SSRF (Server Side Request Forgery) testing resources
http://ift.tt/2wp6zR3
Submitted September 13, 2017 at 03:52PM by cujanovic
via reddit http://ift.tt/2xy3BhU
http://ift.tt/2wp6zR3
Submitted September 13, 2017 at 03:52PM by cujanovic
via reddit http://ift.tt/2xy3BhU
Cujanovic
SSRF (Server Side Request Forgery) testing resources - Predrag Cujanović
How to test for SSRF (Server Side Request Forgery) vulnerabilities - github repo
Handy Collaborator: a Burp Suite extension that lets you use the Collaborator tool for manual testing
http://ift.tt/2h3hD0u
Submitted September 13, 2017 at 03:35PM by 0xdea
via reddit http://ift.tt/2x0XRvU
http://ift.tt/2h3hD0u
Submitted September 13, 2017 at 03:35PM by 0xdea
via reddit http://ift.tt/2x0XRvU
CVE-2017-9805: Analysis of the Vulnerability in the Apache Struts RCE REST Plugin
http://ift.tt/2jo5aJ2
Submitted September 13, 2017 at 04:27PM by whitehattracker
via reddit http://ift.tt/2f4pRZs
http://ift.tt/2jo5aJ2
Submitted September 13, 2017 at 04:27PM by whitehattracker
via reddit http://ift.tt/2f4pRZs
Newbie question
Hi all, normally a lurker on Reddit but have a question I'm hoping someone will be able to answer.I have my work email forwarded into my personal Gmail account, bad practice but my institution allows it as I was previously a contractor with a staff account that was not always active, and that was often activated without any notification to myself.I send email from my personal account but via an email alias of my staff account. The emails appear to be sent from my staff account but only show up in the sent folder of my personal account.I've recently mistakenly sent some personal emails this way (from personal account but via the alias of my staff account).Can anyone tell me if it is common practice to store and archive all emails passing through the mail server or if this is typically done only at mailbox level? I work for a large organisation that is subject to the usual data retention policies.
Submitted September 13, 2017 at 04:26PM by bilalqayum
via reddit http://ift.tt/2jozdAn
Hi all, normally a lurker on Reddit but have a question I'm hoping someone will be able to answer.I have my work email forwarded into my personal Gmail account, bad practice but my institution allows it as I was previously a contractor with a staff account that was not always active, and that was often activated without any notification to myself.I send email from my personal account but via an email alias of my staff account. The emails appear to be sent from my staff account but only show up in the sent folder of my personal account.I've recently mistakenly sent some personal emails this way (from personal account but via the alias of my staff account).Can anyone tell me if it is common practice to store and archive all emails passing through the mail server or if this is typically done only at mailbox level? I work for a large organisation that is subject to the usual data retention policies.
Submitted September 13, 2017 at 04:26PM by bilalqayum
via reddit http://ift.tt/2jozdAn
reddit
Newbie question • r/security
Hi all, normally a lurker on Reddit but have a question I'm hoping someone will be able to answer. I have my work email forwarded into my...
Equifax blames open-source software for its record-breaking security breach
http://ift.tt/2wUuoBS
Submitted September 13, 2017 at 05:30PM by stjohns1
via reddit http://ift.tt/2w7GeLL
http://ift.tt/2wUuoBS
Submitted September 13, 2017 at 05:30PM by stjohns1
via reddit http://ift.tt/2w7GeLL
ZDNet
Equifax blames open-source software for its record-breaking security breach: Report | ZDNet
The credit rating giant claims an Apache Struts security hole was the real cause of its security breach of 143 million records. ZDNet examines the claim.
Security In 5: Episode 67 - Passing A Compliance Audit Doesn't Mean You're Secure
http://ift.tt/2x16NBo
Submitted September 13, 2017 at 06:43PM by BinaryBlog
via reddit http://ift.tt/2wpjemO
http://ift.tt/2x16NBo
Submitted September 13, 2017 at 06:43PM by BinaryBlog
via reddit http://ift.tt/2wpjemO
Libsyn
Security In Five Podcast: Episode 67 - Passing A Compliance Audit Doesn't Mean You're Secure
Compliance audits are checkbox reviews of itemized lists of things you should be doing. If you pass a compliance audit, so what? Compliant to a list doesn't mean you are any more secure nor does it mean you can stop. Compliance audits are only checking the…
Heap Exploitation :: Abusing Use-After-Free - Exploit Development
http://ift.tt/2h221Ku
Submitted September 13, 2017 at 06:37PM by Evil1337
via reddit http://ift.tt/2w8M0Nf
http://ift.tt/2h221Ku
Submitted September 13, 2017 at 06:37PM by Evil1337
via reddit http://ift.tt/2w8M0Nf
Intro To Writing Win32 Shellcode #misec for June 2017
http://ift.tt/2jmQTwl
Submitted September 13, 2017 at 07:41PM by iamhabibone
via reddit http://ift.tt/2x0Fsiy
http://ift.tt/2jmQTwl
Submitted September 13, 2017 at 07:41PM by iamhabibone
via reddit http://ift.tt/2x0Fsiy
IAMHABIB.NET
[Video] Intro To Writing Win32 Shellcode #misec for June 2017 - IAMHABIB.NET
IAMHABIB.NET is the videos tube site on Hacking, Security, Reverse Engineering and Social Engineeering
LetsEncrypt and email servers
Hi all. I wonder if you can help identify whether my colleague at work is being bullshitted by our IT contractor...The bottom line question is - is it possible to use a free LetsEncrypt SSL certificate with my company's Kerio email server or will we need to pay for an annual certificate?I have used LetsEncrypt with an automatic renewal on a linux webserver, but I don't know if it would be different in this case - a Kerio based email server, sitting on a Mac. If this is possible on this setup too, why are people in the world still paying for premium SSL certificates? I understand that one certificate is as good as the next, so what is the deal?Many thanks!
Submitted September 13, 2017 at 08:04PM by bhison
via reddit http://ift.tt/2wWNIkG
Hi all. I wonder if you can help identify whether my colleague at work is being bullshitted by our IT contractor...The bottom line question is - is it possible to use a free LetsEncrypt SSL certificate with my company's Kerio email server or will we need to pay for an annual certificate?I have used LetsEncrypt with an automatic renewal on a linux webserver, but I don't know if it would be different in this case - a Kerio based email server, sitting on a Mac. If this is possible on this setup too, why are people in the world still paying for premium SSL certificates? I understand that one certificate is as good as the next, so what is the deal?Many thanks!
Submitted September 13, 2017 at 08:04PM by bhison
via reddit http://ift.tt/2wWNIkG
letsencrypt.org
Let's Encrypt - Free SSL/TLS Certificates
Let’s Encrypt is a free, automated, and open certificate authority brought to you by the non-profit Internet Security Research Group (ISRG).
IoT Attack Vector “BlueBorne” Exposes Almost Every Connected Device
http://ift.tt/2jjIolw
Submitted September 13, 2017 at 07:43PM by Hamm3rH3ad
via reddit http://ift.tt/2f69hbv
http://ift.tt/2jjIolw
Submitted September 13, 2017 at 07:43PM by Hamm3rH3ad
via reddit http://ift.tt/2f69hbv
armis
Blueborne • armis
The IoT Attack Vector “BlueBorne” Exposes Almost Every Connected Device General Overview Affected Devices Technical Overview General Overview Armis Labs revealed a new attack vector endangering major mobile, desktop, and IoT operating systems, including Android…
Ransomware "Your Windows is Banned" Muncul Dan Minta Tebusan $50 Bitcoin
http://ift.tt/2h3kqqf
Submitted September 13, 2017 at 07:35PM by khanjadi
via reddit http://ift.tt/2wppOdc
http://ift.tt/2h3kqqf
Submitted September 13, 2017 at 07:35PM by khanjadi
via reddit http://ift.tt/2wppOdc
Mejapraktek
Ransomware "Your Windows is Banned" Muncul Dan Minta Tebusan $50 Bitcoin
Tips, Trik Dan Software Android
Yubikey NFC platform
Is they Yubikey a safe platform, specifically the one with integrated NFC? Is it possible to have the codes on the key taken because of NFC?
Submitted September 13, 2017 at 08:24PM by cancerous_176
via reddit http://ift.tt/2wpzlkB
Is they Yubikey a safe platform, specifically the one with integrated NFC? Is it possible to have the codes on the key taken because of NFC?
Submitted September 13, 2017 at 08:24PM by cancerous_176
via reddit http://ift.tt/2wpzlkB
reddit
Yubikey NFC platform • r/security
Is they Yubikey a safe platform, specifically the one with integrated NFC? Is it possible to have the codes on the key taken because of NFC?
SECUMAIL là gì mà có thể bảo mật email cho bạn?
http://ift.tt/2x1yhXk
Submitted September 13, 2017 at 08:18PM by hangcho123
via reddit http://ift.tt/2wpxa00
http://ift.tt/2x1yhXk
Submitted September 13, 2017 at 08:18PM by hangcho123
via reddit http://ift.tt/2wpxa00
Email Security: Hệ thống email bảo mật đầu tiên tại Việt Nam
SECUMAIL là gì mà có thể bảo mật email cho bạn?
Sự chủ quan của doanh nghiệp Việt Nam trong thời đại bảo mật email đã mở lối cho tin tặc tấn công vào email rất dễ dàng và gây tổn thất vô cùng to lớn
Equifax breach, what about employment verification data?
I haven't read anything concrete regarding the data that belongs to Equifax's employment verification division. If this data was potentially lost in this breach that could make this much worse than originally thought. Imagine the number of employers that have used them for employment verification and I hope they (or anyone else) doesn't have any persistent hooks into Equifax systems or networks.
Submitted September 13, 2017 at 08:54PM by Hamm3rH3ad
via reddit http://ift.tt/2y5H1u4
I haven't read anything concrete regarding the data that belongs to Equifax's employment verification division. If this data was potentially lost in this breach that could make this much worse than originally thought. Imagine the number of employers that have used them for employment verification and I hope they (or anyone else) doesn't have any persistent hooks into Equifax systems or networks.
Submitted September 13, 2017 at 08:54PM by Hamm3rH3ad
via reddit http://ift.tt/2y5H1u4
reddit
Equifax breach, what about employment verification data? • r/security
I haven't read anything concrete regarding the data that belongs to Equifax's employment verification division. If this data was potentially lost...
Email của bạn sẽ được bảo mật toàn diện với SECUMAIL
http://ift.tt/2xy11IL
Submitted September 13, 2017 at 08:46PM by hangcho123
via reddit http://ift.tt/2y5H4WM
http://ift.tt/2xy11IL
Submitted September 13, 2017 at 08:46PM by hangcho123
via reddit http://ift.tt/2y5H4WM
Email Security: Hệ thống email bảo mật đầu tiên tại Việt Nam
Email của bạn sẽ được bảo mật toàn diện với SECUMAIL
Sự phổ biến của email, hàng loạt các vấn đề liên quan đến bảo mật cũng xuất hiện. Theo đó, SECUMAIL ra đời như là giải pháp để giải quyết các vấn đề trên.
CDNs are starting to become a new way of spreading Malware in Brazil
http://ift.tt/2f6veXP
Submitted September 13, 2017 at 08:32PM by majorllama
via reddit http://ift.tt/2eVKZNE
http://ift.tt/2f6veXP
Submitted September 13, 2017 at 08:32PM by majorllama
via reddit http://ift.tt/2eVKZNE
WeLiveSecurity
CDNs are starting to become a new way of spreading Malware in Brazil
Services like Netflix use content delivery networks (CDNs) to maximize bandwidth usage. However, the CDNs might be finding a new way of spreading malware.
Backdoor found in WordPress plugin with 200K installs
http://ift.tt/2jiM6Mj
Submitted September 13, 2017 at 05:45PM by campuscodi
via reddit http://ift.tt/2jo2fjE
http://ift.tt/2jiM6Mj
Submitted September 13, 2017 at 05:45PM by campuscodi
via reddit http://ift.tt/2jo2fjE
They're Trying to Hack Your PayPal Account: Analyzing a Real Phishing Email
http://ift.tt/2xxMj4t
Submitted September 13, 2017 at 10:54PM by sh_tomer
via reddit http://ift.tt/2y6mFkw
http://ift.tt/2xxMj4t
Submitted September 13, 2017 at 10:54PM by sh_tomer
via reddit http://ift.tt/2y6mFkw
dzone.com
They're Trying to Hack Your Account: Analyzing a Real Phishing Email - DZone Security
A DZone MVB breaks down a suspicious email he received to demonstrate how phishing attempts work, and certain key elements of phishing attempts to look out for.
Army Wargames Against Russia
http://ift.tt/2xyVHVO
Submitted September 13, 2017 at 10:49PM by rec0d3
via reddit http://ift.tt/2y6mGVC
http://ift.tt/2xyVHVO
Submitted September 13, 2017 at 10:49PM by rec0d3
via reddit http://ift.tt/2y6mGVC
WarriorScout.com
Army Wargames Russian Electronic Warfare & Cyber Attacks
Army soldiers tried to detect and fend off simulated Russian electronic warfare and cyberattacks in a Cyber Quest exercise aimed at preparing the service for
How do you share your secrets after death or inability?
Hi,so i am trying to set up a method(without relying on some proprietary service) to give an individual or group of people access to my passwords, accounts etc. after i die or am somehow not able to remember anything.I looked into Shamir's Secret Sharing, but my problem is that i would like to keep my side of the equation able to update the information i share. Let's say i change the master password of my favorite password sharing app, or change my Bitcoin seed phrase and so on. Has anybody implemented a system in which relatives or significant others can access this information by giving them an envelope or similar? Also, a somewhat automated way of updating the information i want to share would be perfect. I thought about creating an encrypted archive or text and sharing the password via envelopes using SSSS. But then a problem is how people would be able to restore the phrase in 1000 years, without having the tools we use today or advanced knowledge in computers. I would like to leave simple instructions in a sealed envelope, requiring multiple share holders to group in order to gain access.I think this is a situation in which a lot of people find themselves and i would appreciate any feedback!
Submitted September 13, 2017 at 11:21PM by daywalkerdha
via reddit http://ift.tt/2w9nVWM
Hi,so i am trying to set up a method(without relying on some proprietary service) to give an individual or group of people access to my passwords, accounts etc. after i die or am somehow not able to remember anything.I looked into Shamir's Secret Sharing, but my problem is that i would like to keep my side of the equation able to update the information i share. Let's say i change the master password of my favorite password sharing app, or change my Bitcoin seed phrase and so on. Has anybody implemented a system in which relatives or significant others can access this information by giving them an envelope or similar? Also, a somewhat automated way of updating the information i want to share would be perfect. I thought about creating an encrypted archive or text and sharing the password via envelopes using SSSS. But then a problem is how people would be able to restore the phrase in 1000 years, without having the tools we use today or advanced knowledge in computers. I would like to leave simple instructions in a sealed envelope, requiring multiple share holders to group in order to gain access.I think this is a situation in which a lot of people find themselves and i would appreciate any feedback!
Submitted September 13, 2017 at 11:21PM by daywalkerdha
via reddit http://ift.tt/2w9nVWM
reddit
How do you share your secrets after death or inability? • r/security
Hi, so i am trying to set up a method(without relying on some proprietary service) to give an individual or group of people access to my...
What Computer Security Experts Wish You Knew: The Top Experts Speak
http://ift.tt/2wozJzv
Submitted September 13, 2017 at 11:04PM by InfoSecCrazy
via reddit http://ift.tt/2fi2A2P
http://ift.tt/2wozJzv
Submitted September 13, 2017 at 11:04PM by InfoSecCrazy
via reddit http://ift.tt/2fi2A2P
itsecuritycentral.teramind.co
What Computer Security Experts Wish You Knew: The Top Experts Speak | IT Security Central
When it comes to keeping our information secure, many of us seem to be at a loss. With technology rapidly changing like it does, it's difficult to stay aware of