Commercial Cryptographic Key Management in 2018
https://ift.tt/2Mmsgy0
Submitted August 17, 2018 at 11:37AM by undercomm
via reddit https://ift.tt/2MQiy2W
https://ift.tt/2Mmsgy0
Submitted August 17, 2018 at 11:37AM by undercomm
via reddit https://ift.tt/2MQiy2W
Malgregator
Commercial Cryptographic Key Management in 2018
Modern key management in a large organization is primarily described by bureaucratic procedures and compliance requirements due to...
Linking password strength to expiry results in stronger passwords but more password resets
https://ift.tt/2MzoZdK
Submitted August 17, 2018 at 07:06PM by sjmurdoch
via reddit https://ift.tt/2MUfKBZ
https://ift.tt/2MzoZdK
Submitted August 17, 2018 at 07:06PM by sjmurdoch
via reddit https://ift.tt/2MUfKBZ
Open/Unvalidated Redirects and Forwards (What they are, how to find them, how to exploit them, and how to fix them)
https://ift.tt/2MUweKm
Submitted August 17, 2018 at 09:55PM by Prav123
via reddit https://ift.tt/2Pi6d9u
https://ift.tt/2MUweKm
Submitted August 17, 2018 at 09:55PM by Prav123
via reddit https://ift.tt/2Pi6d9u
s0cket7
Open Redirect Vulnerability
Hopefully a 'All you need to know about Open Redirects' post
Singularity of Origin: A DNS Rebinding Attack Framework
https://ift.tt/2MU9nP8
Submitted August 17, 2018 at 09:53PM by Prav123
via reddit https://ift.tt/2Pi6Dg4
https://ift.tt/2MU9nP8
Submitted August 17, 2018 at 09:53PM by Prav123
via reddit https://ift.tt/2Pi6Dg4
Peaking Behind the Curtains of Serverless Platforms
https://cur.at/H3tXB0r
Submitted August 18, 2018 at 02:12AM by sprkyco
via reddit https://ift.tt/2wgGRAe
https://cur.at/H3tXB0r
Submitted August 18, 2018 at 02:12AM by sprkyco
via reddit https://ift.tt/2wgGRAe
Vulnerability in Swoole deserialization function (CVE-2018-15503)
https://ift.tt/2OLWEOZ
Submitted August 18, 2018 at 05:16PM by gid0rah
via reddit https://ift.tt/2MEFwgu
https://ift.tt/2OLWEOZ
Submitted August 18, 2018 at 05:16PM by gid0rah
via reddit https://ift.tt/2MEFwgu
x-c3ll.github.io
Vulnerability in Swoole PHP extension [CVE-2018-15503] ::
DoomsDay Vault
DoomsDay Vault
Denoscription of how the vulnerability was found and a few indications about its explotability
XIGNCODE3 xhunter1.sys LPE: From leaked kernel-mode process handle to SYSTEM
https://ift.tt/2BvBCm6
Submitted August 18, 2018 at 09:05PM by Psycho_tropos
via reddit https://ift.tt/2BpjqdK
https://ift.tt/2BvBCm6
Submitted August 18, 2018 at 09:05PM by Psycho_tropos
via reddit https://ift.tt/2BpjqdK
x86.re
XIGNCODE3 xhunter1.sys LPE
From leaked kernel-mode process handle to SYSTEM XIGNCODE3 is a popular anti-cheat solution provided on a B2B2C basis, predominantly found in online games. This class of software is known for its invasive nature, effectively acting as user-mode rootkits on…
GitHub - naltun/eyes: Golang rewrite of eyes.sh. Let's you perform domain/IP address information gathering. Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?"
https://ift.tt/2FmXWfJ
Submitted August 18, 2018 at 09:20PM by aScottishBoat
via reddit https://ift.tt/2vQT2nK
https://ift.tt/2FmXWfJ
Submitted August 18, 2018 at 09:20PM by aScottishBoat
via reddit https://ift.tt/2vQT2nK
GitHub
naltun/eyes
Golang rewrite of eyes.sh. Let's you perform domain/IP address information gathering. Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?"
Useless CSP - A list useless CSP of big websites
https://uselesscsp.com/
Submitted August 19, 2018 at 07:41PM by jvoisin
via reddit https://ift.tt/2nQYkLK
https://uselesscsp.com/
Submitted August 19, 2018 at 07:41PM by jvoisin
via reddit https://ift.tt/2nQYkLK
reddit
r/netsec - Useless CSP - A list useless CSP of big websites
8 votes and 0 comments so far on Reddit
Login Bypass on Pizza Hut India website & iPhone app to view user's personal details, order history
https://ift.tt/2nOEr7P
Submitted August 19, 2018 at 09:19PM by purplex21
via reddit https://ift.tt/2BqrWsW
https://ift.tt/2nOEr7P
Submitted August 19, 2018 at 09:19PM by purplex21
via reddit https://ift.tt/2BqrWsW
Bhumish Gajjar's Blog
Login Bypass on Pizza Hut India website & iPhone app
TLDR: You can bypass the OTP login (only available method to login) for Pizza Hut’s Indian website and iPhone app. I have tried contacting Pizza Hut on Twitter and Phone,…
BygoneSSL: Previous owners of your domains may own valid SSL certificates... And new owners of your old domains may be able to revoke your production colocated certificates
https://ift.tt/2Ple7yG
Submitted August 20, 2018 at 01:07PM by wifihack
via reddit https://ift.tt/2Bq3aJg
https://ift.tt/2Ple7yG
Submitted August 20, 2018 at 01:07PM by wifihack
via reddit https://ift.tt/2Bq3aJg
reddit
r/netsec - BygoneSSL: Previous owners of your domains may own valid SSL certificates... And new owners of your old domains may…
25 votes and 1 comment so far on Reddit
Disabling MacOS SIP via a VirtualBox kext Vulnerability
https://ift.tt/2OKuTpO
Submitted August 20, 2018 at 04:14PM by dmchell
via reddit https://ift.tt/2PpLOPZ
https://ift.tt/2OKuTpO
Submitted August 20, 2018 at 04:14PM by dmchell
via reddit https://ift.tt/2PpLOPZ
4 free tools to help lock down your web security
https://ift.tt/2PpEyDF
Submitted August 20, 2018 at 07:05PM by KeyDutch
via reddit https://ift.tt/2vZfYBs
https://ift.tt/2PpEyDF
Submitted August 20, 2018 at 07:05PM by KeyDutch
via reddit https://ift.tt/2vZfYBs
securitybrief.eu
Four free tools to help lock down your web security
With ever-tightening budgets it can be difficult to convince your managers to invest in security tools.
Open Sourcing ModSecurity for Envoy Proxy
https://ift.tt/2N2nYYJ
Submitted August 20, 2018 at 06:58PM by jekapats
via reddit https://ift.tt/2OPRbXj
https://ift.tt/2N2nYYJ
Submitted August 20, 2018 at 06:58PM by jekapats
via reddit https://ift.tt/2OPRbXj
GitHub
octarinesec/ModSecurity-envoy
ModSecurity-envoy - ModSecurity V3 Envoy Filter
Solid write up for some vulnerabilities exploits found in embedded electronics. TerraMaster NAS Exploited.
https://ift.tt/2N5EneT
Submitted August 20, 2018 at 08:17PM by goopcat
via reddit https://ift.tt/2OMh36v
https://ift.tt/2N5EneT
Submitted August 20, 2018 at 08:17PM by goopcat
via reddit https://ift.tt/2OMh36v
Independent Security Evaluators
TerraMaster NAS Vulnerabilities Discovered and Exploited
ISE Labs Earns 24 CVEs for New Vulnerabilities in TOS, TerraMaster’s NAS OS
Burp's new REST API
https://ift.tt/2OOlspu
Submitted August 20, 2018 at 11:03PM by IamJacksLackOf
via reddit https://ift.tt/2nQxyD7
https://ift.tt/2OOlspu
Submitted August 20, 2018 at 11:03PM by IamJacksLackOf
via reddit https://ift.tt/2nQxyD7
Web Security Blog | PortSwigger
Burp's new REST API
Burp is getting a brand new REST API, which can be used by other tools to integrate with Burp Suite: In the initial release, the REST API supports launching vulnerability scans and obtaining the resul
Android P Enables DNS Over TLS By Default
https://ift.tt/2MqGKgi
Submitted August 21, 2018 at 12:31AM by PrimeMover17
via reddit https://ift.tt/2Pqh9lc
https://ift.tt/2MqGKgi
Submitted August 21, 2018 at 12:31AM by PrimeMover17
via reddit https://ift.tt/2Pqh9lc
Decipher
How Android P Upgrades User and Device Security
Security in Android P is significantly different than in previous versions, as Google has added many new defensive measures.
Reversing the Toshiba FlashAir Wi-Fi SD card - discover its CPU, it’s OS and how you can execute native code!
https://ift.tt/2w3xCDU
Submitted August 21, 2018 at 06:15PM by guedou
via reddit https://ift.tt/2LerQnY
https://ift.tt/2w3xCDU
Submitted August 21, 2018 at 06:15PM by guedou
via reddit https://ift.tt/2LerQnY
Google Docs
BHUS18 - flashre
Reversing a Japanese Wireless SD Card From Zero to Code Execution Guillaume VALADON - @guedou Before the talk Chromebook console zoom: 175%/200% ./setup.sh zoom the presenter notes
OpenSSH User Enumeration Vulnerability: a Close Look
https://ift.tt/2PsaRS9
Submitted August 21, 2018 at 08:41PM by daanraman
via reddit https://ift.tt/2Bskcq8
https://ift.tt/2PsaRS9
Submitted August 21, 2018 at 08:41PM by daanraman
via reddit https://ift.tt/2Bskcq8
NVISO Labs
OpenSSH User Enumeration Vulnerability: a Close Look
Intro An OpenSSH user enumeration vulnerability (CVE-2018-15473) became public via a GitHub commit. This vulnerability does not produce a list of valid usernames, but it does allow guessing of user…
How we could hack law firms with their abandoned domain names
https://ift.tt/2wbAYE4
Submitted August 21, 2018 at 10:28PM by msp_guru
via reddit https://ift.tt/2BxaWkL
https://ift.tt/2wbAYE4
Submitted August 21, 2018 at 10:28PM by msp_guru
via reddit https://ift.tt/2BxaWkL
Rainbow and Unicorn
Hacking law firms with abandoned domain names
Domain name abandonment is a major cyber threat to your businesses. This report shows how cybercriminals can hijack your emails and online services.
Introducing Pacu: The Open Source AWS Exploitation Framework
https://ift.tt/2nTAoHk
Submitted August 21, 2018 at 10:28PM by hackers_and_builders
via reddit https://ift.tt/2BwvF8g
https://ift.tt/2nTAoHk
Submitted August 21, 2018 at 10:28PM by hackers_and_builders
via reddit https://ift.tt/2BwvF8g
reddit
r/netsec - Introducing Pacu: The Open Source AWS Exploitation Framework
4 votes and 0 comments so far on Reddit