A Critique of Logging Capabilities in PowerShell v6
http://ift.tt/2mDYTbD

Submitted January 14, 2018 at 11:04PM by SamratAsh0k
via reddit http://ift.tt/2r03pWi

Malicious Spear-Phishing Campaign Targets Upcoming Winter Olympics in South Korea
http://ift.tt/2DhITD6

Submitted January 14, 2018 at 11:30PM by imr2017
via reddit http://ift.tt/2mCYSEx

Most Important Penetration Testing commands Cheat Sheet for Linux Machine
http://ift.tt/2m6dVsD

Submitted January 14, 2018 at 11:24PM by tech-gig
via reddit http://ift.tt/2muzPmi

Damn vulnerable arm router
http://ift.tt/2DgFnv4

Submitted January 15, 2018 at 12:11AM by pm_me_your_findings
via reddit http://ift.tt/2D0AcvZ

Browser as botnet, the coming war on your web browser
http://ift.tt/2EHePjM

Submitted January 15, 2018 at 01:21AM by brannondorsey
via reddit http://ift.tt/2mxkFNj

AKITA Instant Privacy | Worth it?
http://ift.tt/2lk0666

Submitted January 15, 2018 at 01:26AM by bjm123
via reddit http://ift.tt/2EG68X0

A few OSSEC HIDS thoughts...
We've used OSSEC HIDS in PCI:DSS environments for years now, but I'm looking to extend the functionality quite a bit.Automated agent installation. (Puppet Labs?)Reporting Analytics / Rules. (Wazuh?)Templated site configuration. (no idea...)The goal would be to prop-up a vanilla OSSEC installation with base configs on a VM (probably in Hyper-V) then create an image we could clone to other future client spaces. This would greatly reduce the time spent on initial project-work, remediating these specific PCI requirements.A few questions:How would you go about it?Is AlienVault worth it? (Demo'ing their product this week.)Have you run into any gotcha's with OSSEC HIDS that are better overcome with another product?Thanks in advance!

Submitted January 14, 2018 at 10:48PM by sh8k3nb8by
via reddit http://ift.tt/2AXUvZk

OnePlus Checkout Hacked? The Dangers of On-Site Payment Processing
http://ift.tt/2r7tYcl

Submitted January 15, 2018 at 03:30AM by JustAPenTester
via reddit http://ift.tt/2r9cNaq

[x-post r/Huawei] How secure is the fingerprint lock? (pentesting?)
Ive never been on this sub so i dont know if this is the right place.. but anyways.To preface, let me start by saying i am not a programmer or pentester at all but i do take an interest in learning what is behind the interface of my various electronic devices.So i own a Huawei Mate 9I noticed when I go to "phone manager > applock" you can lock certain apps with the fingerprint scanner. I use kik a lot for messaging people and used that function for this app (as well as literally every other app that would give anyone information about me if they had access). When i receive a notification and click it, my phone first directs me to unlock the app with the fingerprint. However before i unlock it, the person who sent me the message can see that i "read" their message before ever opening their message. This applies with every other messaging app i have at the moment.Again, i dont have much experience in this realm, but with the little knowledge i do have.. it seems that it allows me to access the messages BEFORE i unlock it. It appears that the only reason I cant see the message is because the fingerprint scanner pops up so I cant physically see the message, but the phone can.Assuming someone hacked or installed spyware/malware on my phone, does that mean that the fingerprint lock does not offer me another layer of security?

Submitted January 15, 2018 at 03:37AM by whatisthisrn
via reddit http://ift.tt/2Dy9UST

ProtonMail remains one of the most secure emails with the end to end decryption system
http://ift.tt/2Dr8aLb

Submitted January 15, 2018 at 04:03AM by giobbo
via reddit http://ift.tt/2mwqScj

Persistence by adding data to alternate data streams and executing it
http://ift.tt/2mxUMg3

Submitted January 15, 2018 at 04:02AM by oddvarmoe
via reddit http://ift.tt/2Dfowc5

SMB Antimalware Suite Recommendations please
Looking for a cloud based antimalware endpoint solution (preferably with some basic MDM ability---check encryption and patching).Currently 50 employees, but likely to be 250 in a year.Has to work on Mac and Windows. It's been ages since I investigated this so advice from those in the field is greatly appreciated.

Submitted January 15, 2018 at 11:49AM by TheDroogie
via reddit http://ift.tt/2r1S1cu

Bash noscript that enumerates affected systems by each vulnerability per year using Shodan
http://ift.tt/2mv9jJJ

Submitted January 15, 2018 at 01:21PM by tobortidder
via reddit http://ift.tt/2DdY0Ra

2018 B-day Reverse Engineering Challenge
http://ift.tt/2B1Bxkn

Submitted January 15, 2018 at 03:17PM by Rikaard
via reddit http://ift.tt/2mIStIj

Cyber Security Training and Education
https://www.youtube.com/attribution_link?a=QmMdTAgWZa8&u=%2Fwatch%3Fv%3D_S2zNf0C48A%26feature%3Dshare

Submitted January 15, 2018 at 03:29PM by steppa_cyber
via reddit http://ift.tt/2mES1dT

How Secure Is Your Hotel Mobile Room Key?
http://ift.tt/2AE5s22

Submitted January 15, 2018 at 04:08PM by GemmaJ123
via reddit http://ift.tt/2D3JXtw

OSINT AS A MINDSET
http://ift.tt/2DiSSdN

Submitted January 15, 2018 at 04:20PM by xaocuc
via reddit http://ift.tt/2FGaFd5

Automating Application Security
http://ift.tt/2r9ZQga

Submitted January 15, 2018 at 04:17PM by TheRealest_Me
via reddit http://ift.tt/2mFdnaT

Toymaker VTech Settles Charges of Violating Child Privacy Law
http://ift.tt/2CTt9Za

Submitted January 15, 2018 at 04:09PM by GemmaJ123
via reddit http://ift.tt/2r7bZCL

Purple Rain Attack: Password Cracking With Random Generation
http://ift.tt/2D5EEJT

Submitted January 15, 2018 at 05:06PM by netmux
via reddit http://ift.tt/2DzMOeJ

Subdomain enumeration using Censys certificate transparency logs
http://ift.tt/2B3pdA4

Submitted January 15, 2018 at 05:48PM by thorn42
via reddit http://ift.tt/2EIkg20