Russian military was behind ‘NotPetya’ cyberattack in Ukraine, CIA concludes
http://ift.tt/2CYsh27
Submitted January 14, 2018 at 02:20PM by DerBootsMann
via reddit http://ift.tt/2mBSqO3
http://ift.tt/2CYsh27
Submitted January 14, 2018 at 02:20PM by DerBootsMann
via reddit http://ift.tt/2mBSqO3
Washington Post
Russian military was behind ‘NotPetya’ cyberattack in Ukraine, CIA concludes
The hack targeted banks, energy firms, senior government officials and an airport as Ukraine wages war against separatists aligned with the Kremlin.
Looking for half-decent MSSP Service Catalog and documentation templates - Whatcha got?
http://ift.tt/2D2uxFB
Submitted January 14, 2018 at 03:25AM by sh8k3nb8by
via reddit http://ift.tt/2mBvmzf
http://ift.tt/2D2uxFB
Submitted January 14, 2018 at 03:25AM by sh8k3nb8by
via reddit http://ift.tt/2mBvmzf
Infotech
Build a Security Governance and Management Plan – Executive Brief
Understand why security governance and management is essential for an organization that wants to keep up with today's evolving threat landscape.
You want use Gigabyte online support? Ok! You need to create a account for that, BUT look first how *not* secure their servers are
http://ift.tt/2Fvjd6G
Submitted January 14, 2018 at 04:10PM by rediii123
via reddit http://ift.tt/2EFJqyl
http://ift.tt/2Fvjd6G
Submitted January 14, 2018 at 04:10PM by rediii123
via reddit http://ift.tt/2EFJqyl
reddit
You want use Gigabyte online support? Ok! You need to... • r/security
1 points and 0 comments so far on reddit
CTF Challenge n3ph4ck Writeup
http://ift.tt/2D8WKyD
Submitted January 14, 2018 at 03:17PM by administrator007
via reddit http://ift.tt/2EHX8AJ
http://ift.tt/2D8WKyD
Submitted January 14, 2018 at 03:17PM by administrator007
via reddit http://ift.tt/2EHX8AJ
Medium
CTF Challenge n3ph4ck Writeup
-___#ctfnepal #n3ph4ck Writeups, Solutions ___-
Lenovo network-switches with backdoor
http://ift.tt/2CYtSoX
Submitted January 14, 2018 at 04:19PM by rediii123
via reddit http://ift.tt/2D8KfTQ
http://ift.tt/2CYtSoX
Submitted January 14, 2018 at 04:19PM by rediii123
via reddit http://ift.tt/2D8KfTQ
reddit
Lenovo network-switches with backdoor • r/security
1 points and 0 comments so far on reddit
Fuzzing D code with LDC
http://ift.tt/2CZw6UN
Submitted January 14, 2018 at 06:22PM by cym13
via reddit http://ift.tt/2mx19Ai
http://ift.tt/2CZw6UN
Submitted January 14, 2018 at 06:22PM by cym13
via reddit http://ift.tt/2mx19Ai
johanengelen.github.io
Fuzzing D code with LDC
A not-so-well-written article about the fuzzing capability recently added to LDC, using LLVM’s libFuzzer. Compiling code with -fsanitize=fuzzer adds control-...
CS graduate looking to work in InfoSec, any help?
Firstly I understand the premise of this thread is that it is for computer security professionals, please remove if I am posting in the wrong place... I'm looking to graduate this August with with a BSc in Computer Science and I want to ideally go into information security, whether it involves analysing code, reverse engineering, penetration testing etc. I don't really care, and I intend to do a masters specialising in Information Security (http://ift.tt/2FEFaQY) so I can learn as much as I can before entering a job. My issue is that I am looking for an internship over the summer to help me gain some experience before my studies continue but I don't even know what to look for. I have tried searching for "information security intern" on Indeed and Glassdoor to no avail. I already have a year's experience working as an IT Administrator at a finance firm, but I would ideally like to broaden my horizons. What kind of job/internship noscripts do any of you think I should be looking for?
Submitted January 14, 2018 at 09:31PM by t-sploit
via reddit http://ift.tt/2EIzjsx
Firstly I understand the premise of this thread is that it is for computer security professionals, please remove if I am posting in the wrong place... I'm looking to graduate this August with with a BSc in Computer Science and I want to ideally go into information security, whether it involves analysing code, reverse engineering, penetration testing etc. I don't really care, and I intend to do a masters specialising in Information Security (http://ift.tt/2FEFaQY) so I can learn as much as I can before entering a job. My issue is that I am looking for an internship over the summer to help me gain some experience before my studies continue but I don't even know what to look for. I have tried searching for "information security intern" on Indeed and Glassdoor to no avail. I already have a year's experience working as an IT Administrator at a finance firm, but I would ideally like to broaden my horizons. What kind of job/internship noscripts do any of you think I should be looking for?
Submitted January 14, 2018 at 09:31PM by t-sploit
via reddit http://ift.tt/2EIzjsx
reddit
CS graduate looking to work in InfoSec, any help? • r/security
Firstly I understand the premise of this thread is that it is for computer security professionals, please remove if I am posting in the wrong...
gOSINT 0.4 is out, now with a telegram groups scraper
http://ift.tt/2ikgu8N
Submitted January 14, 2018 at 10:06PM by Nhoya
via reddit http://ift.tt/2DcASTm
http://ift.tt/2ikgu8N
Submitted January 14, 2018 at 10:06PM by Nhoya
via reddit http://ift.tt/2DcASTm
GitHub
Nhoya/gOSINT
OSINT Swiss Army Knife. Contribute to Nhoya/gOSINT development by creating an account on GitHub.
A Critique of Logging Capabilities in PowerShell v6
http://ift.tt/2mDYTbD
Submitted January 14, 2018 at 11:04PM by SamratAsh0k
via reddit http://ift.tt/2r03pWi
http://ift.tt/2mDYTbD
Submitted January 14, 2018 at 11:04PM by SamratAsh0k
via reddit http://ift.tt/2r03pWi
Labofapenetrationtester
A Critique of Logging Capabilities in PowerShell v6
Home of Nikhil SamratAshok Mittal. Posts about Pen Testing.
Malicious Spear-Phishing Campaign Targets Upcoming Winter Olympics in South Korea
http://ift.tt/2DhITD6
Submitted January 14, 2018 at 11:30PM by imr2017
via reddit http://ift.tt/2mCYSEx
http://ift.tt/2DhITD6
Submitted January 14, 2018 at 11:30PM by imr2017
via reddit http://ift.tt/2mCYSEx
Crowdstrike
Malicious Spear-Phishing Campaign Targets Upcoming Winter Olympics in South Korea
Learn about the Malicious spear-phishing campaign that will target the upcoming Winter Olympics in South Korea.
Most Important Penetration Testing commands Cheat Sheet for Linux Machine
http://ift.tt/2m6dVsD
Submitted January 14, 2018 at 11:24PM by tech-gig
via reddit http://ift.tt/2muzPmi
http://ift.tt/2m6dVsD
Submitted January 14, 2018 at 11:24PM by tech-gig
via reddit http://ift.tt/2muzPmi
Tech
Most Important Penetration Testing Cheat Sheet Linux Machine
The Following Penetration Testing Cheat Sheet Linux Machine are designed for local enumeration, typical commands a penetration teste
Damn vulnerable arm router
http://ift.tt/2DgFnv4
Submitted January 15, 2018 at 12:11AM by pm_me_your_findings
via reddit http://ift.tt/2D0AcvZ
http://ift.tt/2DgFnv4
Submitted January 15, 2018 at 12:11AM by pm_me_your_findings
via reddit http://ift.tt/2D0AcvZ
blog.exploitlab.net
DVAR - Damn Vulnerable ARM Router
Damn Vulnerable ARM Router (DVAR) THE ARM IoT EXPLOIT LABORATORY DVAR is an emulated Linux based ARM router running a vulnerable web ...
Browser as botnet, the coming war on your web browser
http://ift.tt/2EHePjM
Submitted January 15, 2018 at 01:21AM by brannondorsey
via reddit http://ift.tt/2mxkFNj
http://ift.tt/2EHePjM
Submitted January 15, 2018 at 01:21AM by brannondorsey
via reddit http://ift.tt/2mxkFNj
Medium
Browser as Botnet, or the Coming War on Your Web Browser
What if websites borrowed compute resources from their visitor’s devices while they browsed as a means of distributed computing?
AKITA Instant Privacy | Worth it?
http://ift.tt/2lk0666
Submitted January 15, 2018 at 01:26AM by bjm123
via reddit http://ift.tt/2EG68X0
http://ift.tt/2lk0666
Submitted January 15, 2018 at 01:26AM by bjm123
via reddit http://ift.tt/2EG68X0
Kickstarter
AKITA | Instant Privacy for Smart Homes
Protect your home from IoT invasions and hacks with Akita, the IoT device watchdog station.
A few OSSEC HIDS thoughts...
We've used OSSEC HIDS in PCI:DSS environments for years now, but I'm looking to extend the functionality quite a bit.Automated agent installation. (Puppet Labs?)Reporting Analytics / Rules. (Wazuh?)Templated site configuration. (no idea...)The goal would be to prop-up a vanilla OSSEC installation with base configs on a VM (probably in Hyper-V) then create an image we could clone to other future client spaces. This would greatly reduce the time spent on initial project-work, remediating these specific PCI requirements.A few questions:How would you go about it?Is AlienVault worth it? (Demo'ing their product this week.)Have you run into any gotcha's with OSSEC HIDS that are better overcome with another product?Thanks in advance!
Submitted January 14, 2018 at 10:48PM by sh8k3nb8by
via reddit http://ift.tt/2AXUvZk
We've used OSSEC HIDS in PCI:DSS environments for years now, but I'm looking to extend the functionality quite a bit.Automated agent installation. (Puppet Labs?)Reporting Analytics / Rules. (Wazuh?)Templated site configuration. (no idea...)The goal would be to prop-up a vanilla OSSEC installation with base configs on a VM (probably in Hyper-V) then create an image we could clone to other future client spaces. This would greatly reduce the time spent on initial project-work, remediating these specific PCI requirements.A few questions:How would you go about it?Is AlienVault worth it? (Demo'ing their product this week.)Have you run into any gotcha's with OSSEC HIDS that are better overcome with another product?Thanks in advance!
Submitted January 14, 2018 at 10:48PM by sh8k3nb8by
via reddit http://ift.tt/2AXUvZk
reddit
A few OSSEC HIDS thoughts... • r/security
We've used OSSEC HIDS in PCI:DSS environments for years now, but I'm looking to extend the functionality quite a bit. * Automated agent...
OnePlus Checkout Hacked? The Dangers of On-Site Payment Processing
http://ift.tt/2r7tYcl
Submitted January 15, 2018 at 03:30AM by JustAPenTester
via reddit http://ift.tt/2r9cNaq
http://ift.tt/2r7tYcl
Submitted January 15, 2018 at 03:30AM by JustAPenTester
via reddit http://ift.tt/2r9cNaq
Fidus InfoSecurity | Cyber Security, Penetration Testing, Red Teaming
OnePlus Checkout Hacked? The Dangers of On-Site Payment Processing - Fidus InfoSecurity | Cyber Security, Penetration Testing,…
Was the OnePlus Checkout breached by hackers? We discuss the dangers of on-site payment processing and how to protect yourself against it.
[x-post r/Huawei] How secure is the fingerprint lock? (pentesting?)
Ive never been on this sub so i dont know if this is the right place.. but anyways.To preface, let me start by saying i am not a programmer or pentester at all but i do take an interest in learning what is behind the interface of my various electronic devices.So i own a Huawei Mate 9I noticed when I go to "phone manager > applock" you can lock certain apps with the fingerprint scanner. I use kik a lot for messaging people and used that function for this app (as well as literally every other app that would give anyone information about me if they had access). When i receive a notification and click it, my phone first directs me to unlock the app with the fingerprint. However before i unlock it, the person who sent me the message can see that i "read" their message before ever opening their message. This applies with every other messaging app i have at the moment.Again, i dont have much experience in this realm, but with the little knowledge i do have.. it seems that it allows me to access the messages BEFORE i unlock it. It appears that the only reason I cant see the message is because the fingerprint scanner pops up so I cant physically see the message, but the phone can.Assuming someone hacked or installed spyware/malware on my phone, does that mean that the fingerprint lock does not offer me another layer of security?
Submitted January 15, 2018 at 03:37AM by whatisthisrn
via reddit http://ift.tt/2Dy9UST
Ive never been on this sub so i dont know if this is the right place.. but anyways.To preface, let me start by saying i am not a programmer or pentester at all but i do take an interest in learning what is behind the interface of my various electronic devices.So i own a Huawei Mate 9I noticed when I go to "phone manager > applock" you can lock certain apps with the fingerprint scanner. I use kik a lot for messaging people and used that function for this app (as well as literally every other app that would give anyone information about me if they had access). When i receive a notification and click it, my phone first directs me to unlock the app with the fingerprint. However before i unlock it, the person who sent me the message can see that i "read" their message before ever opening their message. This applies with every other messaging app i have at the moment.Again, i dont have much experience in this realm, but with the little knowledge i do have.. it seems that it allows me to access the messages BEFORE i unlock it. It appears that the only reason I cant see the message is because the fingerprint scanner pops up so I cant physically see the message, but the phone can.Assuming someone hacked or installed spyware/malware on my phone, does that mean that the fingerprint lock does not offer me another layer of security?
Submitted January 15, 2018 at 03:37AM by whatisthisrn
via reddit http://ift.tt/2Dy9UST
reddit
[x-post r/Huawei] How secure is the fingerprint lock?... • r/security
Ive never been on this sub so i dont know if this is the right place.. but anyways. To preface, let me start by saying i am not a programmer or...
ProtonMail remains one of the most secure emails with the end to end decryption system
http://ift.tt/2Dr8aLb
Submitted January 15, 2018 at 04:03AM by giobbo
via reddit http://ift.tt/2mwqScj
http://ift.tt/2Dr8aLb
Submitted January 15, 2018 at 04:03AM by giobbo
via reddit http://ift.tt/2mwqScj
Italia Post
ProtonMail: l'email con crittografia end-to-end
ProtonMail è il servizio di posta elettronica offerto da Proton Technologies, una società fondata (2013) da un gruppo di scienziati del MIT e del CERN.
Persistence by adding data to alternate data streams and executing it
http://ift.tt/2mxUMg3
Submitted January 15, 2018 at 04:02AM by oddvarmoe
via reddit http://ift.tt/2Dfowc5
http://ift.tt/2mxUMg3
Submitted January 15, 2018 at 04:02AM by oddvarmoe
via reddit http://ift.tt/2Dfowc5
Oddvar Moe's Blog
Putting data in Alternate data streams and how to execute it
Part 2 of this research can be found here: I always had a fascination about ADS (Alternate data streams) and using it as part of a persistence. My first meeting with this as a persistence techniqu…
SMB Antimalware Suite Recommendations please
Looking for a cloud based antimalware endpoint solution (preferably with some basic MDM ability---check encryption and patching).Currently 50 employees, but likely to be 250 in a year.Has to work on Mac and Windows. It's been ages since I investigated this so advice from those in the field is greatly appreciated.
Submitted January 15, 2018 at 11:49AM by TheDroogie
via reddit http://ift.tt/2r1S1cu
Looking for a cloud based antimalware endpoint solution (preferably with some basic MDM ability---check encryption and patching).Currently 50 employees, but likely to be 250 in a year.Has to work on Mac and Windows. It's been ages since I investigated this so advice from those in the field is greatly appreciated.
Submitted January 15, 2018 at 11:49AM by TheDroogie
via reddit http://ift.tt/2r1S1cu
reddit
SMB Antimalware Suite Recommendations please • r/security
Looking for a cloud based antimalware endpoint solution (preferably with some basic MDM ability---check encryption and patching). Currently 50...
Bash noscript that enumerates affected systems by each vulnerability per year using Shodan
http://ift.tt/2mv9jJJ
Submitted January 15, 2018 at 01:21PM by tobortidder
via reddit http://ift.tt/2DdY0Ra
http://ift.tt/2mv9jJJ
Submitted January 15, 2018 at 01:21PM by tobortidder
via reddit http://ift.tt/2DdY0Ra
GitHub
Mavrepis/ShodanVulncheck
ShodanVulncheck - bash noscript to enumerate vulnerabilities on specific year through Shodan API