On Bounties and Boffins
http://bit.ly/2SYN6Tr
Submitted January 14, 2019 at 10:36PM by yossarian_flew_away
via reddit http://bit.ly/2Rqcrc2
http://bit.ly/2SYN6Tr
Submitted January 14, 2019 at 10:36PM by yossarian_flew_away
via reddit http://bit.ly/2Rqcrc2
Trail of Bits Blog
On Bounties and Boffins
Trying to make a living as a programmer participating in bug bounties is the same as convincing yourself that you’re good enough at Texas Hold ‘Em to quit your job. There’s data to back this up in …
Exposed JIRA server leaks NASA staff and project data
http://bit.ly/2CkF8N9
Submitted January 14, 2019 at 10:36PM by dXNlcg--
via reddit http://bit.ly/2Rt8dAx
http://bit.ly/2CkF8N9
Submitted January 14, 2019 at 10:36PM by dXNlcg--
via reddit http://bit.ly/2Rt8dAx
Medium
Exposed JIRA server leaks NASA staff and project data!
Here, I’ll be talking about an interesting vulnerability that I have found in NASA Jira (An Atlassian task tracking systems/project management software etc.).
Big Game Hunting with Ryuk: Another Lucrative Targeted Ransomware
http://bit.ly/2FopvY4
Submitted January 14, 2019 at 10:00PM by EvanConover
via reddit http://bit.ly/2D7Z3k2
http://bit.ly/2FopvY4
Submitted January 14, 2019 at 10:00PM by EvanConover
via reddit http://bit.ly/2D7Z3k2
Crowdstrike
What is Ryuk Ransomware? The Complete Breakdown
Since August 2018, Ryuk Ransomware has been used to target enterprise environments. Threat actors operating it have netted over $3,701,893.98 USD to date.
Enabling the Undocumented Adminless Mode on Windows 10 SMode
http://bit.ly/2QNhvlz
Submitted January 14, 2019 at 05:12AM by tiraniddo
via reddit http://bit.ly/2Cm2B0x
http://bit.ly/2QNhvlz
Submitted January 14, 2019 at 05:12AM by tiraniddo
via reddit http://bit.ly/2Cm2B0x
Blogspot
Enabling Adminless Mode on Windows 10 SMode
Microsoft has always been pretty terrible at documenting new and interesting features for their System Integrity Policy used to enable secur...
Buffer Overflow Practical Examples , Exploiting EIP
http://bit.ly/2TQPGuE
Submitted January 14, 2019 at 11:25PM by Ahm3d_H3sham
via reddit http://bit.ly/2Co99vB
http://bit.ly/2TQPGuE
Submitted January 14, 2019 at 11:25PM by Ahm3d_H3sham
via reddit http://bit.ly/2Co99vB
0xRick Owned Root !
Buffer Overflow Practical Examples , Exploiting EIP - protostar stack4
Introduction Hey again ,Today’s article is going to be short. So last time I solved stack3 , I’m back again and today I’m going to solve stack4 which is really interesting , it’s slightly different from stack3 but that difference is a new thing to see if…
DerbyCon is ending after 2019
http://bit.ly/2FuUamN
Submitted January 15, 2019 at 12:46AM by agreenbhm
via reddit http://bit.ly/2CnGruV
http://bit.ly/2FuUamN
Submitted January 15, 2019 at 12:46AM by agreenbhm
via reddit http://bit.ly/2CnGruV
Fortnite 'Fuelling' Organised Crime
http://bit.ly/2TORmER
Submitted January 15, 2019 at 12:25AM by Fantastic_Fix
via reddit http://bit.ly/2D8KQU7
http://bit.ly/2TORmER
Submitted January 15, 2019 at 12:25AM by Fantastic_Fix
via reddit http://bit.ly/2D8KQU7
InfoSec-IT
Fortnite 'Fuelling' Organised Crime | InfoSec-IT
Fortnite’s in-game currency “V-Bucks” is being exploited by Cyber Criminals to launder money through the online game to make a profit.
The 2018 SANS Holiday Hack Challenge - Write-Up
http://bit.ly/2TOeljm
Submitted January 15, 2019 at 07:08PM by stackcrash
via reddit http://bit.ly/2Fszj4m
http://bit.ly/2TOeljm
Submitted January 15, 2019 at 07:08PM by stackcrash
via reddit http://bit.ly/2Fszj4m
StackCrash
The 2018 SANS Holiday Hack Challenge - Write-Up
IntroductionThis year's SANS Holiday Hack Challenge came in the form of a security conference called KringleCon where I took on the role of an attendee. The challenge had several parts to it. Throughout the conference there were various terminals which had…
Security Checklist
http://bit.ly/2Rrgkxw
Submitted January 15, 2019 at 08:16PM by PRIVACYx05i4shUl
via reddit http://bit.ly/2VTuuWu
http://bit.ly/2Rrgkxw
Submitted January 15, 2019 at 08:16PM by PRIVACYx05i4shUl
via reddit http://bit.ly/2VTuuWu
Security Checklist
A checklist for staying safe on the internet
SANS Christmas Challenge 2018: Write-ups thread
Hi all! I thought that instead of everyone creating a post to submit their write-up for the 2018 SANS Christmas Challenge, we could create a thread where everyone could post their write-up in the comments.Hope this respects this subreddit's post guidelines. I look forward to reading other write-ups!
Submitted January 15, 2019 at 02:08PM by the-useless-one
via reddit http://bit.ly/2Dc1YYM
Hi all! I thought that instead of everyone creating a post to submit their write-up for the 2018 SANS Christmas Challenge, we could create a thread where everyone could post their write-up in the comments.Hope this respects this subreddit's post guidelines. I look forward to reading other write-ups!
Submitted January 15, 2019 at 02:08PM by the-useless-one
via reddit http://bit.ly/2Dc1YYM
reddit
r/netsec - SANS Christmas Challenge 2018: Write-ups thread
3 votes and 1 comment so far on Reddit
Thirty-five-year-old vulnerability found in SCP
http://bit.ly/2QLstbh
Submitted January 15, 2019 at 10:23PM by turtleflax
via reddit http://bit.ly/2AOV8XU
http://bit.ly/2QLstbh
Submitted January 15, 2019 at 10:23PM by turtleflax
via reddit http://bit.ly/2AOV8XU
reddit
r/netsec - Thirty-five-year-old vulnerability found in SCP
8 votes and 0 comments so far on Reddit
Ransomware Incorporates Paypal Phishing
http://bit.ly/2DccKhW
Submitted January 15, 2019 at 11:50PM by Fantastic_Fix
via reddit http://bit.ly/2TVlsGZ
http://bit.ly/2DccKhW
Submitted January 15, 2019 at 11:50PM by Fantastic_Fix
via reddit http://bit.ly/2TVlsGZ
InfoSec-IT
Ransomware Incorporates Paypal Phishing | InfoSec-IT
Ransomware is known to encrypt all the files on your device, however this variant also attempts to steal your PayPal credentials!
DerbyCon has shut down due to outrage mob demands.
http://bit.ly/2De1lOz
Submitted January 16, 2019 at 01:12AM by redis_help
via reddit http://bit.ly/2FApUXu
http://bit.ly/2De1lOz
Submitted January 16, 2019 at 01:12AM by redis_help
via reddit http://bit.ly/2FApUXu
Computer Business Review
DerbyCon Shut Down Blamed on Attendee Behaviour
DerbyCon shut down blamed on fractious attendees, the need for behaviour-policing and verbal abuse. The Kentucky-based event, a "baby DEFCON" will...
JA3/S TLS Client+Server Fingerprinting makes detecting pen testers easy. Really easy.
https://sforce.co/2FzxwcQ
Submitted January 16, 2019 at 01:44AM by darkfiber-
via reddit http://bit.ly/2sukWEc
https://sforce.co/2FzxwcQ
Submitted January 16, 2019 at 01:44AM by darkfiber-
via reddit http://bit.ly/2sukWEc
Salesforce Engineering
TLS Fingerprinting with JA3 and JA3S
Utilize JA3 with JA3S as a method to fingerprint the TLS negotiation between client and server
Silverpeas 5.15 To 6.0.2: Path Traversal
http://bit.ly/2QNPOsZ
Submitted January 16, 2019 at 05:01AM by Bishopfox
via reddit http://bit.ly/2DcLtf2
http://bit.ly/2QNPOsZ
Submitted January 16, 2019 at 05:01AM by Bishopfox
via reddit http://bit.ly/2DcLtf2
Bishop Fox
Silverpeas 5.15 To 6.0.2: Path Traversal - Bishop Fox
A Bishop Fox researcher discovered a critical vulnerability in the popular Silverpeas application, a popular open source WEB platform that services multiple high-profile French organizations.
Windows Userland Application Attack Surface Enumeration
http://bit.ly/2suuM8J
Submitted January 16, 2019 at 03:01AM by marketingversprite
via reddit http://bit.ly/2ComHqO
http://bit.ly/2suuM8J
Submitted January 16, 2019 at 03:01AM by marketingversprite
via reddit http://bit.ly/2ComHqO
VerSprite | Integrated Security Services and Consulting
Windows Userland Application Attack Surface Enumeration | VerSprite
This blog provides information on how to enumerate the attack surface of userland applications that are deployed on the Windows operating system.
Giggity - Scrapes github for openly available information about an organization or user OSINT
http://bit.ly/2DbD1gr
Submitted January 16, 2019 at 07:05AM by amusciano
via reddit http://bit.ly/2TTSfw0
http://bit.ly/2DbD1gr
Submitted January 16, 2019 at 07:05AM by amusciano
via reddit http://bit.ly/2TTSfw0
GitHub
needmorecowbell/giggity
Wraps github api for openly available information about an organization, user, or repo - needmorecowbell/giggity
DerbyCon 9.0 – Every Beginning Has an End
http://bit.ly/2FuUamN
Submitted January 16, 2019 at 02:16PM by Reetpeteet
via reddit http://bit.ly/2AMKmRW
http://bit.ly/2FuUamN
Submitted January 16, 2019 at 02:16PM by Reetpeteet
via reddit http://bit.ly/2AMKmRW
reddit
r/netsec - DerbyCon 9.0 – Every Beginning Has an End
1 vote and 1 comment so far on Reddit
Multiple vulnerabilities in ntpsec 1.1.2 and earlier (proof-of-concept exploits available)
http://bit.ly/2Hd6dHW
Submitted January 16, 2019 at 02:56PM by magnusstubman
via reddit http://bit.ly/2TZmJwL
http://bit.ly/2Hd6dHW
Submitted January 16, 2019 at 02:56PM by magnusstubman
via reddit http://bit.ly/2TZmJwL
reddit
r/netsec - Multiple vulnerabilities in ntpsec 1.1.2 and earlier (proof-of-concept exploits available)
1 vote and 0 comments so far on Reddit
Researcher shows how popular app ES File Explorer exposes Android device data
http://bit.ly/2VRfV61
Submitted January 16, 2019 at 04:18PM by NewCaramel
via reddit http://bit.ly/2FBAe1s
http://bit.ly/2VRfV61
Submitted January 16, 2019 at 04:18PM by NewCaramel
via reddit http://bit.ly/2FBAe1s
threader.app
A thread written by @fs0c131y
With more than 100,000,000 downloads ES File Explorer is one of the most famous #Android file manager.The surprise is: if you opened the app at least once, anyone connected to the same local network can remotely get a file from your phone https://t.co/Uv2ttQpUcN
ES File Explorer Open Port Vulnerability
http://bit.ly/2FCwL2B
Submitted January 16, 2019 at 04:35PM by 0v3rl04d
via reddit http://bit.ly/2QUxoXs
http://bit.ly/2FCwL2B
Submitted January 16, 2019 at 04:35PM by 0v3rl04d
via reddit http://bit.ly/2QUxoXs
GitHub
fs0c131y/ESFileExplorerOpenPortVuln
ES File Explorer Open Port Vulnerability. Contribute to fs0c131y/ESFileExplorerOpenPortVuln development by creating an account on GitHub.