Micro-fortresses everywhere: The cloud security model and the software-defined perimeter | ZDNet
http://ift.tt/2CArODN
Submitted December 18, 2017 at 09:16PM by SecurityTrust
via reddit http://ift.tt/2zllX5D
http://ift.tt/2CArODN
Submitted December 18, 2017 at 09:16PM by SecurityTrust
via reddit http://ift.tt/2zllX5D
ZDNet
Micro-fortresses everywhere: The cloud security model and the software-defined perimeter
Where we encounter the efforts of security practitioners to apply something that sounds like an old model to the new system of distributed computing, and find out to get it to work, they have to turn it inside out.
ZDI releases the first of their top 5 bugs of 2017. Today's is an Integer Underflow in Adobe Reader
http://ift.tt/2kFUZwY
Submitted December 18, 2017 at 09:16PM by RedmondSecGnome
via reddit http://ift.tt/2CAoE23
http://ift.tt/2kFUZwY
Submitted December 18, 2017 at 09:16PM by RedmondSecGnome
via reddit http://ift.tt/2CAoE23
reddit
ZDI releases the first of their top 5 bugs of 2017.... • r/netsec
1 points and 0 comments so far on reddit
WAFNinja Kali Linux tool to Bypass WAF - My Hack Stuff
http://ift.tt/2jdIyYW
Submitted December 18, 2017 at 10:29PM by drhydrogen1
via reddit http://ift.tt/2keHl4B
http://ift.tt/2jdIyYW
Submitted December 18, 2017 at 10:29PM by drhydrogen1
via reddit http://ift.tt/2keHl4B
My Hack Stuff
WAFNinja Kali Linux tool to Bypass WAF - My Hack Stuff
I have added a video tutorial about WAFNinja Kali Linux tool to understand this python tool which can bypass WAF. Basically WAFNinja is a CLI....
"HR - *Please* Stop Requiring Tech Backgrounds for Security Awareness Officers"
http://ift.tt/2B8axol
Submitted December 18, 2017 at 10:13PM by volci
via reddit http://ift.tt/2keHlBD
http://ift.tt/2B8axol
Submitted December 18, 2017 at 10:13PM by volci
via reddit http://ift.tt/2keHlBD
securingthehuman.sans.org
Security Awareness Blog | HR - *Please* Stop Requiring Tech Backgrounds for Security Awareness Officers
Security Awareness Blog blog pertaining to HR - *Please* Stop Requiring Tech Backgrounds for Security Awareness Officers
aPAColypse now: Exploiting Windows 10 in a Local Network with WPAD/PAC and JScript
http://ift.tt/2CZAEuW
Submitted December 19, 2017 at 12:00AM by bool101
via reddit http://ift.tt/2BG2aj9
http://ift.tt/2CZAEuW
Submitted December 19, 2017 at 12:00AM by bool101
via reddit http://ift.tt/2BG2aj9
googleprojectzero.blogspot.co.uk
aPAColypse now: Exploiting Windows 10 in a Local Network with WPAD/PAC and JScript
by Ivan Fratric, Thomas Dullien, James Forshaw and Steven Vittitoe Intro Many widely-deployed technologies, viewed through 20/20 hind...
Create your hacklab with docker
http://ift.tt/2CZPgKO
Submitted December 19, 2017 at 12:27AM by ston3o
via reddit http://ift.tt/2ATwCCU
http://ift.tt/2CZPgKO
Submitted December 19, 2017 at 12:27AM by ston3o
via reddit http://ift.tt/2ATwCCU
GitHub
ston3o/docker-hacklab
docker-hacklab - My personal hacklab
Leveraging web application vulnerabilities to steal NTLM hashes
http://ift.tt/2BuZSkD
Submitted December 19, 2017 at 01:51AM by Mempodipper
via reddit http://ift.tt/2kfsc2W
http://ift.tt/2BuZSkD
Submitted December 19, 2017 at 01:51AM by Mempodipper
via reddit http://ift.tt/2kfsc2W
reddit
Leveraging web application vulnerabilities to steal... • r/netsec
1 points and 0 comments so far on reddit
Final published version of the Truck ELD hacking article at CDL Life Magazine. Mostly the same as what I posted earlier...
http://ift.tt/2kfENmN
Submitted December 19, 2017 at 03:29AM by JimMarch
via reddit http://ift.tt/2AVfTim
http://ift.tt/2kfENmN
Submitted December 19, 2017 at 03:29AM by JimMarch
via reddit http://ift.tt/2AVfTim
CDLLife
ELD Security Threats: Can trucks be mass-hacked to physically crash via ELDs? | CDLLife
Guest writer Jim March Simpson takes on one of the most controversial questions in trucking -- can hackers use ELDs to take control of your truck?
DNS Security Filters Compared: Quad9 X OpenDNS X Comodo Secure X Norton SafeConnect X Yandex
http://ift.tt/2oDYEk3
Submitted December 19, 2017 at 04:16AM by nykzhang
via reddit http://ift.tt/2CY7M6p
http://ift.tt/2oDYEk3
Submitted December 19, 2017 at 04:16AM by nykzhang
via reddit http://ift.tt/2CY7M6p
Medium
DNS Security Filters Compared: Quad9 x OpenDNS x Comodo Secure x Norton ConnectSafe x Yandex Safe
On a recent post, I tried to compare the performance of a few DNS resolvers. However, as some people pointed out, the results were not…
DNS Security Filters Compared: Quad9 X OpenDNS X Comodo Secure X Norton SafeConnect X Yandex
http://ift.tt/2oDYEk3
Submitted December 19, 2017 at 04:28AM by nykzhang
via reddit http://ift.tt/2kHzdZT
http://ift.tt/2oDYEk3
Submitted December 19, 2017 at 04:28AM by nykzhang
via reddit http://ift.tt/2kHzdZT
Medium
DNS Security Filters Compared: Quad9 x OpenDNS x Comodo Secure x Norton ConnectSafe x Yandex Safe
On a recent post, I tried to compare the performance of a few DNS resolvers. However, as some people pointed out, the results were not…
vBulletin routestring Unauthenticated Remote Code Execution
http://ift.tt/2nVEhyp
Submitted December 19, 2017 at 05:34AM by d4nk1st
via reddit http://ift.tt/2oDVzjU
http://ift.tt/2nVEhyp
Submitted December 19, 2017 at 05:34AM by d4nk1st
via reddit http://ift.tt/2oDVzjU
reddit
vBulletin routestring Unauthenticated Remote Code Execution • r/netsec
1 points and 1 comments so far on reddit
Hacking the Hackers: Leveraging an SSRF in HackerTarget
http://ift.tt/2CDqi2C
Submitted December 19, 2017 at 06:14AM by sxcurity
via reddit http://ift.tt/2BanJsX
http://ift.tt/2CDqi2C
Submitted December 19, 2017 at 06:14AM by sxcurity
via reddit http://ift.tt/2BanJsX
www.sxcurity.pro
Hacking the Hackers: Leveraging an SSRF in HackerTarget
💻 Introduction: This is a write-up of an SSRF I accidentally found in HackerTarget and leveraged to get access to internal services! Please note that they don’t have an active bug bounty program. &...
Update: Looking Glass Add-on | The Firefox Frontier
http://ift.tt/2BI3Ush
Submitted December 19, 2017 at 06:54AM by yuzume
via reddit http://ift.tt/2keqKOe
http://ift.tt/2BI3Ush
Submitted December 19, 2017 at 06:54AM by yuzume
via reddit http://ift.tt/2keqKOe
The Firefox Frontier
Update: Looking Glass Add-on – The Firefox Frontier
We didn't think hard enough about how our actions would affect the community, and we're sorry for letting you down. How we got here Over the course of the year ...
A python tool can penetrate into Remote Desktop Protocol, GitHub project also shared enjoy
http://ift.tt/2BGWi9s
Submitted December 19, 2017 at 08:13AM by drhydrogen1
via reddit http://ift.tt/2BasceT
http://ift.tt/2BGWi9s
Submitted December 19, 2017 at 08:13AM by drhydrogen1
via reddit http://ift.tt/2BasceT
My Hack Stuff
RDPY Security Tool Penetrate into Remote Desktop Protocol - My Hack Stuff
RDPY security tool is a Microsoft RDP Security tool developed in pure Python with RDP (MITM) proxy help. This permits a consumer to document classes and
Introduction to Malware-blocking DNS Services
http://ift.tt/2CZ7fRs
Submitted December 19, 2017 at 12:22PM by cryptoaustralia
via reddit http://ift.tt/2CDSjqP
http://ift.tt/2CZ7fRs
Submitted December 19, 2017 at 12:22PM by cryptoaustralia
via reddit http://ift.tt/2CDSjqP
CryptoAUSTRALIA Blog
Malware-blocking DNS Services
Protect your home network from ransomware and phishing with these alternative DNS providers
Breaking: Aggressive WordPress Brute Force Attack Campaign Started Today, 3am UTC
http://ift.tt/2kfwlE0
Submitted December 19, 2017 at 11:56AM by texmex5
via reddit http://ift.tt/2BuPA3V
http://ift.tt/2kfwlE0
Submitted December 19, 2017 at 11:56AM by texmex5
via reddit http://ift.tt/2BuPA3V
Wordfence
Breaking: Aggressive WordPress Brute Force Attack Campaign Started Today, 3am UTC
A massive distributed brute force attack campaign targeting WordPress sites started this morning at 3am Universal Time, 7pm Pacific Time. The attack is broad in that it uses a large number of attacking IPs, and is also deep in that each IP is generating a…
Recent 1.4 billion password breach compilation as wordlist
http://ift.tt/2AVfJrx
Submitted December 19, 2017 at 09:25AM by stmiller
via reddit http://ift.tt/2yUqatE
http://ift.tt/2AVfJrx
Submitted December 19, 2017 at 09:25AM by stmiller
via reddit http://ift.tt/2yUqatE
Gist
1.4 billion password breach compilation wordlist
Preventing Yet Another AWS S3 Storage Breach
http://ift.tt/2oHSdwn
Submitted December 19, 2017 at 03:54PM by nanooonanooo
via reddit http://ift.tt/2CBslEo
http://ift.tt/2oHSdwn
Submitted December 19, 2017 at 03:54PM by nanooonanooo
via reddit http://ift.tt/2CBslEo
The State of Security
Preventing Yet Another AWS S3 Storage Breach With Tripwire
It seems like everyday you see a new report about a massive data leak caused by someone accidentally exposing files stored in AWS S3 Buckets.
Are EV certificates worth the paper they're written on?
http://ift.tt/2zOmP0p
Submitted December 19, 2017 at 02:04AM by 57696c6c
via reddit http://ift.tt/2BHDvuO
http://ift.tt/2zOmP0p
Submitted December 19, 2017 at 02:04AM by 57696c6c
via reddit http://ift.tt/2BHDvuO
Google Advanced Security Not Actually Inconvenient
Since October of 2017 Google has been marketing it's "Advanced Protection Program" as a system that sacrifices ease of use for security. As if the average end user would be losing essential functionality or having to jump through serious hoops in order to use their account. In practice this is in no way the case- for people like ourselves AND the average end user. Because android phones and tablets keep you logged into Google even after a reboot of your device, you only need to use your nfc/bluetooth key one time. It's an obvious distinction for those of us who live and breathe data security but I think we could be explaining this to our less tech-savvy counterparts a lot better. Google also claims this feature is geared towards politicians and journalists but not necessarily our teenage children and financially vulnerable grandparents. It stinks that Google finally enabled such a basic functionality and then greatly damaged the possibility of it going mainstream.
Submitted December 19, 2017 at 06:02PM by sweepstor
via reddit http://ift.tt/2BHGgw5
Since October of 2017 Google has been marketing it's "Advanced Protection Program" as a system that sacrifices ease of use for security. As if the average end user would be losing essential functionality or having to jump through serious hoops in order to use their account. In practice this is in no way the case- for people like ourselves AND the average end user. Because android phones and tablets keep you logged into Google even after a reboot of your device, you only need to use your nfc/bluetooth key one time. It's an obvious distinction for those of us who live and breathe data security but I think we could be explaining this to our less tech-savvy counterparts a lot better. Google also claims this feature is geared towards politicians and journalists but not necessarily our teenage children and financially vulnerable grandparents. It stinks that Google finally enabled such a basic functionality and then greatly damaged the possibility of it going mainstream.
Submitted December 19, 2017 at 06:02PM by sweepstor
via reddit http://ift.tt/2BHGgw5
reddit
Google Advanced Security Not Actually Inconvenient • r/security
Since October of 2017 Google has been marketing it's "Advanced Protection Program" as a system that sacrifices ease of use for security. As if the...
Introducing Merlin — A cross-platform post-exploitation HTTP/2 Command & Control Tool
http://ift.tt/2oLAhRp
Submitted December 19, 2017 at 05:13PM by Russel_
via reddit http://ift.tt/2oLEeWs
http://ift.tt/2oLAhRp
Submitted December 19, 2017 at 05:13PM by Russel_
via reddit http://ift.tt/2oLEeWs
Medium
Introducing Merlin — A cross-platform post-exploitation HTTP/2 Command & Control Tool
tl;dr Evade network detection during a penetration test/red team exercise by using a protocol that existing tools aren’t equipped to…