The Importance of the Content-Type Header in HTTP Requests
http://bit.ly/2AftSBD
Submitted December 24, 2018 at 08:19PM by ziyahanalbeniz
via reddit http://bit.ly/2EN7ovC
http://bit.ly/2AftSBD
Submitted December 24, 2018 at 08:19PM by ziyahanalbeniz
via reddit http://bit.ly/2EN7ovC
Netsparker
The Importance of the Content-Type Header in HTTP Requests
This article describes the details of a vulnerability that combines Cross-site Request Forgery and Remote Code Execution. This can allow a hacker to discover and gain access to the machines within the network of a router. Content-Type Headers provide a critical…
Basic XPath Injection [Tutorial]
http://bit.ly/2rTlgvW
Submitted December 24, 2018 at 11:29PM by ImVendetta
via reddit http://bit.ly/2LzGVCe
http://bit.ly/2rTlgvW
Submitted December 24, 2018 at 11:29PM by ImVendetta
via reddit http://bit.ly/2LzGVCe
reddit
r/netsec - Basic XPath Injection [Tutorial]
3 votes and 0 comments so far on Reddit
Major flaw and security vulnerability in Plaid API, the banking authentication API behind Venmo, Robinhood, Acorns and many others
http://bit.ly/2T7ru6D
Submitted December 25, 2018 at 12:59AM by chirau
via reddit http://bit.ly/2BAmKzs
http://bit.ly/2T7ru6D
Submitted December 25, 2018 at 12:59AM by chirau
via reddit http://bit.ly/2BAmKzs
This is probably more appropriate here. As a broader question, how to handle the pesky customer’s recommendation
http://bit.ly/2V6EATO
Submitted December 25, 2018 at 04:01AM by 0bel1sk
via reddit http://bit.ly/2rTfjyP
http://bit.ly/2V6EATO
Submitted December 25, 2018 at 04:01AM by 0bel1sk
via reddit http://bit.ly/2rTfjyP
reddit
r/networking - Is hosting DMZ VLANs on physically separated switches is no longer a good practice?
75 votes and 73 comments so far on Reddit
Zeronights 2018 materials
http://bit.ly/2EDjK8G
Submitted December 25, 2018 at 12:59PM by ninoseki
via reddit http://bit.ly/2AdjqdS
http://bit.ly/2EDjK8G
Submitted December 25, 2018 at 12:59PM by ninoseki
via reddit http://bit.ly/2AdjqdS
reddit
r/netsec - Zeronights 2018 materials
3 votes and 0 comments so far on Reddit
Preliminary SQL Injection (Part 1)
http://bit.ly/2Skpice
Submitted December 25, 2018 at 06:06PM by ImVendetta
via reddit http://bit.ly/2Q1g02X
http://bit.ly/2Skpice
Submitted December 25, 2018 at 06:06PM by ImVendetta
via reddit http://bit.ly/2Q1g02X
reddit
r/netsec - Preliminary SQL Injection (Part 1)
1 vote and 0 comments so far on Reddit
Configuring DNS-over-TLS and DNS-over-HTTPS with any DNS Server
http://bit.ly/2Vbb6US
Submitted December 25, 2018 at 07:06PM by shreyasonline
via reddit http://bit.ly/2AeTuhX
http://bit.ly/2Vbb6US
Submitted December 25, 2018 at 07:06PM by shreyasonline
via reddit http://bit.ly/2AeTuhX
Technitium
Configuring DNS-over-TLS and DNS-over-HTTPS with any DNS Server
The new DNS-over-TLS (DoT) and DNS-over-HTTPS (DoH) protocols are available for enabling end user's privacy and security given the fact t...
Cloudflare's Concise Christmas Cryptography Challenges 2019
http://bit.ly/2Af1CyS
Submitted December 26, 2018 at 12:00AM by civicode
via reddit http://bit.ly/2CxmYZY
http://bit.ly/2Af1CyS
Submitted December 26, 2018 at 12:00AM by civicode
via reddit http://bit.ly/2CxmYZY
The Cloudflare Blog
Concise Christmas Cryptography Challenges 2019
We've put together some Christmas Cryptography questions. Do you think you can solve them?
$571 worth of Hacking books by No Starch Press like Get Serious Cryptography: A Practical Introduction to Modern Encryption, Black Hat Python, Android Security Internals, and more for $15 (-97% OFF)
http://bit.ly/2CzFIb9
Submitted December 26, 2018 at 12:15AM by maidelane
via reddit http://bit.ly/2QMAT70
http://bit.ly/2CzFIb9
Submitted December 26, 2018 at 12:15AM by maidelane
via reddit http://bit.ly/2QMAT70
Humble Bundle
Humble Book Bundle: The Happy Hacking Holiday Bundle by No Starch Press
Pay what you want for awesome ebooks and support charity!
Uber, statistics, and a chrome extension
http://bit.ly/2QNOMlw
Submitted December 26, 2018 at 01:16AM by JonLuca
via reddit http://bit.ly/2Lx1CPj
http://bit.ly/2QNOMlw
Submitted December 26, 2018 at 01:16AM by JonLuca
via reddit http://bit.ly/2Lx1CPj
JonLuca’s Blog
Uber, statistics, and a chrome extension
JonLuca’s Blog - A blog about tech, programming, and information
Twitter is Broken
http://bit.ly/2RmSO3A
Submitted December 26, 2018 at 04:52PM by Fugitif
via reddit http://bit.ly/2Ag52Bi
http://bit.ly/2RmSO3A
Submitted December 26, 2018 at 04:52PM by Fugitif
via reddit http://bit.ly/2Ag52Bi
The AntiSocial Engineer Limited
Twitter is Broken | The AntiSocial Engineer Limited
For those that aren’t aware of ‘The AntiSocial Engineer Limited’, we are a small cybersecurity consultancy that is trying to reduce the number of online victims of cybercrime. Nothing makes us happier than when organisations do their bit in the ... Read More
Detecting Use of SandboxEscaper's "MsiAdvertiseProduct" 0-day PoC
http://bit.ly/2CyTRoZ
Submitted December 26, 2018 at 05:19PM by pe3zx
via reddit http://bit.ly/2Sro3YV
http://bit.ly/2CyTRoZ
Submitted December 26, 2018 at 05:19PM by pe3zx
via reddit http://bit.ly/2Sro3YV
i-secure Co, Ltd.
Detecting Use of SandboxEscaper's "MsiAdvertiseProduct" 0-day PoC - Bangkok, Thailand | i-secure Co, Ltd.
Briefly Introduction to the Vulnerability On December 19, 2018, SandboxEscaper released details about another zero-day vulnerability in Microsoft Windows with PoC. This vulnerability, if successfully attack, can be used to bypass restricted DACL of files…
5 Industries Most at Risk of Data Breaches
http://bit.ly/2AcW9Zm
Submitted December 26, 2018 at 09:31PM by RyanTmthn
via reddit http://bit.ly/2LABy5L
http://bit.ly/2AcW9Zm
Submitted December 26, 2018 at 09:31PM by RyanTmthn
via reddit http://bit.ly/2LABy5L
Ekransystem
5 Industries Most at Risk of Data Breaches
Any company possessing sensitive data is under threat of being breached. Hackers can obtain any personal information, from names to heart rate data.
20000 routers LiveBox leaks Wifi credentials
http://bit.ly/2Rfz1mN
Submitted December 26, 2018 at 09:53PM by Dormidera
via reddit http://bit.ly/2GDTy0h
http://bit.ly/2Rfz1mN
Submitted December 26, 2018 at 09:53PM by Dormidera
via reddit http://bit.ly/2GDTy0h
1024Megas
20.000 routers Orange Livebox exponen SSID y contraseña WiFi
Tutoriales, guías, noticias... Entradas variadas sobre el mundo de la Ciberseguridad, hacking ético, RaspberryPi, IoT y el mundo TI en general.
radius-audit - A RADIUS authentication server audit tool for 802.1x
http://bit.ly/2SlWj7U
Submitted December 26, 2018 at 10:40PM by guedou
via reddit http://bit.ly/2rX9K2C
http://bit.ly/2SlWj7U
Submitted December 26, 2018 at 10:40PM by guedou
via reddit http://bit.ly/2rX9K2C
GitHub
ANSSI-FR/audit-radius
A RADIUS authentication server audit tool. Contribute to ANSSI-FR/audit-radius development by creating an account on GitHub.
Preliminary SQL Injection (Part 2)
http://bit.ly/2rTA1yF
Submitted December 27, 2018 at 12:18AM by ImVendetta
via reddit http://bit.ly/2AixnXJ
http://bit.ly/2rTA1yF
Submitted December 27, 2018 at 12:18AM by ImVendetta
via reddit http://bit.ly/2AixnXJ
reddit
r/netsec - Preliminary SQL Injection (Part 2)
1 vote and 0 comments so far on Reddit
Internet Explorer has a vulnerabilty and it's already being exploited!
http://bit.ly/2AhyB5N
Submitted December 27, 2018 at 04:26PM by jpjourno
via reddit http://bit.ly/2CAQ4HD
http://bit.ly/2AhyB5N
Submitted December 27, 2018 at 04:26PM by jpjourno
via reddit http://bit.ly/2CAQ4HD
Centre de Seguretat de la Informació de Catalunya
Arbitrary code execution in Internet Explorer
Guardzilla IoT Video Camera Hard-Coded Credentials (CVE-2018-5560)
http://bit.ly/2Q5Z3UL
Submitted December 27, 2018 at 07:58PM by INIT_6
via reddit http://bit.ly/2TbLRQd
http://bit.ly/2Q5Z3UL
Submitted December 27, 2018 at 07:58PM by INIT_6
via reddit http://bit.ly/2TbLRQd
reddit
r/netsec - Guardzilla IoT Video Camera Hard-Coded Credentials (CVE-2018-5560)
24 votes and 2 comments so far on Reddit
Using breach data for insight into simple incident prevention methods.
http://bit.ly/2VdrHXZ
Submitted December 27, 2018 at 07:52PM by ericalexander303
via reddit http://bit.ly/2CCabW8
http://bit.ly/2VdrHXZ
Submitted December 27, 2018 at 07:52PM by ericalexander303
via reddit http://bit.ly/2CCabW8
reddit
r/netsec - Using breach data for insight into simple incident prevention methods.
10 votes and 0 comments so far on Reddit
OSINT Resources for 2019
http://bit.ly/2AkymqF
Submitted December 28, 2018 at 07:52PM by smicallef
via reddit http://bit.ly/2SmxZmc
http://bit.ly/2AkymqF
Submitted December 28, 2018 at 07:52PM by smicallef
via reddit http://bit.ly/2SmxZmc
Medium
OSINT Resources for 2019
Let’s take a look at some essential OSINT resources plus recent developments in the areas of data, tooling, content and community.
More vulnerabilities in Guardzilla IoT Video Camera (CVE-2018-18600, CVE-2018-18601, CVE-2018-18602)
http://bit.ly/2VgJxJv
Submitted December 28, 2018 at 09:20PM by jaymzu
via reddit http://bit.ly/2Ro687W
http://bit.ly/2VgJxJv
Submitted December 28, 2018 at 09:20PM by jaymzu
via reddit http://bit.ly/2Ro687W
Bitdefender Labs
IoT Report: Major Flaws in Guardzilla Cameras Allow Remote Hijack...
Vulnerabilities in indoor security camera allows remote compromise and device takeover The commodification of IoT devices has paved the way to the smart home... #guardzilla #iot #vulnerability