Web fingerprinting tool that scans a target based on the files a git repository and compares cryptographic hashes of each file per revision to that of a live server
https://ift.tt/2KGEoEG
Submitted May 21, 2018 at 11:41PM by nauseate
via reddit https://ift.tt/2wYKXAp
https://ift.tt/2KGEoEG
Submitted May 21, 2018 at 11:41PM by nauseate
via reddit https://ift.tt/2wYKXAp
GitHub
Paradoxis/Git-Fingerprint
Git-Fingerprint - Git Fingerprint is a web fingerprinting tool that attempts to scan a target based on the files a git repository by enumerating over all files ever found in the public web root and...
$36k Google App Engine RCE
https://ift.tt/2s2ZCWz
Submitted May 22, 2018 at 12:17AM by speckz
via reddit https://ift.tt/2IZQvPV
https://ift.tt/2s2ZCWz
Submitted May 22, 2018 at 12:17AM by speckz
via reddit https://ift.tt/2IZQvPV
Google
$36k Google App Engine RCE - Ezequiel Pereira
Testing
What is your recommended pentesting / hacking distro for pendrive?
No text found
Submitted May 22, 2018 at 12:15AM by AwayGate
via reddit https://ift.tt/2x02vMJ
No text found
Submitted May 22, 2018 at 12:15AM by AwayGate
via reddit https://ift.tt/2x02vMJ
reddit
r/security - What is your recommended pentesting / hacking distro for pendrive?
1 votes and 2 so far on reddit
Shining a Light on OAuth Abuse with PwnAuth (Article,wiki and Full Sources)
https://ift.tt/2s0bZ4M
Submitted May 22, 2018 at 12:20AM by PeterG45
via reddit https://ift.tt/2keDDHP
https://ift.tt/2s0bZ4M
Submitted May 22, 2018 at 12:20AM by PeterG45
via reddit https://ift.tt/2keDDHP
FireEye
Shining a Light on OAuth Abuse with PwnAuth « Shining a Light on OAuth Abuse with PwnAuth
PwnAuth is a web application framework that makes it easier for organizations to test their ability to detect and respond to OAuth abuse campaigns.
[META] Thoughts on a rule saying articles submitted must be recent?
I've noticed a lot of articles posted recently that are at least a few years old, and not really relevant anymore. Does anyone else think the quality of the sub would go up if we had a rule restricting it so that articles must be posted within x amount of time of their publishing?
Submitted May 22, 2018 at 01:46AM by Bioman312
via reddit https://ift.tt/2IEn7zh
I've noticed a lot of articles posted recently that are at least a few years old, and not really relevant anymore. Does anyone else think the quality of the sub would go up if we had a rule restricting it so that articles must be posted within x amount of time of their publishing?
Submitted May 22, 2018 at 01:46AM by Bioman312
via reddit https://ift.tt/2IEn7zh
reddit
[META] Thoughts on a rule saying articles submitted... • r/security
I've noticed a lot of articles posted recently that are at least a few years old, and not really relevant anymore. Does anyone else think the...
Kernel Side-Channel Attack using Speculative Store Bypass (CVE-2018-3639)
https://ift.tt/2KIZrXj
Submitted May 22, 2018 at 03:08AM by CodeBlock
via reddit https://ift.tt/2Ixq0lo
https://ift.tt/2KIZrXj
Submitted May 22, 2018 at 03:08AM by CodeBlock
via reddit https://ift.tt/2Ixq0lo
reddit
r/netsec - Kernel Side-Channel Attack using Speculative Store Bypass (CVE-2018-3639)
1 votes and 0 so far on reddit
Speculative Store Bypass explained: what it is, how it works
https://ift.tt/2Li5Aut
Submitted May 22, 2018 at 03:22AM by stephstad
via reddit https://ift.tt/2IASwmf
https://ift.tt/2Li5Aut
Submitted May 22, 2018 at 03:22AM by stephstad
via reddit https://ift.tt/2IASwmf
Redhat
Speculative Store Bypass explained: what it is, how it works
New Spectre vulnerabilities officially disclosed by Intel
https://ift.tt/2ApdRGr
Submitted May 22, 2018 at 04:28AM by Neo-Bubba
via reddit https://ift.tt/2rZwaAC
https://ift.tt/2ApdRGr
Submitted May 22, 2018 at 04:28AM by Neo-Bubba
via reddit https://ift.tt/2rZwaAC
Intel
Side Channel Methods – Analysis, News and Updates
Get the facts, news, and updates on the current side channel attack issue (Spectre and Meltdown) and steps to protect your systems and information.
AMD “Speculative Store Bypass” Vulnerability Mitigations
https://ift.tt/2IBtjnB
Submitted May 22, 2018 at 04:17AM by Hobophilia
via reddit https://ift.tt/2rXuhnM
https://ift.tt/2IBtjnB
Submitted May 22, 2018 at 04:17AM by Hobophilia
via reddit https://ift.tt/2rXuhnM
INTEL-SA-00115: Speculative Store Bypass
https://ift.tt/2IGDxmY
Submitted May 22, 2018 at 03:22AM by CodeBlock
via reddit https://ift.tt/2IZqfFp
https://ift.tt/2IGDxmY
Submitted May 22, 2018 at 03:22AM by CodeBlock
via reddit https://ift.tt/2IZqfFp
reddit
INTEL-SA-00115: Speculative Store Bypass • r/security
2 points and 0 comments so far on reddit
Speculative Store Bypass explained: what it is, how it works
https://ift.tt/2Li5Aut
Submitted May 22, 2018 at 02:52AM by stephstad
via reddit https://ift.tt/2KK8RSe
https://ift.tt/2Li5Aut
Submitted May 22, 2018 at 02:52AM by stephstad
via reddit https://ift.tt/2KK8RSe
Redhat
Speculative Store Bypass explained: what it is, how it works
GDPR Joke, X-Post from r/unitedkingdom
https://ift.tt/2rZ5Bvf
Submitted May 22, 2018 at 02:28AM by Mrbenide
via reddit https://ift.tt/2IRr17t
https://ift.tt/2rZ5Bvf
Submitted May 22, 2018 at 02:28AM by Mrbenide
via reddit https://ift.tt/2IRr17t
reddit
r/unitedkingdom - GDPR Joke
612 votes and 67 so far on reddit
CIS-CAT Benchmarking - Ranking Priorities?
Hello All,Attempting to harden the Windows 10 OS and was using CIS-CATLITE Benchmarking.Does anyone know how to rank any of the suggestions made in the report? (ex. Which item would be listed as a higher priority to get done then the other)
Submitted May 22, 2018 at 02:21AM by YouGotGreedyMartin
via reddit https://ift.tt/2KFkbPx
Hello All,Attempting to harden the Windows 10 OS and was using CIS-CATLITE Benchmarking.Does anyone know how to rank any of the suggestions made in the report? (ex. Which item would be listed as a higher priority to get done then the other)
Submitted May 22, 2018 at 02:21AM by YouGotGreedyMartin
via reddit https://ift.tt/2KFkbPx
reddit
r/security - CIS-CAT Benchmarking - Ranking Priorities?
1 votes and 0 so far on reddit
Microsoft, Google: We've found a fourth data-leaking Meltdown-Spectre CPU hole. Design blunder exists in Intel, AMD, Arm, Power processors
https://ift.tt/2IBfbuI
Submitted May 22, 2018 at 05:21AM by spartanatreyu
via reddit https://ift.tt/2s3cevI
https://ift.tt/2IBfbuI
Submitted May 22, 2018 at 05:21AM by spartanatreyu
via reddit https://ift.tt/2s3cevI
www.theregister.co.uk
Microsoft, Google: We've found a fourth variant of Meltdown-Spectre CPU holes
Affects Intel and other processor makers
What is an S/PDIF port? What functions can it fulfill? What are some little unknown capabilities?
I think I have had a security breach with my computer and I would like to understand this port.
Submitted May 22, 2018 at 06:37AM by KublaiKhanDayzed
via reddit https://ift.tt/2IGOEvR
I think I have had a security breach with my computer and I would like to understand this port.
Submitted May 22, 2018 at 06:37AM by KublaiKhanDayzed
via reddit https://ift.tt/2IGOEvR
reddit
r/security - What is an S/PDIF port? What functions can it fulfill? What are some little unknown capabilities?
1 votes and 1 so far on reddit
HELPS TO STOP WASTING YOUR TIME AND LEARN MORE HACKING.
https://youtu.be/AMMOErxtahk
Submitted May 22, 2018 at 10:01AM by awkward_domzxc
via reddit https://ift.tt/2KK3fYc
https://youtu.be/AMMOErxtahk
Submitted May 22, 2018 at 10:01AM by awkward_domzxc
via reddit https://ift.tt/2KK3fYc
YouTube
STOP WASTING YOUR TIME AND LEARN MORE HACKING!
This is what my brain tells me a lot. But sometimes we just need a break. And it's OK to take a break - however long it has to be. And in this video I'm sharing how I try to deal with these negative thoughts and lack of motivation.
-=[ ❤️ Support ]=-
→…
-=[ ❤️ Support ]=-
→…
SleuthQL - SQL Injection Discovery Tool
https://ift.tt/2Iyb4U6
Submitted May 22, 2018 at 11:24AM by hackers_and_builders
via reddit https://ift.tt/2IYg8Re
https://ift.tt/2Iyb4U6
Submitted May 22, 2018 at 11:24AM by hackers_and_builders
via reddit https://ift.tt/2IYg8Re
Rhino Security Labs
SleuthQL: A SQL Injection Discovery Tool - Rhino Security Labs
SleuthQL identifies SQL injection points by automating some of the request analysis required during a web application assessment and outputting to SQLMap.
How to crack hash type PKZIP2 on kali linux?
Hi, I have my .zip file that I would like to open, I forget the password, when I tried to recover it with John The Ripper in Kali Linux, but I get an error "No Password hashes loaded".When i run the command to obtains the password hash, i've got a hashes like this :prep.zip:$pkzip2$1*2*3*0*250d*2fa9*eda32bdf*0*62*8*8*eda3*04aa*prep.zip*$/pkzip2$:::::prep.zipIt seems John The ripper on Kali Linux can't crack this "pkzip2 encryption" , I say it, because when I try to crack this hash-type on Windows with John TR, it's works, it crack this hash type. Linux is supposed to be designed for this sort of thing, so I want to know why it does not work on Linux.I put the commands that I make on Linux et Windows.ON LINUXroot@kali:~# cd Bureauroot@kali:~/Bureau# zip2john prep.zipver 14 efh 7075 prep.zip->Pr�sentation Personnelle.docx PKZIP Encr: 2b chk, TS_chk, cmplen=9485, decmplen=12201, crc=EDA32BDFprep.zip:$pkzip2$1*2*3*0*250d*2fa9*eda32bdf*0*62*8*8*eda3*04aa*prep.zip*$/pkzip2$:::::prep.ziproot@kali:~/Bureau# zip2john prep.zip > prep.johnver 14 efh 7075 prep.zip->Pr�sentation Personnelle.docx PKZIP Encr: 2b chk, TS_chk, cmplen=9485, decmplen=12201, crc=EDA32BDFroot@kali:~/Bureau# john --incremental prep.johnUsing default input encoding: UTF-8No password hashes loaded (see FAQ)root@kali:~/Bureau#The same commandsON WINDOWSC:\johnj\run>zip2john /cygdrive/c/Users/*****/Desktop/prep.zip4 [main] zip2john 8688 find_fast_cwd: WARNING: Couldn't compute FAST_CWD pointer. Please report this problem tothe public mailing list [cygwin@cygwin.com](mailto:cygwin@cygwin.com)ver 14 efh 7075 prep.zip->Pr▒sentation Personnelle.docx PKZIP Encr: 2b chk, TS_chk, cmplen=9485, decmplen=12201, crc=EDA32BDFprep.zip:$pkzip2$1*2*3*0*250d*2fa9*eda32bdf*0*62*8*29*eda3*04aa*/cygdrive/c/Users/*****/Desktop/prep.zip*$/pkzip2$:::::/cygdrive/c/Users/*****/Desktop/prep.zipC:\johnj\run>zip2john /cygdrive/c/Users/*****/Desktop/prep.zip > C:\Users\****\Desktop\prep.john2 [main] zip2john 7284 find_fast_cwd: WARNING: Couldn't compute FAST_CWD pointer. Please report this problem tothe public mailing list [cygwin@cygwin.com](mailto:cygwin@cygwin.com)ver 14 efh 7075 prep.zip->Pr▒sentation Personnelle.docx PKZIP Encr: 2b chk, TS_chk, cmplen=9485, decmplen=12201, crc=EDA32BDFC:\johnj\run>john --incremental /cygdrive/c/Users/*****/Desktop/prep.john3 [main] john 6504 find_fast_cwd: WARNING: Couldn't compute FAST_CWD pointer. Please report this problem tothe public mailing list [cygwin@cygwin.com](mailto:cygwin@cygwin.com)Loaded 1 password hash (PKZIP [32/32])Will run 2 OpenMP threadsPress 'q' or Ctrl-C to abort, almost any other key for status0g 0:00:00:09 0g/s 840.5p/s 840.5c/s 840.5C/s 11022..andeoprofe (prep.zip)1g 0:00:01:10 DONE (2018-05-22 02:35) 0.01407g/s 246830p/s 246830c/s 246830C/s pubwa..tyihfUse the "--show" option to display all of the cracked passwords reliablySession completedSorry for my english!
Submitted May 22, 2018 at 12:41PM by T-drum
via reddit https://ift.tt/2kfIok4
Hi, I have my .zip file that I would like to open, I forget the password, when I tried to recover it with John The Ripper in Kali Linux, but I get an error "No Password hashes loaded".When i run the command to obtains the password hash, i've got a hashes like this :prep.zip:$pkzip2$1*2*3*0*250d*2fa9*eda32bdf*0*62*8*8*eda3*04aa*prep.zip*$/pkzip2$:::::prep.zipIt seems John The ripper on Kali Linux can't crack this "pkzip2 encryption" , I say it, because when I try to crack this hash-type on Windows with John TR, it's works, it crack this hash type. Linux is supposed to be designed for this sort of thing, so I want to know why it does not work on Linux.I put the commands that I make on Linux et Windows.ON LINUXroot@kali:~# cd Bureauroot@kali:~/Bureau# zip2john prep.zipver 14 efh 7075 prep.zip->Pr�sentation Personnelle.docx PKZIP Encr: 2b chk, TS_chk, cmplen=9485, decmplen=12201, crc=EDA32BDFprep.zip:$pkzip2$1*2*3*0*250d*2fa9*eda32bdf*0*62*8*8*eda3*04aa*prep.zip*$/pkzip2$:::::prep.ziproot@kali:~/Bureau# zip2john prep.zip > prep.johnver 14 efh 7075 prep.zip->Pr�sentation Personnelle.docx PKZIP Encr: 2b chk, TS_chk, cmplen=9485, decmplen=12201, crc=EDA32BDFroot@kali:~/Bureau# john --incremental prep.johnUsing default input encoding: UTF-8No password hashes loaded (see FAQ)root@kali:~/Bureau#The same commandsON WINDOWSC:\johnj\run>zip2john /cygdrive/c/Users/*****/Desktop/prep.zip4 [main] zip2john 8688 find_fast_cwd: WARNING: Couldn't compute FAST_CWD pointer. Please report this problem tothe public mailing list [cygwin@cygwin.com](mailto:cygwin@cygwin.com)ver 14 efh 7075 prep.zip->Pr▒sentation Personnelle.docx PKZIP Encr: 2b chk, TS_chk, cmplen=9485, decmplen=12201, crc=EDA32BDFprep.zip:$pkzip2$1*2*3*0*250d*2fa9*eda32bdf*0*62*8*29*eda3*04aa*/cygdrive/c/Users/*****/Desktop/prep.zip*$/pkzip2$:::::/cygdrive/c/Users/*****/Desktop/prep.zipC:\johnj\run>zip2john /cygdrive/c/Users/*****/Desktop/prep.zip > C:\Users\****\Desktop\prep.john2 [main] zip2john 7284 find_fast_cwd: WARNING: Couldn't compute FAST_CWD pointer. Please report this problem tothe public mailing list [cygwin@cygwin.com](mailto:cygwin@cygwin.com)ver 14 efh 7075 prep.zip->Pr▒sentation Personnelle.docx PKZIP Encr: 2b chk, TS_chk, cmplen=9485, decmplen=12201, crc=EDA32BDFC:\johnj\run>john --incremental /cygdrive/c/Users/*****/Desktop/prep.john3 [main] john 6504 find_fast_cwd: WARNING: Couldn't compute FAST_CWD pointer. Please report this problem tothe public mailing list [cygwin@cygwin.com](mailto:cygwin@cygwin.com)Loaded 1 password hash (PKZIP [32/32])Will run 2 OpenMP threadsPress 'q' or Ctrl-C to abort, almost any other key for status0g 0:00:00:09 0g/s 840.5p/s 840.5c/s 840.5C/s 11022..andeoprofe (prep.zip)1g 0:00:01:10 DONE (2018-05-22 02:35) 0.01407g/s 246830p/s 246830c/s 246830C/s pubwa..tyihfUse the "--show" option to display all of the cracked passwords reliablySession completedSorry for my english!
Submitted May 22, 2018 at 12:41PM by T-drum
via reddit https://ift.tt/2kfIok4
reddit
r/security - How to crack hash type PKZIP2 on kali linux?
1 votes and 0 so far on reddit
What is the typical 'secret' flow?
What's your suggestion 'secret' flow from the moment it is received from a 3rd party vendor (e.g. API key) to the moment it appears within the process environment variable and is accessible by code. You may assume typical cloud environment + typical Docker orchestrator.Example flow: store in vault, write a deployment noscript that reads from the vault and inject into the process env var (I can see flaws within this flow, just an example)
Submitted May 22, 2018 at 04:55PM by yonatannn
via reddit https://ift.tt/2KHxP4Q
What's your suggestion 'secret' flow from the moment it is received from a 3rd party vendor (e.g. API key) to the moment it appears within the process environment variable and is accessible by code. You may assume typical cloud environment + typical Docker orchestrator.Example flow: store in vault, write a deployment noscript that reads from the vault and inject into the process env var (I can see flaws within this flow, just an example)
Submitted May 22, 2018 at 04:55PM by yonatannn
via reddit https://ift.tt/2KHxP4Q
reddit
r/security - What is the typical 'secret' flow?
1 votes and 0 so far on reddit
Why the CFO and CISO need to get along
https://ift.tt/2LfYs1P
Submitted May 22, 2018 at 04:53PM by Uminekoshi
via reddit https://ift.tt/2GFyfWP
https://ift.tt/2LfYs1P
Submitted May 22, 2018 at 04:53PM by Uminekoshi
via reddit https://ift.tt/2GFyfWP
Nehemiah Security
Why the CFO and CISO need to get along - Nehemiah Security
Business exists as a system to capture and expand revenue. At the heart of this system is the relationship between the CFO and the CISO. The CFO is eager to remove all barriers to revenue. In many cases, removing those barriers make the business harder for…
Can't make calls on Telegram in Qatar
Hello, I'm visiting Qatar. I used Telegram to make calls without problems for several days, but yesterday I've noticed something weird: I can't makes calls on Telegram and the all Internet connection slows down.I've tested both using WiFi and SIM data. Some other useful information:Internet connection seams sloweryesterday whatsapp calls doesn't work; today works fineFacebook calls using Messanger work fineI use an iPhoneCan someone help understanding what is going on?
Submitted May 22, 2018 at 04:22PM by aadeg
via reddit https://ift.tt/2IULCaX
Hello, I'm visiting Qatar. I used Telegram to make calls without problems for several days, but yesterday I've noticed something weird: I can't makes calls on Telegram and the all Internet connection slows down.I've tested both using WiFi and SIM data. Some other useful information:Internet connection seams sloweryesterday whatsapp calls doesn't work; today works fineFacebook calls using Messanger work fineI use an iPhoneCan someone help understanding what is going on?
Submitted May 22, 2018 at 04:22PM by aadeg
via reddit https://ift.tt/2IULCaX
reddit
r/security - Can't make calls on Telegram in Qatar
1 votes and 0 so far on reddit