Welcome to the New Order: A DEF CON 2018 Retrospective by PPP
https://ift.tt/2wdw21y
Submitted August 17, 2018 at 12:36AM by centinibroninthesky
via reddit https://ift.tt/2Phqhca
https://ift.tt/2wdw21y
Submitted August 17, 2018 at 12:36AM by centinibroninthesky
via reddit https://ift.tt/2Phqhca
dttw.tech
Down to the Wire
Down to the Wire is a collaborative project hosted by a group of students across the country. Topics range from hardware to software to security.
OpenSSH Username Enumeration
https://ift.tt/2MuzmQ0
Submitted August 17, 2018 at 02:17AM by 0x4a616e
via reddit https://ift.tt/2Btw1wD
https://ift.tt/2MuzmQ0
Submitted August 17, 2018 at 02:17AM by 0x4a616e
via reddit https://ift.tt/2Btw1wD
seclists.org
oss-sec: OpenSSH Username Enumeration
Vulnerable Out of the Box: An Evaluation of Android Carrier Devices
https://ift.tt/2Bg2MNr
Submitted August 17, 2018 at 01:53AM by vamediah
via reddit https://ift.tt/2Bop7s6
https://ift.tt/2Bg2MNr
Submitted August 17, 2018 at 01:53AM by vamediah
via reddit https://ift.tt/2Bop7s6
Detecting database leaks through record poisoning
https://ift.tt/2nIL8Iz
Submitted August 17, 2018 at 03:55AM by paFarb
via reddit https://ift.tt/2L0dmYs
https://ift.tt/2nIL8Iz
Submitted August 17, 2018 at 03:55AM by paFarb
via reddit https://ift.tt/2L0dmYs
Cossacklabs
Cossack Labs / Poison Records in Acra – Database Honeypots for Intrusion Detection
Database protection tool for detection of suspicious behaviour created by Cossack Labs
Vulnerability hunting with Semmle QL, part 1
https://ift.tt/2L0nQae
Submitted August 17, 2018 at 06:07AM by thebrachy
via reddit https://ift.tt/2vMxF7e
https://ift.tt/2L0nQae
Submitted August 17, 2018 at 06:07AM by thebrachy
via reddit https://ift.tt/2vMxF7e
reddit
r/netsec - Vulnerability hunting with Semmle QL, part 1
2 votes and 0 comments so far on Reddit
Cookie Decrypter for Burp Suite
https://ift.tt/2MkgXWX
Submitted August 17, 2018 at 07:21AM by IamJacksLackOf
via reddit https://ift.tt/2w5bmZu
https://ift.tt/2MkgXWX
Submitted August 17, 2018 at 07:21AM by IamJacksLackOf
via reddit https://ift.tt/2w5bmZu
GitLab
TechnoTame / cookie-decrypter
File Operation Induced Unserialization via the “phar://” Stream Wrapper
https://ift.tt/2OIr70b?
Submitted August 17, 2018 at 03:41PM by ga-vu
via reddit https://ift.tt/2MUlYBG
https://ift.tt/2OIr70b?
Submitted August 17, 2018 at 03:41PM by ga-vu
via reddit https://ift.tt/2MUlYBG
Commercial Cryptographic Key Management in 2018
https://ift.tt/2Mmsgy0
Submitted August 17, 2018 at 11:37AM by undercomm
via reddit https://ift.tt/2MQiy2W
https://ift.tt/2Mmsgy0
Submitted August 17, 2018 at 11:37AM by undercomm
via reddit https://ift.tt/2MQiy2W
Malgregator
Commercial Cryptographic Key Management in 2018
Modern key management in a large organization is primarily described by bureaucratic procedures and compliance requirements due to...
Linking password strength to expiry results in stronger passwords but more password resets
https://ift.tt/2MzoZdK
Submitted August 17, 2018 at 07:06PM by sjmurdoch
via reddit https://ift.tt/2MUfKBZ
https://ift.tt/2MzoZdK
Submitted August 17, 2018 at 07:06PM by sjmurdoch
via reddit https://ift.tt/2MUfKBZ
Open/Unvalidated Redirects and Forwards (What they are, how to find them, how to exploit them, and how to fix them)
https://ift.tt/2MUweKm
Submitted August 17, 2018 at 09:55PM by Prav123
via reddit https://ift.tt/2Pi6d9u
https://ift.tt/2MUweKm
Submitted August 17, 2018 at 09:55PM by Prav123
via reddit https://ift.tt/2Pi6d9u
s0cket7
Open Redirect Vulnerability
Hopefully a 'All you need to know about Open Redirects' post
Singularity of Origin: A DNS Rebinding Attack Framework
https://ift.tt/2MU9nP8
Submitted August 17, 2018 at 09:53PM by Prav123
via reddit https://ift.tt/2Pi6Dg4
https://ift.tt/2MU9nP8
Submitted August 17, 2018 at 09:53PM by Prav123
via reddit https://ift.tt/2Pi6Dg4
Peaking Behind the Curtains of Serverless Platforms
https://cur.at/H3tXB0r
Submitted August 18, 2018 at 02:12AM by sprkyco
via reddit https://ift.tt/2wgGRAe
https://cur.at/H3tXB0r
Submitted August 18, 2018 at 02:12AM by sprkyco
via reddit https://ift.tt/2wgGRAe
Vulnerability in Swoole deserialization function (CVE-2018-15503)
https://ift.tt/2OLWEOZ
Submitted August 18, 2018 at 05:16PM by gid0rah
via reddit https://ift.tt/2MEFwgu
https://ift.tt/2OLWEOZ
Submitted August 18, 2018 at 05:16PM by gid0rah
via reddit https://ift.tt/2MEFwgu
x-c3ll.github.io
Vulnerability in Swoole PHP extension [CVE-2018-15503] ::
DoomsDay Vault
DoomsDay Vault
Denoscription of how the vulnerability was found and a few indications about its explotability
XIGNCODE3 xhunter1.sys LPE: From leaked kernel-mode process handle to SYSTEM
https://ift.tt/2BvBCm6
Submitted August 18, 2018 at 09:05PM by Psycho_tropos
via reddit https://ift.tt/2BpjqdK
https://ift.tt/2BvBCm6
Submitted August 18, 2018 at 09:05PM by Psycho_tropos
via reddit https://ift.tt/2BpjqdK
x86.re
XIGNCODE3 xhunter1.sys LPE
From leaked kernel-mode process handle to SYSTEM XIGNCODE3 is a popular anti-cheat solution provided on a B2B2C basis, predominantly found in online games. This class of software is known for its invasive nature, effectively acting as user-mode rootkits on…
GitHub - naltun/eyes: Golang rewrite of eyes.sh. Let's you perform domain/IP address information gathering. Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?"
https://ift.tt/2FmXWfJ
Submitted August 18, 2018 at 09:20PM by aScottishBoat
via reddit https://ift.tt/2vQT2nK
https://ift.tt/2FmXWfJ
Submitted August 18, 2018 at 09:20PM by aScottishBoat
via reddit https://ift.tt/2vQT2nK
GitHub
naltun/eyes
Golang rewrite of eyes.sh. Let's you perform domain/IP address information gathering. Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?"
Useless CSP - A list useless CSP of big websites
https://uselesscsp.com/
Submitted August 19, 2018 at 07:41PM by jvoisin
via reddit https://ift.tt/2nQYkLK
https://uselesscsp.com/
Submitted August 19, 2018 at 07:41PM by jvoisin
via reddit https://ift.tt/2nQYkLK
reddit
r/netsec - Useless CSP - A list useless CSP of big websites
8 votes and 0 comments so far on Reddit
Login Bypass on Pizza Hut India website & iPhone app to view user's personal details, order history
https://ift.tt/2nOEr7P
Submitted August 19, 2018 at 09:19PM by purplex21
via reddit https://ift.tt/2BqrWsW
https://ift.tt/2nOEr7P
Submitted August 19, 2018 at 09:19PM by purplex21
via reddit https://ift.tt/2BqrWsW
Bhumish Gajjar's Blog
Login Bypass on Pizza Hut India website & iPhone app
TLDR: You can bypass the OTP login (only available method to login) for Pizza Hut’s Indian website and iPhone app. I have tried contacting Pizza Hut on Twitter and Phone,…
BygoneSSL: Previous owners of your domains may own valid SSL certificates... And new owners of your old domains may be able to revoke your production colocated certificates
https://ift.tt/2Ple7yG
Submitted August 20, 2018 at 01:07PM by wifihack
via reddit https://ift.tt/2Bq3aJg
https://ift.tt/2Ple7yG
Submitted August 20, 2018 at 01:07PM by wifihack
via reddit https://ift.tt/2Bq3aJg
reddit
r/netsec - BygoneSSL: Previous owners of your domains may own valid SSL certificates... And new owners of your old domains may…
25 votes and 1 comment so far on Reddit
Disabling MacOS SIP via a VirtualBox kext Vulnerability
https://ift.tt/2OKuTpO
Submitted August 20, 2018 at 04:14PM by dmchell
via reddit https://ift.tt/2PpLOPZ
https://ift.tt/2OKuTpO
Submitted August 20, 2018 at 04:14PM by dmchell
via reddit https://ift.tt/2PpLOPZ
4 free tools to help lock down your web security
https://ift.tt/2PpEyDF
Submitted August 20, 2018 at 07:05PM by KeyDutch
via reddit https://ift.tt/2vZfYBs
https://ift.tt/2PpEyDF
Submitted August 20, 2018 at 07:05PM by KeyDutch
via reddit https://ift.tt/2vZfYBs
securitybrief.eu
Four free tools to help lock down your web security
With ever-tightening budgets it can be difficult to convince your managers to invest in security tools.
Open Sourcing ModSecurity for Envoy Proxy
https://ift.tt/2N2nYYJ
Submitted August 20, 2018 at 06:58PM by jekapats
via reddit https://ift.tt/2OPRbXj
https://ift.tt/2N2nYYJ
Submitted August 20, 2018 at 06:58PM by jekapats
via reddit https://ift.tt/2OPRbXj
GitHub
octarinesec/ModSecurity-envoy
ModSecurity-envoy - ModSecurity V3 Envoy Filter