The three fatal bugs behind the Facebook breach - explained
https://ift.tt/2znS4RM
Submitted November 22, 2018 at 05:57PM by judit_k
via reddit https://ift.tt/2Bq5ON9
https://ift.tt/2znS4RM
Submitted November 22, 2018 at 05:57PM by judit_k
via reddit https://ift.tt/2Bq5ON9
Avatao
The three fatal bugs behind the Facebook breach
The breach was discovered after Facebook saw an unusual spike of user activity that began on September 14, 2018. A...
Flying under the radar [pdf]
https://ift.tt/2QcasXh
Submitted November 22, 2018 at 07:25PM by albinowax
via reddit https://ift.tt/2FBcRGS
https://ift.tt/2QcasXh
Submitted November 22, 2018 at 07:25PM by albinowax
via reddit https://ift.tt/2FBcRGS
USN-3825-2: mod_perl vulnerability
https://ift.tt/2TBr7me
Submitted November 23, 2018 at 07:14AM by jdrch
via reddit https://ift.tt/2r0gUSY
https://ift.tt/2TBr7me
Submitted November 23, 2018 at 07:14AM by jdrch
via reddit https://ift.tt/2r0gUSY
Ubuntu
USN-3825-2: mod_perl vulnerability | Ubuntu security notices
USN-3825-1 fixed a vulnerability in mod_perl. This update provides the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
Jan Ingvoldstad discovered that mod_perl incorrectly handled configuration options to disable being used by unprivileged…
Original advisory details:
Jan Ingvoldstad discovered that mod_perl incorrectly handled configuration options to disable being used by unprivileged…
USN-3825-1: mod_perl vulnerability
https://ift.tt/2r0DUkZ
Submitted November 23, 2018 at 07:13AM by jdrch
via reddit https://ift.tt/2Fzqfv5
https://ift.tt/2r0DUkZ
Submitted November 23, 2018 at 07:13AM by jdrch
via reddit https://ift.tt/2Fzqfv5
Ubuntu
USN-3825-1: mod_perl vulnerability | Ubuntu security notices
Jan Ingvoldstad discovered that mod_perl incorrectly handled configuration options to disable being used by unprivileged users, contrary to the documentation. A local attacker could possibly use this issue to execute arbitrary Perl code.
AndroidProjectCreator: easily convert an APK to an Android Studio project to reverse engineer the application
https://ift.tt/2BroRqD
Submitted November 23, 2018 at 03:02PM by ThisIsLibra
via reddit https://ift.tt/2PLXbW9
https://ift.tt/2BroRqD
Submitted November 23, 2018 at 03:02PM by ThisIsLibra
via reddit https://ift.tt/2PLXbW9
reddit
r/netsec - AndroidProjectCreator: easily convert an APK to an Android Studio project to reverse engineer the application
13 votes and 1 comment so far on Reddit
As if the holiday turkey couldn't get any worse, here's KernelSU - Kernel-Assisted Superuser, a small and ugly rootkit to provide "su".
https://ift.tt/2QeSRxP
Submitted November 23, 2018 at 10:44PM by zx2c4
via reddit https://ift.tt/2KsPmyF
https://ift.tt/2QeSRxP
Submitted November 23, 2018 at 10:44PM by zx2c4
via reddit https://ift.tt/2KsPmyF
Project Blacklist3r & .net Machine key analysis
https://ift.tt/2P1Bb4t
Submitted November 24, 2018 at 01:06AM by anantshri
via reddit https://ift.tt/2PMugBf
https://ift.tt/2P1Bb4t
Submitted November 24, 2018 at 01:06AM by anantshri
via reddit https://ift.tt/2PMugBf
NotSoSecure
Project Blacklist3r - NotSoSecure
TL;DR The goal of this project is to accumulate the secret keys / secret materials related to various web frameworks, that are publicly available and potentially used by developers. These secrets will be utilized by the Blacklist3r tools to audit the target…
CCI-Based Web Security: A Design Using PGP (1995) - 23 years later, still no common interface for trustable end-to-end encryption built into the browser
https://ift.tt/2TI4BYB
Submitted November 25, 2018 at 03:42AM by Ask-Alice
via reddit https://ift.tt/2BvNpyK
https://ift.tt/2TI4BYB
Submitted November 25, 2018 at 03:42AM by Ask-Alice
via reddit https://ift.tt/2BvNpyK
A Conference for Defense 2018 [Video]
https://www.youtube.com/channel/UC4EhrLEDYKuuwdTvGWVgiEQ/videos
Submitted November 25, 2018 at 03:30AM by sanitybit
via reddit https://ift.tt/2BvA2OI
https://www.youtube.com/channel/UC4EhrLEDYKuuwdTvGWVgiEQ/videos
Submitted November 25, 2018 at 03:30AM by sanitybit
via reddit https://ift.tt/2BvA2OI
YouTube
A Conference for Defense - ACoD
I wrote a pentesting book. I hope you all like it.
https://ift.tt/2DTlqv2
Submitted November 26, 2018 at 01:13AM by mrlaughingman
via reddit https://ift.tt/2DTWcwR
https://ift.tt/2DTlqv2
Submitted November 26, 2018 at 01:13AM by mrlaughingman
via reddit https://ift.tt/2DTWcwR
Amazon
Hacker Methodology Handbook: Thomas Bobeck: 9781731258380: Amazon.com: Books
Hacker Methodology Handbook [Thomas Bobeck] on Amazon.com. *FREE* shipping on qualifying offers. This handbook is the perfect starting place for anyone who wants to jump into the world of penetration testing
Exploiting the DRAM Rowhammer bug to gain kernel privileges
https://ift.tt/1JPwghq
Submitted November 26, 2018 at 10:50AM by Hemlck
via reddit https://ift.tt/2RjyvRG
https://ift.tt/1JPwghq
Submitted November 26, 2018 at 10:50AM by Hemlck
via reddit https://ift.tt/2RjyvRG
How to setup secure, P2P chat using Avahi, Pidgin & Husarnet
https://ift.tt/2Rck6GD
Submitted November 26, 2018 at 07:01PM by daaboo
via reddit https://ift.tt/2FHuQvy
https://ift.tt/2Rck6GD
Submitted November 26, 2018 at 07:01PM by daaboo
via reddit https://ift.tt/2FHuQvy
Hackster.io
Secure P2P chat
Everyone needs to communicate with others, but sometimes you need to keep the secret while messaging on distance.
IPv666 - Address of the Beast
https://ift.tt/2P3mmy9
Submitted November 26, 2018 at 06:49PM by but_im_made_of_lava
via reddit https://ift.tt/2AonYwZ
https://ift.tt/2P3mmy9
Submitted November 26, 2018 at 06:49PM by but_im_made_of_lava
via reddit https://ift.tt/2AonYwZ
l.avala.mp's place
IPv666 – Address of the Beast
tl;dr – We wrote some software that identifies live IPv6 addresses in both the global IPv6 address space and targeted IPv6 networks. Please give it a try and see what you think. A bit over a …
From CTFs to Bug Bounty Booty
https://ift.tt/2QmxL0H
Submitted November 26, 2018 at 08:25PM by birthgiver
via reddit https://ift.tt/2SbTF44
https://ift.tt/2QmxL0H
Submitted November 26, 2018 at 08:25PM by birthgiver
via reddit https://ift.tt/2SbTF44
Medium
From CTFs to Bug Bounty Booty
How I scored some fancy shirts
HP iLO: Turning your BMC into a revolving door
https://ift.tt/2QgC0L8
Submitted November 26, 2018 at 07:36PM by mabote
via reddit https://ift.tt/2AmOKWz
https://ift.tt/2QgC0L8
Submitted November 26, 2018 at 07:36PM by mabote
via reddit https://ift.tt/2AmOKWz
reddit
r/netsec - HP iLO: Turning your BMC into a revolving door
4 votes and 0 comments so far on Reddit
Possible UEFI hijack found in the wild on Asus hardware - cross posted from techsupport thread
https://ift.tt/2PZ5LAP
Submitted November 26, 2018 at 09:19PM by ESCAPE_PLANET_X
via reddit https://ift.tt/2BxY244
https://ift.tt/2PZ5LAP
Submitted November 26, 2018 at 09:19PM by ESCAPE_PLANET_X
via reddit https://ift.tt/2BxY244
reddit
r/techsupport - Tecj nightmare
17 votes and 14 comments so far on Reddit
Orchestrator: A lightweight security incident ticketing + automation + collaboration tool (now in private beta)
https://ift.tt/2pHdiVK
Submitted November 26, 2018 at 10:40PM by yaraz
via reddit https://ift.tt/2RfEwi6
https://ift.tt/2pHdiVK
Submitted November 26, 2018 at 10:40PM by yaraz
via reddit https://ift.tt/2RfEwi6
reddit
r/netsec - Orchestrator: A lightweight security incident ticketing + automation + collaboration tool (now in private beta)
0 votes and 1 comment so far on Reddit
Orchestrator: A lightweight security incident ticketing + automation + collaboration tool (now in private beta)
https://ift.tt/2pHdiVK
Submitted November 26, 2018 at 10:40PM by yaraz
via reddit https://ift.tt/2RfEwi6
https://ift.tt/2pHdiVK
Submitted November 26, 2018 at 10:40PM by yaraz
via reddit https://ift.tt/2RfEwi6
reddit
r/netsec - Orchestrator: A lightweight security incident ticketing + automation + collaboration tool (now in private beta)
0 votes and 1 comment so far on Reddit
Exploit-Database got a face lift (and captcha removed)
https://ift.tt/1HHo1m3
Submitted November 26, 2018 at 11:48PM by offsec
via reddit https://ift.tt/2r5mLGJ
https://ift.tt/1HHo1m3
Submitted November 26, 2018 at 11:48PM by offsec
via reddit https://ift.tt/2r5mLGJ
Exploit-Db
Offensive Security’s Exploit Database Archive
The Exploit Database - Exploits, Shellcode, 0days, Remote Exploits, Local Exploits, Web Apps, Vulnerability Reports, Security Articles, Tutorials and more.
Practical tcpdump Examples
https://ift.tt/1IwtXLs
Submitted November 27, 2018 at 12:07AM by danielrm26
via reddit https://ift.tt/2QhijDb
https://ift.tt/1IwtXLs
Submitted November 27, 2018 at 12:07AM by danielrm26
via reddit https://ift.tt/2QhijDb
Daniel Miessler
Practical tcpdump Examples - Daniel Miessler
Practical tcpdump examples that gives you maximum packet carving in the minimum amount of time. Includes numerous examples and explanations ranging from basic to advanced—including how to isolate hosts, networks, and specific protocols.
Xipology — Exploiting DNS caching as a covert channel / carrier
https://ift.tt/2PXundl
Submitted November 27, 2018 at 04:16AM by midael
via reddit https://ift.tt/2r4ZULB
https://ift.tt/2PXundl
Submitted November 27, 2018 at 04:16AM by midael
via reddit https://ift.tt/2r4ZULB
Medium
Xipology (⅓) — Exploiting DNS caching as a carrier
This is our story of exploiting caching Domain Name System (DNS) servers to break network segregation.