Easy-Scan: Terminal based minimal web application scanner built on Python
http://ift.tt/2sAqDz1
Submitted March 02, 2018 at 06:57PM by lazykid07
via reddit http://ift.tt/2oOuzLJ
http://ift.tt/2sAqDz1
Submitted March 02, 2018 at 06:57PM by lazykid07
via reddit http://ift.tt/2oOuzLJ
GitHub
introvertmac/Easy-Scan
Minimal web application scanner. Contribute to introvertmac/Easy-Scan development by creating an account on GitHub.
Jailbreak for iOS 10.x 64bit devices without KTRR
http://ift.tt/2HY69be
Submitted March 02, 2018 at 09:37PM by TechLord2
via reddit http://ift.tt/2CQYc3H
http://ift.tt/2HY69be
Submitted March 02, 2018 at 09:37PM by TechLord2
via reddit http://ift.tt/2CQYc3H
GitHub
tihmstar/doubleH3lix
doubleH3lix - Jailbreak for iOS 10.x 64bit devices without KTRR
Scrape the Twitter Frontend API without authentication
http://ift.tt/2ELHSar
Submitted March 02, 2018 at 09:35PM by TechLord2
via reddit http://ift.tt/2FLb12P
http://ift.tt/2ELHSar
Submitted March 02, 2018 at 09:35PM by TechLord2
via reddit http://ift.tt/2FLb12P
GitHub
kennethreitz/twitter-scraper
twitter-scraper - Scrape the Twitter Frontend API without authentication.
Bug in HP Remote Management Tool Leaves Servers Open to Attack
http://ift.tt/2CP4qkB
Submitted March 02, 2018 at 09:50PM by volci
via reddit http://ift.tt/2F94ldJ
http://ift.tt/2CP4qkB
Submitted March 02, 2018 at 09:50PM by volci
via reddit http://ift.tt/2F94ldJ
Threatpost | The first stop for security news
Bug in HP Remote Management Tool Leaves Servers Open to Attack
Firmware versions of HPE’s remote management hardware iLO3 have an unauthenticated remote denial of service vulnerability.
Shellen - Interactive shellcoding environment to easily craft shellcodes
http://ift.tt/2F4VcqH
Submitted March 02, 2018 at 10:17PM by pacotes
via reddit http://ift.tt/2FjekAr
http://ift.tt/2F4VcqH
Submitted March 02, 2018 at 10:17PM by pacotes
via reddit http://ift.tt/2FjekAr
GitHub
merrychap/shellen
:cherry_blossom: Interactive shellcoding environment to easily craft shellcodes - merrychap/shellen
Week 9 in Information Security, 2018
http://ift.tt/2GUkeoA
Submitted March 02, 2018 at 11:01PM by undercomm
via reddit http://ift.tt/2oEQW6M
http://ift.tt/2GUkeoA
Submitted March 02, 2018 at 11:01PM by undercomm
via reddit http://ift.tt/2oEQW6M
Malgregator
InfoSec Week 9, 2018
Wandera security researchers spotted a new sophisticated Android RedDrop malware hidden in at least 53 Android applications. It can...
New SMBv3 DoS exploit for Windows 8.1 & Windows Server 2012
http://ift.tt/2FeHuka
Submitted March 02, 2018 at 10:38PM by Neo-Bubba
via reddit http://ift.tt/2FjXaCO
http://ift.tt/2FeHuka
Submitted March 02, 2018 at 10:38PM by Neo-Bubba
via reddit http://ift.tt/2FjXaCO
Red Team Laptop & Infrastructure (pt 1: Architecture)
http://ift.tt/2CT9xR4
Submitted March 02, 2018 at 11:28PM by thugl0r
via reddit http://ift.tt/2Fatbd0
http://ift.tt/2CT9xR4
Submitted March 02, 2018 at 11:28PM by thugl0r
via reddit http://ift.tt/2Fatbd0
Is it allowed to send (and collect on the bounty) a Responsible Disclosure statement to my own employer?
I have seen multiple security issues within my own company and normally I disclose them to the one responsible via the channels within the company. However, I am sick of the irresponsibility and lack of precaution taken when deploying new features. Just yesterday they deployed some code that makes it possible to see a lot of customer information, and also provides a loophole to inject SQL and see the results of the query executed (as well as the errors you might produce).I am a Software Developer, not a Security Engineer...PS: I work don't work with the team that is deploying this code (I don't even have access to it, so I do not have any advantage over a malicious person)
Submitted March 03, 2018 at 12:31AM by xoorl
via reddit http://ift.tt/2FKUV9l
I have seen multiple security issues within my own company and normally I disclose them to the one responsible via the channels within the company. However, I am sick of the irresponsibility and lack of precaution taken when deploying new features. Just yesterday they deployed some code that makes it possible to see a lot of customer information, and also provides a loophole to inject SQL and see the results of the query executed (as well as the errors you might produce).I am a Software Developer, not a Security Engineer...PS: I work don't work with the team that is deploying this code (I don't even have access to it, so I do not have any advantage over a malicious person)
Submitted March 03, 2018 at 12:31AM by xoorl
via reddit http://ift.tt/2FKUV9l
reddit
Is it allowed to send (and collect on the bounty) a... • r/security
I have seen multiple security issues within my own company and normally I disclose them to the one responsible via the channels within the...
Banking Trojan Found in Over 40 Models of Low-Cost Android Smartphones
http://ift.tt/2oCnlLf
Submitted March 03, 2018 at 02:12AM by alessiodelv
via reddit http://ift.tt/2oCmudM
http://ift.tt/2oCnlLf
Submitted March 03, 2018 at 02:12AM by alessiodelv
via reddit http://ift.tt/2oCmudM
BleepingComputer
Banking Trojan Found in Over 40 Models of Low-Cost Android Smartphones
Over 40 models of low-cost Android smartphones are sold already infected with the Triada banking trojan, says Dr.Web, a Russia-based antivirus vendor.
Join a growing a Pentesting/Hacking Community.
Hello World!PentestSec is a community of Pentesters, Infosec professionals, and Students. We have the idea that information should be free to those want to learn and master their skills. There are ton of places on the internet to learn hacking, it can be a bit overwhelming, and so this community has everything in one. We have a private section for newbie’s to learn and ask questions with professionals, as well as daily lesson to try out. We have partnership with other servers who have Professional talk in their server via voice chat with industry Pros!!! We do CTFs, such as Vulnhub, Hackthebox, and more to practice. If you are going for a cert we have a section with material as well. Of course we don’t spoil anything or hold anyone’s hand, but if you are willing to work hard, you can gain a lot of knowledge. So join us! The only thing missing in the community is …..You!Hack The Planet!https://twitter.com/pentestsechttps://discord.gg/4hqkRgZ
Submitted March 03, 2018 at 03:09AM by grimessec
via reddit http://ift.tt/2FLElWQ
Hello World!PentestSec is a community of Pentesters, Infosec professionals, and Students. We have the idea that information should be free to those want to learn and master their skills. There are ton of places on the internet to learn hacking, it can be a bit overwhelming, and so this community has everything in one. We have a private section for newbie’s to learn and ask questions with professionals, as well as daily lesson to try out. We have partnership with other servers who have Professional talk in their server via voice chat with industry Pros!!! We do CTFs, such as Vulnhub, Hackthebox, and more to practice. If you are going for a cert we have a section with material as well. Of course we don’t spoil anything or hold anyone’s hand, but if you are willing to work hard, you can gain a lot of knowledge. So join us! The only thing missing in the community is …..You!Hack The Planet!https://twitter.com/pentestsechttps://discord.gg/4hqkRgZ
Submitted March 03, 2018 at 03:09AM by grimessec
via reddit http://ift.tt/2FLElWQ
Twitter
PentestSec (@PentestSec) | Twitter
The latest Tweets from PentestSec (@PentestSec). We are a bunch of infosec addicted goons hungry for more.
https://t.co/f71zQaQgQL
https://t.co/f71zQaQgQL
Israel Sent a Letter to American Hackers Asking for Zero-Days
http://ift.tt/2CV7ZWs
Submitted March 03, 2018 at 04:37AM by bluefish009
via reddit http://ift.tt/2FaH5fv
http://ift.tt/2CV7ZWs
Submitted March 03, 2018 at 04:37AM by bluefish009
via reddit http://ift.tt/2FaH5fv
Wccftech
Israel Sent a Letter to American Hackers Asking for Zero-Days
How Governments Find Latest Zero-Day Exploits and Hacking Tools - They Just Ask... Israel Sent an Unsolicited Letter to Multiple US Companies.
Public disclosure in the public interest?
I have discovered a security bug related to authentication on a major US based website (estimated 10M monthly users). The bug allows anyone with local physical access to a computer to access the last logged-in users full account - even after that victim believes they've signed out. This includes after the browser is closed, quit, and the computer has been restarted. This bug exposes personal identity information, financial information, and financial account access - including the ability to withdraw funds (some accounts may have additional security protecting against funds withdrawn, but not all).I have responsibly disclosed this bug through the company's bug bounty program on January 26th. I have made at least four attempts to be aggressive in helping the company support/security team recognize the severity of this bug. But their responses have all been a form of "working as designed" and "it's not great, but that's the way it works". (Unbelievable I know, but those are the facts for this case).I attempted to report this bug to the relevant US government regulators. The regulators responded, but did not request any details about the specifics of the bug. They had no follow up after a simple "who are you" call. I have informed the company that I contacted the US regulators.I believe this bug is likely one of the worst kind of bugs - because while it is not a remote access vulnerability, it is a very high impact vulnerability. It is very likely to cause a lot of damage to a few users. To those users, and perhaps even to the company, it will be completely inexplicable. Victims of un-authorized funds transfers will know they are victims, but to the company it will appear as a "one off case of user-error". Because there are so many users on this site, the exploit could occur many times before the company, regulators, or users identify the access vulnerability.Questions:1) Are there any resources or experts that I could consult on whether public disclosure, for the purposes of applying pressure to the company, would be appropriate? (My hypothesis is that public disclosure is appropriate, based on the severity of the impact, the disinterest of the company, and the elusiveness of the cause)2) Are there any other paths for disclosure that I should attempt before public disclosure?3) If I were to publicly disclose, I would inform the company of a date of pending public disclosure. How many days of pre-disclosure time should I provide the company? (It has already been 30 days).
Submitted March 03, 2018 at 05:23AM by dreamingwell
via reddit http://ift.tt/2F7VAV7
I have discovered a security bug related to authentication on a major US based website (estimated 10M monthly users). The bug allows anyone with local physical access to a computer to access the last logged-in users full account - even after that victim believes they've signed out. This includes after the browser is closed, quit, and the computer has been restarted. This bug exposes personal identity information, financial information, and financial account access - including the ability to withdraw funds (some accounts may have additional security protecting against funds withdrawn, but not all).I have responsibly disclosed this bug through the company's bug bounty program on January 26th. I have made at least four attempts to be aggressive in helping the company support/security team recognize the severity of this bug. But their responses have all been a form of "working as designed" and "it's not great, but that's the way it works". (Unbelievable I know, but those are the facts for this case).I attempted to report this bug to the relevant US government regulators. The regulators responded, but did not request any details about the specifics of the bug. They had no follow up after a simple "who are you" call. I have informed the company that I contacted the US regulators.I believe this bug is likely one of the worst kind of bugs - because while it is not a remote access vulnerability, it is a very high impact vulnerability. It is very likely to cause a lot of damage to a few users. To those users, and perhaps even to the company, it will be completely inexplicable. Victims of un-authorized funds transfers will know they are victims, but to the company it will appear as a "one off case of user-error". Because there are so many users on this site, the exploit could occur many times before the company, regulators, or users identify the access vulnerability.Questions:1) Are there any resources or experts that I could consult on whether public disclosure, for the purposes of applying pressure to the company, would be appropriate? (My hypothesis is that public disclosure is appropriate, based on the severity of the impact, the disinterest of the company, and the elusiveness of the cause)2) Are there any other paths for disclosure that I should attempt before public disclosure?3) If I were to publicly disclose, I would inform the company of a date of pending public disclosure. How many days of pre-disclosure time should I provide the company? (It has already been 30 days).
Submitted March 03, 2018 at 05:23AM by dreamingwell
via reddit http://ift.tt/2F7VAV7
reddit
Public disclosure in the public interest? • r/security
I have discovered a security bug related to authentication on a major US based website (estimated 10M monthly users). The bug allows anyone with...
Issues installing Kaspersky on Windows 10.
Anybody here every seen issues with this? I only use Kaspersky cause it's the one I pay for and it works. Just got Windows 10 installed and it gets 10% then says error can't connect to server, check your internet connection. My connection is perfect. My friend thinks it's the firewall.
Submitted March 03, 2018 at 07:33AM by ChampionDreamerMusic
via reddit http://ift.tt/2I13OvZ
Anybody here every seen issues with this? I only use Kaspersky cause it's the one I pay for and it works. Just got Windows 10 installed and it gets 10% then says error can't connect to server, check your internet connection. My connection is perfect. My friend thinks it's the firewall.
Submitted March 03, 2018 at 07:33AM by ChampionDreamerMusic
via reddit http://ift.tt/2I13OvZ
reddit
Issues installing Kaspersky on Windows 10. • r/security
Anybody here every seen issues with this? I only use Kaspersky cause it's the one I pay for and it works. Just got Windows 10 installed and it...
Turning your web traffic into a Super Computer
http://ift.tt/2FN16JP
Submitted March 03, 2018 at 08:57AM by eloquinees_husband
via reddit http://ift.tt/2CVjP2M
http://ift.tt/2FN16JP
Submitted March 03, 2018 at 08:57AM by eloquinees_husband
via reddit http://ift.tt/2CVjP2M
Chrome Lets Hackers Phish Even 'Unphishable' Yubikey Users
http://ift.tt/2oyV1cM
Submitted March 03, 2018 at 10:19AM by adriankoshcha
via reddit http://ift.tt/2FlmBnC
http://ift.tt/2oyV1cM
Submitted March 03, 2018 at 10:19AM by adriankoshcha
via reddit http://ift.tt/2FlmBnC
WIRED
Chrome Lets Hackers Phish Even 'Unphishable' Yubikey Users
While still the best protection against phishing attacks, some Yubikey models are vulnerable after a recent update to Google Chrome.
EclecticIQ Fusion Center Report: Report DDoS Attack Stemming from Memcached Servers Hits GitHub
http://ift.tt/2oJmJnp
Submitted March 03, 2018 at 01:30PM by EclecticIQ
via reddit http://ift.tt/2F7CCdj
http://ift.tt/2oJmJnp
Submitted March 03, 2018 at 01:30PM by EclecticIQ
via reddit http://ift.tt/2F7CCdj
EclecticIQ
EclecticIQ Fusion Center Report: Report DDoS Attack Stemming from Memcached Servers Hits GitHub
Earlier this week Cloudflare and various security researchers were reporting on an obscure amplification attack vector using the memcached protocol, coming from UDP port 11211. On Wednesday. GitHub experienced a DDoS attack stemming from memcached servers.
23,000 TLS certificates compromised because the CA's CEO emailed all the private keys to a partner without encryption
http://ift.tt/2GU2JEW
Submitted March 03, 2018 at 03:23PM by thestarflyer
via reddit http://ift.tt/2oMBLI3
http://ift.tt/2GU2JEW
Submitted March 03, 2018 at 03:23PM by thestarflyer
via reddit http://ift.tt/2oMBLI3
Ars Technica
23,000 HTTPS certificates axed after CEO emails private keys
Flap that goes public renews troubling questions about issuance of certificates.
High Security Padlock
http://ift.tt/2HYDCCk
Submitted March 03, 2018 at 03:00PM by katieralston70
via reddit http://ift.tt/2oMKkme
http://ift.tt/2HYDCCk
Submitted March 03, 2018 at 03:00PM by katieralston70
via reddit http://ift.tt/2oMKkme
Citysafeuk
High Security Padlocks Online | Buy Squire CP60 Combi Padlock
High security Squire CP60 Combi Padlock is re-codable so you can choose your own code. It comes with an 10mm diameter hardened steel shackle.
Upgrading security cameras
Currently I am upgrading our security system and cameras come first. We currently have a 16 channel nvr that is outdated and barely works so here are my questionsIs there an nvr out there that is affordable that can utilize more than just one brand?I have blue iris software that I could use but I’m not sure it’s cost effective to build a computer for this or better to go with an nvr.Should I just stick to one brand? If so, I’d amcrest going to be around a while? Reolink? What brand will allow me to not get stuck 4 years later being outdated and unable to expand?Amcrest makes a 32 channel nvr that is cheap. Are they a good brand?I am open to whatever suggestions. I currently have an outdated interlogix system with 16 poe 1mp cameras. I upgraded to blue iris software thinking I could expand that way because the program can use any poe camera. Unfortunately my computer (16gb ram, i7-4900 processor, with he graphics card and 4tb nas) can’t keep up with the recording process.Any advice?
Submitted March 03, 2018 at 08:20PM by jeffers049
via reddit http://ift.tt/2FaLoau
Currently I am upgrading our security system and cameras come first. We currently have a 16 channel nvr that is outdated and barely works so here are my questionsIs there an nvr out there that is affordable that can utilize more than just one brand?I have blue iris software that I could use but I’m not sure it’s cost effective to build a computer for this or better to go with an nvr.Should I just stick to one brand? If so, I’d amcrest going to be around a while? Reolink? What brand will allow me to not get stuck 4 years later being outdated and unable to expand?Amcrest makes a 32 channel nvr that is cheap. Are they a good brand?I am open to whatever suggestions. I currently have an outdated interlogix system with 16 poe 1mp cameras. I upgraded to blue iris software thinking I could expand that way because the program can use any poe camera. Unfortunately my computer (16gb ram, i7-4900 processor, with he graphics card and 4tb nas) can’t keep up with the recording process.Any advice?
Submitted March 03, 2018 at 08:20PM by jeffers049
via reddit http://ift.tt/2FaLoau
reddit
Upgrading security cameras • r/security
Currently I am upgrading our security system and cameras come first. We currently have a 16 channel nvr that is outdated and barely works so here...
Hacking into NET router for fun and profit [FULL DISCLOSURE]
http://ift.tt/2FjGVWg
Submitted March 03, 2018 at 09:45PM by mthbernardes
via reddit http://ift.tt/2F7U5Xg
http://ift.tt/2FjGVWg
Submitted March 03, 2018 at 09:45PM by mthbernardes
via reddit http://ift.tt/2F7U5Xg
mthbernardes.github.io
Gambler - Hacking and other stuffs
Posts about hacking, coding and other stuffs