Vectorized Emulation: MMU Design
https://ift.tt/2A531au
Submitted November 20, 2018 at 01:57AM by gamozolabs
via reddit https://ift.tt/2BhrRFV
https://ift.tt/2A531au
Submitted November 20, 2018 at 01:57AM by gamozolabs
via reddit https://ift.tt/2BhrRFV
Gamozo Labs Blog
Vectorized Emulation: MMU Design
I blog about random things security, everything is broken, nothing scales, shared memory models are flawed.
Kickstart Application Security on Heroku with the Templarbit Buildpack
https://ift.tt/2FtXdNy
Submitted November 20, 2018 at 02:29AM by iamcoolc
via reddit https://ift.tt/2qU9Yqx
https://ift.tt/2FtXdNy
Submitted November 20, 2018 at 02:29AM by iamcoolc
via reddit https://ift.tt/2qU9Yqx
Templarbit Inc.
Kickstart Application Security on Heroku with the Templarbit Buildpack
Heroku remains a popular choice for teams to run their software...
SignedMalware.org | A Resource That Demonstrates Failures In Code Signing PKI
https://ift.tt/2h3AjBl
Submitted November 20, 2018 at 03:45AM by Hemlck
via reddit https://ift.tt/2S130M0
https://ift.tt/2h3AjBl
Submitted November 20, 2018 at 03:45AM by Hemlck
via reddit https://ift.tt/2S130M0
The Broken Shield: Measuring Revocation Effectiveness in the Windows Code-Signing PKI
https://ift.tt/2A924h5
Submitted November 20, 2018 at 04:43AM by Hemlck
via reddit https://ift.tt/2Fv3dFR
https://ift.tt/2A924h5
Submitted November 20, 2018 at 04:43AM by Hemlck
via reddit https://ift.tt/2Fv3dFR
The Broken Shield: Measuring Revocation Effectiveness in the Windows Code-Signing PKI
https://ift.tt/2A924h5
Submitted November 20, 2018 at 04:43AM by Hemlck
via reddit https://ift.tt/2Fv3dFR
https://ift.tt/2A924h5
Submitted November 20, 2018 at 04:43AM by Hemlck
via reddit https://ift.tt/2Fv3dFR
Authentication bypass in a NodeJS application — a bug bounty story
https://ift.tt/2qXEjEK
Submitted November 20, 2018 at 02:58PM by albinowax
via reddit https://ift.tt/2Q8GSlD
https://ift.tt/2qXEjEK
Submitted November 20, 2018 at 02:58PM by albinowax
via reddit https://ift.tt/2Q8GSlD
Medium
Authentication bypass in NodeJS application — a bug bounty story
Hello everyone,
[PDF] An Analysis of the ProtonMail Cryptographic Architecture
https://ift.tt/2OTJEXk
Submitted November 20, 2018 at 05:15PM by sarciszewski
via reddit https://ift.tt/2A4Y8hy
https://ift.tt/2OTJEXk
Submitted November 20, 2018 at 05:15PM by sarciszewski
via reddit https://ift.tt/2A4Y8hy
Top 10 Application Security Breaches of 2018
https://ift.tt/2KpNA1r
Submitted November 20, 2018 at 05:50PM by KeyDutch
via reddit https://ift.tt/2PDeQiw
https://ift.tt/2KpNA1r
Submitted November 20, 2018 at 05:50PM by KeyDutch
via reddit https://ift.tt/2PDeQiw
Htbridge
Top 10 Application Security Breaches of 2018
The most disastrous web and mobile application security breaches and security incidents of 2018 (so far).
Linux | Changing memory protection in an arbitrary process
https://ift.tt/2DxZZPg
Submitted November 20, 2018 at 09:21PM by shleimeleh
via reddit https://ift.tt/2ze4ICP
https://ift.tt/2DxZZPg
Submitted November 20, 2018 at 09:21PM by shleimeleh
via reddit https://ift.tt/2ze4ICP
Perception Point
Linux internals | Perception Point
Recently, we faced this very specific task: changing the protection flags of memory regions in an arbitrary process. As this task may seem trivial, we encountered some obstacles and learned new things in the process, mostly about Linux mechanisms and kernel…
Hasta Yatakları
https://ift.tt/2KhYbv0
Submitted November 20, 2018 at 11:06PM by hastayataklari34
via reddit https://ift.tt/2zio75C
https://ift.tt/2KhYbv0
Submitted November 20, 2018 at 11:06PM by hastayataklari34
via reddit https://ift.tt/2zio75C
Hasta Yatağı Hasta Karyolası Satış
Hasta Yatağı ve Hasta Karyolası
Hasta Yatağı, Hasta Karyolası, Hasta Yatakları Kaliteli Ve En Ucuz Fiyatlara Bulabileceğiniz Tek Adres
phpBB 3.2.3: Phar Deserialization to RCE
https://ift.tt/2BnbkjE
Submitted November 20, 2018 at 10:47PM by rips-hb
via reddit https://ift.tt/2OYMASA
https://ift.tt/2BnbkjE
Submitted November 20, 2018 at 10:47PM by rips-hb
via reddit https://ift.tt/2OYMASA
Write-up about Adobe Flash Player bug patched today
https://ift.tt/2KkAeTX
Submitted November 20, 2018 at 11:55PM by campuscodi
via reddit https://ift.tt/2DLWHJ2
https://ift.tt/2KkAeTX
Submitted November 20, 2018 at 11:55PM by campuscodi
via reddit https://ift.tt/2DLWHJ2
Insanely Low-Level
Flash News
TLDR; There’s a bug in Adobe Flash. The interpreter code of the Action Script Virtual Machine (AVM) does not reset a with-scope pointer when an exception is caught, leading later to a type confusio…
Google Inbox recipient spoofing vulnerability
https://ift.tt/2TuLrVZ
Submitted November 21, 2018 at 01:02AM by Sephr
via reddit https://ift.tt/2Tol6Jr
https://ift.tt/2TuLrVZ
Submitted November 21, 2018 at 01:02AM by Sephr
via reddit https://ift.tt/2Tol6Jr
Twitter
Eli Grey
One of these screenshots is a draft email to the real PayPal support. The other one is to a scammer. Both screenshots are identical. Unfixed vulnerability in all Google Inbox mobile apps: https://t.co/ixRxU9qLnh PoC demo (open with Google Inbox app): htt…
Office 365 and Azure AD vulnerable to brute-force and password spray attacks
https://ift.tt/2OSp2yw
Submitted November 21, 2018 at 02:00AM by stautistic
via reddit https://ift.tt/2RZ8bfs
https://ift.tt/2OSp2yw
Submitted November 21, 2018 at 02:00AM by stautistic
via reddit https://ift.tt/2RZ8bfs
Hacker Noon
How Azure AD Could Be Vulnerable to Brute-Force and DOS Attacks
Azure AD is the de facto gatekeeper of Microsoft cloud solutions such as Azure, Office 365, Enterprise Mobility. As an integral component…
Not So Cozy: An Uncomfortable Examination of a Suspected APT29 Phishing Campaign
https://ift.tt/2S6ziFz
Submitted November 21, 2018 at 01:25AM by Logic_15
via reddit https://ift.tt/2BlFeEQ
https://ift.tt/2S6ziFz
Submitted November 21, 2018 at 01:25AM by Logic_15
via reddit https://ift.tt/2BlFeEQ
FireEye
Not So Cozy: An Uncomfortable Examination of a Suspected APT29 Phishing Campaign « Not So Cozy: An Uncomfortable Examination of…
FireEye detected new targeted phishing activity at more than 20 of our clients across multiple industries.
Unfixed spoofing vulnerability in Google Inbox mobile apps
https://ift.tt/2FwSDOD
Submitted November 21, 2018 at 01:15AM by Sephr
via reddit https://ift.tt/2Kn1iSv
https://ift.tt/2FwSDOD
Submitted November 21, 2018 at 01:15AM by Sephr
via reddit https://ift.tt/2Kn1iSv
Twitter
Eli Grey
One of these screenshots is a draft email to the real PayPal support. The other one is to a scammer. Both screenshots are identical. Unfixed vulnerability in all Google Inbox mobile apps: https://t.co/ixRxU9qLnh PoC demo (open with Google Inbox app): htt…
out-of-tree kernel {module, exploit} development tool
https://out-of-tree.io
Submitted November 21, 2018 at 10:28AM by jollheef
via reddit https://ift.tt/2DPKint
https://out-of-tree.io
Submitted November 21, 2018 at 10:28AM by jollheef
via reddit https://ift.tt/2DPKint
reddit
r/netsec - out-of-tree kernel {module, exploit} development tool
1 vote and 1 comment so far on Reddit
Web Browser Address Bar Spoofing
https://ift.tt/2S7MpX1
Submitted November 21, 2018 at 12:16PM by ziyahanalbeniz
via reddit https://ift.tt/2zjS3hQ
https://ift.tt/2S7MpX1
Submitted November 21, 2018 at 12:16PM by ziyahanalbeniz
via reddit https://ift.tt/2zjS3hQ
Netsparker
Web Browser Address Bar Spoofing
This blog post looks at two address bar spoofing incidents. The first involved the Homograph vulnerability, where attackers used the IDN feature to trick users by imitating legitimate characters. The second involved Edge and Safari, in which redirected website…
Signature bypass vulnerability in library used for online German ID card authentication (allows impersonating any citizen)
https://ift.tt/2BnPZXu
Submitted November 21, 2018 at 05:09PM by 0x9000
via reddit https://ift.tt/2KoeEhw
https://ift.tt/2BnPZXu
Submitted November 21, 2018 at 05:09PM by 0x9000
via reddit https://ift.tt/2KoeEhw
Sec-Consult
My name is Johann Wolfgang von Goethe – I can prove it | SEC Consult
The German government-issued identity card (nPA) allows German citizens to prove their identity not only in person, but also against online services (by using
Mini-Internet using LXC
https://ift.tt/2qY4afM
Submitted November 21, 2018 at 05:44PM by mariuz
via reddit https://ift.tt/2zjNCDw
https://ift.tt/2qY4afM
Submitted November 21, 2018 at 05:44PM by mariuz
via reddit https://ift.tt/2zjNCDw
GitHub
flesueur/mi-lxc
Mini-Internet using LXC for practical works. Contribute to flesueur/mi-lxc development by creating an account on GitHub.
Multiple 0days in MacOS discovered and used in a red team exercise at Dropbox
https://ift.tt/2PxMbvl
Submitted November 21, 2018 at 07:09PM by Glitch-is
via reddit https://ift.tt/2FzdGzY
https://ift.tt/2PxMbvl
Submitted November 21, 2018 at 07:09PM by Glitch-is
via reddit https://ift.tt/2FzdGzY
reddit
r/netsec - Multiple 0days in MacOS discovered and used in a red team exercise at Dropbox
14 votes and 1 comment so far on Reddit