Security Vulnerabilities in VingCard Electronic Locks
https://ift.tt/2rahi1L
Submitted April 30, 2018 at 08:17PM by volci
via reddit https://ift.tt/2jhvUIh
https://ift.tt/2rahi1L
Submitted April 30, 2018 at 08:17PM by volci
via reddit https://ift.tt/2jhvUIh
reddit
Security Vulnerabilities in VingCard Electronic Locks • r/security
1 points and 0 comments so far on reddit
Security Trade-Offs in the New EU Privacy Law
https://ift.tt/2I2xxFq
Submitted April 30, 2018 at 08:17PM by volci
via reddit https://ift.tt/2HJmAI4
https://ift.tt/2I2xxFq
Submitted April 30, 2018 at 08:17PM by volci
via reddit https://ift.tt/2HJmAI4
reddit
Security Trade-Offs in the New EU Privacy Law • r/security
1 points and 0 comments so far on reddit
Playbook to identify malware leveraging IoCs
We got our first playbook submission for our contest! You can participate by voting or creating your own! Go to secopshub to learn how to make a playbook.This playbook offers a quick way to identify malware leveraging cheap (in terms of compute) indicators of compromise (such as filehashes) and sends email notifications. It also has an additional flow to identify malware using a sandbox for those who need the extra check.Note: the entire playbook is 100% automatable. https://www.secopshub.com/t/show-off-your-security-expertise-join-our-community-driven-contest/263/3
Submitted April 30, 2018 at 08:01PM by SecOpsHub
via reddit https://ift.tt/2jjliJ6
We got our first playbook submission for our contest! You can participate by voting or creating your own! Go to secopshub to learn how to make a playbook.This playbook offers a quick way to identify malware leveraging cheap (in terms of compute) indicators of compromise (such as filehashes) and sends email notifications. It also has an additional flow to identify malware using a sandbox for those who need the extra check.Note: the entire playbook is 100% automatable. https://www.secopshub.com/t/show-off-your-security-expertise-join-our-community-driven-contest/263/3
Submitted April 30, 2018 at 08:01PM by SecOpsHub
via reddit https://ift.tt/2jjliJ6
SecOps Hub
Show off your security expertise--join our community-driven contest!
We want to learn from you, so we’re running a contest to gather the best incident response playbooks from the community. It’s an open-ended contest–you pick the use case, draw up the playbook, and submit it to the community for consideration. The 3 top-voted…
David Lacey's four-dimensional metaphysical GRC database. What is it and how's it revolutionising security.
https://ift.tt/2sb0nyZ
Submitted April 30, 2018 at 07:50PM by LiamBigDataDonoghue
via reddit https://ift.tt/2I1vEuX
https://ift.tt/2sb0nyZ
Submitted April 30, 2018 at 07:50PM by LiamBigDataDonoghue
via reddit https://ift.tt/2I1vEuX
Venturi Group
Information Security: The pitfalls and problems facing us in the 21st century
In this episode Andy Davis talks to David Lacey, Managing Director at David Lacey consulting. They discuss the disparate approaches to information security
[Slides] Back To The Future | Going Back In Time To Abuse Android's JIT // Infiltrate 2018
https://ift.tt/2I35sAd
Submitted April 30, 2018 at 07:44PM by rotlogix_
via reddit https://ift.tt/2I5Y5Ix
https://ift.tt/2I35sAd
Submitted April 30, 2018 at 07:44PM by rotlogix_
via reddit https://ift.tt/2I5Y5Ix
Speaker Deck
Back To The Future | Going Back In Time To Abuse Android's JIT
Enhancing Pwned Passwords Privacy by Exclusively Supporting Anonymity
https://ift.tt/2jkp8Se
Submitted April 30, 2018 at 08:23PM by volci
via reddit https://ift.tt/2Kra4OT
https://ift.tt/2jkp8Se
Submitted April 30, 2018 at 08:23PM by volci
via reddit https://ift.tt/2Kra4OT
Troy Hunt
Enhancing Pwned Passwords Privacy by Exclusively Supporting Anonymity
When I launched Pwned Passwords in August, I honestly didn't know how much it would be used. I made 320M SHA-1 password hashes downloadable and also stood up an API to query the data "as a service" by either a plain text password or a SHA-1 hash. (Incidentally…
Burp Collaborator Server docker container with LetsEncrypt certificate
https://ift.tt/2rfEXNN
Submitted April 30, 2018 at 08:32PM by m0risson
via reddit https://ift.tt/2r8IWLG
https://ift.tt/2rfEXNN
Submitted April 30, 2018 at 08:32PM by m0risson
via reddit https://ift.tt/2r8IWLG
GitHub
integrity-sa/burpcollaborator-docker
This repository includes a set of noscripts to install a Burp Collaborator Server in a docker environment, using a LetsEncrypt wildcard certificate. The objective is to simplify as much as possible t...
Project Sonar: An Underrated Source of Internet-wide Data
https://ift.tt/2JHm7Gz
Submitted April 30, 2018 at 09:32PM by patrikhudak
via reddit https://ift.tt/2w2lDci
https://ift.tt/2JHm7Gz
Submitted April 30, 2018 at 09:32PM by patrikhudak
via reddit https://ift.tt/2w2lDci
No, Ray Ozzie hasn't solved crypto backdoors
https://ift.tt/2HZYFoA
Submitted April 30, 2018 at 08:58PM by volci
via reddit https://ift.tt/2HKbHFy
https://ift.tt/2HZYFoA
Submitted April 30, 2018 at 08:58PM by volci
via reddit https://ift.tt/2HKbHFy
Erratasec
No, Ray Ozzie hasn't solved crypto backdoors
According to this Wired article, Ray Ozzie may have a solution to the crypto backdoor problem. No, he hasn't. He's only solving the part we...
MMap vulnerabilities in the linux kernel
https://ift.tt/2FtCl3Q
Submitted April 29, 2018 at 11:05PM by aerodudrizzt
via reddit https://ift.tt/2HBalRv
https://ift.tt/2FtCl3Q
Submitted April 29, 2018 at 11:05PM by aerodudrizzt
via reddit https://ift.tt/2HBalRv
Check Point Research
MMap Vulnerabilities – Linux Kernel - Check Point Research
By: Eyal Itkin As part of our efforts in identifying vulnerabilities in different products, from time to time we also review the Linux Kernel, mainly searching for vulnerabilities in different drivers. In this case, we took a look into drivers trying to roll…
PoC Code Published for Triggering an Instant BSOD on All Recent Windows Versions
https://ift.tt/2JzkX02
Submitted April 30, 2018 at 10:21PM by volci
via reddit https://ift.tt/2Fu8cRO
https://ift.tt/2JzkX02
Submitted April 30, 2018 at 10:21PM by volci
via reddit https://ift.tt/2Fu8cRO
BleepingComputer
PoC Code Published for Triggering an Instant BSOD on All Recent Windows Versions
A Romanian hardware expert has published proof-of-concept code on GitHub that will crash most Windows computers within seconds, even if the computer is in a locked state.
[BLOG] Ethereum security: Detecting batchOverflow and other integer overflow/underflow issues
https://ift.tt/2jjihZ2
Submitted April 30, 2018 at 11:23PM by berndtzl
via reddit https://ift.tt/2Fs70hL
https://ift.tt/2jjihZ2
Submitted April 30, 2018 at 11:23PM by berndtzl
via reddit https://ift.tt/2Fs70hL
ConsenSys Media
Detecting batchOverflow (and Similar Flaws) in Ethereum Smart Contracts
This article explains how to analyze Ethereum smart contracts for integer overflow vulnerabilities. For a detailed writeup on smart…
FacexWorm Targets Cryptocurrency Trading Platforms, Abuses Facebook Messenger for Propagation
https://ift.tt/2vVPIKI
Submitted April 30, 2018 at 11:38PM by EvanConover
via reddit https://ift.tt/2KsyIyS
https://ift.tt/2vVPIKI
Submitted April 30, 2018 at 11:38PM by EvanConover
via reddit https://ift.tt/2KsyIyS
Trendmicro
FacexWorm Targets Cryptocurrency Trading Platforms, Abuses Facebook Messenger for Propagation - TrendLabs Security Intelligence…
Our Cyber Safety Solutions team identified a malicious Chrome extension we named FacexWorm, which uses a miscellany of techniques to target cryptocurrency trading platforms accessed on an affected browser and propagates via Facebook Messenger.
FacexWorm Targets Cryptocurrency Trading Platforms, Abuses Facebook Messenger for Propagation
https://ift.tt/2vVPIKI
Submitted April 30, 2018 at 11:38PM by EvanConover
via reddit https://ift.tt/2KsyIyS
https://ift.tt/2vVPIKI
Submitted April 30, 2018 at 11:38PM by EvanConover
via reddit https://ift.tt/2KsyIyS
Trendmicro
FacexWorm Targets Cryptocurrency Trading Platforms, Abuses Facebook Messenger for Propagation - TrendLabs Security Intelligence…
Our Cyber Safety Solutions team identified a malicious Chrome extension we named FacexWorm, which uses a miscellany of techniques to target cryptocurrency trading platforms accessed on an affected browser and propagates via Facebook Messenger.
The Digital Vigilantes Who Hack Back: American companies that fall victim to data breaches want to retaliate against the culprits. But can they do so without breaking the law?
https://ift.tt/2jiEpTH
Submitted May 01, 2018 at 01:15AM by SuccessfulOperation
via reddit https://ift.tt/2HCxROc
https://ift.tt/2jiEpTH
Submitted May 01, 2018 at 01:15AM by SuccessfulOperation
via reddit https://ift.tt/2HCxROc
The New Yorker
The Digital Vigilantes Who Hack Back
American companies that fall victim to data breaches want to retaliate against the culprits. But can they do so without breaking the law?
‘I broke The Pentagon’s secure messaging system – and won an award for it!’
https://www.theregister.co.uk/2018/04/30/who_me/
Submitted May 01, 2018 at 01:05AM by xtraswift
via reddit https://ift.tt/2r9Hwkn
https://www.theregister.co.uk/2018/04/30/who_me/
Submitted May 01, 2018 at 01:05AM by xtraswift
via reddit https://ift.tt/2r9Hwkn
www.theregister.co.uk
‘I broke The Pentagon’s secure messaging system – and won an award for it!’
That’s not a test machine? Well it was before I went on holidays
SecuriTeam Secure Disclosure Advisory – Linux AF_LLC Double Free
https://ift.tt/2KrRaHU
Submitted May 01, 2018 at 01:29AM by TheUglyStranger
via reddit https://ift.tt/2r8gIlm
https://ift.tt/2KrRaHU
Submitted May 01, 2018 at 01:29AM by TheUglyStranger
via reddit https://ift.tt/2r8gIlm
reddit
SecuriTeam Secure Disclosure Advisory – Linux AF_LLC... • r/netsec
2 points and 0 comments so far on reddit
What If I Lose My 2FA: Be prepared for the day you lose your phone
https://ift.tt/2HILqre
Submitted May 01, 2018 at 07:30AM by johnnobro
via reddit https://ift.tt/2I6J2y3
https://ift.tt/2HILqre
Submitted May 01, 2018 at 07:30AM by johnnobro
via reddit https://ift.tt/2I6J2y3
Whatifilosemy2Fa
What If I Lose My 2FA: Be prepared for the day you lose your phone
2FA is great until you lose your phone and you're locked out of your accounts. Find those services below and find out what data you need to keep to recover your accounts in case disaster strikes.
Rediscovery, analysis and exploitation of a CIA zero-day MikroTik Vulnerability
https://ift.tt/2r3rFVd
Submitted May 01, 2018 at 08:31AM by jayheidecker
via reddit https://ift.tt/2rfQ7SG
https://ift.tt/2r3rFVd
Submitted May 01, 2018 at 08:31AM by jayheidecker
via reddit https://ift.tt/2rfQ7SG
reddit
Rediscovery, analysis and exploitation of a CIA... • r/netsec
1 points and 0 comments so far on reddit
A Collection of Python Scripts for UAC Bypass,Privilege Escalation, Dll Hijack and Many More Techniques (See Comment)
https://ift.tt/2HEr72t
Submitted May 01, 2018 at 08:29AM by TechLord2
via reddit https://ift.tt/2rfQgWe
https://ift.tt/2HEr72t
Submitted May 01, 2018 at 08:29AM by TechLord2
via reddit https://ift.tt/2rfQgWe
GitHub
rootm0s/WinPwnage
UAC bypass, Elevate, Persistence methods. Contribute to rootm0s/WinPwnage development by creating an account on GitHub.
Windows Kernel Exploitation Tutorial Part 8: Use After Free - Arbitrary Code Execution through a Callback Function
https://ift.tt/2rahdem
Submitted May 01, 2018 at 09:37AM by TechLord2
via reddit https://ift.tt/2jlKnDl
https://ift.tt/2rahdem
Submitted May 01, 2018 at 09:37AM by TechLord2
via reddit https://ift.tt/2jlKnDl
rootkit
Windows Kernel Exploitation Tutorial Part 8: Use After Free - rootkit
Overview In our previous post, we discussed about Uninitialized Heap Variable. This post will focus on another vulnerability, Use After Free. As the name might suggest, we’d be exploiting a stale pointer, that should’ve been freed, but due to a flaw, the…