Exploiting Custom Template Engines
http://ift.tt/2DKjgxz
Submitted January 26, 2018 at 02:48AM by fang0654
via reddit http://ift.tt/2naJ8sW
http://ift.tt/2DKjgxz
Submitted January 26, 2018 at 02:48AM by fang0654
via reddit http://ift.tt/2naJ8sW
Depthsecurity
Exploiting Custom Template Engines
Introduction
When performing an application assessment one of the areas within an app I pay particular attention to is any ability to define custom templates.
When performing an application assessment one of the areas within an app I pay particular attention to is any ability to define custom templates.
Stack Based Buffer Overflows on x64 (Windows)
http://ift.tt/2DDnCHf
Submitted January 26, 2018 at 01:15AM by Vasile4444
via reddit http://ift.tt/2DAUvAz
http://ift.tt/2DDnCHf
Submitted January 26, 2018 at 01:15AM by Vasile4444
via reddit http://ift.tt/2DAUvAz
Nytro Security
Stack Based Buffer Overflows on x64 (Windows)
The previous two blog posts describe how a Stack Based Buffer Overflow vulnerability works on x86 (32 bits) Windows. In the first part, you can find a short introduction to x86 Assembly and how the…
Unpacking Pykspa Malware With Python and IDA Pro - Subscriber Request Part 1
https://www.youtube.com/watch?v=HfSQlC76_s4
Submitted January 24, 2018 at 06:11PM by fireh7nter
via reddit http://ift.tt/2E9jMmp
https://www.youtube.com/watch?v=HfSQlC76_s4
Submitted January 24, 2018 at 06:11PM by fireh7nter
via reddit http://ift.tt/2E9jMmp
YouTube
Unpacking Pykspa Malware With Python and IDA Pro - Subscriber Request Part 1
Open Analysis Live! We use IDA Pro and Python noscripts to removed obfuscated code and statically unpack malware. This is Part 1 of a two part subscriber request asking us to determine why this malware would not run in their sandbox. In Part 1 we use Python…
Free course of ethical hacking, basic to advanced 2018!
http://ift.tt/2rIjvEe
Submitted January 26, 2018 at 06:01AM by gburu
via reddit http://ift.tt/2GgU8wF
http://ift.tt/2rIjvEe
Submitted January 26, 2018 at 06:01AM by gburu
via reddit http://ift.tt/2GgU8wF
en.gburu.net
Free ETHICAL HACKING Course: Beginner to Advanced 2018!! - en.gburu.net
Free Ethical Hacking course, you will learn everything you need to perform your own security audits and be a good ethical hacker, from novice to expert.
Unknown log in attempts on Tillys.com — should I be concerned?
Today, I got this email from customerservice@tillys.com.Hi [my name], Your account has been temporarily locked because the maximum number of invalid logins has been exceeded.Please try logging in again later.If you feel you have received this email in error, please contact customer service.This is an automatically generated email, please do not reply.I was quite scared by this, because I've never had such emails sent to me before. So I wanted to see if anyone else had this issue; if Tilly's were recently compromised or something.So I looked up the email content with quotation mark on Google, and I got a very fishy result. Only website I could find with this exact text is from the website of a New Zealand clothing brand, icebreaker. This seemed strange, but I assumed that maybe they used a same template or something for their security system so it's plausible they have the same message. (I have no idea how programming works. Is this a plausible idea?)Then, I sent a email to tillys support that I have been alarmed about unknown log in attempts to my account, so I would like to know location of where the log in attempts came from and what the attempts were. After the support mail was sent, I went to log in to my account, which I honestly don't even remember making, to be honest. I searched Tillys.com on my gmail search engine, but there weren't any of those "Thanks for joining Tillys.com!" type of mail in the past.So in case that my computer is exposed to a keylogger, I pressed forgot password to reset the password, without making any real attempts to log in, and changed my Tillys.com password to something completely unusual; a combination of words and numbers that I never used as a password before. When I logged in, I found more weird things.I was signed up for email updates, despite the fact that as I mentioned, I have not received any emails from Tilly's before. I looked for it on every inbox. Nothing is there.It is signed up with my real name and my birthdate, but the gender is wrong and the shipping address is a non-exsistent address. (Random numbers and null city, etc.)I ran a Windows Defender test and found a Trojan virus, and deleted it immediately. I pirate through torrent time to time, but very rarely and my last download has been quite a while ago.This is some weird fishy shit. I'm scared that this is all a set-up by a hacker to access my account. I will wait for their techsupport team to reply, but I would like to know if any of this is significant; something to worry about. Thank you guys in advance.
Submitted January 26, 2018 at 08:29AM by myheartsaysyesindeed
via reddit http://ift.tt/2BsvSUS
Today, I got this email from customerservice@tillys.com.Hi [my name], Your account has been temporarily locked because the maximum number of invalid logins has been exceeded.Please try logging in again later.If you feel you have received this email in error, please contact customer service.This is an automatically generated email, please do not reply.I was quite scared by this, because I've never had such emails sent to me before. So I wanted to see if anyone else had this issue; if Tilly's were recently compromised or something.So I looked up the email content with quotation mark on Google, and I got a very fishy result. Only website I could find with this exact text is from the website of a New Zealand clothing brand, icebreaker. This seemed strange, but I assumed that maybe they used a same template or something for their security system so it's plausible they have the same message. (I have no idea how programming works. Is this a plausible idea?)Then, I sent a email to tillys support that I have been alarmed about unknown log in attempts to my account, so I would like to know location of where the log in attempts came from and what the attempts were. After the support mail was sent, I went to log in to my account, which I honestly don't even remember making, to be honest. I searched Tillys.com on my gmail search engine, but there weren't any of those "Thanks for joining Tillys.com!" type of mail in the past.So in case that my computer is exposed to a keylogger, I pressed forgot password to reset the password, without making any real attempts to log in, and changed my Tillys.com password to something completely unusual; a combination of words and numbers that I never used as a password before. When I logged in, I found more weird things.I was signed up for email updates, despite the fact that as I mentioned, I have not received any emails from Tilly's before. I looked for it on every inbox. Nothing is there.It is signed up with my real name and my birthdate, but the gender is wrong and the shipping address is a non-exsistent address. (Random numbers and null city, etc.)I ran a Windows Defender test and found a Trojan virus, and deleted it immediately. I pirate through torrent time to time, but very rarely and my last download has been quite a while ago.This is some weird fishy shit. I'm scared that this is all a set-up by a hacker to access my account. I will wait for their techsupport team to reply, but I would like to know if any of this is significant; something to worry about. Thank you guys in advance.
Submitted January 26, 2018 at 08:29AM by myheartsaysyesindeed
via reddit http://ift.tt/2BsvSUS
Tillys
Tillys | Men, Women and Kids' Clothing & Shoe Store
Shop Tillys for the best in men's clothing, women's clothing, kid's clothing, backpacks, shoes and accessories from all of your favorite brands
IDS x series alarm system
Error: Version No. 2.02 busy. Will not arm the alarm because of this error.
Submitted January 26, 2018 at 02:22PM by Gtex555
via reddit http://ift.tt/2DEhFWs
Error: Version No. 2.02 busy. Will not arm the alarm because of this error.
Submitted January 26, 2018 at 02:22PM by Gtex555
via reddit http://ift.tt/2DEhFWs
reddit
IDS x series alarm system • r/security
Error: Version No. 2.02 busy. Will not arm the alarm because of this error.
Amazing Incident Response 45K PCs and 4K Servers in 10 days
http://ift.tt/2nf36ll
Submitted January 26, 2018 at 03:27PM by akapranos
via reddit http://ift.tt/2DGEqxq
http://ift.tt/2nf36ll
Submitted January 26, 2018 at 03:27PM by akapranos
via reddit http://ift.tt/2DGEqxq
Debugging Android third-party Java apps with native methods
http://ift.tt/2Ea7c6g
Submitted January 26, 2018 at 03:10PM by xaocuc
via reddit http://ift.tt/2DA2kq3
http://ift.tt/2Ea7c6g
Submitted January 26, 2018 at 03:10PM by xaocuc
via reddit http://ift.tt/2DA2kq3
reddit
Debugging Android third-party Java apps with native methods • r/netsec
3 points and 0 comments so far on reddit
Why IP-based rules are bad, but we still use it
http://ift.tt/2ncAs51
Submitted January 26, 2018 at 04:22PM by jpkroehling
via reddit http://ift.tt/2Bv0yVv
http://ift.tt/2ncAs51
Submitted January 26, 2018 at 04:22PM by jpkroehling
via reddit http://ift.tt/2Bv0yVv
Medium
Why IP-based rules are bad, but we still use it
One of the first decisions when architecting a Web Application Firewall is whether or not to add blacklists based on IP addresses. Even…
How to Hack a Turned-off Computer, or Running Unsigned Code in Intel ME
http://ift.tt/2BwkAyI
Submitted January 26, 2018 at 06:26PM by alexlash
via reddit http://ift.tt/2Gix5Sb
http://ift.tt/2BwkAyI
Submitted January 26, 2018 at 06:26PM by alexlash
via reddit http://ift.tt/2Gix5Sb
Ptsecurity
How to Hack a Turned-off Computer, or Running Unsigned Code in Intel ME
At the recent Black Hat Europe conference, Positive Technologies researchers Mark Ermolov and Maxim Goryachy spoke about the vulnerability ...
Security In 5: Episode 161 - Tools, Tips and Tricks - Fileinfo.com
http://ift.tt/2BuwCZy
Submitted January 26, 2018 at 07:36PM by BinaryBlog
via reddit http://ift.tt/2nhl73x
http://ift.tt/2BuwCZy
Submitted January 26, 2018 at 07:36PM by BinaryBlog
via reddit http://ift.tt/2nhl73x
Libsyn
Security In Five Podcast: Episode 161 - Tools, Tips and Tricks - Fileinfo.com
There are times when you come across a file and have no idea what it is, what it's for, if it's dangerous and if you can delete it. This is where a website like Fileinfo.com comes in. There are many resources like Fileinfo.com out there, this is just one…
Universal Cross-site Scripting db
http://ift.tt/2BtIBqm
Submitted January 26, 2018 at 07:25PM by coldlinecall
via reddit http://ift.tt/2neFkGT
http://ift.tt/2BtIBqm
Submitted January 26, 2018 at 07:25PM by coldlinecall
via reddit http://ift.tt/2neFkGT
GitHub
Metnew/uxss-db
uxss-db - UXSS DB [WIP!, update soon]
CloudFlair: Bypassing Cloudflare using Internet-wide scan data
http://ift.tt/2DrZB5a
Submitted January 26, 2018 at 08:23PM by speckz
via reddit http://ift.tt/2DGurrA
http://ift.tt/2DrZB5a
Submitted January 26, 2018 at 08:23PM by speckz
via reddit http://ift.tt/2DGurrA
Christophe Tafani-Dereeper
CloudFlair: Bypassing CloudFlare using Internet-wide scan data - Christophe Tafani-Dereeper
CloudFlare is a service that acts as a middleman between a website and its end users, protecting it from various attacks. Unfortunately, those websites are often poorly configured, allowing an attacker to entirely bypass Cloudflare and run DDoS attacks or…
Elastic Stack as Intrusion detection system
Hey guys, Has anybody experience or sources about a intrusion detection system based on the elastic stack ? We have centralised logging systems of our Webserver. So maybe we can use Kibana in combination with the x-pack. They offer some attractive tools and features for setting up a ids. I’m currently researching the machine learning feature. Highly appreciate any input!
Submitted January 26, 2018 at 07:57PM by Asurax96
via reddit http://ift.tt/2EbciPP
Hey guys, Has anybody experience or sources about a intrusion detection system based on the elastic stack ? We have centralised logging systems of our Webserver. So maybe we can use Kibana in combination with the x-pack. They offer some attractive tools and features for setting up a ids. I’m currently researching the machine learning feature. Highly appreciate any input!
Submitted January 26, 2018 at 07:57PM by Asurax96
via reddit http://ift.tt/2EbciPP
reddit
Elastic Stack as Intrusion detection system • r/security
Hey guys, Has anybody experience or sources about a intrusion detection system based on the elastic stack ? We have centralised logging systems of...
Catching same subnet scanning
What is the best detection method to catch same subnet scanning?
Submitted January 26, 2018 at 09:06PM by housetops
via reddit http://ift.tt/2DBlxrm
What is the best detection method to catch same subnet scanning?
Submitted January 26, 2018 at 09:06PM by housetops
via reddit http://ift.tt/2DBlxrm
reddit
Catching same subnet scanning • r/security
What is the best detection method to catch same subnet scanning?
Honey Buckets - A tool to find out who is snooping through your AWS S3 buckets
http://ift.tt/2n0s9Zl
Submitted January 26, 2018 at 11:00PM by graystevens
via reddit http://ift.tt/2DCOu6r
http://ift.tt/2n0s9Zl
Submitted January 26, 2018 at 11:00PM by graystevens
via reddit http://ift.tt/2DCOu6r
Breach Insider
Honey Buckets by Breach Insider
Find out who is snooping through your Amazon S3 buckets. A free, painless, and a quick way to identify reconnaissance against your infrastructure or brand, brought to you by Breach Insider.
SHA-1 and the art of digital certificate management: For years, crypto experts have been warning that a method of reliably generating SHA-1 hash collisions was just a matter of time. That time has come.
http://ift.tt/2EeRAPa
Submitted January 26, 2018 at 10:41PM by yourbasicgeek
via reddit http://ift.tt/2ndRBeQ
http://ift.tt/2EeRAPa
Submitted January 26, 2018 at 10:41PM by yourbasicgeek
via reddit http://ift.tt/2ndRBeQ
reddit
SHA-1 and the art of digital certificate management:... • r/security
0 points and 0 comments so far on reddit
Security Startup Builds GPU Native Custom Neural Network Framework
http://ift.tt/2DGAqwR
Submitted January 26, 2018 at 10:39PM by KeponeFactory
via reddit http://ift.tt/2BvGCBT
http://ift.tt/2DGAqwR
Submitted January 26, 2018 at 10:39PM by KeponeFactory
via reddit http://ift.tt/2BvGCBT
The Next Platform
Startup Builds GPU Native Custom Neural Network Framework
It is estimated that each day over a million malicious files are created and kicked to every corner of the web. While there are plenty of options for secur
InfoSec Week 4, 2018
http://ift.tt/2ndrpkC
Submitted January 26, 2018 at 11:42PM by undercomm
via reddit http://ift.tt/2BvSiV5
http://ift.tt/2ndrpkC
Submitted January 26, 2018 at 11:42PM by undercomm
via reddit http://ift.tt/2BvSiV5
Malgregator
InfoSec Week 4, 2018
Electron applications designed to run on Windows that register themselves as the default handler for a protocol, like Skype, Slack and...
Sandstorm Security Review
http://ift.tt/2rGb9Nr
Submitted January 26, 2018 at 10:45PM by DiscombobulatedGood
via reddit http://ift.tt/2nftlsE
http://ift.tt/2rGb9Nr
Submitted January 26, 2018 at 10:45PM by DiscombobulatedGood
via reddit http://ift.tt/2nftlsE
DEVCORE 戴夫寇爾
Sandstorm Security Review | DEVCORE 戴夫寇爾
In order to leverage the vulnerabilities, we put part of efforts into review of Sandstorm's source codes, and tried to escape the sandbox to impact the whole server...
Google X is launching a cybersecurity company called Chronicle
http://ift.tt/2Bq8p6E
Submitted January 27, 2018 at 01:45AM by volci
via reddit http://ift.tt/2DIqC5z
http://ift.tt/2Bq8p6E
Submitted January 27, 2018 at 01:45AM by volci
via reddit http://ift.tt/2DIqC5z
The Verge
Google X is launching a cybersecurity company called Chronicle
A ‘digital immune system’ from the moonshot department