DNS Security Filters Compared: Quad9 X OpenDNS X Comodo Secure X Norton SafeConnect X Yandex
http://ift.tt/2oDYEk3
Submitted December 19, 2017 at 04:28AM by nykzhang
via reddit http://ift.tt/2kHzdZT
http://ift.tt/2oDYEk3
Submitted December 19, 2017 at 04:28AM by nykzhang
via reddit http://ift.tt/2kHzdZT
Medium
DNS Security Filters Compared: Quad9 x OpenDNS x Comodo Secure x Norton ConnectSafe x Yandex Safe
On a recent post, I tried to compare the performance of a few DNS resolvers. However, as some people pointed out, the results were not…
vBulletin routestring Unauthenticated Remote Code Execution
http://ift.tt/2nVEhyp
Submitted December 19, 2017 at 05:34AM by d4nk1st
via reddit http://ift.tt/2oDVzjU
http://ift.tt/2nVEhyp
Submitted December 19, 2017 at 05:34AM by d4nk1st
via reddit http://ift.tt/2oDVzjU
reddit
vBulletin routestring Unauthenticated Remote Code Execution • r/netsec
1 points and 1 comments so far on reddit
Hacking the Hackers: Leveraging an SSRF in HackerTarget
http://ift.tt/2CDqi2C
Submitted December 19, 2017 at 06:14AM by sxcurity
via reddit http://ift.tt/2BanJsX
http://ift.tt/2CDqi2C
Submitted December 19, 2017 at 06:14AM by sxcurity
via reddit http://ift.tt/2BanJsX
www.sxcurity.pro
Hacking the Hackers: Leveraging an SSRF in HackerTarget
💻 Introduction: This is a write-up of an SSRF I accidentally found in HackerTarget and leveraged to get access to internal services! Please note that they don’t have an active bug bounty program. &...
Update: Looking Glass Add-on | The Firefox Frontier
http://ift.tt/2BI3Ush
Submitted December 19, 2017 at 06:54AM by yuzume
via reddit http://ift.tt/2keqKOe
http://ift.tt/2BI3Ush
Submitted December 19, 2017 at 06:54AM by yuzume
via reddit http://ift.tt/2keqKOe
The Firefox Frontier
Update: Looking Glass Add-on – The Firefox Frontier
We didn't think hard enough about how our actions would affect the community, and we're sorry for letting you down. How we got here Over the course of the year ...
A python tool can penetrate into Remote Desktop Protocol, GitHub project also shared enjoy
http://ift.tt/2BGWi9s
Submitted December 19, 2017 at 08:13AM by drhydrogen1
via reddit http://ift.tt/2BasceT
http://ift.tt/2BGWi9s
Submitted December 19, 2017 at 08:13AM by drhydrogen1
via reddit http://ift.tt/2BasceT
My Hack Stuff
RDPY Security Tool Penetrate into Remote Desktop Protocol - My Hack Stuff
RDPY security tool is a Microsoft RDP Security tool developed in pure Python with RDP (MITM) proxy help. This permits a consumer to document classes and
Introduction to Malware-blocking DNS Services
http://ift.tt/2CZ7fRs
Submitted December 19, 2017 at 12:22PM by cryptoaustralia
via reddit http://ift.tt/2CDSjqP
http://ift.tt/2CZ7fRs
Submitted December 19, 2017 at 12:22PM by cryptoaustralia
via reddit http://ift.tt/2CDSjqP
CryptoAUSTRALIA Blog
Malware-blocking DNS Services
Protect your home network from ransomware and phishing with these alternative DNS providers
Breaking: Aggressive WordPress Brute Force Attack Campaign Started Today, 3am UTC
http://ift.tt/2kfwlE0
Submitted December 19, 2017 at 11:56AM by texmex5
via reddit http://ift.tt/2BuPA3V
http://ift.tt/2kfwlE0
Submitted December 19, 2017 at 11:56AM by texmex5
via reddit http://ift.tt/2BuPA3V
Wordfence
Breaking: Aggressive WordPress Brute Force Attack Campaign Started Today, 3am UTC
A massive distributed brute force attack campaign targeting WordPress sites started this morning at 3am Universal Time, 7pm Pacific Time. The attack is broad in that it uses a large number of attacking IPs, and is also deep in that each IP is generating a…
Recent 1.4 billion password breach compilation as wordlist
http://ift.tt/2AVfJrx
Submitted December 19, 2017 at 09:25AM by stmiller
via reddit http://ift.tt/2yUqatE
http://ift.tt/2AVfJrx
Submitted December 19, 2017 at 09:25AM by stmiller
via reddit http://ift.tt/2yUqatE
Gist
1.4 billion password breach compilation wordlist
Preventing Yet Another AWS S3 Storage Breach
http://ift.tt/2oHSdwn
Submitted December 19, 2017 at 03:54PM by nanooonanooo
via reddit http://ift.tt/2CBslEo
http://ift.tt/2oHSdwn
Submitted December 19, 2017 at 03:54PM by nanooonanooo
via reddit http://ift.tt/2CBslEo
The State of Security
Preventing Yet Another AWS S3 Storage Breach With Tripwire
It seems like everyday you see a new report about a massive data leak caused by someone accidentally exposing files stored in AWS S3 Buckets.
Are EV certificates worth the paper they're written on?
http://ift.tt/2zOmP0p
Submitted December 19, 2017 at 02:04AM by 57696c6c
via reddit http://ift.tt/2BHDvuO
http://ift.tt/2zOmP0p
Submitted December 19, 2017 at 02:04AM by 57696c6c
via reddit http://ift.tt/2BHDvuO
Google Advanced Security Not Actually Inconvenient
Since October of 2017 Google has been marketing it's "Advanced Protection Program" as a system that sacrifices ease of use for security. As if the average end user would be losing essential functionality or having to jump through serious hoops in order to use their account. In practice this is in no way the case- for people like ourselves AND the average end user. Because android phones and tablets keep you logged into Google even after a reboot of your device, you only need to use your nfc/bluetooth key one time. It's an obvious distinction for those of us who live and breathe data security but I think we could be explaining this to our less tech-savvy counterparts a lot better. Google also claims this feature is geared towards politicians and journalists but not necessarily our teenage children and financially vulnerable grandparents. It stinks that Google finally enabled such a basic functionality and then greatly damaged the possibility of it going mainstream.
Submitted December 19, 2017 at 06:02PM by sweepstor
via reddit http://ift.tt/2BHGgw5
Since October of 2017 Google has been marketing it's "Advanced Protection Program" as a system that sacrifices ease of use for security. As if the average end user would be losing essential functionality or having to jump through serious hoops in order to use their account. In practice this is in no way the case- for people like ourselves AND the average end user. Because android phones and tablets keep you logged into Google even after a reboot of your device, you only need to use your nfc/bluetooth key one time. It's an obvious distinction for those of us who live and breathe data security but I think we could be explaining this to our less tech-savvy counterparts a lot better. Google also claims this feature is geared towards politicians and journalists but not necessarily our teenage children and financially vulnerable grandparents. It stinks that Google finally enabled such a basic functionality and then greatly damaged the possibility of it going mainstream.
Submitted December 19, 2017 at 06:02PM by sweepstor
via reddit http://ift.tt/2BHGgw5
reddit
Google Advanced Security Not Actually Inconvenient • r/security
Since October of 2017 Google has been marketing it's "Advanced Protection Program" as a system that sacrifices ease of use for security. As if the...
Introducing Merlin — A cross-platform post-exploitation HTTP/2 Command & Control Tool
http://ift.tt/2oLAhRp
Submitted December 19, 2017 at 05:13PM by Russel_
via reddit http://ift.tt/2oLEeWs
http://ift.tt/2oLAhRp
Submitted December 19, 2017 at 05:13PM by Russel_
via reddit http://ift.tt/2oLEeWs
Medium
Introducing Merlin — A cross-platform post-exploitation HTTP/2 Command & Control Tool
tl;dr Evade network detection during a penetration test/red team exercise by using a protocol that existing tools aren’t equipped to…
Linkedin unread notifications count is open for everyone
http://ift.tt/2D3dDHx
Submitted December 19, 2017 at 07:41PM by RandomAdversary
via reddit http://ift.tt/2oLgBgB
http://ift.tt/2D3dDHx
Submitted December 19, 2017 at 07:41PM by RandomAdversary
via reddit http://ift.tt/2oLgBgB
Random Ⱥdversary
Linkedin unread notifications count is open for everyone
Mostly adversarial thoughts.
RAPID7 made this awesome Haxmas Music Album
http://ift.tt/2yY8ayo
Submitted December 19, 2017 at 08:12PM by Swerzi
via reddit http://ift.tt/2CGjX6J
http://ift.tt/2yY8ayo
Submitted December 19, 2017 at 08:12PM by Swerzi
via reddit http://ift.tt/2CGjX6J
Rapid7
NOW That's What I Call HaXmas! | Rapid7
Rapid7 presents: NOW That's What I Call HaXmas! Featuring some of our talented musicians. Happy holidays, and enjoy.
TLS Exploit 'ROBOT' Based on 19 Year Old Vulnerability Affects More Than Just Websites
http://ift.tt/2oKC09J
Submitted December 19, 2017 at 08:34PM by Mi3Security
via reddit http://ift.tt/2D5MCmA
http://ift.tt/2oKC09J
Submitted December 19, 2017 at 08:34PM by Mi3Security
via reddit http://ift.tt/2D5MCmA
Mi3 Security
TLS Exploit 'ROBOT' Based on 19 Year Old Vulnerability Affects More Than Just Websites
TLS vulnerability returns 19 years later, code-named Return of Bleichenbacher’s Oracle Threat or ROBOT. Researchers have found that countermeasures implemented in many systems are not sufficient and are vulnerable to Bleichenbacher-style attacks.
Unique and Professional Security Doors in London
http://ift.tt/2kOdFui
Submitted December 19, 2017 at 08:12PM by shopfronts1
via reddit http://ift.tt/2yXKXMT
http://ift.tt/2kOdFui
Submitted December 19, 2017 at 08:12PM by shopfronts1
via reddit http://ift.tt/2yXKXMT
jaishutters.blogspot.co.uk
What you need to look for security doors in London?
Nowadays, the concern for security has increased because of the escalating crime rates. While there are a wide variety of options available...
Security In 5: Episode 135 - OWASP Top 10 - A10 - Unvalidated Redirects and Forwards
http://ift.tt/2AXHYFV
Submitted December 19, 2017 at 07:31PM by BinaryBlog
via reddit http://ift.tt/2B0haVG
http://ift.tt/2AXHYFV
Submitted December 19, 2017 at 07:31PM by BinaryBlog
via reddit http://ift.tt/2B0haVG
Libsyn
Security In Five Podcast: Episode 135 - OWASP Top 10 - A10 - Unvalidated Redirects and Forwards
The last item in the mini series OWASP Top 10. Number 10, Unvalidated Redirects and Forwards. This episode goes in to the details on what this is and how to avoid having them in your application. OWASP Top 10 A10 - Unvalidated Redirects and Forwards Be aware…
ZDI releases second Top 5 bug of 2017. This one gets remote code execution in Apache Groovy.
http://ift.tt/2yYo0sM
Submitted December 19, 2017 at 09:05PM by RedmondSecGnome
via reddit http://ift.tt/2D4ew2F
http://ift.tt/2yYo0sM
Submitted December 19, 2017 at 09:05PM by RedmondSecGnome
via reddit http://ift.tt/2D4ew2F
Zero Day Initiative
Apache Groovy Deserialization: A Cunning Exploit Chain to Bypass a Patch
This is the second in our series of Top 5 interesting cases from 2017. Each of these bugs has some element that sets them apart from the approximately 1,000 advisories released by the program this year. Today’s blog examines a remote code execution bug in…
Hex-Men: Chinese campaign targeting SQL Server & MySQLs DBs
http://ift.tt/2klvlyb
Submitted December 19, 2017 at 09:58PM by ribr
via reddit http://ift.tt/2BfNS9J
http://ift.tt/2klvlyb
Submitted December 19, 2017 at 09:58PM by ribr
via reddit http://ift.tt/2BfNS9J
GuardiCore - Data Center and Cloud Security
Beware the Hex-Men - GuardiCore - Data Center and Cloud Security
In the last few months GuardiCore Labs has been investigating multiple attack campaigns conducted by an established Chinese crime group that operates worldwide. The campaigns are launched from a large coordinated infrastructure and are mostly targeting servers…
Dispelling Cybersecurity Myths - Recorded Future podcast episode 36
http://ift.tt/2kHSk5V
Submitted December 19, 2017 at 09:56PM by volci
via reddit http://ift.tt/2CEtuv8
http://ift.tt/2kHSk5V
Submitted December 19, 2017 at 09:56PM by volci
via reddit http://ift.tt/2CEtuv8
Recorded Future
Dispelling Cybersecurity Myths
Chief Security Architect Gavin Reid discusses cybersecurity myths that need to be dispelled, including the notion that companies should “do more with less.”
GUI Tool for crafting ROP chains (WIP)
http://ift.tt/2D35Jhn
Submitted December 19, 2017 at 09:41PM by chillingswordfish
via reddit http://ift.tt/2D69liw
http://ift.tt/2D35Jhn
Submitted December 19, 2017 at 09:41PM by chillingswordfish
via reddit http://ift.tt/2D69liw
GitHub
orppra/ropa
ropa - ROP chain creation as easy as drinking water