Weird machines, exploitability, and provable unexploitability
http://ift.tt/2DqGINp
Submitted December 22, 2017 at 12:03AM by mttd
via reddit http://ift.tt/2p8x12S
http://ift.tt/2DqGINp
Submitted December 22, 2017 at 12:03AM by mttd
via reddit http://ift.tt/2p8x12S
ieeexplore.ieee.org
Weird machines, exploitability, and provable unexploitability - IEEE Journals & Magazine
The concept of exploit is central to computer security, particularly in the context of memory corruptions. Yet, in spite of the centrality of the concept a
Use VPN to stay secure and anonymous in the Internet
VPN is very useful : https://youtube.com/watch?v=7Awgf7R8tds
Submitted December 22, 2017 at 12:20AM by f-pace
via reddit http://ift.tt/2Dr29xN
VPN is very useful : https://youtube.com/watch?v=7Awgf7R8tds
Submitted December 22, 2017 at 12:20AM by f-pace
via reddit http://ift.tt/2Dr29xN
YouTube
VPN - why do you need to start using it Right Now ?? 🛡⚔
VPN can be used to annonymize and encrypt your internet traffic, so no one can track you. In this video I'm going to show you why do you need to start using ...
“username or password is incorrect” is bullshit
http://ift.tt/2kzJRlT
Submitted December 22, 2017 at 01:06AM by travisjeffery
via reddit http://ift.tt/2Dr13ll
http://ift.tt/2kzJRlT
Submitted December 22, 2017 at 01:06AM by travisjeffery
via reddit http://ift.tt/2Dr13ll
Hacker Noon
“username or password incorrect” is bullshit
There’s a security best practice where sign ins aren’t supposed to say “password is incorrect”. Instead they’re supposed to say the…
Convert keys between GnuPG, OpenSsh and OpenSSL
http://ift.tt/2qyjgr3
Submitted December 22, 2017 at 01:22AM by pheedrus
via reddit http://ift.tt/2BkjTZW
http://ift.tt/2qyjgr3
Submitted December 22, 2017 at 01:22AM by pheedrus
via reddit http://ift.tt/2BkjTZW
sysmic.org
Convert keys between GnuPG, OpenSsh and OpenSSL - Sysmic.org
OpenSSH to OpenSSL OpenSSH private keys are directly understable by OpenSSL. You can test for example: openssl rsa -in ~/.ssh/id_rsa -text openssl dsa -in ~/.ssh/id_dsa -text So,
Processing network security logs with Bro Analysis Tools (BAT)
http://ift.tt/2DglEZx
Submitted December 22, 2017 at 02:27AM by waxlamp
via reddit http://ift.tt/2DpTMm0
http://ift.tt/2DglEZx
Submitted December 22, 2017 at 02:27AM by waxlamp
via reddit http://ift.tt/2DpTMm0
The Kitware Blog
Using Open Source to Satisfy NIST SP 800-171 Requirements
As 2017 comes to a close, many government contractors are working toward the end-of-the-year deadline for compliance with the National Institute of Standards and Technology (NIST) Special Publicati…
Zealot: New Apache Struts Campaign Uses EternalBlue and EternalSynergy to Mine Monero on Internal Networks
http://ift.tt/2j748y4
Submitted December 22, 2017 at 02:38AM by based2
via reddit http://ift.tt/2p8yXbC
http://ift.tt/2j748y4
Submitted December 22, 2017 at 02:38AM by based2
via reddit http://ift.tt/2p8yXbC
F5
Zealot: New Apache Struts Campaign Uses EternalBlue and EternalSynergy to Mine Monero on Internal Networks
New Apache Struts campaign, Zealot, targets vulnerabilities in Windows, Linux, and the DotNetNuke CMS, then leverages leaked NSA exploits to move laterally through internal networks and mine Monero.
Round 1 Submissions - Post-Quantum Cryptography
http://ift.tt/2BMCgYR
Submitted December 22, 2017 at 02:37AM by based2
via reddit http://ift.tt/2DpqXGo
http://ift.tt/2BMCgYR
Submitted December 22, 2017 at 02:37AM by based2
via reddit http://ift.tt/2DpqXGo
reddit
Round 1 Submissions - Post-Quantum Cryptography • r/netsec
1 points and 0 comments so far on reddit
Couple words about rsync protocol based on breach of 2k emails from Czech university.
http://ift.tt/2BiumVN
Submitted December 22, 2017 at 03:20AM by Mysterii8
via reddit http://ift.tt/2p7c9Js
http://ift.tt/2BiumVN
Submitted December 22, 2017 at 03:20AM by Mysterii8
via reddit http://ift.tt/2p7c9Js
Medium
Couple words about rsync protocol based on breach of 2k emails from Czech university.
TL;DR I would like to show how misconfigured rsync protocol can lead to data breach or compromise company and how to secure yourself. To…
Couple words about rsync protocol based on breach of 2k emails from Czech university.
http://ift.tt/2BiumVN
Submitted December 22, 2017 at 03:17AM by Mysterii8
via reddit http://ift.tt/2BwEs9O
http://ift.tt/2BiumVN
Submitted December 22, 2017 at 03:17AM by Mysterii8
via reddit http://ift.tt/2BwEs9O
Medium
Couple words about rsync protocol based on breach of 2k emails from Czech university.
TL;DR I would like to show how misconfigured rsync protocol can lead to data breach or compromise company and how to secure yourself. To…
Responder -> MultiRelay -> Mimikatz -> Crackmapexec ->Windows PWNage
http://ift.tt/2CUD1yl
Submitted December 22, 2017 at 05:49AM by ashtondrakestorm
via reddit http://ift.tt/2Bib6rI
http://ift.tt/2CUD1yl
Submitted December 22, 2017 at 05:49AM by ashtondrakestorm
via reddit http://ift.tt/2Bib6rI
GameOfPWNZ
Responder -> MultiRelay -> Mimikatz -> Crackmapexec ->Windows PWNage - GameOfPWNZ
For this post, we’re going to do a scenario-based usage of the following tools: responder, MultiRelay.py, mimikatz, and crackmapexec. This post gained influence from “Skip Cracking Responder Hashes and Replay...
State [Monthly Summary] of Linux security in 2017
http://ift.tt/2kVAmx2
Submitted December 22, 2017 at 07:48AM by dixon1dw
via reddit http://ift.tt/2BMW6mQ
http://ift.tt/2kVAmx2
Submitted December 22, 2017 at 07:48AM by dixon1dw
via reddit http://ift.tt/2BMW6mQ
Linux Audit
The state of Linux security in 2017 - Linux Audit
Linux security (2017 edition) The year is closing, so it is time to review Linux security. Like last year, we look at the state of Linux security. A collection of the finest moments. Did we forget something important? Let us know in the comments. This post…
How dangerous is it to reveal your birthday through phone survey?
Recently I had a university graduation survey. The representitive calling asked me to do a survey at 6:30 PM and he asked me a lot of questions about employment since graduation and then finally asked me what was my month and day of birth. So I answered it but my parents were livid when I did.I looked at my call log and traced the number and tried to call them back. The automatic line said "welcome to <<school's>> survey research department". At this point I knew this number seemed legit. What I'm worried is why the fuck did they ask me for hints of my birthday? Are they really trying to steal my confidential information? If the know my name and number, could they potentially hack into my bank account?
Submitted December 22, 2017 at 07:30AM by strandoflight
via reddit http://ift.tt/2kBIFi6
Recently I had a university graduation survey. The representitive calling asked me to do a survey at 6:30 PM and he asked me a lot of questions about employment since graduation and then finally asked me what was my month and day of birth. So I answered it but my parents were livid when I did.I looked at my call log and traced the number and tried to call them back. The automatic line said "welcome to <<school's>> survey research department". At this point I knew this number seemed legit. What I'm worried is why the fuck did they ask me for hints of my birthday? Are they really trying to steal my confidential information? If the know my name and number, could they potentially hack into my bank account?
Submitted December 22, 2017 at 07:30AM by strandoflight
via reddit http://ift.tt/2kBIFi6
reddit
How dangerous is it to reveal your birthday through... • r/security
Recently I had a university graduation survey. The representitive calling asked me to do a survey at 6:30 PM and he asked me a lot of questions...
PentesterLab | Web for Pentester - Learn all you need to know to start doing web penetration testing
http://ift.tt/1BidOfs
Submitted December 22, 2017 at 12:05PM by Gallus
via reddit http://ift.tt/2kWkQ3Y
http://ift.tt/1BidOfs
Submitted December 22, 2017 at 12:05PM by Gallus
via reddit http://ift.tt/2kWkQ3Y
Pentesterlab
PentesterLab: Web for Pentester
This exercise is a set of the most common web vulnerabilities.
Arbitrary Linux kernel memory read+write via incorrect range tracking in eBPF
http://ift.tt/2BSNP39
Submitted December 22, 2017 at 02:00PM by 0xdea
via reddit http://ift.tt/2zglBKo
http://ift.tt/2BSNP39
Submitted December 22, 2017 at 02:00PM by 0xdea
via reddit http://ift.tt/2zglBKo
NetSPI SQL Injection Wiki
http://ift.tt/2BAWiVO
Submitted December 22, 2017 at 04:25PM by speckz
via reddit http://ift.tt/2BAtosg
http://ift.tt/2BAWiVO
Submitted December 22, 2017 at 04:25PM by speckz
via reddit http://ift.tt/2BAtosg
Netspi
NetSPI SQL Injection Wiki
This wiki's mission is to be a one stop resource for fully identifying, exploiting, and escalating SQL injection vulnerabilities across various Database Management Systems.
Intercepting HTTPS Traffic from Apps on Android 7+ using Magisk & Burp | NVISO LABS
http://ift.tt/2kXPUQF
Submitted December 22, 2017 at 05:41PM by TheDauntless_
via reddit http://ift.tt/2DtmsKX
http://ift.tt/2kXPUQF
Submitted December 22, 2017 at 05:41PM by TheDauntless_
via reddit http://ift.tt/2DtmsKX
NVISO LABS - blog
Intercepting HTTPS Traffic from Apps on Android 7+ using Magisk & Burp
Intercepting HTTPS traffic is a necessity with any mobile security assessment. By adding a custom CA to Android, this can easily be done. As of Android Nougat, however, apps don’t trust clien…
Security In 5: Episode 138 - Tools, Tips and Tricks - Infosec Reactions Humor Website
http://ift.tt/2BXpWar
Submitted December 22, 2017 at 07:35PM by BinaryBlog
via reddit http://ift.tt/2Bm8pVQ
http://ift.tt/2BXpWar
Submitted December 22, 2017 at 07:35PM by BinaryBlog
via reddit http://ift.tt/2Bm8pVQ
Libsyn
Security In Five Podcast: Episode 138 - Tools, Tips and Tricks - Infosec Reactions Humor Website
The security business is a serious and frustrating world. Like many things in life you have to not take it too seriously from time to time. There is a website dedicated for Security Professionals to express their challenges and experiences through animated…
SwordPhish - free, lightweight and open-source phish reporting tool
http://ift.tt/2BRkbc9
Submitted December 22, 2017 at 07:57PM by eth0izzle
via reddit http://ift.tt/2kYecKA
http://ift.tt/2BRkbc9
Submitted December 22, 2017 at 07:57PM by eth0izzle
via reddit http://ift.tt/2kYecKA
GitHub
Schillings/SwordPhish
Schillings SwordPhish empowers organisations and engages its employees to establish the key component of any cyber security strategy: the Human Firewall.
Some cyber security training resources. Get your certs on.
http://ift.tt/2BB31CE
Submitted December 22, 2017 at 08:15PM by j03c0nn01
via reddit http://ift.tt/2C0k3cQ
http://ift.tt/2BB31CE
Submitted December 22, 2017 at 08:15PM by j03c0nn01
via reddit http://ift.tt/2C0k3cQ
Technoloman
Cyber Security Degrees Archives - Technoloman
Cyber Security Degrees, CyberSecurity Training Courses, Cyber Security Training for Veterans and Cyber Security Salaries.
ZDI's last Top 5 bug of 2017 details a matched pair of JavaScript bugs that could allow RCE on unpatched versions of Edge.
http://ift.tt/2BRAXb3
Submitted December 22, 2017 at 09:12PM by RedmondSecGnome
via reddit http://ift.tt/2BRANQZ
http://ift.tt/2BRAXb3
Submitted December 22, 2017 at 09:12PM by RedmondSecGnome
via reddit http://ift.tt/2BRANQZ
Zero Day Initiative
A Matching Pair of Use-After-Free Bugs in Chakra asm.js
This is the final blog in our series of Top 5 interesting cases from 2017. Each of these bugs has some element that sets them apart from the approximately 1,000 advisories released by the program this year. Today’s post details two bugs in Chakra – Microsoft’s…
Best way to protect your password from hackers!
http://ift.tt/2zaJdje
Submitted December 22, 2017 at 08:53PM by radu-matei
via reddit http://ift.tt/2zg5vAk
http://ift.tt/2zaJdje
Submitted December 22, 2017 at 08:53PM by radu-matei
via reddit http://ift.tt/2zg5vAk