Nhash: petty pranks with big finances
http://ift.tt/2Dhll0F
Submitted December 21, 2017 at 04:10PM by ___atomlib___
via reddit http://ift.tt/2BLZq1c
http://ift.tt/2Dhll0F
Submitted December 21, 2017 at 04:10PM by ___atomlib___
via reddit http://ift.tt/2BLZq1c
Securelist - Information about Viruses, Hackers and Spam
Nhash: petty pranks with big finances
In an earlier publication we noted that cybercriminals were making use of social engineering to install this sort of software on users’ computers. This time, we’d like to dwell more on how exactly the computers of gullible users start working for cybercriminals.
ZDI releases 4th of their Top 5 bugs of 2017 - a VMware guest-to-host escape in vmnat.exe
http://ift.tt/2zbBd1z
Submitted December 21, 2017 at 09:15PM by RedmondSecGnome
via reddit http://ift.tt/2p9k9JE
http://ift.tt/2zbBd1z
Submitted December 21, 2017 at 09:15PM by RedmondSecGnome
via reddit http://ift.tt/2p9k9JE
Zero Day Initiative
VMware’s Launch escape SYSTEM
This is the fourth blog in our series of Top 5 interesting cases from 2017. Each of these bugs has some element that sets them apart from the approximately 1,000 advisories released by the program this year. Today’s post details a bug that allows attackers…
Trump Transition Team Discussed Michael Flynn Using Signal to Encrypt Conversations, Emails Show
http://ift.tt/2D82Wn4
Submitted December 21, 2017 at 10:16PM by SuccessfulOperation
via reddit http://ift.tt/2Bu2wtS
http://ift.tt/2D82Wn4
Submitted December 21, 2017 at 10:16PM by SuccessfulOperation
via reddit http://ift.tt/2Bu2wtS
Gizmodo
Trump Transition Team Discussed Michael Flynn Using Signal to Encrypt Conversations, Emails Show
Days before a series of phone calls in late-2016 between Michael Flynn and Russia’s then-ambassador to the United States, members of the presidential transition team began inquiring about ways to encrypt Flynn’s conversations, discussing with the director…
Weird machines, exploitability, and provable unexploitability
http://ift.tt/2DqGINp
Submitted December 22, 2017 at 12:03AM by mttd
via reddit http://ift.tt/2p8x12S
http://ift.tt/2DqGINp
Submitted December 22, 2017 at 12:03AM by mttd
via reddit http://ift.tt/2p8x12S
ieeexplore.ieee.org
Weird machines, exploitability, and provable unexploitability - IEEE Journals & Magazine
The concept of exploit is central to computer security, particularly in the context of memory corruptions. Yet, in spite of the centrality of the concept a
Use VPN to stay secure and anonymous in the Internet
VPN is very useful : https://youtube.com/watch?v=7Awgf7R8tds
Submitted December 22, 2017 at 12:20AM by f-pace
via reddit http://ift.tt/2Dr29xN
VPN is very useful : https://youtube.com/watch?v=7Awgf7R8tds
Submitted December 22, 2017 at 12:20AM by f-pace
via reddit http://ift.tt/2Dr29xN
YouTube
VPN - why do you need to start using it Right Now ?? 🛡⚔
VPN can be used to annonymize and encrypt your internet traffic, so no one can track you. In this video I'm going to show you why do you need to start using ...
“username or password is incorrect” is bullshit
http://ift.tt/2kzJRlT
Submitted December 22, 2017 at 01:06AM by travisjeffery
via reddit http://ift.tt/2Dr13ll
http://ift.tt/2kzJRlT
Submitted December 22, 2017 at 01:06AM by travisjeffery
via reddit http://ift.tt/2Dr13ll
Hacker Noon
“username or password incorrect” is bullshit
There’s a security best practice where sign ins aren’t supposed to say “password is incorrect”. Instead they’re supposed to say the…
Convert keys between GnuPG, OpenSsh and OpenSSL
http://ift.tt/2qyjgr3
Submitted December 22, 2017 at 01:22AM by pheedrus
via reddit http://ift.tt/2BkjTZW
http://ift.tt/2qyjgr3
Submitted December 22, 2017 at 01:22AM by pheedrus
via reddit http://ift.tt/2BkjTZW
sysmic.org
Convert keys between GnuPG, OpenSsh and OpenSSL - Sysmic.org
OpenSSH to OpenSSL OpenSSH private keys are directly understable by OpenSSL. You can test for example: openssl rsa -in ~/.ssh/id_rsa -text openssl dsa -in ~/.ssh/id_dsa -text So,
Processing network security logs with Bro Analysis Tools (BAT)
http://ift.tt/2DglEZx
Submitted December 22, 2017 at 02:27AM by waxlamp
via reddit http://ift.tt/2DpTMm0
http://ift.tt/2DglEZx
Submitted December 22, 2017 at 02:27AM by waxlamp
via reddit http://ift.tt/2DpTMm0
The Kitware Blog
Using Open Source to Satisfy NIST SP 800-171 Requirements
As 2017 comes to a close, many government contractors are working toward the end-of-the-year deadline for compliance with the National Institute of Standards and Technology (NIST) Special Publicati…
Zealot: New Apache Struts Campaign Uses EternalBlue and EternalSynergy to Mine Monero on Internal Networks
http://ift.tt/2j748y4
Submitted December 22, 2017 at 02:38AM by based2
via reddit http://ift.tt/2p8yXbC
http://ift.tt/2j748y4
Submitted December 22, 2017 at 02:38AM by based2
via reddit http://ift.tt/2p8yXbC
F5
Zealot: New Apache Struts Campaign Uses EternalBlue and EternalSynergy to Mine Monero on Internal Networks
New Apache Struts campaign, Zealot, targets vulnerabilities in Windows, Linux, and the DotNetNuke CMS, then leverages leaked NSA exploits to move laterally through internal networks and mine Monero.
Round 1 Submissions - Post-Quantum Cryptography
http://ift.tt/2BMCgYR
Submitted December 22, 2017 at 02:37AM by based2
via reddit http://ift.tt/2DpqXGo
http://ift.tt/2BMCgYR
Submitted December 22, 2017 at 02:37AM by based2
via reddit http://ift.tt/2DpqXGo
reddit
Round 1 Submissions - Post-Quantum Cryptography • r/netsec
1 points and 0 comments so far on reddit
Couple words about rsync protocol based on breach of 2k emails from Czech university.
http://ift.tt/2BiumVN
Submitted December 22, 2017 at 03:20AM by Mysterii8
via reddit http://ift.tt/2p7c9Js
http://ift.tt/2BiumVN
Submitted December 22, 2017 at 03:20AM by Mysterii8
via reddit http://ift.tt/2p7c9Js
Medium
Couple words about rsync protocol based on breach of 2k emails from Czech university.
TL;DR I would like to show how misconfigured rsync protocol can lead to data breach or compromise company and how to secure yourself. To…
Couple words about rsync protocol based on breach of 2k emails from Czech university.
http://ift.tt/2BiumVN
Submitted December 22, 2017 at 03:17AM by Mysterii8
via reddit http://ift.tt/2BwEs9O
http://ift.tt/2BiumVN
Submitted December 22, 2017 at 03:17AM by Mysterii8
via reddit http://ift.tt/2BwEs9O
Medium
Couple words about rsync protocol based on breach of 2k emails from Czech university.
TL;DR I would like to show how misconfigured rsync protocol can lead to data breach or compromise company and how to secure yourself. To…
Responder -> MultiRelay -> Mimikatz -> Crackmapexec ->Windows PWNage
http://ift.tt/2CUD1yl
Submitted December 22, 2017 at 05:49AM by ashtondrakestorm
via reddit http://ift.tt/2Bib6rI
http://ift.tt/2CUD1yl
Submitted December 22, 2017 at 05:49AM by ashtondrakestorm
via reddit http://ift.tt/2Bib6rI
GameOfPWNZ
Responder -> MultiRelay -> Mimikatz -> Crackmapexec ->Windows PWNage - GameOfPWNZ
For this post, we’re going to do a scenario-based usage of the following tools: responder, MultiRelay.py, mimikatz, and crackmapexec. This post gained influence from “Skip Cracking Responder Hashes and Replay...
State [Monthly Summary] of Linux security in 2017
http://ift.tt/2kVAmx2
Submitted December 22, 2017 at 07:48AM by dixon1dw
via reddit http://ift.tt/2BMW6mQ
http://ift.tt/2kVAmx2
Submitted December 22, 2017 at 07:48AM by dixon1dw
via reddit http://ift.tt/2BMW6mQ
Linux Audit
The state of Linux security in 2017 - Linux Audit
Linux security (2017 edition) The year is closing, so it is time to review Linux security. Like last year, we look at the state of Linux security. A collection of the finest moments. Did we forget something important? Let us know in the comments. This post…
How dangerous is it to reveal your birthday through phone survey?
Recently I had a university graduation survey. The representitive calling asked me to do a survey at 6:30 PM and he asked me a lot of questions about employment since graduation and then finally asked me what was my month and day of birth. So I answered it but my parents were livid when I did.I looked at my call log and traced the number and tried to call them back. The automatic line said "welcome to <<school's>> survey research department". At this point I knew this number seemed legit. What I'm worried is why the fuck did they ask me for hints of my birthday? Are they really trying to steal my confidential information? If the know my name and number, could they potentially hack into my bank account?
Submitted December 22, 2017 at 07:30AM by strandoflight
via reddit http://ift.tt/2kBIFi6
Recently I had a university graduation survey. The representitive calling asked me to do a survey at 6:30 PM and he asked me a lot of questions about employment since graduation and then finally asked me what was my month and day of birth. So I answered it but my parents were livid when I did.I looked at my call log and traced the number and tried to call them back. The automatic line said "welcome to <<school's>> survey research department". At this point I knew this number seemed legit. What I'm worried is why the fuck did they ask me for hints of my birthday? Are they really trying to steal my confidential information? If the know my name and number, could they potentially hack into my bank account?
Submitted December 22, 2017 at 07:30AM by strandoflight
via reddit http://ift.tt/2kBIFi6
reddit
How dangerous is it to reveal your birthday through... • r/security
Recently I had a university graduation survey. The representitive calling asked me to do a survey at 6:30 PM and he asked me a lot of questions...
PentesterLab | Web for Pentester - Learn all you need to know to start doing web penetration testing
http://ift.tt/1BidOfs
Submitted December 22, 2017 at 12:05PM by Gallus
via reddit http://ift.tt/2kWkQ3Y
http://ift.tt/1BidOfs
Submitted December 22, 2017 at 12:05PM by Gallus
via reddit http://ift.tt/2kWkQ3Y
Pentesterlab
PentesterLab: Web for Pentester
This exercise is a set of the most common web vulnerabilities.
Arbitrary Linux kernel memory read+write via incorrect range tracking in eBPF
http://ift.tt/2BSNP39
Submitted December 22, 2017 at 02:00PM by 0xdea
via reddit http://ift.tt/2zglBKo
http://ift.tt/2BSNP39
Submitted December 22, 2017 at 02:00PM by 0xdea
via reddit http://ift.tt/2zglBKo
NetSPI SQL Injection Wiki
http://ift.tt/2BAWiVO
Submitted December 22, 2017 at 04:25PM by speckz
via reddit http://ift.tt/2BAtosg
http://ift.tt/2BAWiVO
Submitted December 22, 2017 at 04:25PM by speckz
via reddit http://ift.tt/2BAtosg
Netspi
NetSPI SQL Injection Wiki
This wiki's mission is to be a one stop resource for fully identifying, exploiting, and escalating SQL injection vulnerabilities across various Database Management Systems.
Intercepting HTTPS Traffic from Apps on Android 7+ using Magisk & Burp | NVISO LABS
http://ift.tt/2kXPUQF
Submitted December 22, 2017 at 05:41PM by TheDauntless_
via reddit http://ift.tt/2DtmsKX
http://ift.tt/2kXPUQF
Submitted December 22, 2017 at 05:41PM by TheDauntless_
via reddit http://ift.tt/2DtmsKX
NVISO LABS - blog
Intercepting HTTPS Traffic from Apps on Android 7+ using Magisk & Burp
Intercepting HTTPS traffic is a necessity with any mobile security assessment. By adding a custom CA to Android, this can easily be done. As of Android Nougat, however, apps don’t trust clien…
Security In 5: Episode 138 - Tools, Tips and Tricks - Infosec Reactions Humor Website
http://ift.tt/2BXpWar
Submitted December 22, 2017 at 07:35PM by BinaryBlog
via reddit http://ift.tt/2Bm8pVQ
http://ift.tt/2BXpWar
Submitted December 22, 2017 at 07:35PM by BinaryBlog
via reddit http://ift.tt/2Bm8pVQ
Libsyn
Security In Five Podcast: Episode 138 - Tools, Tips and Tricks - Infosec Reactions Humor Website
The security business is a serious and frustrating world. Like many things in life you have to not take it too seriously from time to time. There is a website dedicated for Security Professionals to express their challenges and experiences through animated…
SwordPhish - free, lightweight and open-source phish reporting tool
http://ift.tt/2BRkbc9
Submitted December 22, 2017 at 07:57PM by eth0izzle
via reddit http://ift.tt/2kYecKA
http://ift.tt/2BRkbc9
Submitted December 22, 2017 at 07:57PM by eth0izzle
via reddit http://ift.tt/2kYecKA
GitHub
Schillings/SwordPhish
Schillings SwordPhish empowers organisations and engages its employees to establish the key component of any cyber security strategy: the Human Firewall.