I want to become a security pentester or similar but I need help
Back in the days around 2000, I did have experience doing some pentesting but not really deep. I used Nessus to do the assessment. I visited some tutorial sites to learn how to conduct vulnerability testing against a web server like directory traversal. I'm so rusty now. I'd like to move back to security field again. I would like to ask you if you can provide me with great urls that I can read about security. Also few weeks ago, I started learning assembly language since I also want to be able to reverse engineer malwares.
Also, I'd like to prepare myself for an interview. I'm sure there are tons of new terminologies now. Today I heard CSIRT and I was like "what is that, lol". I just learned it few seconds ago since I saw a post here Episode 185 :)
Thank you so much in advance!
Submitted March 08, 2018 at 01:13PM by Oxffff0000
via reddit http://ift.tt/2IcIZhA
Back in the days around 2000, I did have experience doing some pentesting but not really deep. I used Nessus to do the assessment. I visited some tutorial sites to learn how to conduct vulnerability testing against a web server like directory traversal. I'm so rusty now. I'd like to move back to security field again. I would like to ask you if you can provide me with great urls that I can read about security. Also few weeks ago, I started learning assembly language since I also want to be able to reverse engineer malwares.
Also, I'd like to prepare myself for an interview. I'm sure there are tons of new terminologies now. Today I heard CSIRT and I was like "what is that, lol". I just learned it few seconds ago since I saw a post here Episode 185 :)
Thank you so much in advance!
Submitted March 08, 2018 at 01:13PM by Oxffff0000
via reddit http://ift.tt/2IcIZhA
reddit
I want to become a security pentester or similar but... • r/security
Back in the days around 2000, I did have experience doing some pentesting but not really deep. I used Nessus to do the assessment. I visited some...
Where do you save your backup/recovery codes for apps/websites that use 2FA?
Hopefully this is the right place to post this question. I've recently become more active in making sure all of the apps/website I use have 2FA enabled and I know I should definitely save those recovery codes in case I lose my phone somehow.I wanted to see where/how everyone else is saving these codes. :)
Submitted March 08, 2018 at 03:43PM by cellojones2204
via reddit http://ift.tt/2FrXKLl
Hopefully this is the right place to post this question. I've recently become more active in making sure all of the apps/website I use have 2FA enabled and I know I should definitely save those recovery codes in case I lose my phone somehow.I wanted to see where/how everyone else is saving these codes. :)
Submitted March 08, 2018 at 03:43PM by cellojones2204
via reddit http://ift.tt/2FrXKLl
reddit
Where do you save your backup/recovery codes for... • r/security
Hopefully this is the right place to post this question. I've recently become more active in making sure all of the apps/website I use have 2FA...
EclecticIQ Analysis: Trend in Android Trojans Targeting the Middle East
http://ift.tt/2FnmGDT
Submitted March 08, 2018 at 03:00PM by EclecticIQ
via reddit http://ift.tt/2tmK8iU
http://ift.tt/2FnmGDT
Submitted March 08, 2018 at 03:00PM by EclecticIQ
via reddit http://ift.tt/2tmK8iU
EclecticIQ
EclecticIQ Analysis: Trend in Android Trojans Targeting the Middle East
There have been numerous instances of Android Trojans being used for espionage purposes targeting users in the Middle East in recent months. The highest profile of these include; FrozenCell, GnatSpy, AnubisSpy, Pallas and Tempting Cedar.
Ethereum (Solidity) security bugs (and fixes) demonstrated in Truffle unit tests
http://ift.tt/2FszPeZ
Submitted March 08, 2018 at 02:48PM by fergarrui
via reddit http://ift.tt/2G3obIt
http://ift.tt/2FszPeZ
Submitted March 08, 2018 at 02:48PM by fergarrui
via reddit http://ift.tt/2G3obIt
GitHub
fergarrui/ethereum-security
ethereum-security - Security issues in Ethereum demonstrated in mocha tests. The fix is also demonstrated
I see this laptop sitting unlocked for 30+ minutes by the entrance, and when I tell the staff that someone’s left their laptop, they say it’s their managers. This is a major U.K. chain.
http://ift.tt/2FyQh0C
Submitted March 08, 2018 at 04:35PM by po30555
via reddit http://ift.tt/2HhqgzQ
http://ift.tt/2FyQh0C
Submitted March 08, 2018 at 04:35PM by po30555
via reddit http://ift.tt/2HhqgzQ
AppBandit (Proxy) Public Beta
http://ift.tt/2FtyIik
Submitted March 08, 2018 at 04:22PM by _pdp_
via reddit http://ift.tt/2FAaNOh
http://ift.tt/2FtyIik
Submitted March 08, 2018 at 04:22PM by _pdp_
via reddit http://ift.tt/2FAaNOh
Websecurify
Landing AppBandit Public BETA
We are very excited to announce the public beta release of our latest tool we fondly call AppBandit, or AB (as in AB Proxy) for short. AppBandit is an intercepting security-enhanced proxy built on top of our existing technology stack you are already familiar…
Corero Network discovered a Kill Switch for Memcached DDoS attacks
http://ift.tt/2FBBTVh
Submitted March 08, 2018 at 03:54PM by CasperVPN
via reddit http://ift.tt/2G3GYDv
http://ift.tt/2FBBTVh
Submitted March 08, 2018 at 03:54PM by CasperVPN
via reddit http://ift.tt/2G3GYDv
Security Affairs
Corero Network discovered a Kill Switch for Memcached DDoS attacks
Corero network security discovers a “kill switch” for memcached DDoS attacks and also reveals memcached exploit can be used to steal or corrupt data
Domains Running Cryptocurrency Mining Scripts Surge 725 Percent
http://ift.tt/2ttamAG
Submitted March 08, 2018 at 05:45PM by alessiodelv
via reddit http://ift.tt/2tpTU3X
http://ift.tt/2ttamAG
Submitted March 08, 2018 at 05:45PM by alessiodelv
via reddit http://ift.tt/2tpTU3X
Bitcoin News
Domains Running Cryptocurrency Mining Scripts Surge 725 Percent
The number of domains with cryptocurrency mining noscripts installed has skyrocketed 725% in four months, according to a security firm’s research. Approximately 2.7 million users were attacked by malicious crypto miners last year, with the most successful cybercriminals…
Business Security Automation Solutions
http://ift.tt/2oTiYeX
Submitted March 08, 2018 at 05:36PM by Martinabonn
via reddit http://ift.tt/2tpTUkt
http://ift.tt/2oTiYeX
Submitted March 08, 2018 at 05:36PM by Martinabonn
via reddit http://ift.tt/2tpTUkt
Atlanticsmarthomes
New Brunswick and Newfoundland #1 Security System | 877-742-9954 | Fluent Authorized Dealer
Make your home a smart home with Fluent's complete security and automation solutions. Shop now and save big! Call 877-742-9954
Trustico Update: 19K Compromised Private Keys Still Exposed
http://ift.tt/2oTwpvB
Submitted March 08, 2018 at 05:31PM by boraboradt
via reddit http://ift.tt/2tpTUAZ
http://ift.tt/2oTwpvB
Submitted March 08, 2018 at 05:31PM by boraboradt
via reddit http://ift.tt/2tpTUAZ
Best Quality Home Security Cameras and Systems
http://ift.tt/2D87ubT
Submitted March 08, 2018 at 06:16PM by Martinabonn
via reddit http://ift.tt/2G7YVRe
http://ift.tt/2D87ubT
Submitted March 08, 2018 at 06:16PM by Martinabonn
via reddit http://ift.tt/2G7YVRe
Nvs-Secured
Barrie Ontario Smart Business Security Systems | 647-953-5545 | Fluent Authorized Dealer
Stay connected to your business with Fluent's smart security and automation systems.
Security In 5: Episode 190 - Email Is Still Your Company's Weakest Link
http://ift.tt/2DbZJ4A
Submitted March 08, 2018 at 07:33PM by BinaryBlog
via reddit http://ift.tt/2GaDnDX
http://ift.tt/2DbZJ4A
Submitted March 08, 2018 at 07:33PM by BinaryBlog
via reddit http://ift.tt/2GaDnDX
Libsyn
Security In Five Podcast: Episode 190 - Email Is Still Your Company's Weakest Link
This shouldn't be a shock but email stinks. It's one of the biggest security threats to your company. You may have filters on the messages but you have thousands of untrained people bringing in potential threats to the company. This episode goes into email…
Justifying Security Spend, a Response
https://www.youtube.com/watch?v=s8RrLtj8oBA&t=1s
Submitted March 08, 2018 at 07:26PM by Uminekoshi
via reddit http://ift.tt/2D983SM
https://www.youtube.com/watch?v=s8RrLtj8oBA&t=1s
Submitted March 08, 2018 at 07:26PM by Uminekoshi
via reddit http://ift.tt/2D983SM
YouTube
Justifying Security Spend, a Response from Nehemiah Security: Part 1
In this video, Jerry Caponera responds to an entry in our eBook about "7 Experts on Justifying Security Spend" written by Surinder Lall. If your friend was p...
How to secure communications on your smartphone
http://ift.tt/2FlzKh5
Submitted March 08, 2018 at 08:25PM by LoiSmuts
via reddit http://ift.tt/2FpOtDK
http://ift.tt/2FlzKh5
Submitted March 08, 2018 at 08:25PM by LoiSmuts
via reddit http://ift.tt/2FpOtDK
Punch Newspapers
How to secure communications on your smartphone
Due to the overnight success of smartphones, millions of people are connecting with others. Most of this communication is happening in the open where any hacker can intercept and share in the discu...
Hardcoded password and Java deserialization flaws found in Cisco products
http://ift.tt/2Fsqqnw
Submitted March 08, 2018 at 08:06PM by CasperVPN
via reddit http://ift.tt/2twen7m
http://ift.tt/2Fsqqnw
Submitted March 08, 2018 at 08:06PM by CasperVPN
via reddit http://ift.tt/2twen7m
Security Affairs
Hardcoded password and Java deserialization flaw found in Cisco products
The set of security updates recently released by Cisco also includes two advisories for critical vulnerabilities, a hardcoded password, and a Java deserialization flaw.
Malware: LokiBot malware is actively being distributed via a spam email campaign in the UK.
http://ift.tt/2tnmOS8
Submitted March 08, 2018 at 08:20PM by EclecticIQ
via reddit http://ift.tt/2oT6Pqh
http://ift.tt/2tnmOS8
Submitted March 08, 2018 at 08:20PM by EclecticIQ
via reddit http://ift.tt/2oT6Pqh
EclecticIQ
Large Lokibot Malspam Campaign Hitting The UK
Malware: LokiBot malware is actively being distributed via a spam email campaign in the UK.
Phishing done right with a little help from the banks
http://ift.tt/2HiJzsJ
Submitted March 08, 2018 at 09:49PM by jekapats
via reddit http://ift.tt/2DaweAn
http://ift.tt/2HiJzsJ
Submitted March 08, 2018 at 09:49PM by jekapats
via reddit http://ift.tt/2DaweAn
PhishAI
With a Little Help From The Banks | PhishAI
In this post, I’ll analyse a phishing attack we recently encountered in the wild targeting NAB (National Australia Bank) implementing two phishing techniques: “The Phishing Collage” (you can read about it in a previous post) and a new technique we … Read…
Hunting for Insider Threats: Using Activity Modeling to Detect Suspicious Database Commands and Access Patterns
http://ift.tt/2Fmmc4d
Submitted March 08, 2018 at 08:48PM by whitehattracker
via reddit http://ift.tt/2Fm86AB
http://ift.tt/2Fmmc4d
Submitted March 08, 2018 at 08:48PM by whitehattracker
via reddit http://ift.tt/2Fm86AB
Blog | Imperva
Hunting for Insider Threats: Using Activity Modeling to Detect Suspicious Database Commands and Access Patterns
Common practices insiders use to infiltrate databases and introduce new detection techniques developed to detect suspicious database commands and access patterns.
Does SSL prevent or help with DDoS and other attacks?
We are running a media website with 20.000 daily visitors. Quite often we are attacked with DDoS and other nasty things. Currently we don't have SSL installed. Could somebody please confirm, will SSL help to mitigate any attacks and will it be useful for us?
Submitted March 08, 2018 at 08:37PM by vadikcoma
via reddit http://ift.tt/2HiR8iS
We are running a media website with 20.000 daily visitors. Quite often we are attacked with DDoS and other nasty things. Currently we don't have SSL installed. Could somebody please confirm, will SSL help to mitigate any attacks and will it be useful for us?
Submitted March 08, 2018 at 08:37PM by vadikcoma
via reddit http://ift.tt/2HiR8iS
reddit
Does SSL prevent or help with DDoS and other attacks? • r/security
We are running a media website with 20.000 daily visitors. Quite often we are attacked with DDoS and other nasty things. Currently we don't have...
Windows AD/ MIT Kerberos password policy project. Full Source provided, supports blocking on similar previous and breached password lists (ordered md5,sha1,sha256,etc).
http://ift.tt/2Dan86F
Submitted March 08, 2018 at 10:45PM by gizzardbus
via reddit http://ift.tt/2FDKlTO
http://ift.tt/2Dan86F
Submitted March 08, 2018 at 10:45PM by gizzardbus
via reddit http://ift.tt/2FDKlTO
GitHub
CboeSecurity/password_pwncheck
password_pwncheck - Kerberos / Windows AD / Linux PAM password change check against breached lists (HIBP), and other rules
A House of Cards: An Exploration of Security When Building Docker Containers
http://ift.tt/2FD8J8f
Submitted March 08, 2018 at 11:08PM by cji
via reddit http://ift.tt/2FyGLdR
http://ift.tt/2FD8J8f
Submitted March 08, 2018 at 11:08PM by cji
via reddit http://ift.tt/2FyGLdR
Heroku
A House of Cards: An Exploration of Security When Building Docker Containers
Docker likely features somewhere in your CI pipeline. We examine some pitfalls that could lead to security vulnerabilities in these build environments.