AppLocker - How insecure is it really? - Part 2
http://ift.tt/2BtBoeN
Submitted December 21, 2017 at 08:21PM by oddvarmoe
via reddit http://ift.tt/2kztMN3
http://ift.tt/2BtBoeN
Submitted December 21, 2017 at 08:21PM by oddvarmoe
via reddit http://ift.tt/2kztMN3
Oddvar Moe's Blog
AppLocker – Case study – How insecure is it really? – Part 2
This is part two of my blog series about the different bypasses that are supposed to work against AppLocker. I will, as I did in part 1 focus on the default rules in AppLocker. More details on the …
Port scanning
Not sure if this is right sub but I have a few Windows servers in a data center and I want to periodically port scan those machines from outside the network to make sure my firewall is correct. Is there a reasonably priced online solution that can email me reports based on it's findings daily?
Submitted December 21, 2017 at 07:55PM by plantpistol
via reddit http://ift.tt/2BKg4OM
Not sure if this is right sub but I have a few Windows servers in a data center and I want to periodically port scan those machines from outside the network to make sure my firewall is correct. Is there a reasonably priced online solution that can email me reports based on it's findings daily?
Submitted December 21, 2017 at 07:55PM by plantpistol
via reddit http://ift.tt/2BKg4OM
reddit
Port scanning • r/security
Not sure if this is right sub but I have a few Windows servers in a data center and I want to periodically port scan those machines from outside...
Trump’s team wanted to use Signal to encrypt Michael Flynn’s messages
http://ift.tt/2oZHNIz
Submitted December 21, 2017 at 10:04PM by SuccessfulOperation
via reddit http://ift.tt/2DqIv4W
http://ift.tt/2oZHNIz
Submitted December 21, 2017 at 10:04PM by SuccessfulOperation
via reddit http://ift.tt/2DqIv4W
Newsweek
Trump’s team wanted to use Signal to encrypt Michael Flynn’s messages
The smartphone application allows for messages to be deleted almost instantly.
GCHQ says UK has cyberweapons that can cripple hostile states
http://ift.tt/2CTnheU
Submitted December 21, 2017 at 09:37PM by J0eN0b0dy
via reddit http://ift.tt/2BJjzFb
http://ift.tt/2CTnheU
Submitted December 21, 2017 at 09:37PM by J0eN0b0dy
via reddit http://ift.tt/2BJjzFb
Msn
GCHQ says UK has cyberweapons that can cripple hostile states
Britain has developed a "full spectrum" of cyberweapons that can counter threats posed by states like Russia, Iran and China, parliament's intelligence watchdog has disclosed.
Nhash: petty pranks with big finances
http://ift.tt/2Dhll0F
Submitted December 21, 2017 at 04:10PM by ___atomlib___
via reddit http://ift.tt/2BLZq1c
http://ift.tt/2Dhll0F
Submitted December 21, 2017 at 04:10PM by ___atomlib___
via reddit http://ift.tt/2BLZq1c
Securelist - Information about Viruses, Hackers and Spam
Nhash: petty pranks with big finances
In an earlier publication we noted that cybercriminals were making use of social engineering to install this sort of software on users’ computers. This time, we’d like to dwell more on how exactly the computers of gullible users start working for cybercriminals.
ZDI releases 4th of their Top 5 bugs of 2017 - a VMware guest-to-host escape in vmnat.exe
http://ift.tt/2zbBd1z
Submitted December 21, 2017 at 09:15PM by RedmondSecGnome
via reddit http://ift.tt/2p9k9JE
http://ift.tt/2zbBd1z
Submitted December 21, 2017 at 09:15PM by RedmondSecGnome
via reddit http://ift.tt/2p9k9JE
Zero Day Initiative
VMware’s Launch escape SYSTEM
This is the fourth blog in our series of Top 5 interesting cases from 2017. Each of these bugs has some element that sets them apart from the approximately 1,000 advisories released by the program this year. Today’s post details a bug that allows attackers…
Trump Transition Team Discussed Michael Flynn Using Signal to Encrypt Conversations, Emails Show
http://ift.tt/2D82Wn4
Submitted December 21, 2017 at 10:16PM by SuccessfulOperation
via reddit http://ift.tt/2Bu2wtS
http://ift.tt/2D82Wn4
Submitted December 21, 2017 at 10:16PM by SuccessfulOperation
via reddit http://ift.tt/2Bu2wtS
Gizmodo
Trump Transition Team Discussed Michael Flynn Using Signal to Encrypt Conversations, Emails Show
Days before a series of phone calls in late-2016 between Michael Flynn and Russia’s then-ambassador to the United States, members of the presidential transition team began inquiring about ways to encrypt Flynn’s conversations, discussing with the director…
Weird machines, exploitability, and provable unexploitability
http://ift.tt/2DqGINp
Submitted December 22, 2017 at 12:03AM by mttd
via reddit http://ift.tt/2p8x12S
http://ift.tt/2DqGINp
Submitted December 22, 2017 at 12:03AM by mttd
via reddit http://ift.tt/2p8x12S
ieeexplore.ieee.org
Weird machines, exploitability, and provable unexploitability - IEEE Journals & Magazine
The concept of exploit is central to computer security, particularly in the context of memory corruptions. Yet, in spite of the centrality of the concept a
Use VPN to stay secure and anonymous in the Internet
VPN is very useful : https://youtube.com/watch?v=7Awgf7R8tds
Submitted December 22, 2017 at 12:20AM by f-pace
via reddit http://ift.tt/2Dr29xN
VPN is very useful : https://youtube.com/watch?v=7Awgf7R8tds
Submitted December 22, 2017 at 12:20AM by f-pace
via reddit http://ift.tt/2Dr29xN
YouTube
VPN - why do you need to start using it Right Now ?? 🛡⚔
VPN can be used to annonymize and encrypt your internet traffic, so no one can track you. In this video I'm going to show you why do you need to start using ...
“username or password is incorrect” is bullshit
http://ift.tt/2kzJRlT
Submitted December 22, 2017 at 01:06AM by travisjeffery
via reddit http://ift.tt/2Dr13ll
http://ift.tt/2kzJRlT
Submitted December 22, 2017 at 01:06AM by travisjeffery
via reddit http://ift.tt/2Dr13ll
Hacker Noon
“username or password incorrect” is bullshit
There’s a security best practice where sign ins aren’t supposed to say “password is incorrect”. Instead they’re supposed to say the…
Convert keys between GnuPG, OpenSsh and OpenSSL
http://ift.tt/2qyjgr3
Submitted December 22, 2017 at 01:22AM by pheedrus
via reddit http://ift.tt/2BkjTZW
http://ift.tt/2qyjgr3
Submitted December 22, 2017 at 01:22AM by pheedrus
via reddit http://ift.tt/2BkjTZW
sysmic.org
Convert keys between GnuPG, OpenSsh and OpenSSL - Sysmic.org
OpenSSH to OpenSSL OpenSSH private keys are directly understable by OpenSSL. You can test for example: openssl rsa -in ~/.ssh/id_rsa -text openssl dsa -in ~/.ssh/id_dsa -text So,
Processing network security logs with Bro Analysis Tools (BAT)
http://ift.tt/2DglEZx
Submitted December 22, 2017 at 02:27AM by waxlamp
via reddit http://ift.tt/2DpTMm0
http://ift.tt/2DglEZx
Submitted December 22, 2017 at 02:27AM by waxlamp
via reddit http://ift.tt/2DpTMm0
The Kitware Blog
Using Open Source to Satisfy NIST SP 800-171 Requirements
As 2017 comes to a close, many government contractors are working toward the end-of-the-year deadline for compliance with the National Institute of Standards and Technology (NIST) Special Publicati…
Zealot: New Apache Struts Campaign Uses EternalBlue and EternalSynergy to Mine Monero on Internal Networks
http://ift.tt/2j748y4
Submitted December 22, 2017 at 02:38AM by based2
via reddit http://ift.tt/2p8yXbC
http://ift.tt/2j748y4
Submitted December 22, 2017 at 02:38AM by based2
via reddit http://ift.tt/2p8yXbC
F5
Zealot: New Apache Struts Campaign Uses EternalBlue and EternalSynergy to Mine Monero on Internal Networks
New Apache Struts campaign, Zealot, targets vulnerabilities in Windows, Linux, and the DotNetNuke CMS, then leverages leaked NSA exploits to move laterally through internal networks and mine Monero.
Round 1 Submissions - Post-Quantum Cryptography
http://ift.tt/2BMCgYR
Submitted December 22, 2017 at 02:37AM by based2
via reddit http://ift.tt/2DpqXGo
http://ift.tt/2BMCgYR
Submitted December 22, 2017 at 02:37AM by based2
via reddit http://ift.tt/2DpqXGo
reddit
Round 1 Submissions - Post-Quantum Cryptography • r/netsec
1 points and 0 comments so far on reddit
Couple words about rsync protocol based on breach of 2k emails from Czech university.
http://ift.tt/2BiumVN
Submitted December 22, 2017 at 03:20AM by Mysterii8
via reddit http://ift.tt/2p7c9Js
http://ift.tt/2BiumVN
Submitted December 22, 2017 at 03:20AM by Mysterii8
via reddit http://ift.tt/2p7c9Js
Medium
Couple words about rsync protocol based on breach of 2k emails from Czech university.
TL;DR I would like to show how misconfigured rsync protocol can lead to data breach or compromise company and how to secure yourself. To…
Couple words about rsync protocol based on breach of 2k emails from Czech university.
http://ift.tt/2BiumVN
Submitted December 22, 2017 at 03:17AM by Mysterii8
via reddit http://ift.tt/2BwEs9O
http://ift.tt/2BiumVN
Submitted December 22, 2017 at 03:17AM by Mysterii8
via reddit http://ift.tt/2BwEs9O
Medium
Couple words about rsync protocol based on breach of 2k emails from Czech university.
TL;DR I would like to show how misconfigured rsync protocol can lead to data breach or compromise company and how to secure yourself. To…
Responder -> MultiRelay -> Mimikatz -> Crackmapexec ->Windows PWNage
http://ift.tt/2CUD1yl
Submitted December 22, 2017 at 05:49AM by ashtondrakestorm
via reddit http://ift.tt/2Bib6rI
http://ift.tt/2CUD1yl
Submitted December 22, 2017 at 05:49AM by ashtondrakestorm
via reddit http://ift.tt/2Bib6rI
GameOfPWNZ
Responder -> MultiRelay -> Mimikatz -> Crackmapexec ->Windows PWNage - GameOfPWNZ
For this post, we’re going to do a scenario-based usage of the following tools: responder, MultiRelay.py, mimikatz, and crackmapexec. This post gained influence from “Skip Cracking Responder Hashes and Replay...
State [Monthly Summary] of Linux security in 2017
http://ift.tt/2kVAmx2
Submitted December 22, 2017 at 07:48AM by dixon1dw
via reddit http://ift.tt/2BMW6mQ
http://ift.tt/2kVAmx2
Submitted December 22, 2017 at 07:48AM by dixon1dw
via reddit http://ift.tt/2BMW6mQ
Linux Audit
The state of Linux security in 2017 - Linux Audit
Linux security (2017 edition) The year is closing, so it is time to review Linux security. Like last year, we look at the state of Linux security. A collection of the finest moments. Did we forget something important? Let us know in the comments. This post…
How dangerous is it to reveal your birthday through phone survey?
Recently I had a university graduation survey. The representitive calling asked me to do a survey at 6:30 PM and he asked me a lot of questions about employment since graduation and then finally asked me what was my month and day of birth. So I answered it but my parents were livid when I did.I looked at my call log and traced the number and tried to call them back. The automatic line said "welcome to <<school's>> survey research department". At this point I knew this number seemed legit. What I'm worried is why the fuck did they ask me for hints of my birthday? Are they really trying to steal my confidential information? If the know my name and number, could they potentially hack into my bank account?
Submitted December 22, 2017 at 07:30AM by strandoflight
via reddit http://ift.tt/2kBIFi6
Recently I had a university graduation survey. The representitive calling asked me to do a survey at 6:30 PM and he asked me a lot of questions about employment since graduation and then finally asked me what was my month and day of birth. So I answered it but my parents were livid when I did.I looked at my call log and traced the number and tried to call them back. The automatic line said "welcome to <<school's>> survey research department". At this point I knew this number seemed legit. What I'm worried is why the fuck did they ask me for hints of my birthday? Are they really trying to steal my confidential information? If the know my name and number, could they potentially hack into my bank account?
Submitted December 22, 2017 at 07:30AM by strandoflight
via reddit http://ift.tt/2kBIFi6
reddit
How dangerous is it to reveal your birthday through... • r/security
Recently I had a university graduation survey. The representitive calling asked me to do a survey at 6:30 PM and he asked me a lot of questions...
PentesterLab | Web for Pentester - Learn all you need to know to start doing web penetration testing
http://ift.tt/1BidOfs
Submitted December 22, 2017 at 12:05PM by Gallus
via reddit http://ift.tt/2kWkQ3Y
http://ift.tt/1BidOfs
Submitted December 22, 2017 at 12:05PM by Gallus
via reddit http://ift.tt/2kWkQ3Y
Pentesterlab
PentesterLab: Web for Pentester
This exercise is a set of the most common web vulnerabilities.
Arbitrary Linux kernel memory read+write via incorrect range tracking in eBPF
http://ift.tt/2BSNP39
Submitted December 22, 2017 at 02:00PM by 0xdea
via reddit http://ift.tt/2zglBKo
http://ift.tt/2BSNP39
Submitted December 22, 2017 at 02:00PM by 0xdea
via reddit http://ift.tt/2zglBKo