Netsec – Telegram
Netsec
@RNetsec
7.42K subscribers
22.4K links
This channel posts the feed from r/netsec.
For any suggestions dm @streaak
Donate to keep the bot running https://www.paypal.me/akhilgv
Download Telegram
About
Blog
Apps
Platform
Join
Netsec
7.42K subscribers
Netsec
Giving away a free lifetime membership at the Hacking Dojo
http://ift.tt/2iN8kDi

Submitted December 11, 2017 at 10:16PM by hackingdojo
via reddit http://ift.tt/2AvHwm4
reddit
Giving away a free lifetime membership at the... • r/netsecstudents
I try and do something around the holidays to give back to the hacker community, and have dropped the ball this time... so decided to just give...
120 views
Netsec
Extended Validation is Broken
https://stripe.ian.sh/

Submitted December 11, 2017 at 11:50PM by iancarroll
via reddit http://ift.tt/2jyq4WN
reddit
Extended Validation is Broken • r/netsec
1 points and 0 comments so far on reddit
114 views
Netsec
Using Trusted Sites for Command and Control (c2)
http://ift.tt/2z283VE

Submitted December 12, 2017 at 12:01AM by nopslider
via reddit http://ift.tt/2kZX6PY
107 views
Netsec
Breaking ThunderShell RAT C2
http://ift.tt/2kocxxl

Submitted December 12, 2017 at 12:42AM by errprone
via reddit http://ift.tt/2Abwzlk
Bit Rot
Hunting ThunderShell C2
Introduction ThunderShell is a PowerShell based Remote Access Tool (RAT) that relies on HTTP requests to communicate with the C2. All of the traffic is subsequently encrypted with RC4 in order to …
106 views
Netsec
async_wake exploit by Ian Beer gets tfp0 on all 64-bit iOS devices up to 11.1.2
http://ift.tt/2jORODv

Submitted December 12, 2017 at 12:40AM by 0xdea
via reddit http://ift.tt/2z1X7HN
reddit
async_wake exploit by Ian Beer gets tfp0 on all 64-bit... • r/netsec
1 points and 1 comments so far on reddit
112 views
Netsec
Exploiting Word: CVE-2017-11826
http://ift.tt/2kWZ3wv

Submitted December 12, 2017 at 01:35AM by overflowingInt
via reddit http://ift.tt/2BUUS7R
Tarlogic Security - Cyber Security and Ethical hacking
Exploiting Word: CVE-2017-11826
Coincidentially with the beggining of an APT simulation engagement in the Red Team, a patch was issued my Microsoft fixing some vulnerabilities (CVE-2017-11826) affecting MS Office. The patch, which fixed a memory corruption bug, was first published on October…
117 views
Netsec
Acquiring a Memory Dump from Fleeting Malware
http://ift.tt/2BjFcui

Submitted December 12, 2017 at 05:14AM by volci
via reddit http://ift.tt/2C3oDUB
digital-forensics.sans.org
SANS Digital Forensics and Incident Response Blog | Acquiring a Memory Dump from Fleeting Malware | SANS Institute
SANS Digital Forensics and Incident Response Blog blog pertaining to Acquiring a Memory Dump from Fleeting Malware
115 views
Netsec
Hackers Alert- A guide to keeping your ATM credentials safe from ATM skimming
http://ift.tt/2AaVeql

Submitted December 12, 2017 at 04:49AM by muneebmughal786
via reddit http://ift.tt/2z23H0R
Tech Chacho
Hackers Alert- A guide to keeping your ATM credentials safe from ATM skimming - Tech Chacho
Do you think your electronic gadgets, your machines or anything you have secured using passwords is actually secured? Well if u think like that then sorry to say but you are living in a fool’s paradise. Nowadays hackers are able to get through any of your…
115 views
Netsec
Don’t trust all SSL / TLS certificates
http://ift.tt/2yfYQFV

Submitted December 12, 2017 at 04:38AM by binaryfigments
via reddit http://ift.tt/2ygGrbP
Binary Figments
Don’t trust all SSL / TLS certificates
Earlier I did a story about CSR checkers from CA’s and their resellers. This was a nice thing to do and an eyeopener for some people. Now, I went for the certificate checkers! I generated my …
104 views
Netsec
Dropbox security is abysmal
I'm making my way through my passwords to update ones that I used off of a repeating pattern and actually make use of my password manager. I got to Dropbox, which I have not used in years. Yeeeaaars. And clicked 'launch' and lo and behold not only did it bring me to the login screen, it brought me to my main dashboard. I just sorta blinked at it like, 'Wha? Where's the login screen? Why am I staring at my files like this is fine?'Again, I haven't logged in in three years. This is insane.So then I go to the update password section as intended and to do so you're asked to enter your old password (pretty standard) and then your new password. Once. Not twice to verify, but just once.What a fucking mess.I have a couple of photo albums and some songs to share with my family so whatever, but some people rely on Dropbox for a lot more so this is just absurd.Now, I know that they also offer additional security features like 2 factor, but just as a baseline this is dumb.

Submitted December 12, 2017 at 09:39AM by tetsuo316
via reddit http://ift.tt/2BDA8FC
reddit
Dropbox security is abysmal • r/security
I'm making my way through my passwords to update ones that I used off of a repeating pattern and actually make use of my password manager. I got...
106 views
Netsec
RFC: Mobile App Security
https://twitter.com/JigarMJoshi/status/940081161757265920

Submitted December 12, 2017 at 12:08PM by 1ECz
via reddit http://ift.tt/2AxPrza
Twitter
Jigar
Mobile apps along with user permissions, must also declared fixed set of domains it can make network connections to. Plain text data transport from mobile app must also warn users like browsers also allow user to disable it too. #security #MobileApps #MobileSecurity
111 views
Netsec
Une societe de securite ile de france
https://www.hamiwes.com

Submitted December 12, 2017 at 12:27PM by hamiwes01
via reddit http://ift.tt/2B7sfHf
Hamiwes
Société sécurité privée Paris | Agent de sécurité ssiap 1 - Ile de France.
L’agence de gardiennage Hamiwes Sécurité Privée basée à Paris (75), est spécialisée dans la securite privee, protection, incendie, ssiap 1 dans la région Ile de France.
113 views
Netsec
Don’t trust all SSL / TLS certificates
http://ift.tt/2yfYQFV

Submitted December 12, 2017 at 03:43PM by hacktvist
via reddit http://ift.tt/2BauOIO
Binary Figments
Don’t trust all SSL / TLS certificates
Earlier I did a story about CSR checkers from CA’s and their resellers. This was a nice thing to do and an eyeopener for some people. Now, I went for the certificate checkers! I generated my …
111 views
Netsec
The 2018 Guide to Building Secure PHP Software
http://ift.tt/2AecvyO

Submitted December 12, 2017 at 05:56PM by sarciszewski
via reddit http://ift.tt/2kqTuCD
Paragonie
The 2018 Guide to Building Secure PHP Software - Paragon Initiative Enterprises Blog
Everything a developer needs to know to build secure software in the PHP programming language in the year 2018
112 views
Netsec
Can a hacker log in bypassing 2FA?
Hello, If a hacker has an access to your login and password + email details, but he has no access to 2fa, can he log in your account?

Submitted December 12, 2017 at 06:48PM by esdohadoce
via reddit http://ift.tt/2kpGVYs
reddit
Can a hacker log in bypassing 2FA? • r/security
Hello, If a hacker has an access to your login and password + email details, but he has no access to 2fa, can he log in your account?
106 views
Netsec
Detection Lab is a collection of Packer and Vagrant noscripts that allow you to quickly bring a Windows Active Directory online, complete with a collection of endpoint security tooling and logging best practices.
http://ift.tt/2z3sEsV

Submitted December 12, 2017 at 06:32PM by speckz
via reddit http://ift.tt/2AwdkHB
Medium
Introducing: Detection Lab
Detection Lab is a collection of Packer and Vagrant noscripts that allow you to quickly bring a Windows Active Directory online, complete…
107 views
Netsec
Security In 5: Episode 130 - OWASP Top 10 - A9 - Using Components With Known Vulnerabilities
http://ift.tt/2jB5yVI

Submitted December 12, 2017 at 07:32PM by BinaryBlog
via reddit http://ift.tt/2Bcefwp
Libsyn
Security In Five Podcast: Episode 130 - OWASP Top 10 - A9 - Using Components With Known Vulnerabilities
The OWASP Top 10 list is almost done. Number 9 talks about using components with known vulnerabilities. If you think this doesn't happen, look at Equifax. When vulnerabilities are published for a components hackers start to work on attacks for it. If you…
99 views
Netsec
makin - reveal anti-debug tricks
http://ift.tt/2yhjzco

Submitted December 12, 2017 at 07:08PM by khasaia
via reddit http://ift.tt/2nUlEL8
GitHub
secrary/makin
makin - reveal anti-debug tricks
92 views
Netsec
BrickerBot Author Retires Claiming to Have Bricked over 10 Million IoT Devices
http://ift.tt/2BdR2tu

Submitted December 12, 2017 at 07:35PM by DJRWolf
via reddit http://ift.tt/2l5rict
BleepingComputer
BrickerBot Author Retires Claiming to Have Bricked over 10 Million IoT Devices
The author of the BrickerBot malware has announced his retirement in an email to Bleeping Computer, also claiming to have bricked over 10 million devices since he started the "Internet Chemotherapy" project in November 2016.
96 views
Netsec
TLS Padding Oracle Vulnerability in Citrix NetScaler
http://ift.tt/2iTx2Sh

Submitted December 12, 2017 at 07:27PM by KernelJay
via reddit http://ift.tt/2ANTpRm
reddit
TLS Padding Oracle Vulnerability in Citrix NetScaler • r/netsec
1 points and 0 comments so far on reddit
92 views
Netsec
BLOCKBUSTED: Lazarus, Blockbuster, and North Korea
http://ift.tt/2nQYtBz

Submitted December 12, 2017 at 08:11PM by 0xbaadf00dsec
via reddit http://ift.tt/2C4PmQF
Intezer
BLOCKBUSTED: Lazarus, Blockbuster, and North Korea - Intezer
As we have proven in previous research blog posts, malware authors often reuse the same code. This evolution of code and code reuse is seen all throughout the well known Blockbuster campaign and connections between other malware attributed to the Lazarus…
93 views