Blockchain Digital Identity Management | Empowering Individual Data Ownership
https://www.linkedin.com/feed/update/urn:li:activity:6502151319514636288
Submitted February 18, 2019 at 02:49PM by Anubhav-Singh
via reddit https://www.reddit.com/r/netsec/comments/arvfqg/blockchain_digital_identity_management_empowering/?utm_source=ifttt
https://www.linkedin.com/feed/update/urn:li:activity:6502151319514636288
Submitted February 18, 2019 at 02:49PM by Anubhav-Singh
via reddit https://www.reddit.com/r/netsec/comments/arvfqg/blockchain_digital_identity_management_empowering/?utm_source=ifttt
Linkedin
Blockchainoodles on LinkedIn: "Along with numerous other benefits, digital identity management with blockchain can enable us to…
February 15, 2019: Blockchainoodles posted an article on LinkedIn
CVE-2019-8372: Local Privilege Elevation in LG Device Manager. Tutorial on auditing kernel drivers and token stealing via arbitrary read/write primitives.
http://bit.ly/2SZbBD2
Submitted February 18, 2019 at 09:04PM by xVIoct
via reddit http://bit.ly/2Se3m1G
http://bit.ly/2SZbBD2
Submitted February 18, 2019 at 09:04PM by xVIoct
via reddit http://bit.ly/2Se3m1G
Phishing by Venezuelan government puts activists and internet users at risk, uses DNS injection
http://bit.ly/2GUdXwm
Submitted February 18, 2019 at 01:53AM by andresazp
via reddit http://bit.ly/2tsOBy0
http://bit.ly/2GUdXwm
Submitted February 18, 2019 at 01:53AM by andresazp
via reddit http://bit.ly/2tsOBy0
Vesinfiltro
Phishing by Venezuelan government puts activists at risk.
Report: voluntariosxvenezuela.com, a site to register humanitarian aid volunteers, has suffered a state-sponsored phishing campaign empowered by DNS injection.
Security vulnerabilities discovered in MiniUPnP
http://bit.ly/2BEZsta
Submitted February 18, 2019 at 09:25PM by ShinjuIoT
via reddit http://bit.ly/2V2PB7F
http://bit.ly/2BEZsta
Submitted February 18, 2019 at 09:25PM by ShinjuIoT
via reddit http://bit.ly/2V2PB7F
VDOO
Security Issues Discovered in MiniUPnP
VDOO research team found and responsibly disclosed vulnerabilities in MiniUPnP
Multiple attack vectors against GPS trackers - security and privacy issues
Interesting paper dealing with GPS trackers covering different attack scenariosabstract: Pierre Barre, Chaouki Kasmi, Eiman Al Shehhi (Submitted on 14 Feb 2019)Tracking expensive goods and/or targeted individuals with high-tech devices has been of high interest for the last 30 years. More recently, other use cases such as parents tracking their children have become popular. One primary functionality of these devices has been the collection of GPS coordinates of the location of the trackers, and to send these to remote servers through a cellular modem and a SIM card. Reviewing existing devices, it has been observed that beyond simple GPS trackers many devices intend to enclose additional features such as microphones, cameras, or Wi-Fi interfaces enabling advanced spying activities. In this study, we propose to describe the methodology applied to evaluate the security level of GPS trackers with different capabilities. Several security flaws have been discovered during our security assessment highlighting the need of a proper hardening of these devices when used in critical environments.
https://arxiv.org/abs/1902.05318
Submitted February 16, 2019 at 11:27PM by ernoego
via reddit http://bit.ly/2IktNCR
Interesting paper dealing with GPS trackers covering different attack scenariosabstract: Pierre Barre, Chaouki Kasmi, Eiman Al Shehhi (Submitted on 14 Feb 2019)Tracking expensive goods and/or targeted individuals with high-tech devices has been of high interest for the last 30 years. More recently, other use cases such as parents tracking their children have become popular. One primary functionality of these devices has been the collection of GPS coordinates of the location of the trackers, and to send these to remote servers through a cellular modem and a SIM card. Reviewing existing devices, it has been observed that beyond simple GPS trackers many devices intend to enclose additional features such as microphones, cameras, or Wi-Fi interfaces enabling advanced spying activities. In this study, we propose to describe the methodology applied to evaluate the security level of GPS trackers with different capabilities. Several security flaws have been discovered during our security assessment highlighting the need of a proper hardening of these devices when used in critical environments.
https://arxiv.org/abs/1902.05318
Submitted February 16, 2019 at 11:27PM by ernoego
via reddit http://bit.ly/2IktNCR
arXiv.org
Spy the little Spies - Security and Privacy issues of Smart GPS trackers
Tracking expensive goods and/or targeted individuals with high-tech devices has been of high interest for the last 30 years. More recently, other use cases such as parents tracking their children...
WireGuard for macOS
http://bit.ly/2X8lYDB
Submitted February 18, 2019 at 10:47PM by jackasstacular
via reddit http://bit.ly/2SSzr3t
http://bit.ly/2X8lYDB
Submitted February 18, 2019 at 10:47PM by jackasstacular
via reddit http://bit.ly/2SSzr3t
reddit
r/netsec - WireGuard for macOS
2 votes and 1 comment so far on Reddit
Azure AD Connect for Red Teamers
http://bit.ly/2Xa32Ex
Submitted February 18, 2019 at 11:33PM by 0xdea
via reddit http://bit.ly/2NbpQ2e
http://bit.ly/2Xa32Ex
Submitted February 18, 2019 at 11:33PM by 0xdea
via reddit http://bit.ly/2NbpQ2e
XPN InfoSec Blog
Azure AD Connect for Red Teamers
With clients increasingly relying on cloud services from Azure, one of the technologies that has been my radar for a while is Azure AD. For those who have not had the opportunity to work with this, the concept is simple, by extending authentication beyond…
ROP-ing on Aarch64
http://bit.ly/2NbyqOu
Submitted February 19, 2019 at 01:26AM by ret2got
via reddit http://bit.ly/2GU3y49
http://bit.ly/2NbyqOu
Submitted February 19, 2019 at 01:26AM by ret2got
via reddit http://bit.ly/2GU3y49
reddit
r/netsec - ROP-ing on Aarch64
4 votes and 0 comments so far on Reddit
pwnable.kr - fd , Understanding Linux File Denoscriptors and creating a simple exploit with python pwntools
http://bit.ly/2GN8S9e
Submitted February 19, 2019 at 04:26AM by Ahm3d_H3sham
via reddit http://bit.ly/2Ei9iTm
http://bit.ly/2GN8S9e
Submitted February 19, 2019 at 04:26AM by Ahm3d_H3sham
via reddit http://bit.ly/2Ei9iTm
0xRick Owned Root !
pwnable.kr - fd , Understanding Linux File Denoscriptors and creating a simple exploit with python pwntools
Introduction Hey guys , Lately I have been doing pwn challenges and I decided to share some stuff with you from time to time like I do with the other write-ups. Today we will solve fd from pwnable.kr , it’s a very easy one but as always we will go in detail.…
2.7M phone calls to Swedish medical advice service left on unauthenticated web server
http://bit.ly/2ttdSYR
Submitted February 19, 2019 at 10:41AM by midael
via reddit http://bit.ly/2IimlIu
http://bit.ly/2ttdSYR
Submitted February 19, 2019 at 10:41AM by midael
via reddit http://bit.ly/2IimlIu
How To Make The Best Out Of Security Conferences
http://bit.ly/2V6G4fP
Submitted February 19, 2019 at 05:45PM by mdpy
via reddit http://bit.ly/2ttlXNh
http://bit.ly/2V6G4fP
Submitted February 19, 2019 at 05:45PM by mdpy
via reddit http://bit.ly/2ttlXNh
eLearnSecurity Blog
How To Make The Most Out Of Security Conferences
The RSA Conference is just around the corner, and this year once again, we're glad to be sponsoring and attending this world-renowned security event. Attending security conferences can be a smart car
macOS: how to gain root with CVE-2018-4193 in < 10s
http://bit.ly/2Gy2KSY
Submitted February 19, 2019 at 07:08PM by mabote
via reddit http://bit.ly/2NeNgUv
http://bit.ly/2Gy2KSY
Submitted February 19, 2019 at 07:08PM by mabote
via reddit http://bit.ly/2NeNgUv
A look at how red teams and attackers craft an end to end spear-phishing campaign, from start to initial access.
http://bit.ly/2Ejwd0Q
Submitted February 19, 2019 at 07:44PM by exortius
via reddit http://bit.ly/2V6RGiV
http://bit.ly/2Ejwd0Q
Submitted February 19, 2019 at 07:44PM by exortius
via reddit http://bit.ly/2V6RGiV
Sublime Thoughts
Red Team Techniques: Gaining access on an external engagement through spear-phishing
There have been a lot of posts about crafting red team phishing campaigns, and most are incomplete. Today, we're going to walk through one of our recent external engagements from start to initial access.
Hacking Jenkins Part 2 - Abusing Meta Programming for Unauthenticated RCE!
http://bit.ly/2BJjgeL
Submitted February 19, 2019 at 08:27PM by albinowax
via reddit http://bit.ly/2TTTTxW
http://bit.ly/2BJjgeL
Submitted February 19, 2019 at 08:27PM by albinowax
via reddit http://bit.ly/2TTTTxW
Orange
Hacking Jenkins Part 2 - Abusing Meta Programming for Unauthenticated RCE!
This is 🍊 speaking
AWS GuardDuty: A Lesson In OPSEC
http://bit.ly/2X4Q7DU
Submitted February 19, 2019 at 09:24PM by ok_bye_now_
via reddit http://bit.ly/2EiE5zB
http://bit.ly/2X4Q7DU
Submitted February 19, 2019 at 09:24PM by ok_bye_now_
via reddit http://bit.ly/2EiE5zB
reddit
r/netsec - AWS GuardDuty: A Lesson In OPSEC
1 vote and 0 comments so far on Reddit
TIL Even machines that operate as a closed system can be eavesdropped upon via monitoring the faint electro-magnetic transmissions generated by the hardware
http://bit.ly/2eOHUyv
Submitted February 19, 2019 at 10:26PM by Davvytr
via reddit http://bit.ly/2T35mOp
http://bit.ly/2eOHUyv
Submitted February 19, 2019 at 10:26PM by Davvytr
via reddit http://bit.ly/2T35mOp
Wikipedia
Tempest (codename)
codename referring to investigations and studies of compromising emanations
Kali Linux 2019.1 Release, Metasploit 5.0
http://bit.ly/2TUiSBd
Submitted February 19, 2019 at 11:18PM by TheHersir
via reddit http://bit.ly/2Sa904F
http://bit.ly/2TUiSBd
Submitted February 19, 2019 at 11:18PM by TheHersir
via reddit http://bit.ly/2Sa904F
www.kali.org
Kali Linux 2019.1 Release
Welcome to our first release of 2019, Kali Linux 2019.1, which is available for immediate download. This release brings our kernel up to version 4.19.13, fixes numerous bugs, and includes many updated packages.
WordPress 5.0.0 Remote Code Execution
http://bit.ly/2XcQ88Q
Submitted February 19, 2019 at 11:15PM by websecdev
via reddit http://bit.ly/2DZcbay
http://bit.ly/2XcQ88Q
Submitted February 19, 2019 at 11:15PM by websecdev
via reddit http://bit.ly/2DZcbay
Ledger's Advanced Side-Channel Analysis Repository | Github.com
http://bit.ly/2IxVWq6
Submitted February 19, 2019 at 10:25PM by QuirkySpiceBush
via reddit http://bit.ly/2TXr7wu
http://bit.ly/2IxVWq6
Submitted February 19, 2019 at 10:25PM by QuirkySpiceBush
via reddit http://bit.ly/2TXr7wu
GitHub
Ledger-Donjon/lascar
Ledger's Advanced Side-Channel Analysis Repository - Ledger-Donjon/lascar
vFeed Community Edition Discontinued
http://bit.ly/2BHuyQX
Submitted February 20, 2019 at 12:45AM by WebHostingSaver
via reddit http://bit.ly/2BT7lLN
http://bit.ly/2BHuyQX
Submitted February 20, 2019 at 12:45AM by WebHostingSaver
via reddit http://bit.ly/2BT7lLN
Malware writing series - Python Malware, part 1 - Malware - 0x00sec
http://bit.ly/2GzV5Dz
Submitted February 20, 2019 at 12:30AM by Evil1337
via reddit http://bit.ly/2tvdOb3
http://bit.ly/2GzV5Dz
Submitted February 20, 2019 at 12:30AM by Evil1337
via reddit http://bit.ly/2tvdOb3
reddit
Malware writing series - Python Malware, part 1 - Malware - 0x00sec
Posted in r/netsec by u/Evil1337 • 10 points and 1 comment