Metasploitable3 CTF (Linux) Write-Up
http://ift.tt/2C1aHL3
Submitted December 11, 2017 at 10:45PM by tmsteen
via reddit http://ift.tt/2kmp58G
http://ift.tt/2C1aHL3
Submitted December 11, 2017 at 10:45PM by tmsteen
via reddit http://ift.tt/2kmp58G
The Random Adventure That Is Life (RATIL)
Metasploitable3 CTF
Rapid7 just wrapped up the second of their Metsploitable3 CTFs, this time for the Linux version of the intentionally vulnerable OS that both beginner and advanced hackers can hone their skills on. They only allowed 500 participants/teams worldwide. I had…
Giving away a free lifetime membership at the Hacking Dojo
http://ift.tt/2iN8kDi
Submitted December 11, 2017 at 10:16PM by hackingdojo
via reddit http://ift.tt/2AvHwm4
http://ift.tt/2iN8kDi
Submitted December 11, 2017 at 10:16PM by hackingdojo
via reddit http://ift.tt/2AvHwm4
reddit
Giving away a free lifetime membership at the... • r/netsecstudents
I try and do something around the holidays to give back to the hacker community, and have dropped the ball this time... so decided to just give...
Extended Validation is Broken
https://stripe.ian.sh/
Submitted December 11, 2017 at 11:50PM by iancarroll
via reddit http://ift.tt/2jyq4WN
https://stripe.ian.sh/
Submitted December 11, 2017 at 11:50PM by iancarroll
via reddit http://ift.tt/2jyq4WN
reddit
Extended Validation is Broken • r/netsec
1 points and 0 comments so far on reddit
Using Trusted Sites for Command and Control (c2)
http://ift.tt/2z283VE
Submitted December 12, 2017 at 12:01AM by nopslider
via reddit http://ift.tt/2kZX6PY
http://ift.tt/2z283VE
Submitted December 12, 2017 at 12:01AM by nopslider
via reddit http://ift.tt/2kZX6PY
Breaking ThunderShell RAT C2
http://ift.tt/2kocxxl
Submitted December 12, 2017 at 12:42AM by errprone
via reddit http://ift.tt/2Abwzlk
http://ift.tt/2kocxxl
Submitted December 12, 2017 at 12:42AM by errprone
via reddit http://ift.tt/2Abwzlk
Bit Rot
Hunting ThunderShell C2
Introduction ThunderShell is a PowerShell based Remote Access Tool (RAT) that relies on HTTP requests to communicate with the C2. All of the traffic is subsequently encrypted with RC4 in order to …
async_wake exploit by Ian Beer gets tfp0 on all 64-bit iOS devices up to 11.1.2
http://ift.tt/2jORODv
Submitted December 12, 2017 at 12:40AM by 0xdea
via reddit http://ift.tt/2z1X7HN
http://ift.tt/2jORODv
Submitted December 12, 2017 at 12:40AM by 0xdea
via reddit http://ift.tt/2z1X7HN
reddit
async_wake exploit by Ian Beer gets tfp0 on all 64-bit... • r/netsec
1 points and 1 comments so far on reddit
Exploiting Word: CVE-2017-11826
http://ift.tt/2kWZ3wv
Submitted December 12, 2017 at 01:35AM by overflowingInt
via reddit http://ift.tt/2BUUS7R
http://ift.tt/2kWZ3wv
Submitted December 12, 2017 at 01:35AM by overflowingInt
via reddit http://ift.tt/2BUUS7R
Tarlogic Security - Cyber Security and Ethical hacking
Exploiting Word: CVE-2017-11826
Coincidentially with the beggining of an APT simulation engagement in the Red Team, a patch was issued my Microsoft fixing some vulnerabilities (CVE-2017-11826) affecting MS Office. The patch, which fixed a memory corruption bug, was first published on October…
Acquiring a Memory Dump from Fleeting Malware
http://ift.tt/2BjFcui
Submitted December 12, 2017 at 05:14AM by volci
via reddit http://ift.tt/2C3oDUB
http://ift.tt/2BjFcui
Submitted December 12, 2017 at 05:14AM by volci
via reddit http://ift.tt/2C3oDUB
digital-forensics.sans.org
SANS Digital Forensics and Incident Response Blog | Acquiring a Memory Dump from Fleeting Malware | SANS Institute
SANS Digital Forensics and Incident Response Blog blog pertaining to Acquiring a Memory Dump from Fleeting Malware
Hackers Alert- A guide to keeping your ATM credentials safe from ATM skimming
http://ift.tt/2AaVeql
Submitted December 12, 2017 at 04:49AM by muneebmughal786
via reddit http://ift.tt/2z23H0R
http://ift.tt/2AaVeql
Submitted December 12, 2017 at 04:49AM by muneebmughal786
via reddit http://ift.tt/2z23H0R
Tech Chacho
Hackers Alert- A guide to keeping your ATM credentials safe from ATM skimming - Tech Chacho
Do you think your electronic gadgets, your machines or anything you have secured using passwords is actually secured? Well if u think like that then sorry to say but you are living in a fool’s paradise. Nowadays hackers are able to get through any of your…
Don’t trust all SSL / TLS certificates
http://ift.tt/2yfYQFV
Submitted December 12, 2017 at 04:38AM by binaryfigments
via reddit http://ift.tt/2ygGrbP
http://ift.tt/2yfYQFV
Submitted December 12, 2017 at 04:38AM by binaryfigments
via reddit http://ift.tt/2ygGrbP
Binary Figments
Don’t trust all SSL / TLS certificates
Earlier I did a story about CSR checkers from CA’s and their resellers. This was a nice thing to do and an eyeopener for some people. Now, I went for the certificate checkers! I generated my …
Dropbox security is abysmal
I'm making my way through my passwords to update ones that I used off of a repeating pattern and actually make use of my password manager. I got to Dropbox, which I have not used in years. Yeeeaaars. And clicked 'launch' and lo and behold not only did it bring me to the login screen, it brought me to my main dashboard. I just sorta blinked at it like, 'Wha? Where's the login screen? Why am I staring at my files like this is fine?'Again, I haven't logged in in three years. This is insane.So then I go to the update password section as intended and to do so you're asked to enter your old password (pretty standard) and then your new password. Once. Not twice to verify, but just once.What a fucking mess.I have a couple of photo albums and some songs to share with my family so whatever, but some people rely on Dropbox for a lot more so this is just absurd.Now, I know that they also offer additional security features like 2 factor, but just as a baseline this is dumb.
Submitted December 12, 2017 at 09:39AM by tetsuo316
via reddit http://ift.tt/2BDA8FC
I'm making my way through my passwords to update ones that I used off of a repeating pattern and actually make use of my password manager. I got to Dropbox, which I have not used in years. Yeeeaaars. And clicked 'launch' and lo and behold not only did it bring me to the login screen, it brought me to my main dashboard. I just sorta blinked at it like, 'Wha? Where's the login screen? Why am I staring at my files like this is fine?'Again, I haven't logged in in three years. This is insane.So then I go to the update password section as intended and to do so you're asked to enter your old password (pretty standard) and then your new password. Once. Not twice to verify, but just once.What a fucking mess.I have a couple of photo albums and some songs to share with my family so whatever, but some people rely on Dropbox for a lot more so this is just absurd.Now, I know that they also offer additional security features like 2 factor, but just as a baseline this is dumb.
Submitted December 12, 2017 at 09:39AM by tetsuo316
via reddit http://ift.tt/2BDA8FC
reddit
Dropbox security is abysmal • r/security
I'm making my way through my passwords to update ones that I used off of a repeating pattern and actually make use of my password manager. I got...
RFC: Mobile App Security
https://twitter.com/JigarMJoshi/status/940081161757265920
Submitted December 12, 2017 at 12:08PM by 1ECz
via reddit http://ift.tt/2AxPrza
https://twitter.com/JigarMJoshi/status/940081161757265920
Submitted December 12, 2017 at 12:08PM by 1ECz
via reddit http://ift.tt/2AxPrza
Twitter
Jigar
Mobile apps along with user permissions, must also declared fixed set of domains it can make network connections to. Plain text data transport from mobile app must also warn users like browsers also allow user to disable it too. #security #MobileApps #MobileSecurity
Une societe de securite ile de france
https://www.hamiwes.com
Submitted December 12, 2017 at 12:27PM by hamiwes01
via reddit http://ift.tt/2B7sfHf
https://www.hamiwes.com
Submitted December 12, 2017 at 12:27PM by hamiwes01
via reddit http://ift.tt/2B7sfHf
Hamiwes
Société sécurité privée Paris | Agent de sécurité ssiap 1 - Ile de France.
L’agence de gardiennage Hamiwes Sécurité Privée basée à Paris (75), est spécialisée dans la securite privee, protection, incendie, ssiap 1 dans la région Ile de France.
Don’t trust all SSL / TLS certificates
http://ift.tt/2yfYQFV
Submitted December 12, 2017 at 03:43PM by hacktvist
via reddit http://ift.tt/2BauOIO
http://ift.tt/2yfYQFV
Submitted December 12, 2017 at 03:43PM by hacktvist
via reddit http://ift.tt/2BauOIO
Binary Figments
Don’t trust all SSL / TLS certificates
Earlier I did a story about CSR checkers from CA’s and their resellers. This was a nice thing to do and an eyeopener for some people. Now, I went for the certificate checkers! I generated my …
The 2018 Guide to Building Secure PHP Software
http://ift.tt/2AecvyO
Submitted December 12, 2017 at 05:56PM by sarciszewski
via reddit http://ift.tt/2kqTuCD
http://ift.tt/2AecvyO
Submitted December 12, 2017 at 05:56PM by sarciszewski
via reddit http://ift.tt/2kqTuCD
Paragonie
The 2018 Guide to Building Secure PHP Software - Paragon Initiative Enterprises Blog
Everything a developer needs to know to build secure software in the PHP programming language in the year 2018
Can a hacker log in bypassing 2FA?
Hello, If a hacker has an access to your login and password + email details, but he has no access to 2fa, can he log in your account?
Submitted December 12, 2017 at 06:48PM by esdohadoce
via reddit http://ift.tt/2kpGVYs
Hello, If a hacker has an access to your login and password + email details, but he has no access to 2fa, can he log in your account?
Submitted December 12, 2017 at 06:48PM by esdohadoce
via reddit http://ift.tt/2kpGVYs
reddit
Can a hacker log in bypassing 2FA? • r/security
Hello, If a hacker has an access to your login and password + email details, but he has no access to 2fa, can he log in your account?
Detection Lab is a collection of Packer and Vagrant noscripts that allow you to quickly bring a Windows Active Directory online, complete with a collection of endpoint security tooling and logging best practices.
http://ift.tt/2z3sEsV
Submitted December 12, 2017 at 06:32PM by speckz
via reddit http://ift.tt/2AwdkHB
http://ift.tt/2z3sEsV
Submitted December 12, 2017 at 06:32PM by speckz
via reddit http://ift.tt/2AwdkHB
Medium
Introducing: Detection Lab
Detection Lab is a collection of Packer and Vagrant noscripts that allow you to quickly bring a Windows Active Directory online, complete…
Security In 5: Episode 130 - OWASP Top 10 - A9 - Using Components With Known Vulnerabilities
http://ift.tt/2jB5yVI
Submitted December 12, 2017 at 07:32PM by BinaryBlog
via reddit http://ift.tt/2Bcefwp
http://ift.tt/2jB5yVI
Submitted December 12, 2017 at 07:32PM by BinaryBlog
via reddit http://ift.tt/2Bcefwp
Libsyn
Security In Five Podcast: Episode 130 - OWASP Top 10 - A9 - Using Components With Known Vulnerabilities
The OWASP Top 10 list is almost done. Number 9 talks about using components with known vulnerabilities. If you think this doesn't happen, look at Equifax. When vulnerabilities are published for a components hackers start to work on attacks for it. If you…
makin - reveal anti-debug tricks
http://ift.tt/2yhjzco
Submitted December 12, 2017 at 07:08PM by khasaia
via reddit http://ift.tt/2nUlEL8
http://ift.tt/2yhjzco
Submitted December 12, 2017 at 07:08PM by khasaia
via reddit http://ift.tt/2nUlEL8
GitHub
secrary/makin
makin - reveal anti-debug tricks
BrickerBot Author Retires Claiming to Have Bricked over 10 Million IoT Devices
http://ift.tt/2BdR2tu
Submitted December 12, 2017 at 07:35PM by DJRWolf
via reddit http://ift.tt/2l5rict
http://ift.tt/2BdR2tu
Submitted December 12, 2017 at 07:35PM by DJRWolf
via reddit http://ift.tt/2l5rict
BleepingComputer
BrickerBot Author Retires Claiming to Have Bricked over 10 Million IoT Devices
The author of the BrickerBot malware has announced his retirement in an email to Bleeping Computer, also claiming to have bricked over 10 million devices since he started the "Internet Chemotherapy" project in November 2016.
TLS Padding Oracle Vulnerability in Citrix NetScaler
http://ift.tt/2iTx2Sh
Submitted December 12, 2017 at 07:27PM by KernelJay
via reddit http://ift.tt/2ANTpRm
http://ift.tt/2iTx2Sh
Submitted December 12, 2017 at 07:27PM by KernelJay
via reddit http://ift.tt/2ANTpRm
reddit
TLS Padding Oracle Vulnerability in Citrix NetScaler • r/netsec
1 points and 0 comments so far on reddit