Reverse Engineering a Self-Modifying Binary with radare2
http://ift.tt/2tO9Ux4
Submitted March 13, 2018 at 10:06PM by Megabeets
via reddit http://ift.tt/2FRDIO0
http://ift.tt/2tO9Ux4
Submitted March 13, 2018 at 10:06PM by Megabeets
via reddit http://ift.tt/2FRDIO0
Megabeets
Reversing a Self-Modifying Binary with radare2
This is how I used radare2 to solve a self-modifying binary challenge from r2con 2017. This is a radare2 tutorial for advanced users. Don't miss my series of articles for beginners.
March's Patch Tuesday update will fix a critical vulnerability in Microsoft Remote Desktop Protocol
http://ift.tt/2HwKPsv
Submitted March 13, 2018 at 10:42PM by BengaliKyd
via reddit http://ift.tt/2tOwd5o
http://ift.tt/2HwKPsv
Submitted March 13, 2018 at 10:42PM by BengaliKyd
via reddit http://ift.tt/2tOwd5o
On MSFT
March’s Patch Tuesday update will fix a critical vulnerability in Microsoft Remote Desktop Protocol
This month's Patch Tuesday update will fix a critical vulnerability in Microsoft's Remote Desktop Protocol affecting all PCs running Windows Vista and newer. The vulnerability allows attackers to exploit remote desktop and Windows remote management to run…
The Java Soothsayer: A practical application for insecure randomness (With free 0day).
http://ift.tt/2In4j3R
Submitted March 13, 2018 at 10:23PM by alex91ar
via reddit http://ift.tt/2IqnslA
http://ift.tt/2In4j3R
Submitted March 13, 2018 at 10:23PM by alex91ar
via reddit http://ift.tt/2IqnslA
Medium
The Java Soothsayer: A practical application for insecure randomness. (Includes free 0day)
As a pentester is quite usual that for several reasons one might not find as many shiny beautiful critical bugs as one might want to. Some…
Diamorphine + Hideusage fork. Kernel rootkit to spoof system load and load averages.
http://ift.tt/2HxJVMd
Submitted March 13, 2018 at 10:33PM by alex91ar
via reddit http://ift.tt/2p8j8PQ
http://ift.tt/2HxJVMd
Submitted March 13, 2018 at 10:33PM by alex91ar
via reddit http://ift.tt/2p8j8PQ
GitHub
alex91ar/Diamorphine
Diamorphine - LKM rootkit for Linux Kernels 2.6.x/3.x/4.x
Reversing a Self-Modifying Binary with radare2
http://ift.tt/2p9dxsF
Submitted March 13, 2018 at 11:37PM by TechLord2
via reddit http://ift.tt/2tLNaO4
http://ift.tt/2p9dxsF
Submitted March 13, 2018 at 11:37PM by TechLord2
via reddit http://ift.tt/2tLNaO4
Megabeets
Reversing a Self-Modifying Binary with radare2
This is how I used radare2 to solve a self-modifying binary challenge from r2con 2017. This is a radare2 tutorial for advanced users. Don't miss my series of articles for beginners.
We're Making 12 Million Sensitive URLs Available for Download
http://ift.tt/2pck6tr
Submitted March 13, 2018 at 11:33PM by cwings
via reddit http://ift.tt/2FvHLA2
http://ift.tt/2pck6tr
Submitted March 13, 2018 at 11:33PM by cwings
via reddit http://ift.tt/2FvHLA2
6 digit PINs and the usefulness of password restrictions
http://ift.tt/2tIX2YR
Submitted March 14, 2018 at 12:46AM by OrdisLux
via reddit http://ift.tt/2Gpsvlo
http://ift.tt/2tIX2YR
Submitted March 14, 2018 at 12:46AM by OrdisLux
via reddit http://ift.tt/2Gpsvlo
Medium
Response to
Last month Troy Hunt released Pwned Passwords V2, a list of 500 million hashed passwords together with how often these are used¹. I then…
Reverse engineering of Mikrotik exploit from Vault 7 CIA Leaks [Working PoC (Full Sources) and PDF Article - See Comment]
http://ift.tt/2mhlUjz
Submitted March 13, 2018 at 11:46PM by TechLord2
via reddit http://ift.tt/2DoPytM
http://ift.tt/2mhlUjz
Submitted March 13, 2018 at 11:46PM by TechLord2
via reddit http://ift.tt/2DoPytM
GitHub
BigNerd95/Chimay-Red
Chimay-Red - Working POC of Mikrotik exploit from Vault 7 CIA Leaks
Analysis of a Kubernetes hack -- Backdooring through kubelet
http://ift.tt/2GoAmzO
Submitted March 14, 2018 at 01:35AM by jc_sec
via reddit http://ift.tt/2GoP9dD
http://ift.tt/2GoAmzO
Submitted March 14, 2018 at 01:35AM by jc_sec
via reddit http://ift.tt/2GoP9dD
Medium
Analysis of a Kubernetes hack — Backdooring through kubelet
Unless you’ve been living under a rock for the past three years, you’ve probably heard about Kubernetes. At Handy, our infrastructure is…
CVE 2018-1057: Authenticated [Samba] users can change other users' password
http://ift.tt/2In1pvO
Submitted March 14, 2018 at 01:27AM by FUS_ROH_yay
via reddit http://ift.tt/2Dpkx8T
http://ift.tt/2In1pvO
Submitted March 14, 2018 at 01:27AM by FUS_ROH_yay
via reddit http://ift.tt/2Dpkx8T
OCEANLOTUS: OLD TECHNIQUES, NEW BACKDOOR [PDF]
http://ift.tt/2FDYAoA
Submitted March 13, 2018 at 11:54PM by TechLord2
via reddit http://ift.tt/2FxD74w
http://ift.tt/2FDYAoA
Submitted March 13, 2018 at 11:54PM by TechLord2
via reddit http://ift.tt/2FxD74w
Researchers Say AMD Processors Have Serious Vulnerabilities and Backdoors
http://ift.tt/2FT8mGO
Submitted March 14, 2018 at 01:36AM by TaviRider
via reddit http://ift.tt/2Hwhcr4
http://ift.tt/2FT8mGO
Submitted March 14, 2018 at 01:36AM by TaviRider
via reddit http://ift.tt/2Hwhcr4
Motherboard
Researchers Say AMD Processors Have Serious Vulnerabilities and Backdoors
Security researchers announced a series of 13 vulnerabilities within AMD’s RYZEN and EPYC processors that could make some data breaches even worse.
Let's Encrypt ACME v2 and Wildcard Certificate Support is Live!
http://ift.tt/2GoXBtF
Submitted March 13, 2018 at 10:47PM by gvarisco
via reddit http://ift.tt/2HwPE4M
http://ift.tt/2GoXBtF
Submitted March 13, 2018 at 10:47PM by gvarisco
via reddit http://ift.tt/2HwPE4M
Let's Encrypt Community Support
ACME v2 and Wildcard Certificate Support is Live
We’re pleased to announce that ACMEv2 and wildcard certificate support is live! With today’s new features we’re continuing to break down barriers for HTTPS adoption across the Web by making it even easier for every website to get and manage certificates.…
Frida 10.7 is out with full support for the Electra jailbreak on iOS 11
http://ift.tt/2InLq0T
Submitted March 14, 2018 at 02:22AM by oleavr
via reddit http://ift.tt/2pfyUYy
http://ift.tt/2InLq0T
Submitted March 14, 2018 at 02:22AM by oleavr
via reddit http://ift.tt/2pfyUYy
Visual Basic GUI: A Tool to Inject Keystrokes on a SSH Client via an X11 Forwarded Session
http://ift.tt/2pfDB4C
Submitted March 14, 2018 at 03:12AM by pergnib
via reddit http://ift.tt/2DqoEBr
http://ift.tt/2pfDB4C
Submitted March 14, 2018 at 03:12AM by pergnib
via reddit http://ift.tt/2DqoEBr
GitHub
xfee/vbg
vbg - Visual Basic GUI: A Tool to Inject Keystrokes on a SSH Client via an X11 Forwarded Session
Here's a List of 29 Different Types of USB Attacks
http://ift.tt/2pbb3ZR
Submitted March 14, 2018 at 03:55AM by Iot_Security
via reddit http://ift.tt/2p9Kjtz
http://ift.tt/2pbb3ZR
Submitted March 14, 2018 at 03:55AM by Iot_Security
via reddit http://ift.tt/2p9Kjtz
BleepingComputer
Here's a List of 29 Different Types of USB Attacks
Researchers from the Ben-Gurion University of the Negev in Israel have identified 29 ways in which attackers could use USB devices to compromise users' computers.
MWC2018 – Digital Security Roundup
http://ift.tt/2FoJ5oj
Submitted March 14, 2018 at 03:41AM by Iot_Security
via reddit http://ift.tt/2p9AbAT
http://ift.tt/2FoJ5oj
Submitted March 14, 2018 at 03:41AM by Iot_Security
via reddit http://ift.tt/2p9AbAT
Abiresearch
MWC2018 – Digital Security Roundup
Read more on ABIResearch.com
Madison Square Garden Has Used Face-Scanning Technology on Customers
http://ift.tt/2FuH2iy
Submitted March 14, 2018 at 03:40AM by NetAbel
via reddit http://ift.tt/2HvnkQk
http://ift.tt/2FuH2iy
Submitted March 14, 2018 at 03:40AM by NetAbel
via reddit http://ift.tt/2HvnkQk
Nytimes
Madison Square Garden Has Used Face-Scanning Technology on Customers
Facial-recognition systems can help bolster security, but some experts say the technology raises questions about privacy and data security.
Security In 5: Episode 193 - All Oculus Headsets Have Been Rendered Useless, A Study In Poor Certificate Management
http://ift.tt/2Hx755s
Submitted March 14, 2018 at 02:28AM by BinaryBlog
via reddit http://ift.tt/2FQrmWl
http://ift.tt/2Hx755s
Submitted March 14, 2018 at 02:28AM by BinaryBlog
via reddit http://ift.tt/2FQrmWl
Libsyn
Security In Five Podcast: Episode 193 - All Oculus Headsets Have Been Rendered Useless, A Study In Poor Certificate Management
If you own an Oculus VR headset chances are it's a useless paperweight right now. The vendor failed to update a simple certificate which is required for the headset to function. This episode goes into the study of certificate management and the downside if…
Yahoo Judge Lets Hack Victims Seek Payback for Data Breaches
http://ift.tt/2Go8rQq
Submitted March 14, 2018 at 04:06AM by NetAbel
via reddit http://ift.tt/2GoHV9H
http://ift.tt/2Go8rQq
Submitted March 14, 2018 at 04:06AM by NetAbel
via reddit http://ift.tt/2GoHV9H
Bloomberg.com
Yahoo Judge Lets Hack Victims Seek Payback for Data Breaches
Yahoo Inc. can’t escape claims that it should pay punitive damages over data breaches that left information on 3 billion customers in hackers’ hands.
Rate my security setup out of 10 🔒
Hello, i have just recently buffed my digital security across various accounts and was wondering if anyone here could have a look at what i have set up so far and tell me if there is anything i could improve on. I decided to make these updates after an attempt was made on one of my accounts. I have 3 main important accounts such as email ect accounts and 10 lesser accounts.My security is as follows:3 main accounts: 30+ character passwords comprising of different phrases and numbers/characters mixed in randomly. 2FA using either sms or authenticator app. Various devices setup. Backup recovery email address never used unless for recovery also with 2FA Backup codes setup everywhere.10+lesser accounts: 16+ character passwords same setup as above 2FA where provided Backup codes where providedIn addition: None off my passwords are the same, all are long and complex All my privacy settings for accounts are as private as possible I delete cookies and history regularly No passwords or bank details saved on websites All passwords are memorised and have them self encrypted written down in a safe in my house just incase My mobile company have verbal passwords and pin set up for customer service.Please let me know if there are any gaps in my security or if there are any areas i could improve.Cheers.
Submitted March 14, 2018 at 05:17AM by Bango-Fett
via reddit http://ift.tt/2HyYhMh
Hello, i have just recently buffed my digital security across various accounts and was wondering if anyone here could have a look at what i have set up so far and tell me if there is anything i could improve on. I decided to make these updates after an attempt was made on one of my accounts. I have 3 main important accounts such as email ect accounts and 10 lesser accounts.My security is as follows:3 main accounts: 30+ character passwords comprising of different phrases and numbers/characters mixed in randomly. 2FA using either sms or authenticator app. Various devices setup. Backup recovery email address never used unless for recovery also with 2FA Backup codes setup everywhere.10+lesser accounts: 16+ character passwords same setup as above 2FA where provided Backup codes where providedIn addition: None off my passwords are the same, all are long and complex All my privacy settings for accounts are as private as possible I delete cookies and history regularly No passwords or bank details saved on websites All passwords are memorised and have them self encrypted written down in a safe in my house just incase My mobile company have verbal passwords and pin set up for customer service.Please let me know if there are any gaps in my security or if there are any areas i could improve.Cheers.
Submitted March 14, 2018 at 05:17AM by Bango-Fett
via reddit http://ift.tt/2HyYhMh
reddit
Rate my security setup out of 10 🔒 • r/security
Hello, i have just recently buffed my digital security across various accounts and was wondering if anyone here could have a look at what i have...