Request for OSWE Alternative or Similar Certification
With regards to how well accepted the OSCP is, how does the OSWE rank? Are there any similiar certifications to this one? Problem being one has to attend Blackhat, to attend an on-premise course to achieve it. This is quite some money you have to throw at this if you are from somewhere else than the US.
Submitted March 20, 2018 at 01:17PM by droptableuserme
via reddit http://ift.tt/2FN3WSn
With regards to how well accepted the OSCP is, how does the OSWE rank? Are there any similiar certifications to this one? Problem being one has to attend Blackhat, to attend an on-premise course to achieve it. This is quite some money you have to throw at this if you are from somewhere else than the US.
Submitted March 20, 2018 at 01:17PM by droptableuserme
via reddit http://ift.tt/2FN3WSn
reddit
Request for OSWE Alternative or Similar Certification • r/security
With regards to how well accepted the OSCP is, how does the OSWE rank? Are there any similiar certifications to this one? Problem being one has to...
De-obfuscating Jump Chains with Binary Ninja
http://ift.tt/2pqH9kt
Submitted March 20, 2018 at 02:45PM by _cacao
via reddit http://ift.tt/2prusWC
http://ift.tt/2pqH9kt
Submitted March 20, 2018 at 02:45PM by _cacao
via reddit http://ift.tt/2prusWC
This is Security :: by Stormshield
De-obfuscating Jump Chains with Binary Ninja - This is Security :: by Stormshield
Malware authors uses extensive obfuscation techniques such as packing, junk code insertion, opaque predicates to harden malware analysis. Binary ninja has recently released a plugin to remove opaque predicates – that is, branch paths that are never taken.…
How not to store user passwords
http://ift.tt/2G9RTy3
Submitted March 20, 2018 at 02:57PM by pavs
via reddit http://ift.tt/2FWoyUq
http://ift.tt/2G9RTy3
Submitted March 20, 2018 at 02:57PM by pavs
via reddit http://ift.tt/2FWoyUq
Slashgeek
How not to store user passwords > Slashgeek
If you are running a Web App and you are storing user passwords, it is very easy to get things horribly wrong, it’s better to use third-party sign-in services like Facebook, Twitter or Google. In my experience, I have seen a lot of Web-Apps and Services going…
Facebook's head of security Alex Stamos 'leaving over fake news'
http://ift.tt/2prlkBo
Submitted March 20, 2018 at 03:19PM by Bastet1
via reddit http://ift.tt/2FXFWIB
http://ift.tt/2prlkBo
Submitted March 20, 2018 at 03:19PM by Bastet1
via reddit http://ift.tt/2FXFWIB
Mail Online
Facebook's head of security Alex Stamos 'leaving over fake news'
The social media company has already taken away Stamos' responsibilities to counter government-sponsored disinformation, the source said.
Hackers can attack older IoT devices and Home gadgets
http://ift.tt/2DGQ06G
Submitted March 20, 2018 at 03:40PM by anonywise
via reddit http://ift.tt/2ppjz8i
http://ift.tt/2DGQ06G
Submitted March 20, 2018 at 03:40PM by anonywise
via reddit http://ift.tt/2ppjz8i
Anonywise
Hackers can attack older IoT devices and Home gadgets! - Anonywise
In short: Older IoT devices and home gadgets can be the targets for hackers, as many such devices were compromised in recent past, that may even sound like creepy as the world is moving towards the Internet of Things. Hackers can leverage numerous such devices…
Using certutil through a MSSQL injection to exfiltrate command outputs
http://ift.tt/2tZPKAg
Submitted March 20, 2018 at 04:17PM by gid0rah
via reddit http://ift.tt/2GbQ9EF
http://ift.tt/2tZPKAg
Submitted March 20, 2018 at 04:17PM by gid0rah
via reddit http://ift.tt/2GbQ9EF
Tarlogic Security - Cyber Security and Ethical hacking
Red Team Tales 0x01: From MSSQL to RCE
Introduction
In a Red Team operation, a perimeter asset vulnerable to SQL Injection was identified. Through this vulnerability it was possible to execute commands on the server, requiring an unusual tactic to achieve the exfiltration of the output of the…
In a Red Team operation, a perimeter asset vulnerable to SQL Injection was identified. Through this vulnerability it was possible to execute commands on the server, requiring an unusual tactic to achieve the exfiltration of the output of the…
Free SSL cert search and analysis platform. Interesting stuff!
http://ift.tt/2FV0jpG
Submitted March 20, 2018 at 04:04PM by xrna
via reddit http://ift.tt/2G5GGOT
http://ift.tt/2FV0jpG
Submitted March 20, 2018 at 04:04PM by xrna
via reddit http://ift.tt/2G5GGOT
Cyber Sins Security Blog
Wow! CertDB is a free SSL certificate search engine and analysis platform
How many times have you stumbled on the SSL certificate, and the only things that you cared about were Common Name (CN), DNS Names, Dates (issue and expiry)? Do you know SSL certificate can speak so much about you/ your firm? It can tell stories and motives;…
Remote heap corruption in the Linux kernel: memory corruption in ncp_read_kernel()
http://ift.tt/2DHgCEx
Submitted March 20, 2018 at 03:53PM by horstenkoetter
via reddit http://ift.tt/2ppJhJR
http://ift.tt/2DHgCEx
Submitted March 20, 2018 at 03:53PM by horstenkoetter
via reddit http://ift.tt/2ppJhJR
Free SSL cert search and analysis platform. Interesting stuff!
http://ift.tt/2FV0jpG
Submitted March 20, 2018 at 04:22PM by xrna
via reddit http://ift.tt/2G5v9zc
http://ift.tt/2FV0jpG
Submitted March 20, 2018 at 04:22PM by xrna
via reddit http://ift.tt/2G5v9zc
Cyber Sins Security Blog
Wow! CertDB is a free SSL certificate search engine and analysis platform
How many times have you stumbled on the SSL certificate, and the only things that you cared about were Common Name (CN), DNS Names, Dates (issue and expiry)? Do you know SSL certificate can speak so much about you/ your firm? It can tell stories and motives;…
Could Defense in Depth concpet Work for IoT Security?
http://ift.tt/2pptr24
Submitted March 20, 2018 at 04:49PM by Iot_Security
via reddit http://ift.tt/2DGxqf2
http://ift.tt/2pptr24
Submitted March 20, 2018 at 04:49PM by Iot_Security
via reddit http://ift.tt/2DGxqf2
SecuriThings
Could “Defense in Depth” Work for IoT Security?
When the masses start to use industry terminology, things have clearly gone mainstream. IoT is now mainstream, and there is no turning back. But, is security ready to move ahead at the speed of [...]
Razer keyboard software
Just got a razer keyboard and am hesitant on installing the customisation software in fear of it being comprised and turned into a keylogger. As an attack vector this would make sense.Am I being rational or is all of the above completely insane ?
Submitted March 20, 2018 at 05:10PM by Nickh898
via reddit http://ift.tt/2FQHfNu
Just got a razer keyboard and am hesitant on installing the customisation software in fear of it being comprised and turned into a keylogger. As an attack vector this would make sense.Am I being rational or is all of the above completely insane ?
Submitted March 20, 2018 at 05:10PM by Nickh898
via reddit http://ift.tt/2FQHfNu
reddit
Razer keyboard software • r/security
Just got a razer keyboard and am hesitant on installing the customisation software in fear of it being comprised and turned into a keylogger. As...
Create your own Private Botnet with ProxyDock!
http://ift.tt/2u6xJjL
Submitted March 20, 2018 at 05:54PM by Evil1337
via reddit http://ift.tt/2FOt3EC
http://ift.tt/2u6xJjL
Submitted March 20, 2018 at 05:54PM by Evil1337
via reddit http://ift.tt/2FOt3EC
Security In 5: Episode 198 - Mini-Series Top 10 Reason To Pen-Test - 1 - Meet Security Regulations
http://ift.tt/2HOERD8
Submitted March 20, 2018 at 06:36PM by BinaryBlog
via reddit http://ift.tt/2GJRO1K
http://ift.tt/2HOERD8
Submitted March 20, 2018 at 06:36PM by BinaryBlog
via reddit http://ift.tt/2GJRO1K
Libsyn
Security In Five Podcast: Episode 198 - Mini-Series Top 10 Reason To Pen-Test - 1 - Meet Security Regulations
This is the first episode of a ten episode mini-series, Why You Should Be Pen-Testing your apps. The first episode talk about how pent-tests can help you meet security regulation requirements. Be aware, be safe. ------------------------------------ Website…
Breaking the Ledger Security Model
http://ift.tt/2FKrTK6
Submitted March 20, 2018 at 06:41PM by vamediah
via reddit http://ift.tt/2DGUCcQ
http://ift.tt/2FKrTK6
Submitted March 20, 2018 at 06:41PM by vamediah
via reddit http://ift.tt/2DGUCcQ
Saleem Rashid
Breaking the Ledger Security Model
In this post, I’m going to discuss a vulnerability I discovered in Ledger hardware wallets. The vulnerability arose due to Ledger’s use of a custom architecture to work around many of the limitations of their Secure Element.
Telegram App Under The Gun In Russia After Supreme Court Ruling.
http://ift.tt/2pvtYin
Submitted March 20, 2018 at 08:03PM by RollingTorpedo
via reddit http://ift.tt/2IBUGi1
http://ift.tt/2pvtYin
Submitted March 20, 2018 at 08:03PM by RollingTorpedo
via reddit http://ift.tt/2IBUGi1
RadioFreeEurope/RadioLiberty
Telegram App Under The Gun In Russia After Supreme Court Ruling
Telegram could potentially be blocked in Russia after the Supreme Court ruled that the popular app must provide the Federal Security Service (FSB) with encryption keys needed to read users' messaging data.
Researchers Show How Popular Text Editors Can Be Attacked Via Third-Party Plugins
http://ift.tt/2u1sJge
Submitted March 20, 2018 at 07:44PM by volci
via reddit http://ift.tt/2psNJXz
http://ift.tt/2u1sJge
Submitted March 20, 2018 at 07:44PM by volci
via reddit http://ift.tt/2psNJXz
Threatpost | The first stop for security news
Researchers Show How Popular Text Editors Can Be Attacked Via Third-Party Plugins
Security risk in extensible text editors enable hackers to abuse plugins and escalate privileges.
Security review of the Vilfo VPN router finds severe issues
http://ift.tt/2FXYU1B
Submitted March 20, 2018 at 07:48PM by Aeyoun
via reddit http://ift.tt/2ppVPjO
http://ift.tt/2FXYU1B
Submitted March 20, 2018 at 07:48PM by Aeyoun
via reddit http://ift.tt/2ppVPjO
Ctrl blog
Vilfo VPN router review: Not designed for security or privacy – Part 3/4
The Vilfo VPN router is built by a Swedish company and is going on the market just a month before the General Data Protection Regulation (GDPR) comes into effect. Anyone…
5 surefire cloud security certifications to boost your career (and your paycheck): They did the math
http://ift.tt/2GMI9rq
Submitted March 20, 2018 at 10:08PM by yourbasicgeek
via reddit http://ift.tt/2FOPiKF
http://ift.tt/2GMI9rq
Submitted March 20, 2018 at 10:08PM by yourbasicgeek
via reddit http://ift.tt/2FOPiKF
2FA Best Practices: Why you shouldn’t use Google Authenticator and what to use instead
http://ift.tt/2u5GieG
Submitted March 20, 2018 at 09:07PM by ddusko
via reddit http://ift.tt/2GPTozq
http://ift.tt/2u5GieG
Submitted March 20, 2018 at 09:07PM by ddusko
via reddit http://ift.tt/2GPTozq
Medium
Securing Your Accounts With Two-Factor Authentication (2FA)
Why a password is not enough, why you shouldn’t use Google Authenticator and what to use instead
6 tricky obstacles security teams face in GDPR compliance
http://ift.tt/2HKgS84
Submitted March 20, 2018 at 09:05PM by CrankyBear
via reddit http://ift.tt/2u2Xl0X
http://ift.tt/2HKgS84
Submitted March 20, 2018 at 09:05PM by CrankyBear
via reddit http://ift.tt/2u2Xl0X
Security Boulevard
6 tricky obstacles security teams face in GDPR compliance
The EU’s GDPR data privacy regulation takes effect May 25 and it’s chock full of hurdles for security teams. Here are six tricky ones to watch out for.
Implications and Mitigation Strategies When You Lose Your End-Entity PKI
http://ift.tt/2HMajCb
Submitted March 20, 2018 at 11:56PM by BillyPricePgh
via reddit http://ift.tt/2FNYE9w
http://ift.tt/2HMajCb
Submitted March 20, 2018 at 11:56PM by BillyPricePgh
via reddit http://ift.tt/2FNYE9w
insights.sei.cmu.edu
Implications and Mitigation Strategies for the Loss of End-Entity Private Keys
This post is co-authored by Thomas Scanlon. When a private key in a public-key infrastructure (PKI) environment is lost or stolen, compromised end-entity certificates can be used to impersonate a principal (a singular and identifiable logical or physical…