This is a walkthrough of Kioptrix Level 1.1 from Vulnhub.com. In this walkthrough I use SQL injection and a kernel exploit to root this vulnerable machine. This is one of many vms I worked on while studying for the OSCP.
http://ift.tt/2wj53j6
Submitted September 11, 2017 at 04:27AM by InfoSecJim
via reddit http://ift.tt/2wTmf0y
http://ift.tt/2wj53j6
Submitted September 11, 2017 at 04:27AM by InfoSecJim
via reddit http://ift.tt/2wTmf0y
Jim Wilbur's Blog
Kioptrix: Level 1.1 Walkthrough – Vulnhub - Jim Wilbur's Blog
Kioptrix Level 1.1 Walkthrough from Vulnhub.com. In this walkthrough I take advantage of SQLi and a kernel exploit. Kioptrix Level 1.2 coming soon
How to protect yourself from the Equifax hack
http://ift.tt/2xWQO5y
Submitted September 11, 2017 at 05:59AM by rhinoplzno
via reddit http://ift.tt/2eXLpa5
http://ift.tt/2xWQO5y
Submitted September 11, 2017 at 05:59AM by rhinoplzno
via reddit http://ift.tt/2eXLpa5
Medium
How To Protect Yourself From The Equifax Hack
Equifax, one of the nation’s three major credit reporting agencies, has reported a massive hack potentially exposing the sensitive personal…
Equifax Data Breach - i24News
http://ift.tt/2jfCEcu
Submitted September 11, 2017 at 01:16PM by Skellem
via reddit http://ift.tt/2xf5NKm
http://ift.tt/2jfCEcu
Submitted September 11, 2017 at 01:16PM by Skellem
via reddit http://ift.tt/2xf5NKm
Mazebolt
Live on i24 MazeBolt CEO: Equifax Data Breach
Matthew Andriani hosted on i24
Found this pearl of wisdom on redhat's documentation regarding password policy. "consider a variation of a word, such as a1rPl4nE for airplane. "
http://ift.tt/2wjBqy9
Submitted September 11, 2017 at 01:57PM by meeds122
via reddit http://ift.tt/2xq0lFk
http://ift.tt/2wjBqy9
Submitted September 11, 2017 at 01:57PM by meeds122
via reddit http://ift.tt/2xq0lFk
Why do you need a strong Data Protection Policy for your website?
http://ift.tt/2xZzL2T
Submitted September 11, 2017 at 05:49PM by designdirect123
via reddit http://ift.tt/2wUTJxv
http://ift.tt/2xZzL2T
Submitted September 11, 2017 at 05:49PM by designdirect123
via reddit http://ift.tt/2wUTJxv
Designdirectuk
Why do you need a strong Data Protection Policy for your website?
strong Data Protection Policy, website,
A Method for Web Security Policies
http://ift.tt/2xoV3tA
Submitted September 11, 2017 at 07:00PM by benichmt1
via reddit http://ift.tt/2ePSyVY
http://ift.tt/2xoV3tA
Submitted September 11, 2017 at 07:00PM by benichmt1
via reddit http://ift.tt/2ePSyVY
datatracker.ietf.org
draft-foudil-securitytxt-00 - A Method for Web Security Policies
A Method for Web Security Policies (Internet-Draft, 2017)
BSidesCHS 2016: "Shellcoding basics" - Max Harley
http://ift.tt/2eZYuQ7
Submitted September 11, 2017 at 07:33PM by iamhabibone
via reddit http://ift.tt/2wSnfoj
http://ift.tt/2eZYuQ7
Submitted September 11, 2017 at 07:33PM by iamhabibone
via reddit http://ift.tt/2wSnfoj
IAMHABIB.NET
[Video] BSidesCHS 2016: "Shellcoding basics" - Max Harley - IAMHABIB.NET
IAMHABIB.NET is the videos tube site on Hacking, Security, Reverse Engineering and Social Engineeering
How can decentralised storage models prevent massive data breaches?
http://ift.tt/2jizHrO
Submitted September 11, 2017 at 09:16PM by milly1993
via reddit http://ift.tt/2fd3TjJ
http://ift.tt/2jizHrO
Submitted September 11, 2017 at 09:16PM by milly1993
via reddit http://ift.tt/2fd3TjJ
Medium
How can decentralised storage models prevent massive data breaches?
Is India’s biometric database a massive achievement or a dystopian nightmare? Can blockchain technology transform the security industry?
Triaging Java JAR Malware
http://ift.tt/2jiRBKX
Submitted September 11, 2017 at 10:40PM by majorllama
via reddit http://ift.tt/2gY9MRX
http://ift.tt/2jiRBKX
Submitted September 11, 2017 at 10:40PM by majorllama
via reddit http://ift.tt/2gY9MRX
Ringzerolabs
Triaging Java JAR Files
Today we show how to quickly triage Java JAR files with a free and straightforward Java decompiler.
Improve Your Security Online —The Essential Data Protection Guide
http://ift.tt/2w0YE0V
Submitted September 11, 2017 at 09:56PM by Krikrikris
via reddit http://ift.tt/2wSbOgb
http://ift.tt/2w0YE0V
Submitted September 11, 2017 at 09:56PM by Krikrikris
via reddit http://ift.tt/2wSbOgb
StopAd Blog
Improve Your Security Online —The Essential Data Protection Guide
Data protection are increasingly important in tech-savvy world. Learn the latest essentials of online security with valuable data protection tools and tips.
Chrome's Plan to Distrust Symantec Certificates
http://ift.tt/2eQ2xKQ
Submitted September 12, 2017 at 04:15AM by grepnork
via reddit http://ift.tt/2gZPPtQ
http://ift.tt/2eQ2xKQ
Submitted September 12, 2017 at 04:15AM by grepnork
via reddit http://ift.tt/2gZPPtQ
Google Online Security Blog
Chrome’s Plan to Distrust Symantec Certificates
Posted by Devon O’Brien, Ryan Sleevi, Andrew Whalley, Chrome Security This post is a broader announcement of plans already finalized on t...
Windows Event Forwarding for Network Defense – Palantir – Medium
http://ift.tt/2jkKIcj
Submitted September 12, 2017 at 04:14AM by jeffmcjunkin
via reddit http://ift.tt/2w2nY6P
http://ift.tt/2jkKIcj
Submitted September 12, 2017 at 04:14AM by jeffmcjunkin
via reddit http://ift.tt/2w2nY6P
Medium
Windows Event Forwarding for Network Defense
Incident detection and response across thousands of hosts requires a deep understanding of actions and behavior across users, applications…
The IoT Attack Vector “BlueBorne” Exposes Almost Every Connected Device
http://ift.tt/2jjIolw
Submitted September 12, 2017 at 08:04PM by RandomFlotsam
via reddit http://ift.tt/2w51VMz
http://ift.tt/2jjIolw
Submitted September 12, 2017 at 08:04PM by RandomFlotsam
via reddit http://ift.tt/2w51VMz
armis
Blueborne • armis
The IoT Attack Vector “BlueBorne” Exposes Almost Every Connected Device General Overview Affected Devices Technical Overview General Overview Armis Labs revealed a new attack vector endangering major mobile, desktop, and IoT operating systems, including Android…
The CERT Guide to Coordinated Vulnerability Disclosure
http://ift.tt/2wcbKr3
Submitted September 12, 2017 at 07:15PM by ascaroth
via reddit http://ift.tt/2h2cTIC
http://ift.tt/2wcbKr3
Submitted September 12, 2017 at 07:15PM by ascaroth
via reddit http://ift.tt/2h2cTIC
insights.sei.cmu.edu
The CERT Guide to Coordinated Vulnerability Disclosure
We are happy to announce the release of the CERT® Guide to Coordinated Vulnerability Disclosure (CVD). The guide provides an introduction to the key concepts, principles, and roles necessary to establish a successful CVD process. It also provides insights…
Reverse Engineering the OBi200 Google Voice Appliance: Part 2
http://ift.tt/2h1Vi3e
Submitted September 12, 2017 at 07:13PM by rwestergren
via reddit http://ift.tt/2xuSdU5
http://ift.tt/2h1Vi3e
Submitted September 12, 2017 at 07:13PM by rwestergren
via reddit http://ift.tt/2xuSdU5
Randy Westergren
Reverse Engineering the OBi200 Google Voice Appliance: Part 2 - Randy Westergren
In part 1 of this post, I wrote about analyzing the firmware of the OBi200 and getting a root shell leveraging an existing RCE vuln. In this post, I’ll cover the process of identifying the serial port pins and connecting them to get console access to the…
BlueBorne technical paper [PDF]
http://ift.tt/2xihmRb
Submitted September 12, 2017 at 08:57PM by imr2017
via reddit http://ift.tt/2xXA9y9
http://ift.tt/2xihmRb
Submitted September 12, 2017 at 08:57PM by imr2017
via reddit http://ift.tt/2xXA9y9
Don't Delay: Replace Symantec TLS/SSL Certs Now | HIPAA
http://ift.tt/2wUPnHs
Submitted September 12, 2017 at 10:03PM by weev1
via reddit http://ift.tt/2fghzKw
http://ift.tt/2wUPnHs
Submitted September 12, 2017 at 10:03PM by weev1
via reddit http://ift.tt/2fghzKw
Healthcareinfosecurity
Don't Delay: Replace Symantec TLS/SSL Certs Now
A major operation to cleanse websites of digital certificates created under questionable circumstances is underway. Google has issued the orders: Purge digital
WannaCry, Petya and All That Is Wrong With the Cyber Security Ecosystem
http://ift.tt/2wmLXsG
Submitted September 12, 2017 at 10:13PM by weev1
via reddit http://ift.tt/2wYOpsV
http://ift.tt/2wmLXsG
Submitted September 12, 2017 at 10:13PM by weev1
via reddit http://ift.tt/2wYOpsV
Cyberint
WannaCry, Petya and All That Is Wrong With the Cyber Security Ecosystem
WannaCry and Petya, both of these attacks could have been avoided. Find out what is wrong with the cyber security ecosystem.
Today Apple forgot to talk about iOS security from the last couple years
http://ift.tt/2y3BBjm
Submitted September 13, 2017 at 01:05AM by eeeeeekssss
via reddit http://ift.tt/2w5bn2F
http://ift.tt/2y3BBjm
Submitted September 13, 2017 at 01:05AM by eeeeeekssss
via reddit http://ift.tt/2w5bn2F
TechRepublic
iOS security alert: Your device is transmitting Exchange credentials without any encryption
Every iOS device that connects to an Exchange server is vulnerable--your credentials may have already been harvested.
Are GNU/Linux systems no longer secure?
I have been reading Top secret files in Wikileaks about agencies and corporations intended to break into security systems, crack encryption systems, and hack into computers. So far I've found information where companies offer services and software to governments, where they claimed this tools can bypass GNU/Linux systems like Debian.They promote methods to bypass Log in passwords in Debian, without the need of changing the target's password. Personally I have a strong passphrase for Debian and LVM encryption, however, I wonder if they can crack a Debian log in screen even if the target has a strong passphrase.Moreover it also concerns me if our beautiful free open software is now compromised for big agencies or is being weakened for corporations like The Hacking Team, FinFisher, GammaGroup. How safe to use does GNU/Linux still?
Submitted September 13, 2017 at 01:22AM by fifth_wheel_5
via reddit http://ift.tt/2wYEnWX
I have been reading Top secret files in Wikileaks about agencies and corporations intended to break into security systems, crack encryption systems, and hack into computers. So far I've found information where companies offer services and software to governments, where they claimed this tools can bypass GNU/Linux systems like Debian.They promote methods to bypass Log in passwords in Debian, without the need of changing the target's password. Personally I have a strong passphrase for Debian and LVM encryption, however, I wonder if they can crack a Debian log in screen even if the target has a strong passphrase.Moreover it also concerns me if our beautiful free open software is now compromised for big agencies or is being weakened for corporations like The Hacking Team, FinFisher, GammaGroup. How safe to use does GNU/Linux still?
Submitted September 13, 2017 at 01:22AM by fifth_wheel_5
via reddit http://ift.tt/2wYEnWX
reddit
Are GNU/Linux systems no longer secure? • r/security
I have been reading Top secret files in Wikileaks about agencies and corporations intended to break into security systems, crack encryption...