need to find location of an particular cloudflare CDN IP
https://ift.tt/2McnQ7C
Submitted September 09, 2018 at 09:24AM by funk-it-all
via reddit https://ift.tt/2Qgys8Y
https://ift.tt/2McnQ7C
Submitted September 09, 2018 at 09:24AM by funk-it-all
via reddit https://ift.tt/2Qgys8Y
reddit
r/techsupport - need to find location of an particular cloudflare CDN IP
1 vote and 5 comments so far on Reddit
"Big Star Labs" spyware campaign affects over 11,000,000 people
https://ift.tt/2NGdKxi
Submitted September 09, 2018 at 07:41PM by sacrednumber_108
via reddit https://ift.tt/2oPZJCK
https://ift.tt/2NGdKxi
Submitted September 09, 2018 at 07:41PM by sacrednumber_108
via reddit https://ift.tt/2oPZJCK
AdGuard Blog
"Big Star Labs" spyware campaign affects over 11,000,000 people
In the previous article about the Unimania spyware campaign I promised to tell you more about the privacy issues discovered during our automated scan of many Google Chrome extensions. This took me a while, and I apologize for the delay. The reason for the…
Microsoft Bug Bounty | MSRC
https://ift.tt/2QezF0u
Submitted September 09, 2018 at 09:36PM by shehackspurple
via reddit https://ift.tt/2wUP2mM
https://ift.tt/2QezF0u
Submitted September 09, 2018 at 09:36PM by shehackspurple
via reddit https://ift.tt/2wUP2mM
Microsoft
Microsoft Identity Bounty | MSRC
Vulnerability reports on Identity services, including Microsoft Account, Azure Active Directory, or select OpenID standards.
How to use Google's CSP Evaluator to bypass CSP
https://ift.tt/2NAkIaM
Submitted September 10, 2018 at 12:24AM by ThomasCZ
via reddit https://ift.tt/2Mf02Qx
https://ift.tt/2NAkIaM
Submitted September 10, 2018 at 12:24AM by ThomasCZ
via reddit https://ift.tt/2Mf02Qx
Thomas Orlita's blog
How to use Google's CSP Evaluator to bypass CSP - Thomas Orlita's blog
You know that feeling when you discovered an XSS only to find out there’s an active CSP that blocks execution of any noscripts? If you want it to work on all browsers, not just IE (which doesn’t support CSP), there’s still a chance to bypass it! Use Google’s…
Every Question Tells a Story – Mitigating Ransomware Using the Rapid Cyberattack Assessment Tool: Part 1
https://ift.tt/2p0nJTT
Submitted September 10, 2018 at 09:52AM by jdrch
via reddit https://ift.tt/2MfToJP
https://ift.tt/2p0nJTT
Submitted September 10, 2018 at 09:52AM by jdrch
via reddit https://ift.tt/2MfToJP
Multi-exploit Mirai and Gafgyt Target Apache Struts, SonicWall
https://ift.tt/2NolfMT
Submitted September 10, 2018 at 11:46AM by thingsec
via reddit https://ift.tt/2x1vTyR
https://ift.tt/2NolfMT
Submitted September 10, 2018 at 11:46AM by thingsec
via reddit https://ift.tt/2x1vTyR
Palo Alto Networks Blog
Multi-exploit IoT/Linux Botnets Mirai and Gafgyt Target Apache Struts, SonicWall - Palo Alto Networks Blog
Unit 42 has uncovered new variants of the well-known IoT botnets Mirai and Gafgyt.
falkervisor (C version), a hypervisor for fuzzing
https://ift.tt/2wVNnNW
Submitted September 10, 2018 at 12:29PM by gamozolabs
via reddit https://ift.tt/2N1OsxI
https://ift.tt/2wVNnNW
Submitted September 10, 2018 at 12:29PM by gamozolabs
via reddit https://ift.tt/2N1OsxI
GitHub
gamozolabs/falkervisor_grilled_cheese
Contribute to gamozolabs/falkervisor_grilled_cheese development by creating an account on GitHub.
Evilginx 2.1 - 2FA Phishing - The First Post-Release Update
https://ift.tt/2CBf1VK
Submitted September 10, 2018 at 02:02PM by kgretzky
via reddit https://ift.tt/2QgmVqd
https://ift.tt/2CBf1VK
Submitted September 10, 2018 at 02:02PM by kgretzky
via reddit https://ift.tt/2QgmVqd
Serverless Red Team Infrastructure
https://ift.tt/2QiO7V6
Submitted September 10, 2018 at 04:03PM by dmchell
via reddit https://ift.tt/2oSupmC
https://ift.tt/2QiO7V6
Submitted September 10, 2018 at 04:03PM by dmchell
via reddit https://ift.tt/2oSupmC
Analysis of Malware That Leverages the Recent ALPC Zero-day Vulnerability
https://ift.tt/2CnVXtY
Submitted September 10, 2018 at 12:22PM by CyberBullets
via reddit https://ift.tt/2CDm3ch
https://ift.tt/2CnVXtY
Submitted September 10, 2018 at 12:22PM by CyberBullets
via reddit https://ift.tt/2CDm3ch
WeLiveSecurity
PowerPool malware exploits zero-day vulnerability
Malware from a newly uncovered group PowerPool has been exploiting zero-day vulnerability in the wild, only two days after its disclosure. The vulnerability affects Microsoft Windows OSes from Windows 7 to Windows 10 and in particular, the ALPC function,…
First-Party Isolation in Firefox and what breaks if you enable it
https://ift.tt/2JRz3dQ
Submitted September 10, 2018 at 06:25PM by sasizza
via reddit https://ift.tt/2O6iSeu
https://ift.tt/2JRz3dQ
Submitted September 10, 2018 at 06:25PM by sasizza
via reddit https://ift.tt/2O6iSeu
Ctrl blog
What is First-Party Isolation in Firefox and what breaks if you enabled it
Instead of modifying and blocking page contents; Firefox optionally lets users modifies the browser to become harder to track across websites.
Chrome/Chromium now considers "www" to be a "trivial" subdomain and no longer shows it in the address bar.
https://ift.tt/CsbsCo
Submitted September 10, 2018 at 08:39PM by CodeBlock
via reddit https://ift.tt/2O0REWx
https://ift.tt/CsbsCo
Submitted September 10, 2018 at 08:39PM by CodeBlock
via reddit https://ift.tt/2O0REWx
reddit
r/netsec - Chrome/Chromium now considers "www" to be a "trivial" subdomain and no longer shows it in the address bar.
5 votes and 3 comments so far on Reddit
Key Managers and Key Stores
https://ift.tt/2x0F0ja
Submitted September 10, 2018 at 10:22PM by amazedballer
via reddit https://ift.tt/2oYjyrj
https://ift.tt/2x0F0ja
Submitted September 10, 2018 at 10:22PM by amazedballer
via reddit https://ift.tt/2oYjyrj
reddit
r/netsec - Key Managers and Key Stores
1 vote and 0 comments so far on Reddit
Analysis of Unpatched Advantech Webaccess RCE
https://ift.tt/2wYQTHl
Submitted September 10, 2018 at 10:16PM by chicksdigthelongrun
via reddit https://ift.tt/2Mhk2SI
https://ift.tt/2wYQTHl
Submitted September 10, 2018 at 10:16PM by chicksdigthelongrun
via reddit https://ift.tt/2Mhk2SI
Medium
Advantech WebAccess Unpatched RCE
Author: Chris Lyne
Exposing Private Domains via Certificate Transparency Logs [tool release]
https://ift.tt/2CxETBy
Submitted September 10, 2018 at 11:27PM by mpeg4codec
via reddit https://ift.tt/2Qkj0J0
https://ift.tt/2CxETBy
Submitted September 10, 2018 at 11:27PM by mpeg4codec
via reddit https://ift.tt/2Qkj0J0
Chris408
Certificate Transparency logs and how they are a gold mine to Bug Hunters
What is CT? Certificate Transparency (CT) is an experimental IETF standard. The goal of CT is to allow the public to audit which certificates were created by Certificate Authorities (CA). TLS has a weakness that comes from the large list of CAs that your…
local host discovery in browser
https://ift.tt/2x1VVSC
Submitted September 11, 2018 at 03:04AM by rain5
via reddit https://ift.tt/2Nqm7AD
https://ift.tt/2x1VVSC
Submitted September 11, 2018 at 03:04AM by rain5
via reddit https://ift.tt/2Nqm7AD
reddit
r/netsec - local host discovery in browser
3 votes and 2 comments so far on Reddit
Slides & presentation of "Unpacking the non-unpackable" (anti-static analytic new ELF packer) in R2CON2018
https://ift.tt/2MgZr0U
Submitted September 11, 2018 at 03:02AM by mmd0xFF
via reddit https://ift.tt/2NwAkfm
https://ift.tt/2MgZr0U
Submitted September 11, 2018 at 03:02AM by mmd0xFF
via reddit https://ift.tt/2NwAkfm
reddit
r/LinuxMalware - About my presentation of: "Unpacking the non-unpackable" (an ELF new packer) in R2CON2018
1 vote and 0 comments so far on Reddit
Spoofing DNS with fragments
https://ift.tt/2CP0Ooi
Submitted September 11, 2018 at 04:42AM by nykzhang
via reddit https://ift.tt/2O2cuVE
https://ift.tt/2CP0Ooi
Submitted September 11, 2018 at 04:42AM by nykzhang
via reddit https://ift.tt/2O2cuVE
PowerDNS Blog
Spoofing DNS with fragments
With some care, it turns out to be possible to spoof fake DNS responses using fragmented datagrams. While preparing a presentation for XS4ALL back in 2009, I found out how this could be done, but I…
India’s citizen biometric registry Aadhaar Software Hacked, ID Database Compromised, Experts Confirm
https://ift.tt/2CFbyoQ
Submitted September 11, 2018 at 10:54AM by lordatlas
via reddit https://ift.tt/2NA8RsU
https://ift.tt/2CFbyoQ
Submitted September 11, 2018 at 10:54AM by lordatlas
via reddit https://ift.tt/2NA8RsU
HuffPost India
UIDAI’s Aadhaar Software Hacked, ID Database Compromised, Experts Confirm
Skilled hackers disabled security features of Aadhaar enrolment software, circulated hack on Whatsapp
Sploitus.com - Exploits & Tools Search Engine
https://sploitus.com
Submitted September 11, 2018 at 02:43PM by i_bo0om
via reddit https://ift.tt/2MjgijM
https://sploitus.com
Submitted September 11, 2018 at 02:43PM by i_bo0om
via reddit https://ift.tt/2MjgijM
Sploitus
💀 Sploitus | Exploits & Tools Search Engine
Sploitus is a convenient central place for identifying the newest exploits and finding attacks that exploit known vulnerabilities. The search engine is also a good resource for finding security and vulnerability discovery tools.
A practical guide to testing the security of Amazon Web Services (Part 1: AWS S3)
https://ift.tt/2N1EbS5
Submitted September 11, 2018 at 08:12PM by albinowax
via reddit https://ift.tt/2MmvzQE
https://ift.tt/2N1EbS5
Submitted September 11, 2018 at 08:12PM by albinowax
via reddit https://ift.tt/2MmvzQE
Mindedsecurity
A practical guide to testing the security of Amazon Web Services (Part 1: AWS S3)
Back in the days, the word Amazon used to refer to over half of earth's rainforests. While this is still true, it isn't what most people ...