A Medium publication just for InfoSec writeups.
http://ift.tt/2iII67Q
Submitted March 02, 2018 at 02:35PM by Eta-Meson
via reddit http://ift.tt/2oCx3x9
http://ift.tt/2iII67Q
Submitted March 02, 2018 at 02:35PM by Eta-Meson
via reddit http://ift.tt/2oCx3x9
Medium
InfoSec Writeups – Medium
A collection of awesome write ups from best hackers in topics ranging from bug bounties, CTFs, vulnhub machines, hardware challenges, real life encounters and everything else which can help other enthusiasts to learn. #sharingiscaring.
Number of Sites Hosting Cryptocurrency Miners Surges 725% in 4 Months
http://ift.tt/2oIybi9
Submitted March 02, 2018 at 03:23PM by Chumstick
via reddit http://ift.tt/2oKPA9P
http://ift.tt/2oIybi9
Submitted March 02, 2018 at 03:23PM by Chumstick
via reddit http://ift.tt/2oKPA9P
Dark Reading
Number of Sites Hosting Cryptocurrency Miners Surges 725% in 4 Months
The dramatic increase in cryptocurrency prices, especially for Monero, is behind the sudden explosive growth, says Cyren.
Emotet Malware URLs
http://ift.tt/2HY7XRA
Submitted March 02, 2018 at 03:21PM by Chumstick
via reddit http://ift.tt/2oKAPDR
http://ift.tt/2HY7XRA
Submitted March 02, 2018 at 03:21PM by Chumstick
via reddit http://ift.tt/2oKAPDR
Pastebin
Emotet Malware URLs 03/01/18 - Pastebin.com
New DDoS Record Set at 1.3 Tbps Thanks to Memcached Servers
http://ift.tt/2F6HkYM
Submitted March 02, 2018 at 03:20PM by Chumstick
via reddit http://ift.tt/2HXpJ7r
http://ift.tt/2F6HkYM
Submitted March 02, 2018 at 03:20PM by Chumstick
via reddit http://ift.tt/2HXpJ7r
BleepingComputer
New DDoS Record Set at 1.3 Tbps Thanks to Memcached Servers
We have a new record for the largest DDoS attack ever detected. The new high mark is 1.3 Tbps (Terabits-per-second).
CannibalRAT, a RAT entirely written in Python observed in targeted attacks
http://ift.tt/2oAuP1c
Submitted March 02, 2018 at 04:03PM by CasperVPN
via reddit http://ift.tt/2tai1n3
http://ift.tt/2oAuP1c
Submitted March 02, 2018 at 04:03PM by CasperVPN
via reddit http://ift.tt/2tai1n3
Security Affairs
CannibalRAT, a RAT entirely written in Python observed in targeted attacks
Security researchers from Cisco Talos discovered a new remote access Trojan (RAT) dubbed CannibalRAT that has been written entirely in Python.
The infamous vulnerability of target _blank code. Do you validate under "best coding practice" to prevent phishing.
http://ift.tt/2oKv89j
Submitted March 02, 2018 at 04:22PM by xrna
via reddit http://ift.tt/2HVKh02
http://ift.tt/2oKv89j
Submitted March 02, 2018 at 04:22PM by xrna
via reddit http://ift.tt/2HVKh02
Cyber Sins
The infamous issue of target _blank code
This is one of those vulnerabilities which hasn't got enough spotlight, and therefore vendors are still reluctant to fix it. Some of the vendors do not consider this a vulnerability at all. Here via this blog post, I would like to highlight this issue, and…
Reflected Cross Site Scripting when "Referer" header value renders on web page
http://ift.tt/2F5HWSw
Submitted March 02, 2018 at 05:10PM by indishell1046
via reddit http://ift.tt/2HXDrqM
http://ift.tt/2F5HWSw
Submitted March 02, 2018 at 05:10PM by indishell1046
via reddit http://ift.tt/2HXDrqM
GitHub
incredibleindishell/Random
Random - This repo contains random stuffs
TestLink Open Source Test Management(<= 1.9.16) Remote Code Execution
http://ift.tt/2t7E5Pp
Submitted March 02, 2018 at 06:40PM by indishell1046
via reddit http://ift.tt/2oJwQYd
http://ift.tt/2t7E5Pp
Submitted March 02, 2018 at 06:40PM by indishell1046
via reddit http://ift.tt/2oJwQYd
GitHub
incredibleindishell/exploit-code-by-me
exploit-code-by-me - Exploit code developed by me to check few famous vulnerabilities
Security In 5: Episode 186 - Tools, Tips and Tricks - Pwned Passwords
http://ift.tt/2oKHnlY
Submitted March 02, 2018 at 07:37PM by BinaryBlog
via reddit http://ift.tt/2HU9RCB
http://ift.tt/2oKHnlY
Submitted March 02, 2018 at 07:37PM by BinaryBlog
via reddit http://ift.tt/2HU9RCB
Libsyn
Security In Five Podcast: Episode 186 - Tools, Tips and Tricks - Pwned Passwords
Troy Hunt, creator of Have I Been Pwned, added a new feature to the website called Pwned Passwords. This is a collection of over 500 million passwords that were collected from all the breaches. The reason this was created is that NIST has suggested a change…
Easy-Scan: Terminal based minimal web application scanner built on Python
http://ift.tt/2sAqDz1
Submitted March 02, 2018 at 06:57PM by lazykid07
via reddit http://ift.tt/2oOuzLJ
http://ift.tt/2sAqDz1
Submitted March 02, 2018 at 06:57PM by lazykid07
via reddit http://ift.tt/2oOuzLJ
GitHub
introvertmac/Easy-Scan
Minimal web application scanner. Contribute to introvertmac/Easy-Scan development by creating an account on GitHub.
Jailbreak for iOS 10.x 64bit devices without KTRR
http://ift.tt/2HY69be
Submitted March 02, 2018 at 09:37PM by TechLord2
via reddit http://ift.tt/2CQYc3H
http://ift.tt/2HY69be
Submitted March 02, 2018 at 09:37PM by TechLord2
via reddit http://ift.tt/2CQYc3H
GitHub
tihmstar/doubleH3lix
doubleH3lix - Jailbreak for iOS 10.x 64bit devices without KTRR
Scrape the Twitter Frontend API without authentication
http://ift.tt/2ELHSar
Submitted March 02, 2018 at 09:35PM by TechLord2
via reddit http://ift.tt/2FLb12P
http://ift.tt/2ELHSar
Submitted March 02, 2018 at 09:35PM by TechLord2
via reddit http://ift.tt/2FLb12P
GitHub
kennethreitz/twitter-scraper
twitter-scraper - Scrape the Twitter Frontend API without authentication.
Bug in HP Remote Management Tool Leaves Servers Open to Attack
http://ift.tt/2CP4qkB
Submitted March 02, 2018 at 09:50PM by volci
via reddit http://ift.tt/2F94ldJ
http://ift.tt/2CP4qkB
Submitted March 02, 2018 at 09:50PM by volci
via reddit http://ift.tt/2F94ldJ
Threatpost | The first stop for security news
Bug in HP Remote Management Tool Leaves Servers Open to Attack
Firmware versions of HPE’s remote management hardware iLO3 have an unauthenticated remote denial of service vulnerability.
Shellen - Interactive shellcoding environment to easily craft shellcodes
http://ift.tt/2F4VcqH
Submitted March 02, 2018 at 10:17PM by pacotes
via reddit http://ift.tt/2FjekAr
http://ift.tt/2F4VcqH
Submitted March 02, 2018 at 10:17PM by pacotes
via reddit http://ift.tt/2FjekAr
GitHub
merrychap/shellen
:cherry_blossom: Interactive shellcoding environment to easily craft shellcodes - merrychap/shellen
Week 9 in Information Security, 2018
http://ift.tt/2GUkeoA
Submitted March 02, 2018 at 11:01PM by undercomm
via reddit http://ift.tt/2oEQW6M
http://ift.tt/2GUkeoA
Submitted March 02, 2018 at 11:01PM by undercomm
via reddit http://ift.tt/2oEQW6M
Malgregator
InfoSec Week 9, 2018
Wandera security researchers spotted a new sophisticated Android RedDrop malware hidden in at least 53 Android applications. It can...
New SMBv3 DoS exploit for Windows 8.1 & Windows Server 2012
http://ift.tt/2FeHuka
Submitted March 02, 2018 at 10:38PM by Neo-Bubba
via reddit http://ift.tt/2FjXaCO
http://ift.tt/2FeHuka
Submitted March 02, 2018 at 10:38PM by Neo-Bubba
via reddit http://ift.tt/2FjXaCO
Red Team Laptop & Infrastructure (pt 1: Architecture)
http://ift.tt/2CT9xR4
Submitted March 02, 2018 at 11:28PM by thugl0r
via reddit http://ift.tt/2Fatbd0
http://ift.tt/2CT9xR4
Submitted March 02, 2018 at 11:28PM by thugl0r
via reddit http://ift.tt/2Fatbd0
Is it allowed to send (and collect on the bounty) a Responsible Disclosure statement to my own employer?
I have seen multiple security issues within my own company and normally I disclose them to the one responsible via the channels within the company. However, I am sick of the irresponsibility and lack of precaution taken when deploying new features. Just yesterday they deployed some code that makes it possible to see a lot of customer information, and also provides a loophole to inject SQL and see the results of the query executed (as well as the errors you might produce).I am a Software Developer, not a Security Engineer...PS: I work don't work with the team that is deploying this code (I don't even have access to it, so I do not have any advantage over a malicious person)
Submitted March 03, 2018 at 12:31AM by xoorl
via reddit http://ift.tt/2FKUV9l
I have seen multiple security issues within my own company and normally I disclose them to the one responsible via the channels within the company. However, I am sick of the irresponsibility and lack of precaution taken when deploying new features. Just yesterday they deployed some code that makes it possible to see a lot of customer information, and also provides a loophole to inject SQL and see the results of the query executed (as well as the errors you might produce).I am a Software Developer, not a Security Engineer...PS: I work don't work with the team that is deploying this code (I don't even have access to it, so I do not have any advantage over a malicious person)
Submitted March 03, 2018 at 12:31AM by xoorl
via reddit http://ift.tt/2FKUV9l
reddit
Is it allowed to send (and collect on the bounty) a... • r/security
I have seen multiple security issues within my own company and normally I disclose them to the one responsible via the channels within the...
Banking Trojan Found in Over 40 Models of Low-Cost Android Smartphones
http://ift.tt/2oCnlLf
Submitted March 03, 2018 at 02:12AM by alessiodelv
via reddit http://ift.tt/2oCmudM
http://ift.tt/2oCnlLf
Submitted March 03, 2018 at 02:12AM by alessiodelv
via reddit http://ift.tt/2oCmudM
BleepingComputer
Banking Trojan Found in Over 40 Models of Low-Cost Android Smartphones
Over 40 models of low-cost Android smartphones are sold already infected with the Triada banking trojan, says Dr.Web, a Russia-based antivirus vendor.
Join a growing a Pentesting/Hacking Community.
Hello World!PentestSec is a community of Pentesters, Infosec professionals, and Students. We have the idea that information should be free to those want to learn and master their skills. There are ton of places on the internet to learn hacking, it can be a bit overwhelming, and so this community has everything in one. We have a private section for newbie’s to learn and ask questions with professionals, as well as daily lesson to try out. We have partnership with other servers who have Professional talk in their server via voice chat with industry Pros!!! We do CTFs, such as Vulnhub, Hackthebox, and more to practice. If you are going for a cert we have a section with material as well. Of course we don’t spoil anything or hold anyone’s hand, but if you are willing to work hard, you can gain a lot of knowledge. So join us! The only thing missing in the community is …..You!Hack The Planet!https://twitter.com/pentestsechttps://discord.gg/4hqkRgZ
Submitted March 03, 2018 at 03:09AM by grimessec
via reddit http://ift.tt/2FLElWQ
Hello World!PentestSec is a community of Pentesters, Infosec professionals, and Students. We have the idea that information should be free to those want to learn and master their skills. There are ton of places on the internet to learn hacking, it can be a bit overwhelming, and so this community has everything in one. We have a private section for newbie’s to learn and ask questions with professionals, as well as daily lesson to try out. We have partnership with other servers who have Professional talk in their server via voice chat with industry Pros!!! We do CTFs, such as Vulnhub, Hackthebox, and more to practice. If you are going for a cert we have a section with material as well. Of course we don’t spoil anything or hold anyone’s hand, but if you are willing to work hard, you can gain a lot of knowledge. So join us! The only thing missing in the community is …..You!Hack The Planet!https://twitter.com/pentestsechttps://discord.gg/4hqkRgZ
Submitted March 03, 2018 at 03:09AM by grimessec
via reddit http://ift.tt/2FLElWQ
Twitter
PentestSec (@PentestSec) | Twitter
The latest Tweets from PentestSec (@PentestSec). We are a bunch of infosec addicted goons hungry for more.
https://t.co/f71zQaQgQL
https://t.co/f71zQaQgQL
Israel Sent a Letter to American Hackers Asking for Zero-Days
http://ift.tt/2CV7ZWs
Submitted March 03, 2018 at 04:37AM by bluefish009
via reddit http://ift.tt/2FaH5fv
http://ift.tt/2CV7ZWs
Submitted March 03, 2018 at 04:37AM by bluefish009
via reddit http://ift.tt/2FaH5fv
Wccftech
Israel Sent a Letter to American Hackers Asking for Zero-Days
How Governments Find Latest Zero-Day Exploits and Hacking Tools - They Just Ask... Israel Sent an Unsolicited Letter to Multiple US Companies.