/2B2V6t8
http://ift.tt/2iFDFrR
Submitted November 22, 2017 at 07:30PM by BinaryBlog
via reddit http://ift.tt/2B2V6t8
Libsyn
Security In Five Podcast: Episode 117 - Top 10 Security Tips For Your Network - 4 - Cyber Rules For Your Employees
Continuing with the Top 10 Security Tips For Your Network mini-series we are up to number four. This tips talk about creating cyber rules for your employees. How you need to set the expectations of use and more importantly communicating the 'why' the rules…
Conclusion: passwords are the new IE6
http://ift.tt/2jNWV9K
Submitted November 22, 2017 at 08:23PM by volci
via reddit http://ift.tt/2hSPvl6
http://ift.tt/2jNWV9K
Submitted November 22, 2017 at 08:23PM by volci
via reddit http://ift.tt/2hSPvl6
Wouter Admiraal's Blog
Why not forget all our passwords completely: it has been one year
One year ago I wrote about why we should not use passwords online, and how email could help us provide better authentication methods. After one year of cheating the system, this is what I learned.
Key Windows 10 defense is 'worthless' and bug dates back to Windows 8
http://ift.tt/2z4THBP
Submitted November 22, 2017 at 09:00PM by wewewawa
via reddit http://ift.tt/2hTznQl
http://ift.tt/2z4THBP
Submitted November 22, 2017 at 09:00PM by wewewawa
via reddit http://ift.tt/2hTznQl
ZDNet
Key Windows 10 defense is 'worthless' and bug dates back to Windows 8 | ZDNet
Microsoft's anti-exploitation technology has a flaw that makes it "worthless" in some cases.
RBAC vs ABAC | iamfortress
http://ift.tt/2jN1EIZ
Submitted November 22, 2017 at 08:49PM by shawnmckinney
via reddit http://ift.tt/2hTzprr
http://ift.tt/2jN1EIZ
Submitted November 22, 2017 at 08:49PM by shawnmckinney
via reddit http://ift.tt/2hTzprr
iamfortress
RBAC vs ABAC
Frequently debated within info sec circles. Which one of them is better? Use the right tool for the job as they say. RBAC, like any access control model, has its weaknesses. Many are well understo…
Your biggest threat is inside your organisation and probably didn't mean it
http://ift.tt/2AV4MFO
Submitted November 22, 2017 at 08:48PM by wewewawa
via reddit http://ift.tt/2jN1FN3
http://ift.tt/2AV4MFO
Submitted November 22, 2017 at 08:48PM by wewewawa
via reddit http://ift.tt/2jN1FN3
ZDNet
Your biggest threat is inside your organisation and probably didn't mean it
Threat of the malicious insider is very real, but accidental data leakage is a bigger problem.
h1-202 web CTF writeup
http://ift.tt/2zY8Xnv
Submitted November 22, 2017 at 09:28PM by albinowax
via reddit http://ift.tt/2zYWjVw
http://ift.tt/2zY8Xnv
Submitted November 22, 2017 at 09:28PM by albinowax
via reddit http://ift.tt/2zYWjVw
www.skeletonscribe.net
h1-212 CTF Writeup
Introduction This is a writeup of h1-212 ; a web-based CTF by HackerOne. You can find the results and other writeups at https://www....
Attacking Uninitialized Variables with Recursion
http://ift.tt/2itvezx
Submitted November 22, 2017 at 10:26PM by maxxori
via reddit http://ift.tt/2ztCeqF
http://ift.tt/2itvezx
Submitted November 22, 2017 at 10:26PM by maxxori
via reddit http://ift.tt/2ztCeqF
Intel Management Engine (IME). Fleshing out the rumors.
A lot of talk is swirling around lately about a shadow operating system found in Intel CPUs. Although no known virus or exploit is yet documented that leverages on the IME, it is widely known that it could be utilized for remote access to a computer. Such remote access would bypass the OS, bypass antivirus, and whatever else exists on the targeted machine. In this thread, we will dispel or verify the cluster of rumors swirling around IME "Intel Managment Engine".Criticize and/or correct the following facts, liberally.IME is part of the CPU, not the motherboard.IME is a full operating system running through firmware. It is a redux of MINIX.IME runs its own OS with its own dedicated CPU.Intel pretends IME is a "Feature", but failed to disclose its existence in any public way. It was later "discovered" by a German security outfit.The National Security Agency (NSA) became aware of the vulnerability posed by IME, and requested that Intel give them their own little "switch bit" to turn it off. Intel's engineers obliged --- in a move that effectively admits guilt. Netsec bloggers refer to this as the "NSA bit" now.This IME stuff was not implemented in Intel chipsets until about 2015. It only effects certain "generations" starting from gen 6 and later.IME could be used to gain remote access to a machine over the internet -- in a way that is so drastic that some netsec experts call it a "God Mode".Your thoughts?
Submitted November 22, 2017 at 10:39PM by moschles
via reddit http://ift.tt/2ztjTu5
A lot of talk is swirling around lately about a shadow operating system found in Intel CPUs. Although no known virus or exploit is yet documented that leverages on the IME, it is widely known that it could be utilized for remote access to a computer. Such remote access would bypass the OS, bypass antivirus, and whatever else exists on the targeted machine. In this thread, we will dispel or verify the cluster of rumors swirling around IME "Intel Managment Engine".Criticize and/or correct the following facts, liberally.IME is part of the CPU, not the motherboard.IME is a full operating system running through firmware. It is a redux of MINIX.IME runs its own OS with its own dedicated CPU.Intel pretends IME is a "Feature", but failed to disclose its existence in any public way. It was later "discovered" by a German security outfit.The National Security Agency (NSA) became aware of the vulnerability posed by IME, and requested that Intel give them their own little "switch bit" to turn it off. Intel's engineers obliged --- in a move that effectively admits guilt. Netsec bloggers refer to this as the "NSA bit" now.This IME stuff was not implemented in Intel chipsets until about 2015. It only effects certain "generations" starting from gen 6 and later.IME could be used to gain remote access to a machine over the internet -- in a way that is so drastic that some netsec experts call it a "God Mode".Your thoughts?
Submitted November 22, 2017 at 10:39PM by moschles
via reddit http://ift.tt/2ztjTu5
reddit
Intel Management Engine (IME). Fleshing out the rumors. • r/security
A lot of talk is swirling around lately about a shadow operating system found in Intel CPUs. Although no known virus or exploit is yet...
The Technical Solution to Identity Fraud
http://ift.tt/2zrxNNb
Submitted November 22, 2017 at 10:29PM by stendec15
via reddit http://ift.tt/2zsRuV3
http://ift.tt/2zrxNNb
Submitted November 22, 2017 at 10:29PM by stendec15
via reddit http://ift.tt/2zsRuV3
reddit
The Technical Solution to Identity Fraud • r/security
1 points and 0 comments so far on reddit
Is there a low cost or free program to hide my IP without slowing everything down?
I don't want google and facebook selling my information, or any other organization monitoring me.I tried the tor browser but I was told that was too slow and meant for the dark web. HideMyAss seemed slow too.Any good options out there now? I'm a noob with security.Thanks for any help guys.(Edit: come to think of it. Is there any camera's I can set beside my window 30 feet away and have a live feed on my laptop and record? I saw a few on Amazon but some looked cheap and others came with a bunch of camera's and a dvr.)
Submitted November 22, 2017 at 10:06PM by John25255
via reddit http://ift.tt/2Bemwgy
I don't want google and facebook selling my information, or any other organization monitoring me.I tried the tor browser but I was told that was too slow and meant for the dark web. HideMyAss seemed slow too.Any good options out there now? I'm a noob with security.Thanks for any help guys.(Edit: come to think of it. Is there any camera's I can set beside my window 30 feet away and have a live feed on my laptop and record? I saw a few on Amazon but some looked cheap and others came with a bunch of camera's and a dvr.)
Submitted November 22, 2017 at 10:06PM by John25255
via reddit http://ift.tt/2Bemwgy
reddit
Is there a low cost or free program to hide my IP... • r/security
I don't want google and facebook selling my information, or any other organization monitoring me. I tried the tor browser but I was told that was...
77% of 433,000 Sites Use Vulnerable JavaScript Libraries
http://ift.tt/2A0CH0y
Submitted November 23, 2017 at 12:18AM by heitortsergent
via reddit http://ift.tt/2jetXMB
http://ift.tt/2A0CH0y
Submitted November 23, 2017 at 12:18AM by heitortsergent
via reddit http://ift.tt/2jetXMB
snyk.io
Snyk - 77% of 433,000 Sites Use Vulnerable JavaScript Libraries
Last week, we released our first annual State of Open Source Security report. One of the discoveries the report mentions is that an analysis of around 433,000 sites found that 77% of them use at least one front-end JavaScript library with a known security…
Any way to run cables from inside house to outside without drilling holes in wall?
Just trying to brainstorm. My exterior is brick so I'd have to drill through cement in order to get to the outside. I was thinking of drilling through the plastic frame on my windows, and then filling the hole around the wire.Any ideas?
Submitted November 23, 2017 at 12:43AM by Hydranis
via reddit http://ift.tt/2jMtGnN
Just trying to brainstorm. My exterior is brick so I'd have to drill through cement in order to get to the outside. I was thinking of drilling through the plastic frame on my windows, and then filling the hole around the wire.Any ideas?
Submitted November 23, 2017 at 12:43AM by Hydranis
via reddit http://ift.tt/2jMtGnN
reddit
Any way to run cables from inside house to outside... • r/security
Just trying to brainstorm. My exterior is brick so I'd have to drill through cement in order to get to the outside. I was thinking of drilling...
Reddit OSINT - Looking for users/enhancement ideas
http://ift.tt/2zeV7tj
Submitted November 23, 2017 at 02:21AM by kizzzzurt
via reddit http://ift.tt/2Bc7TKF
http://ift.tt/2zeV7tj
Submitted November 23, 2017 at 02:21AM by kizzzzurt
via reddit http://ift.tt/2Bc7TKF
Building an Information Security Awareness Program in 5 Easy Steps
http://ift.tt/2zuWE2z
Submitted November 23, 2017 at 01:50AM by spgingras
via reddit http://ift.tt/2mU6d5e
http://ift.tt/2zuWE2z
Submitted November 23, 2017 at 01:50AM by spgingras
via reddit http://ift.tt/2mU6d5e
Medium
Building an Information Security Awareness Program in 5 Easy Steps
When we think of information security, we usually think of encryption, vulnerability management and other more technical subjects that my…
British police learning to hack
http://ift.tt/2AoqeXA
Submitted November 23, 2017 at 03:50AM by nzwasp
via reddit http://ift.tt/2iHRPbW
http://ift.tt/2AoqeXA
Submitted November 23, 2017 at 03:50AM by nzwasp
via reddit http://ift.tt/2iHRPbW
Security Breach Online
British police learning to hack - Security Breach Online
In the United Kingdom, cyber crime is reported every 10 minutes, the Office for National Statistics revealed. As technologies used by cyber criminals outpaces traditional law enforcement, it can be impossible to effectively prosecute criminals. Cybercrime…
Uber breached tried to cover it up. 57M people's information hacked
http://ift.tt/2hKl0u0
Submitted November 23, 2017 at 02:57AM by chull2058
via reddit http://ift.tt/2Ao2cMs
http://ift.tt/2hKl0u0
Submitted November 23, 2017 at 02:57AM by chull2058
via reddit http://ift.tt/2Ao2cMs
Bloomberg.com
Uber Concealed Cyberattack That Exposed 57 Million People’s Data
Hackers stole the personal data of 57 million customers and drivers from Uber Technologies Inc., a massive breach that the company concealed for more than a year. This week, the ride-hailing company ousted Joe Sullivan, chief security officer, and one of…
Kali Linux 2017.3 With New Tools Check Out Now
http://ift.tt/2jRzKvl
Submitted November 23, 2017 at 10:10AM by deepupak
via reddit http://ift.tt/2hX4ryT
http://ift.tt/2jRzKvl
Submitted November 23, 2017 at 10:10AM by deepupak
via reddit http://ift.tt/2hX4ryT
Cybernog
Kali Linux 2017.3 With New Tools Check Out Now