Keybase browser extension is flawed
https://ift.tt/2wPOGNg
Submitted September 12, 2018 at 01:54PM by CyberBullets
via reddit https://ift.tt/2NE7Dgm
https://ift.tt/2wPOGNg
Submitted September 12, 2018 at 01:54PM by CyberBullets
via reddit https://ift.tt/2NE7Dgm
Wladimir Palant's notes
Keybase: "Our browser extension subverts our encryption, but why should we care?"
The Keybase browser extension subverts the app's end-to-end encryption. Keybase considers that "an acceptable risk" and not worth fixing.
Passing-the-Hash to NTLM Authenticated Web Applications
https://ift.tt/2uYsgsh
Submitted September 12, 2018 at 05:40PM by ericnyamu
via reddit https://ift.tt/2Odx0Tx
https://ift.tt/2uYsgsh
Submitted September 12, 2018 at 05:40PM by ericnyamu
via reddit https://ift.tt/2Odx0Tx
BIOS Boots What? Finding Evil in Boot Code at Scale!
https://ift.tt/2vrR6lE
Submitted September 12, 2018 at 05:38PM by ericnyamu
via reddit https://ift.tt/2QlGb5E
https://ift.tt/2vrR6lE
Submitted September 12, 2018 at 05:38PM by ericnyamu
via reddit https://ift.tt/2QlGb5E
FireEye
BIOS Boots What? Finding Evil in Boot Code at Scale! « BIOS Boots What? Finding Evil in Boot Code at Scale!
This post details the challenges FireEye faced examining boot records at scale and our solution to find evil boot records in large enterprise networks.
Hash Function Attacks Illustrated
https://ift.tt/2QmfXzT
Submitted September 12, 2018 at 05:36PM by ericnyamu
via reddit https://ift.tt/2OcWDDN
https://ift.tt/2QmfXzT
Submitted September 12, 2018 at 05:36PM by ericnyamu
via reddit https://ift.tt/2OcWDDN
McCormick Tech
Hash Function Attacks Illustrated
Here are some illustrated explanations of the main ways in which cryptographic hash functions can be attacked, and be resistant to those...
Bypassing CSP using polyglot JPEGs
https://ift.tt/2nlYKJO
Submitted September 12, 2018 at 05:35PM by ericnyamu
via reddit https://ift.tt/2OcWG2r
https://ift.tt/2nlYKJO
Submitted September 12, 2018 at 05:35PM by ericnyamu
via reddit https://ift.tt/2OcWG2r
Web Security Blog | PortSwigger
Bypassing CSP using polyglot JPEGs
James challenged me to see if it was possible to create a polyglot JavaScript/JPEG. Doing so would allow me to bypass CSP on almost any website that hosts user-uploaded images on the same domain. I gl
Windows Privilege Escalation Guide
https://ift.tt/2EVH96s
Submitted September 12, 2018 at 05:33PM by ericnyamu
via reddit https://ift.tt/2QlX9kp
https://ift.tt/2EVH96s
Submitted September 12, 2018 at 05:33PM by ericnyamu
via reddit https://ift.tt/2QlX9kp
Researcher finds vulnerability enabling disclosure of Intel ME encryption keys
https://ift.tt/2QjGiyy
Submitted September 12, 2018 at 06:46PM by alexlash
via reddit https://ift.tt/2Nabkes
https://ift.tt/2QjGiyy
Submitted September 12, 2018 at 06:46PM by alexlash
via reddit https://ift.tt/2Nabkes
Ptsecurity
Positive Technologies researcher finds vulnerability enabling disclosure of Intel ME encryption keys
Image credit: Unsplash Intel has issued a patch in response to a serious vulnerability in Intel ME firmware discovered by Positive Tec...
CVE-2018-5240: Symantec Management Agent (Altiris) Privilege Escalation
https://ift.tt/2x6Qe5F
Submitted September 12, 2018 at 10:34PM by eth_
via reddit https://ift.tt/2COK0xA
https://ift.tt/2x6Qe5F
Submitted September 12, 2018 at 10:34PM by eth_
via reddit https://ift.tt/2COK0xA
Nettitude Labs
CVE-2018-5240: Symantec Management Agent (Altiris) Privilege Escalation
During a recent red team exercise, we discovered a vulnerability within the latest versions of the Symantec Management Agent (Altiris), that allowed us to escalate our privileges. Overview When the…
DFLabs’ No-Script Automation Tool (NAT) is a new free tool that helps incident responders collect live forensic data.
The No-Script Automation Tool (NAT) was designed to solve the complexity and management issues surrounding noscripting multiple tools via batch files or other noscripting languages for Windows systems. NAT allows users to run sets of pre-defined and pre-verified tools based on user specified input, pre-defined commands and system properties such as architecture and Windows version.Downloadhttps://github.com/dflabs/NAT
Submitted September 12, 2018 at 07:48PM by GeekSikhSecurity
via reddit https://ift.tt/2NB0sFP
The No-Script Automation Tool (NAT) was designed to solve the complexity and management issues surrounding noscripting multiple tools via batch files or other noscripting languages for Windows systems. NAT allows users to run sets of pre-defined and pre-verified tools based on user specified input, pre-defined commands and system properties such as architecture and Windows version.Downloadhttps://github.com/dflabs/NAT
Submitted September 12, 2018 at 07:48PM by GeekSikhSecurity
via reddit https://ift.tt/2NB0sFP
GitHub
dflabs/NAT
No-Script Automation Tool. Contribute to dflabs/NAT development by creating an account on GitHub.
How long to crack this PW given the info provided
https://ift.tt/2CQrK6Y
Submitted September 13, 2018 at 03:49AM by gregtwelve
via reddit https://ift.tt/2p365Pl
https://ift.tt/2CQrK6Y
Submitted September 13, 2018 at 03:49AM by gregtwelve
via reddit https://ift.tt/2p365Pl
reddit
r/privacy - ISP wants me to keep my default password on my router/modem. Are default router/modem passwords good enough?
3 votes and 6 comments so far on Reddit
NSD DNS Server Tutorial: alternative to BIND for zone hosting and slaving
https://ift.tt/1NwDQMm
Submitted September 13, 2018 at 03:22AM by unquietwiki
via reddit https://ift.tt/2MpwPTk
https://ift.tt/1NwDQMm
Submitted September 13, 2018 at 03:22AM by unquietwiki
via reddit https://ift.tt/2MpwPTk
Feedify Compromised. Magecart noscript potentially on over 4000 websites.
https://ift.tt/2N83P7V
Submitted September 13, 2018 at 11:17AM by le-quack
via reddit https://ift.tt/2x8VlmL
https://ift.tt/2N83P7V
Submitted September 13, 2018 at 11:17AM by le-quack
via reddit https://ift.tt/2x8VlmL
BleepingComputer
Feedify Hacked with Magecart Information Stealing Script
A noscript used by the customer engagement service Feedify has been hacked to include the malicious MageCart noscript. MageCart is malicious code used by attackers to steal credit card details and other information from e-commerce sites when a user submits a…
Low-cost USB Rubber Ducky pen-test tool for $3 using Digispark and Duck2Spark
https://ift.tt/2p5jlmc
Submitted September 13, 2018 at 02:24PM by vasiliborodin
via reddit https://ift.tt/2N8d4VE
https://ift.tt/2p5jlmc
Submitted September 13, 2018 at 02:24PM by vasiliborodin
via reddit https://ift.tt/2N8d4VE
Medium
Low-cost USB Rubber Ducky pen-test tool for $3 using Digispark and Duck2Spark
It’s a story as old as time: some hacker sees nice hardware pen-testing tool, hacker recoils in horror at the price of said tool, hacker…
Vulmon - Vulnerability / Exploit Search Engine with Vulnerability Intelligence
https://vulmon.com
Submitted September 13, 2018 at 04:07PM by drodrouw
via reddit https://ift.tt/2p5vxU0
https://vulmon.com
Submitted September 13, 2018 at 04:07PM by drodrouw
via reddit https://ift.tt/2p5vxU0
Vulmon
Vulmon - Vulnerability Intelligence Search Engine
Vulmon is a vulnerability and exploit search engine with vulnerability intelligence features.
Fast, Furious and Insecure: Passive Keyless Entry and Start in Modern Supercars
https://ift.tt/2CH2LD7
Submitted September 13, 2018 at 06:10PM by redbit2020
via reddit https://ift.tt/2MufOHL
https://ift.tt/2CH2LD7
Submitted September 13, 2018 at 06:10PM by redbit2020
via reddit https://ift.tt/2MufOHL
www.esat.kuleuven.be
Fast, Furious and Insecure: Passive Keyless Entry and Start in Modern Supercars
High-end vehicles are often equipped with a Passive Keyless Entry and Start (PKES) system. These PKES systems allow to unlock and start the vehicle based on the physical proximity of a paired key
twa: A tiny web auditor with strong opinions
https://ift.tt/2Nd1IQb
Submitted September 13, 2018 at 05:41PM by yossarian_flew_away
via reddit https://ift.tt/2Oes0hd
https://ift.tt/2Nd1IQb
Submitted September 13, 2018 at 05:41PM by yossarian_flew_away
via reddit https://ift.tt/2Oes0hd
GitHub
woodruffw/twa
A tiny web auditor with strong opinions. Contribute to woodruffw/twa development by creating an account on GitHub.
New cold boot attack affects almost all modern computers.
https://ift.tt/2MqBfJJ
Submitted September 13, 2018 at 10:28PM by le-quack
via reddit https://ift.tt/2CQAWbi
https://ift.tt/2MqBfJJ
Submitted September 13, 2018 at 10:28PM by le-quack
via reddit https://ift.tt/2CQAWbi
F-Secure Blog
The Chilling Reality of Cold Boot Attacks - F-Secure Blog
What do you do when you finish working with your laptop? Do you turn it off? Put it to sleep? Just close the lid and walk away? Many people might not realize that what they do when leaving their laptop unattended, even a laptop with full disk encryption,…
Remote Code Execution in Alpine Linux
https://ift.tt/2x8YK4e
Submitted September 14, 2018 at 12:39AM by justicz
via reddit https://ift.tt/2MuiDZ0
https://ift.tt/2x8YK4e
Submitted September 14, 2018 at 12:39AM by justicz
via reddit https://ift.tt/2MuiDZ0
justi.cz
Remote Code Execution in Alpine Linux
tl;dr I found several bugs in apk, the default package manager for Alpine Linux. Alpine is a really lightweight distro that is very commonly used with Docker...
How to Make a Malicious USB and How to trick the victim to use it.
https://ift.tt/2QnDccS
Submitted September 14, 2018 at 02:46AM by ATTACKERSA
via reddit https://ift.tt/2p4QkHt
https://ift.tt/2QnDccS
Submitted September 14, 2018 at 02:46AM by ATTACKERSA
via reddit https://ift.tt/2p4QkHt
Cyber Wizard
How to Make a Malicious USB and How to trick the victim to use it.
THIS VIDEO IS FOR EDUCATIONAL PURPOSES ONLY. IF ORDINARY CITIZENS UNDERSTAND HOW ONE MAY CIRCUMVENT THEIR SECURITY THEN THEY HAVE THE CHANCE TO PROTECT AGAINST SUCH SECURITY BREACHES. I TAKE NO RES…
FOX News Live streams YouTube Live stream of hurricane. Person using computer switches to email app, exposing a username and password in plain text to nation! Wonder if anyone else noticed.
https://ift.tt/2x8ADmT
Submitted September 14, 2018 at 03:29AM by balroneon
via reddit https://ift.tt/2NEWewV
https://ift.tt/2x8ADmT
Submitted September 14, 2018 at 03:29AM by balroneon
via reddit https://ift.tt/2NEWewV
reddit
r/netsec - FOX News Live streams YouTube Live stream of hurricane. Person using computer switches to email app, exposing a username…
40 votes and 4 comments so far on Reddit
XSS and LFI in Facebook for Android
https://ift.tt/2x2Ldfk
Submitted September 14, 2018 at 06:28PM by albinowax
via reddit https://ift.tt/2N96Gxf
https://ift.tt/2x2Ldfk
Submitted September 14, 2018 at 06:28PM by albinowax
via reddit https://ift.tt/2N96Gxf
ash-king.co.uk
Ashley King - Making the Facebook app more secure - $8500 bounty
Ash King - Hacking for fun and profit