Kernel Driver mmap Handler Exploitation
http://ift.tt/2ybBzFp
Submitted September 19, 2017 at 07:39PM by maxxori
via reddit http://ift.tt/2xk8w4V
http://ift.tt/2ybBzFp
Submitted September 19, 2017 at 07:39PM by maxxori
via reddit http://ift.tt/2xk8w4V
First bounty, time to step up my game
http://ift.tt/2wtSOFm
Submitted September 19, 2017 at 08:02PM by kciredor_
via reddit http://ift.tt/2xjv7P0
http://ift.tt/2wtSOFm
Submitted September 19, 2017 at 08:02PM by kciredor_
via reddit http://ift.tt/2xjv7P0
Kciredor
First bounty, time to step up my game
What happened Hello again and thanks for reading my second blog post! After publishing my first blog I kept on trying to hack different companies and website...
Running An Application-Specific Trust Store?
I ran into this at one of my clients and I'm not sure this is possible/practical.This is a CentOS/RHEL environment with latest patches/CA bundles installed. However, this particular application team wants to NOT depend on the system trust store. They want a way for all their apps and tools to instead use a trust store they control in applications space.Is there a way to make something other than OS trust store the default so this will just work, or will they have custom configure every app and tool to do this?TIA
Submitted September 19, 2017 at 09:35PM by tundra
via reddit http://ift.tt/2yn1Bqb
I ran into this at one of my clients and I'm not sure this is possible/practical.This is a CentOS/RHEL environment with latest patches/CA bundles installed. However, this particular application team wants to NOT depend on the system trust store. They want a way for all their apps and tools to instead use a trust store they control in applications space.Is there a way to make something other than OS trust store the default so this will just work, or will they have custom configure every app and tool to do this?TIA
Submitted September 19, 2017 at 09:35PM by tundra
via reddit http://ift.tt/2yn1Bqb
reddit
Running An Application-Specific Trust Store? • r/security
I ran into this at one of my clients and I'm not sure this is possible/practical. This is a CentOS/RHEL environment with latest patches/CA...
Cure53 Browser Security White Paper (Chrome/Edge/IE)
http://ift.tt/2ybxlxh
Submitted September 19, 2017 at 10:07PM by reknerxam
via reddit http://ift.tt/2xk9pKH
http://ift.tt/2ybxlxh
Submitted September 19, 2017 at 10:07PM by reknerxam
via reddit http://ift.tt/2xk9pKH
HVACKer - Bridging the Air-Gap by Manipulating the Environment Temperature
http://ift.tt/2w5rvgy
Submitted September 19, 2017 at 09:34PM by 0xKaishakunin
via reddit http://ift.tt/2yoKfJA
http://ift.tt/2w5rvgy
Submitted September 19, 2017 at 09:34PM by 0xKaishakunin
via reddit http://ift.tt/2yoKfJA
Microsoft Claims Viewing Page Source Makes Their Browsers Less Secure
http://ift.tt/2hdoGaB
Submitted September 19, 2017 at 09:13PM by DenisVi
via reddit http://ift.tt/2fguxLU
http://ift.tt/2hdoGaB
Submitted September 19, 2017 at 09:13PM by DenisVi
via reddit http://ift.tt/2fguxLU
Cybellum
Cybellum Blog: Microsoft Claims Opening Dev Tools Is Dangerous
Microsoft Security Research Center classifies opening dev tools in Internet Explorer and Edge as an action that makes the browser less ecrue
Using ssdeep (fuzzy hash) in huge scale for file clustering
http://ift.tt/2xercBd
Submitted September 19, 2017 at 10:28PM by desegel
via reddit http://ift.tt/2xO7IXk
http://ift.tt/2xercBd
Submitted September 19, 2017 at 10:28PM by desegel
via reddit http://ift.tt/2xO7IXk
Intezer
Intezer Community Tip: How to Optimize ssdeep Comparisons with ElasticSearch - Intezer
Using ssdeep to find similarities between files can be quite effective when employing the right optimization methods
PassGAN//A Deep Learning Approach for Password Guessing: http://ift.tt/2ynY1fh
http://ift.tt/2wunbeX
Submitted September 19, 2017 at 11:32PM by weev1
via reddit http://ift.tt/2yn6JKT
http://ift.tt/2wunbeX
Submitted September 19, 2017 at 11:32PM by weev1
via reddit http://ift.tt/2yn6JKT
Verizon & Vidder Put SD-Perimeter Around Enterprise Security for SDP Managed Service
http://ift.tt/2w5SgkK
Submitted September 19, 2017 at 11:07PM by SecurityTrust
via reddit http://ift.tt/2wuAwDW
http://ift.tt/2w5SgkK
Submitted September 19, 2017 at 11:07PM by SecurityTrust
via reddit http://ift.tt/2wuAwDW
Light Reading
Verizon & Vidder Put SD-Perimeter Around Enterprise Security | Light Reading
Verizon launched the SDP service, which utilizes application layer access control technology to make network services natively secure.
shell-storm | Shellcodes Database
http://ift.tt/1nuFFln
Submitted September 19, 2017 at 11:05PM by liranbh
via reddit http://ift.tt/2wv1lIn
http://ift.tt/1nuFFln
Submitted September 19, 2017 at 11:05PM by liranbh
via reddit http://ift.tt/2wv1lIn
shell-storm.org
shell-storm | Shellcodes Database
Shellcode Database
Any Security Expert in Linux Servers ?
If you have infront off you a noob(me :( ) thath is running a Linux server What TIPS or Recommendations would you tell him(me) for improve his security.For example they tell me Password login is not secure in SSH is better to use own private key.Anything like thath? For dont get DDoS or RAT ed? Or anything usefullThanks
Submitted September 19, 2017 at 11:00PM by LennyKrabigs
via reddit http://ift.tt/2yoVBgy
If you have infront off you a noob(me :( ) thath is running a Linux server What TIPS or Recommendations would you tell him(me) for improve his security.For example they tell me Password login is not secure in SSH is better to use own private key.Anything like thath? For dont get DDoS or RAT ed? Or anything usefullThanks
Submitted September 19, 2017 at 11:00PM by LennyKrabigs
via reddit http://ift.tt/2yoVBgy
reddit
Any Security Expert in Linux Servers ? • r/security
If you have infront off you a noob(me :( ) thath is running a Linux server What TIPS or Recommendations would you tell him(me) for improve his...
The Secure Developer | Ep. #12, Keeping Cloud Foundry Secure
http://ift.tt/2xkldg3
Submitted September 19, 2017 at 11:34PM by pritianka
via reddit http://ift.tt/2hdK3sg
http://ift.tt/2xkldg3
Submitted September 19, 2017 at 11:34PM by pritianka
via reddit http://ift.tt/2hdK3sg
Heavybit
The Secure Developer | Ep. #12, Keeping Cloud Foundry Secure | Heavybit
In the latest episode of The Secure Developer, Guy is joined by Molly Crowther from Pivotal. Molly discusses her role in managing security at Cloud Foundry, an open source cloud platform on which developers can build, deploy and run applications.
Epson EasyMP Projector Takeover (CVE-2017-12860 / CVE-2017-12861)
http://ift.tt/2fhvp2J
Submitted September 19, 2017 at 11:13PM by oh_herro_sir
via reddit http://ift.tt/2hgu0WT
http://ift.tt/2fhvp2J
Submitted September 19, 2017 at 11:13PM by oh_herro_sir
via reddit http://ift.tt/2hgu0WT
Rhino Security Labs
Epson Vulnerability: EasyMP Projector Takeover (CVE-2017-12860 / CVE-2017-12861) - Rhino Security Labs
Overview Summary: Epson EasyMP Vulnerabilities As part of a targeted, customized security assessment, the Rhino Security Labs team was tasked with identifying anything which would interfere with a major technology conference. In addition to other areas, this…
Week 37 in Information Security, 2017
http://ift.tt/2ycn1FF
Submitted September 20, 2017 at 12:50AM by undercomm
via reddit http://ift.tt/2xfpxvy
http://ift.tt/2ycn1FF
Submitted September 20, 2017 at 12:50AM by undercomm
via reddit http://ift.tt/2xfpxvy
Malgregator
Week 37, 2017
SfyLabs' researchers discovered a new Android banking Trojan named Red Alert 2.0, that is being offered for rent on many dark websites....
Common WiFi Attacks And How To Detect Them
http://ift.tt/2fyaxkq
Submitted September 20, 2017 at 02:47AM by lennartkoopmann
via reddit http://ift.tt/2xdpUZS
http://ift.tt/2fyaxkq
Submitted September 20, 2017 at 02:47AM by lennartkoopmann
via reddit http://ift.tt/2xdpUZS
wtf.horse
Common WiFi attacks and how to detect them
I'm talking about DFIR (Digital Forensics and Incident Response) for WiFi networks at DerbyCon 2017 and will be releasing nzyme (an open source tool to record and forward 802.11 management frames into Graylog for WiFi security monitoring and incident response)…
An (un)documented Word feature abused by attackers
http://ift.tt/2x7yk51
Submitted September 19, 2017 at 01:37AM by majorllama
via reddit http://ift.tt/2fyR17C
http://ift.tt/2x7yk51
Submitted September 19, 2017 at 01:37AM by majorllama
via reddit http://ift.tt/2fyR17C
Securelist - Information about Viruses, Hackers and Spam
An (un)documented Word feature abused by attackers
A little while back we were investigating the malicious activities of the Freakyshelly targeted attack and came across spear phishing emails that had some interesting documents attached to them. They were in OLE2 format and contained no macros, exploits or…
Found this older but still accurate graph of pen testing...
http://ift.tt/2ypnCEK
Submitted September 20, 2017 at 02:52AM by weev1
via reddit http://ift.tt/2wuwFqp
http://ift.tt/2ypnCEK
Submitted September 20, 2017 at 02:52AM by weev1
via reddit http://ift.tt/2wuwFqp
Mystique may be used to discover infection markers that can be used to vaccinate endpoints against malware. It receives as input a malicious sample and automatically generates a list of mutexes that could be used to as “vaccines” against the sample.
http://ift.tt/2ynPSHV
Submitted September 20, 2017 at 03:41AM by GelosSnake
via reddit http://ift.tt/2heSuUr
http://ift.tt/2ynPSHV
Submitted September 20, 2017 at 03:41AM by GelosSnake
via reddit http://ift.tt/2heSuUr
GitHub
MinervaLabsResearch/Mystique
Mystique may be used to discover infection markers that can be used to vaccinate endpoints against malware. It receives as input a malicious sample and automatically generates a list of mutexes tha...
Security
How to deal with acts of terrorism on large scale and also how to deal with a helicopter pilot and gunman on a chopper?
Submitted September 20, 2017 at 05:47AM by twistedslut
via reddit http://ift.tt/2hgESUV
How to deal with acts of terrorism on large scale and also how to deal with a helicopter pilot and gunman on a chopper?
Submitted September 20, 2017 at 05:47AM by twistedslut
via reddit http://ift.tt/2hgESUV
reddit
Security • r/security
How to deal with acts of terrorism on large scale and also how to deal with a helicopter pilot and gunman on a chopper?
Malware Uses Security Cameras With Infrared Capabilities to Steal Data
http://ift.tt/2xkzB7W
Submitted September 20, 2017 at 06:55AM by majorllama
via reddit http://ift.tt/2xPSdOy
http://ift.tt/2xkzB7W
Submitted September 20, 2017 at 06:55AM by majorllama
via reddit http://ift.tt/2xPSdOy
BleepingComputer
Malware Uses Security Cameras With Infrared Capabilities to Steal Data
Proof-of-concept malware created by a team of Israeli researchers uses the infrared capabilities of modern security cameras as a channel for data exfiltration, but also to receive new commands from its operators.
Network Attacks Containing Cryptocurrency CPU Mining Tools Grow Sixfold
http://ift.tt/2w4uhTb
Submitted September 20, 2017 at 06:15AM by cybertrust
via reddit http://ift.tt/2w5NwM9
http://ift.tt/2w4uhTb
Submitted September 20, 2017 at 06:15AM by cybertrust
via reddit http://ift.tt/2w5NwM9
Security Intelligence
Network Attacks Containing Cryptocurrency CPU Mining Tools Grow Sixfold
IBM Managed Security Services (MSS) detected a sixfold increase in attacks involving embedded CPU mining tools between January and August 2017.