threatfeeds.io - free and open-source threat intelligence feeds and sources
https://threatfeeds.io

Submitted August 27, 2018 at 10:31PM by netbroom
via reddit https://ift.tt/2PaMwj4

API interface for kali tools
https://ift.tt/2PCka22

Submitted August 28, 2018 at 01:35AM by knsankar
via reddit https://ift.tt/2LATdsA

Microsoft.Workflow.Compiler.exe, Veil, and Cobalt Strike
https://ift.tt/2wn2s9S

Submitted August 28, 2018 at 01:25AM by SonOfFlynnn
via reddit https://ift.tt/2MZUcaw

I made a push notification feed (desktop/mobile) for posts of r/netsec that have a minimum of 200 Karma.
https://ift.tt/2ofGv96

Submitted August 28, 2018 at 06:36AM by soeindohuwabohu
via reddit https://ift.tt/2BTzEvU

Traversing the Path to RCE (Bug Bounty)
https://ift.tt/2wnfzYE

Submitted August 28, 2018 at 04:38AM by chocoluvin
via reddit https://ift.tt/2MAbU4P

Microsoft Windows task scheduler contains a local privilege escalation vulnerability in the ALPC interface
https://ift.tt/2PJxVvN

Submitted August 28, 2018 at 11:38AM by 0xdea
via reddit https://ift.tt/2BOFqil

Tracking Down Malware by Analyzing Beacon Traffic
https://ift.tt/2w7PxcU

Submitted August 28, 2018 at 02:15PM by CyberBullets
via reddit https://ift.tt/2oe4Fkq

Gmail Android app insecure Network Security Configuration
https://ift.tt/2NqjhIw

Submitted August 28, 2018 at 03:50PM by clviper
via reddit https://ift.tt/2PIgMmh

From Compiler Optimization to Code Execution - VirtualBox VM Escape - CVE-2018-2844
https://ift.tt/2NnD6jr

Submitted August 28, 2018 at 03:45PM by tunnelshade
via reddit https://ift.tt/2LyZHb6

A walkthrough the AcridRain Stealer
https://ift.tt/2Nrb86s

Submitted August 28, 2018 at 05:06PM by _cacao
via reddit https://ift.tt/2ohRrmR

Uber Bug Bounty: 1000$ for two “high severity” issue
https://ift.tt/2NqXjVR

Submitted August 28, 2018 at 05:49PM by mrpeuch
via reddit https://ift.tt/2BWjYIg

Unpatched ALPC Priv Esc Bug in Windows 10 x64 PoC
https://ift.tt/2BWEFUw

Submitted August 28, 2018 at 07:44PM by at_physicaltherapy
via reddit https://ift.tt/2Ly8Cti

Featured in ThreatPost: VerSprite's Research Team Discovers Airmail 3 Exploit
https://ift.tt/2BAplN3

Submitted August 28, 2018 at 08:28PM by marketingversprite
via reddit https://ift.tt/2LAdFJU

Remote Code Execution on packagist.org
https://ift.tt/2LBF26B

Submitted August 28, 2018 at 11:25PM by justicz
via reddit https://ift.tt/2LtuupX

Good Introduction to CORS (Cross-Origin Resource Sharing)
https://ift.tt/2Mp3PM3

Submitted August 29, 2018 at 12:42PM by CyberBullets
via reddit https://ift.tt/2BXV4Ie

Fuzzing the .NET JIT Compiler
https://ift.tt/2NvyHeG

Submitted August 29, 2018 at 12:34PM by 0xad
via reddit https://ift.tt/2N61XM9

Native Android Proxmark3 client (rootless)
https://ift.tt/2wqroyi

Submitted August 29, 2018 at 07:17PM by doylersec
via reddit https://ift.tt/2PeFxpa

WebAuthn Cryptography Flaws Round 2: IBM's ECDAA implementation
Hi /r/netsec!This is a follow-up to my previous submission about Security Concerns Surrounding WebAuthn, which dove into the cryptography protocol design of ECDAA (a FIDO Alliance design which WebAuthn explicitly adds as a reserved COSE algorithm).I looked at the ECDAA implementation published on Github under the IBM-Research organization and discovered that they're just using BigInteger.mod(), which will produced biased output (unless you're using a curve whose order is a Mersenne prime). Given that IBM employees were the co-authors of the ECDAA specification, I'm led to believe that the IBM-Research repository is somewhat official.I reported this on Github, of course: https://github.com/ibm-research/ecdaa/issues/5While I'm excited about the prospect of hardware-based 2FA (or even WebAuthn-powered single factor to eliminate passwords in corporate settings), the cryptography they're trying to standardize is too error-prone. We shouldn't trust it until these flaws are remedied.

Submitted August 29, 2018 at 08:48PM by sarciszewski
via reddit https://ift.tt/2BUGr8o

We Are Motherboard's Infosec Reporters: Let's Talk Journalism and "Cyber." Ask Us Anything!
We are Lorenzo Franceschi-Bicchierai and Joseph Cox. We cover infosec and hacking for Motherboard, VICE Media's tech and science website. Over the years, we have written about government hacking, consumer spyware, surveillance technology, cybercrime, and a loooooot of data breaches.Recently, we've been digging into SIM swapping scams, the iPhone zero-day market, the mysterious group doxing Chinese government hackers, and Facebook's impossible problem: content moderation.Today we will stand on the other side and take questions about how we pick stories, how we report articles, how we verify hacked or leaked data, and anything in between.Proof: https://i.redd.it/ojzd8pgcivi11.jpg

Submitted August 29, 2018 at 08:33PM by motherboard
via reddit https://ift.tt/2omeJrI

BYOB (Build Your Own Botnet)
https://ift.tt/2o2lJKj

Submitted August 29, 2018 at 09:28PM by PoonSafari
via reddit https://ift.tt/2wnLqcI

Assume the Worst: Enumerating AWS Roles through ‘AssumeRole’
https://ift.tt/2NxZt5R

Submitted August 30, 2018 at 12:24AM by hackers_and_builders
via reddit https://ift.tt/2LDTavO