Automating Application Security
http://ift.tt/2r9ZQga
Submitted January 15, 2018 at 04:17PM by TheRealest_Me
via reddit http://ift.tt/2mFdnaT
http://ift.tt/2r9ZQga
Submitted January 15, 2018 at 04:17PM by TheRealest_Me
via reddit http://ift.tt/2mFdnaT
Continuous Cyber Security | UK | Digital Interruption
Working towards automated App Security | Continuous Cyber Security | UK | Digital Interruption
There has been a growing shift in the way software is developed and one the security industry has unfortunately been slow to adapt to and adopt. I'm talking, of
Toymaker VTech Settles Charges of Violating Child Privacy Law
http://ift.tt/2CTt9Za
Submitted January 15, 2018 at 04:09PM by GemmaJ123
via reddit http://ift.tt/2r7bZCL
http://ift.tt/2CTt9Za
Submitted January 15, 2018 at 04:09PM by GemmaJ123
via reddit http://ift.tt/2r7bZCL
Nytimes
Toymaker VTech Settles Charges of Violating Child Privacy Law
The company was accused of collecting data on children without parents’ permission and failing to keep it secure from hackers. It agreed to pay $650,000.
Purple Rain Attack: Password Cracking With Random Generation
http://ift.tt/2D5EEJT
Submitted January 15, 2018 at 05:06PM by netmux
via reddit http://ift.tt/2DzMOeJ
http://ift.tt/2D5EEJT
Submitted January 15, 2018 at 05:06PM by netmux
via reddit http://ift.tt/2DzMOeJ
Purple Rain Attack
When All Else Fails There comes a time in every pentest that you just simply run out of password cracking attacks to try, and you find yourself completely stumped. You've consulted your notes, performed analysis of the password policy and current cracked…
Subdomain enumeration using Censys certificate transparency logs
http://ift.tt/2B3pdA4
Submitted January 15, 2018 at 05:48PM by thorn42
via reddit http://ift.tt/2EIkg20
http://ift.tt/2B3pdA4
Submitted January 15, 2018 at 05:48PM by thorn42
via reddit http://ift.tt/2EIkg20
GitHub
christophetd/censys-subdomain-finder
censys-subdomain-finder - Perform subdomain enumeration using the certificate transparency logs from Censys.
Security In 5: Episode 152 - How To Help Your Security Program Be Accepted
http://ift.tt/2EGETLZ
Submitted January 15, 2018 at 07:32PM by BinaryBlog
via reddit http://ift.tt/2DfhmVn
http://ift.tt/2EGETLZ
Submitted January 15, 2018 at 07:32PM by BinaryBlog
via reddit http://ift.tt/2DfhmVn
Libsyn
Security In Five Podcast: Episode 152 - How To Help Your Security Program Be Accepted
Creating a security program is the easy part, getting it integrated and accepted by the business and employees is the hard part. Security is more than the technology supporting it, security needs to be accepted by people to be effective. People have to choose…
RFID tag in key fob?
When your smart keyfob looses power you can often start the engine by pushing the start button with the key fob. Suspecting a passive RFID tag, I tried to pick up a 125khz tag with an Innovations reader and tried to read an NFC tag with a PN532 reader to no avail. Anyone know what's in there?
Submitted January 15, 2018 at 07:23PM by hydronics2
via reddit http://ift.tt/2mzTWiT
When your smart keyfob looses power you can often start the engine by pushing the start button with the key fob. Suspecting a passive RFID tag, I tried to pick up a 125khz tag with an Innovations reader and tried to read an NFC tag with a PN532 reader to no avail. Anyone know what's in there?
Submitted January 15, 2018 at 07:23PM by hydronics2
via reddit http://ift.tt/2mzTWiT
reddit
RFID tag in key fob? • r/security
When your smart keyfob looses power you can often start the engine by pushing the start button with the key fob. Suspecting a passive RFID tag, I...
Check https grades via console
http://ift.tt/2EIeHR8
Submitted January 15, 2018 at 07:14PM by CoolUsernamesAreGone
via reddit http://ift.tt/2B2861q
http://ift.tt/2EIeHR8
Submitted January 15, 2018 at 07:14PM by CoolUsernamesAreGone
via reddit http://ift.tt/2B2861q
GitHub
ozzi-/consoleSSLlabs
consoleSSLlabs - Automate scans using Qualys SSL Labs
Hacking Facebook accounts using CSRF in Oculus-Facebook integration
http://ift.tt/2Dy9tbf
Submitted January 15, 2018 at 08:55PM by josipfranjkovic
via reddit http://ift.tt/2B20c8q
http://ift.tt/2Dy9tbf
Submitted January 15, 2018 at 08:55PM by josipfranjkovic
via reddit http://ift.tt/2B20c8q
JosipFranjkovic
Hacking Facebook accounts using CSRF in Oculus-Facebook integration
I enjoy breaking websites.
Hershell, a project in Go to generate cross-platform reverse shell payloads, with TLS encryption and upgrade into Meterpreter.
http://ift.tt/2r8nAl4
Submitted January 15, 2018 at 07:45PM by phocean
via reddit http://ift.tt/2my7mfA
http://ift.tt/2r8nAl4
Submitted January 15, 2018 at 07:45PM by phocean
via reddit http://ift.tt/2my7mfA
Sysdream
Sysdream, [EN] Golang for pentests : Hershell
Sysdream, audits et formations en sécurité informatique Ethical Hacking PCI DSS Test d'intrusion
Mixed Content Warnings? No more! Crawling for warnings in an automated fashion
http://ift.tt/2myaWq0
Submitted January 15, 2018 at 07:42PM by CoolUsernamesAreGone
via reddit http://ift.tt/2mH1ZLK
http://ift.tt/2myaWq0
Submitted January 15, 2018 at 07:42PM by CoolUsernamesAreGone
via reddit http://ift.tt/2mH1ZLK
GitHub
ozzi-/mixed-content-checker
mixed-content-checker - java cli tool for crawling whole websites for mixed-content issues
Public Disclosure: Authentication Bypass on help.baaz.com
http://ift.tt/2FE3bHz
Submitted January 15, 2018 at 07:34PM by alexbirsan
via reddit http://ift.tt/2Dknr2E
http://ift.tt/2FE3bHz
Submitted January 15, 2018 at 07:34PM by alexbirsan
via reddit http://ift.tt/2Dknr2E
Medium
Public Disclosure: Authentication Bypass on help.baaz.com
I’m gonna keep this short and sweet. The Baaz security team is refusing to fix this, or cooperate in any way, so I’m releasing everything I…
Shibboleth authentication bypass
http://ift.tt/2ELwO8R
Submitted January 15, 2018 at 09:30PM by le-quack
via reddit http://ift.tt/2FDWOnX
http://ift.tt/2ELwO8R
Submitted January 15, 2018 at 09:30PM by le-quack
via reddit http://ift.tt/2FDWOnX
www.redteam-pentesting.de
Truncation of SAML Attributes in Shibboleth 2
RedTeam Pentesting discovered that the shibd service of Shibboleth 2 does not extract SAML attribute values in a robust manner. By inserting XML entities into a SAML response, attackers may...
Using a Yubikey for GPG and SSH
http://ift.tt/2EEATeT
Submitted January 15, 2018 at 10:35PM by speckz
via reddit http://ift.tt/2Dzvab0
http://ift.tt/2EEATeT
Submitted January 15, 2018 at 10:35PM by speckz
via reddit http://ift.tt/2Dzvab0
Sebastian Neef - 0day.work
Using a Yubikey for GPG and SSH
It's been a long time since my last blogpost, but I'm back with a post about how to use your Yubikey 4 for GPG and SSH keys. What is a Yubikey? The rather small Yubikeys are sold by Yubico and I obtained two as part of a student offer last
Studying choices
Hi everyone, I am currently in my last years of school and I am trying to make a decision on which way to go. So first of all I am very interested in it security, I just love every aspect of it, so I am in between 2 option. The first one would be to go directly to university where they offer Info sec such as RoyalHolloway!, Warwick! or try to get into a company where they offer both studying and working at the same time, which gives me the advantage that I already real-life work experience when im finished. So, what is your opininion and what else can I do before I start studying.Thanks in advance.
Submitted January 15, 2018 at 11:15PM by maxWinkler07
via reddit http://ift.tt/2r4swr0
Hi everyone, I am currently in my last years of school and I am trying to make a decision on which way to go. So first of all I am very interested in it security, I just love every aspect of it, so I am in between 2 option. The first one would be to go directly to university where they offer Info sec such as RoyalHolloway!, Warwick! or try to get into a company where they offer both studying and working at the same time, which gives me the advantage that I already real-life work experience when im finished. So, what is your opininion and what else can I do before I start studying.Thanks in advance.
Submitted January 15, 2018 at 11:15PM by maxWinkler07
via reddit http://ift.tt/2r4swr0
www.royalholloway.ac.uk
BSc in Computer Science (Information Security) - Royal Holloway, University of London
Information about single honours undergraduate programmes in Computer Science at Royal Holloway, University of London
Nontraditional pathways to a cybersecurity career: You got into infosec HOW?!
http://ift.tt/2DzraqJ
Submitted January 15, 2018 at 11:01PM by yourbasicgeek
via reddit http://ift.tt/2EJwYgM
http://ift.tt/2DzraqJ
Submitted January 15, 2018 at 11:01PM by yourbasicgeek
via reddit http://ift.tt/2EJwYgM
reddit
Nontraditional pathways to a cybersecurity career:... • r/security
1 points and 0 comments so far on reddit
NIST Post-Quantum Public Key Cryptography Contest
http://ift.tt/2mydFj6
Submitted January 15, 2018 at 10:55PM by airconditioningboy
via reddit http://ift.tt/2FEe6Bn
http://ift.tt/2mydFj6
Submitted January 15, 2018 at 10:55PM by airconditioningboy
via reddit http://ift.tt/2FEe6Bn
www.google.co.uk
crypto submissions nist - Google Search
What apps/software specifically are affected by Spectre and Meltdown? (on macintosh)
Due to issues between the latest OS update on Mac and full-disk encryption (can't quite remember the details at the moment) I want to learn more about any ways to guard against a spectre/meltdown attack without updating the OS.Are there techniques for avoiding an attack? Maybe not having more than one thing open at a time? Having any sensitive information kept on a USB instead of locally stored? When is it appropriate to have the USB plugged in (if at all)?Or is any attempt to mitigate / avoid an attack completely futile without updating OS and firmware?Thanks for helping a bro out. :DP.S. If anyone knows answers to the above, but in regards to an unupdated windows machine using Chrome, feel free to share some knowledge with that as well! :) And linux too (I use a few different computers for work)
Submitted January 15, 2018 at 11:47PM by bubbling_automobile
via reddit http://ift.tt/2FGvMMK
Due to issues between the latest OS update on Mac and full-disk encryption (can't quite remember the details at the moment) I want to learn more about any ways to guard against a spectre/meltdown attack without updating the OS.Are there techniques for avoiding an attack? Maybe not having more than one thing open at a time? Having any sensitive information kept on a USB instead of locally stored? When is it appropriate to have the USB plugged in (if at all)?Or is any attempt to mitigate / avoid an attack completely futile without updating OS and firmware?Thanks for helping a bro out. :DP.S. If anyone knows answers to the above, but in regards to an unupdated windows machine using Chrome, feel free to share some knowledge with that as well! :) And linux too (I use a few different computers for work)
Submitted January 15, 2018 at 11:47PM by bubbling_automobile
via reddit http://ift.tt/2FGvMMK
reddit
What apps/software specifically are affected by... • r/security
Due to issues between the latest OS update on Mac and full-disk encryption (can't quite remember the details at the moment) I want to learn more...
Intel AMT Security Loophole Allow Hackers to Seize Control of Laptops
http://ift.tt/2myOrBd
Submitted January 16, 2018 at 12:26AM by DiceIT
via reddit http://ift.tt/2FFhhZB
http://ift.tt/2myOrBd
Submitted January 16, 2018 at 12:26AM by DiceIT
via reddit http://ift.tt/2FFhhZB
YourDailyTech
[News] Intel AMT Security Loophole Allow Hackers to Seize Control of Laptops | YourDailyTech
Insecure defaults in Intel AMT allow an intruder to completely bypass user and BIOS passwords and TPM and Bitlocker PINs to backdoor almost any corporate laptop in a matter of seconds F-Secure reports a security issue affecting most corporate laptops that…
Browser as Botnet: The Coming War For Your Web Browser
http://ift.tt/2ELk5CO
Submitted January 16, 2018 at 12:55AM by finalbroadcast
via reddit http://ift.tt/2mB7sD1
http://ift.tt/2ELk5CO
Submitted January 16, 2018 at 12:55AM by finalbroadcast
via reddit http://ift.tt/2mB7sD1
freeCodeCamp
Browser as Botnet: The Coming War For Your Web Browser
What if websites borrowed compute resources from their visitor’s devices while they browsed as a means of distributed computing?
Penetration Tests With Nessus Chapter 1
http://ift.tt/2myzm2w
Submitted January 16, 2018 at 01:16AM by berkdusunurx
via reddit http://ift.tt/2DeAdRj
http://ift.tt/2myzm2w
Submitted January 16, 2018 at 01:16AM by berkdusunurx
via reddit http://ift.tt/2DeAdRj
www.berkdusunur.net
Penetration Tests With Nessus (Chapter 1) Nessus İle Sızma Testleri
Hello everyone. Today I will write to you about " Nessus Vulnerability Scanner " This is the first part of my wiriting about nessu...
Firewall Detection in Penetration Test
http://ift.tt/2mz3hb0
Submitted January 16, 2018 at 01:15AM by berkdusunurx
via reddit http://ift.tt/2mFPMHk
http://ift.tt/2mz3hb0
Submitted January 16, 2018 at 01:15AM by berkdusunurx
via reddit http://ift.tt/2mFPMHk
www.berkdusunur.net
Firewall Detection in Penetration Tests (Sızma Testlerinde Firewall Tespiti)
Hello everyone. Today I will write about Firewall detection in penetration testing. Please let me know your views on the articles ...