A guide for amateurs pen testers to practice ethical hacking!
https://ift.tt/2qH2PKt

Submitted April 26, 2018 at 08:50PM by 6lowpan
via reddit https://ift.tt/2KewJho

Which type of password is more secure and should be used? Example inside.
Password 1: '~sCTko&wa2^!C(^mM,5$&(Ue*Je?KOHPassword 2: suit fifth sister attach alice slowly trade sets town blue nearby switchFor those who might think I've messed up, none of these passwords are being used. Unless some random person actually has these passwords which would be quite funny but highly improbable.

Submitted April 26, 2018 at 09:54PM by L-blom
via reddit https://ift.tt/2HwH0DP

Gitmails: information gathering tool to collect git commit emails in Github, Gitlab and Bitbucket
https://ift.tt/2HxCskD

Submitted April 26, 2018 at 11:50PM by giovanifss
via reddit https://ift.tt/2JwTZGd

Escalating privileges with ACLs in Active Directory
https://ift.tt/2r21Nbn

Submitted April 27, 2018 at 01:49AM by TechLord2
via reddit https://ift.tt/2r3hj6T

Escalating privileges with ACLs in Active Directory
https://ift.tt/2r21Nbn

Submitted April 27, 2018 at 01:49AM by TechLord2
via reddit https://ift.tt/2r3hj6T

Snallygaster - Tool to scan for secret files on HTTP servers (With Sources)
https://ift.tt/2JCmWBg

Submitted April 27, 2018 at 01:29AM by TechLord2
via reddit https://ift.tt/2vOW0vw

New NSA/Cyber Command Head Confirmed by Senate
https://ift.tt/2HRFTlr

Submitted April 27, 2018 at 04:31AM by gregbaugues
via reddit https://ift.tt/2HyRKSm

Software Legend Ray Ozzie Thinks He Can Safely Backdoor Encryption Safely; He's Very Wrong
https://ift.tt/2FjUxNb

Submitted April 27, 2018 at 04:24AM by volci
via reddit https://ift.tt/2FkKQhq

Dangers of using an outdated OS
I am using OS X 10.9.5 which stopped receiving security updates a while ago, and recently read some people suggesting that I am at a huge risk in terms of security due to unpatched vulnerabilities. While I understand that there do exist many vulnerabilities, I am using an up-to-date browser, and the rest of the software I use on the OS are all as recent as possible. My question is: how much of a risk is there, really (taking into account the fact that I am quite careful, if you don't count sticking to an EOL version of the OS)? What is the worst that could happen?

Submitted April 27, 2018 at 06:03AM by flying-teapot
via reddit https://ift.tt/2I3c3by

How is SSL encryption maintained between AWS CloudFront and EC2?
So I recently set up an API on an AWS EC2 instance. To be able to serve responses over HTTPS I used Route 53 to redirect my custom domain to a CloudFront distribution which points to the EC2 instance. My CloudFront distribution is served over HTTPS with a custom certificate. I am not restricting traffic at all to the API.So my question is, is this actually a secure setup or does it give the illusion of security (I would assume the former since Amazon knows what they're doing, but I'm just wondering how)? From my understanding, serving secure content over HTTP is bad because attackers could potentially intercept requests and decode them. HTTPS prevents this by encrypting requests so that only the sender and intended receiver can understand them.So if I make a request over HTTPS from my frontend, here's the path of the request (in my head): from the frontend, to the CF distribution, then to the EC2 instance. Now I know that sending from the frontend to the CloudFront distribution is secure because both of these are secured with SSL. However, as far as I know the connection between the CF distribution and my EC2 instance is insecure, as the EC2 serves content over HTTP.Wouldn't an attacker (theoretically) be able to execute a man-in-the-middle attack between the CF distribution and EC2? But when I connect to my API directly from my browser, I don't get any security warnings and it shows up as SSL encrypted.

Submitted April 27, 2018 at 08:13AM by theasianpianist
via reddit https://ift.tt/2r3WNmD

Can an ISP detect that you're using a VPN?
I'm using a VPN. Can my ISP detect the endpoint for my data and throttle me/lock me out because all or a majority of my transactions are bound for the same (potentially known) endpoint?I have noticed when I use a VPN my internet gets extra spotty and drops out within 20 minutes. Issue is immediately fixed when I close the VPN, reconnect and then restart the VPN--but it eventually happens again.FYI: I use Comcast XFINITY.Are my fears unfounded? Or am I potentially being throttled for real?

Submitted April 27, 2018 at 11:53AM by djarnexus
via reddit https://ift.tt/2FkyDtn

PowerUpSQL: A PowerShell Toolkit for SQL Server discovery, Auditing Config, Privilege Escalation on scale, and Post-Exploitation actions incl OS command execution
https://ift.tt/2cJD2ZD

Submitted April 27, 2018 at 11:52AM by TechLord2
via reddit https://ift.tt/2r2tDEt

Running system commands through Nvidia signed binaries
https://ift.tt/2vLAQOK

Submitted April 26, 2018 at 03:25PM by cr1ys
via reddit https://ift.tt/2r3n858

Week 17 in Information Security, 2018
https://ift.tt/2qZ4XN4

Submitted April 27, 2018 at 01:39PM by undercomm
via reddit https://ift.tt/2Hx8Q2J

Public charging protection. Stay away from data theft.
Once you plug in your device in public charging USB port, data theft can simply access ALL your data.For those who don't know, some charging stations are more than they appear to be and suck your personal information off your phone simply.It is terrifying that some sophisticated malware can also be installed on your smart device while charging.Data blocker assures you just get your battery charged, not your credit cards.Data BlockerAs a traveler, sometimes I do plug in my device into the USB port on plane, airport or the hotel room etc.It's the kind of thing that you should grab one before traveling.This handy data "condom" is perfect. It blocks all the data transfers and only allows charging.

Submitted April 27, 2018 at 02:23PM by MotorZombie
via reddit https://ift.tt/2vPLwMh

Protecting Your Information: Businesses Need File Protection, Especially When Sensitive Policies and Data are Involved www.justwebworld.com
https://ift.tt/2JyK9Uh

Submitted April 27, 2018 at 02:11PM by ashleyjudd
via reddit https://ift.tt/2KkXuAL

NEMESIS - A Command-line Network Packet Crafting and Injection Utility UPDATED (Full Sources) [See Comment]
https://ift.tt/2KiH5Nj

Submitted April 27, 2018 at 07:08PM by TechLord2
via reddit https://ift.tt/2I7dMwA

Question about certs instead of a degree
I got most of my IT security degree done but never finished it, however, I am fully competent in many areas of system administration and security. Now, for a number of reasons I can't go back to finish my degree, would getting a couple of certs (RHCSA, Security+) be the best idea for me to prove to an employer that I know what I'm doing, or do I need a degree of some kind? Also what certs would you recommend?

Submitted April 27, 2018 at 07:07PM by mx1701
via reddit https://ift.tt/2Jwciex

What Does iTunes Have to Do With Outlook?
I installed itunes on my work computer just now, and it prompted a message saying that Outlook was open and if I continued without closing it that it's highly recommended to restart Outlook once the installation is finished.What in the world does that have to do with Outlook? Makes me nervous.

Submitted April 27, 2018 at 06:35PM by jhf94uje897sb
via reddit https://ift.tt/2Ki2JBe

Security In 5: Episode 226 - Tools, Tips and Tricks - Macrium Reflect
https://ift.tt/2JvGHtw

Submitted April 27, 2018 at 06:33PM by BinaryBlog
via reddit https://ift.tt/2Ki2N3W

New C# Ransomware Compiles itself at Runtime
https://ift.tt/2r0YMsC

Submitted April 27, 2018 at 06:31PM by DuncanIdahos8thClone
via reddit https://ift.tt/2HyJhi1