How To Make The Best Out Of Security Conferences
http://bit.ly/2V6G4fP
Submitted February 19, 2019 at 05:45PM by mdpy
via reddit http://bit.ly/2ttlXNh
http://bit.ly/2V6G4fP
Submitted February 19, 2019 at 05:45PM by mdpy
via reddit http://bit.ly/2ttlXNh
eLearnSecurity Blog
How To Make The Most Out Of Security Conferences
The RSA Conference is just around the corner, and this year once again, we're glad to be sponsoring and attending this world-renowned security event. Attending security conferences can be a smart car
macOS: how to gain root with CVE-2018-4193 in < 10s
http://bit.ly/2Gy2KSY
Submitted February 19, 2019 at 07:08PM by mabote
via reddit http://bit.ly/2NeNgUv
http://bit.ly/2Gy2KSY
Submitted February 19, 2019 at 07:08PM by mabote
via reddit http://bit.ly/2NeNgUv
A look at how red teams and attackers craft an end to end spear-phishing campaign, from start to initial access.
http://bit.ly/2Ejwd0Q
Submitted February 19, 2019 at 07:44PM by exortius
via reddit http://bit.ly/2V6RGiV
http://bit.ly/2Ejwd0Q
Submitted February 19, 2019 at 07:44PM by exortius
via reddit http://bit.ly/2V6RGiV
Sublime Thoughts
Red Team Techniques: Gaining access on an external engagement through spear-phishing
There have been a lot of posts about crafting red team phishing campaigns, and most are incomplete. Today, we're going to walk through one of our recent external engagements from start to initial access.
Hacking Jenkins Part 2 - Abusing Meta Programming for Unauthenticated RCE!
http://bit.ly/2BJjgeL
Submitted February 19, 2019 at 08:27PM by albinowax
via reddit http://bit.ly/2TTTTxW
http://bit.ly/2BJjgeL
Submitted February 19, 2019 at 08:27PM by albinowax
via reddit http://bit.ly/2TTTTxW
Orange
Hacking Jenkins Part 2 - Abusing Meta Programming for Unauthenticated RCE!
This is 🍊 speaking
AWS GuardDuty: A Lesson In OPSEC
http://bit.ly/2X4Q7DU
Submitted February 19, 2019 at 09:24PM by ok_bye_now_
via reddit http://bit.ly/2EiE5zB
http://bit.ly/2X4Q7DU
Submitted February 19, 2019 at 09:24PM by ok_bye_now_
via reddit http://bit.ly/2EiE5zB
reddit
r/netsec - AWS GuardDuty: A Lesson In OPSEC
1 vote and 0 comments so far on Reddit
TIL Even machines that operate as a closed system can be eavesdropped upon via monitoring the faint electro-magnetic transmissions generated by the hardware
http://bit.ly/2eOHUyv
Submitted February 19, 2019 at 10:26PM by Davvytr
via reddit http://bit.ly/2T35mOp
http://bit.ly/2eOHUyv
Submitted February 19, 2019 at 10:26PM by Davvytr
via reddit http://bit.ly/2T35mOp
Wikipedia
Tempest (codename)
codename referring to investigations and studies of compromising emanations
Kali Linux 2019.1 Release, Metasploit 5.0
http://bit.ly/2TUiSBd
Submitted February 19, 2019 at 11:18PM by TheHersir
via reddit http://bit.ly/2Sa904F
http://bit.ly/2TUiSBd
Submitted February 19, 2019 at 11:18PM by TheHersir
via reddit http://bit.ly/2Sa904F
www.kali.org
Kali Linux 2019.1 Release
Welcome to our first release of 2019, Kali Linux 2019.1, which is available for immediate download. This release brings our kernel up to version 4.19.13, fixes numerous bugs, and includes many updated packages.
WordPress 5.0.0 Remote Code Execution
http://bit.ly/2XcQ88Q
Submitted February 19, 2019 at 11:15PM by websecdev
via reddit http://bit.ly/2DZcbay
http://bit.ly/2XcQ88Q
Submitted February 19, 2019 at 11:15PM by websecdev
via reddit http://bit.ly/2DZcbay
Ledger's Advanced Side-Channel Analysis Repository | Github.com
http://bit.ly/2IxVWq6
Submitted February 19, 2019 at 10:25PM by QuirkySpiceBush
via reddit http://bit.ly/2TXr7wu
http://bit.ly/2IxVWq6
Submitted February 19, 2019 at 10:25PM by QuirkySpiceBush
via reddit http://bit.ly/2TXr7wu
GitHub
Ledger-Donjon/lascar
Ledger's Advanced Side-Channel Analysis Repository - Ledger-Donjon/lascar
vFeed Community Edition Discontinued
http://bit.ly/2BHuyQX
Submitted February 20, 2019 at 12:45AM by WebHostingSaver
via reddit http://bit.ly/2BT7lLN
http://bit.ly/2BHuyQX
Submitted February 20, 2019 at 12:45AM by WebHostingSaver
via reddit http://bit.ly/2BT7lLN
Malware writing series - Python Malware, part 1 - Malware - 0x00sec
http://bit.ly/2GzV5Dz
Submitted February 20, 2019 at 12:30AM by Evil1337
via reddit http://bit.ly/2tvdOb3
http://bit.ly/2GzV5Dz
Submitted February 20, 2019 at 12:30AM by Evil1337
via reddit http://bit.ly/2tvdOb3
reddit
Malware writing series - Python Malware, part 1 - Malware - 0x00sec
Posted in r/netsec by u/Evil1337 • 10 points and 1 comment
Amtrak Mobile APIs - Multiple Vulnerabilities
http://bit.ly/2DSNP1X
Submitted February 20, 2019 at 03:09AM by Bishopfox
via reddit http://bit.ly/2Nfq749
http://bit.ly/2DSNP1X
Submitted February 20, 2019 at 03:09AM by Bishopfox
via reddit http://bit.ly/2Nfq749
Bishop Fox
Amtrak Mobile APIs - Multiple Vulnerabilities - Bishop Fox
The Amtrak mobile APIs are affected by vulnerabilities that can directly lead to the exposure of Personally Identifiable Information (PII) and partial payment data for at least 6 million Amtrak guest rewards members. The Amtrak customers’ exposed PII includes…
Password Managers: Under the Hood of Secrets Management. Popular password managers expose master password and secrets in memory even after locking.
http://bit.ly/2T3Pziu
Submitted February 20, 2019 at 02:57AM by Dyslectic_Sabreur
via reddit http://bit.ly/2V6Jak0
http://bit.ly/2T3Pziu
Submitted February 20, 2019 at 02:57AM by Dyslectic_Sabreur
via reddit http://bit.ly/2V6Jak0
Independent Security Evaluators
Password Managers: Under the Hood of Secrets Management - Independent Security Evaluators
We found that in all password managers we examined, trivial secrets extraction was possible from a locked password manager, including the master password in some cases, exposing up to 60 million users that use the password managers in this study to secrets…
Bug Writeup: FBCTF IDOR
https://ift.tt/2DTItU9
Submitted February 20, 2019 at 09:18AM by Giltheryn
via reddit https://ift.tt/2TWI4Hh
https://ift.tt/2DTItU9
Submitted February 20, 2019 at 09:18AM by Giltheryn
via reddit https://ift.tt/2TWI4Hh
Georgeosterweil
Bug Writeup: FBCTF IDOR
Introduction This is a writeup for a bug I found a few months ago in Facebook’s Capture the Flag Platform (FBCTF). It was a fixed a while ago, so I’ll describe the bug and how I found it. I discovered this bug when participating in Facebook’s 2018 CTF and…
Once hailed as unhackable, blockchains are now getting hacked
http://bit.ly/2SILwZu
Submitted February 20, 2019 at 01:57PM by It_Is1-24PM
via reddit https://ift.tt/2SOd13O
http://bit.ly/2SILwZu
Submitted February 20, 2019 at 01:57PM by It_Is1-24PM
via reddit https://ift.tt/2SOd13O
MIT Technology Review
Once hailed as unhackable, blockchains are now getting hacked
More and more security holes are appearing in cryptocurrency and smart contract platforms, and some are fundamental to the way they were built.
[Bug Bounty] UBER REWARDS INDIAN HACKER FOR FINDING A BUG IN UBER DEVELOPER PORTAL
https://ift.tt/2BKKNwn
Submitted February 20, 2019 at 02:14PM by hackerpost
via reddit https://ift.tt/2NeHLoQ
https://ift.tt/2BKKNwn
Submitted February 20, 2019 at 02:14PM by hackerpost
via reddit https://ift.tt/2NeHLoQ
Hackerpost
Uber rewards Indian hacker for finding a bug in Uber developer portal - Hackerpost
Tweet it Share on Google Pin it Share it Email This is not the first
Detecting Web Attacks with a Seq2Seq Autoencoder
https://ift.tt/2V9mzU0
Submitted February 20, 2019 at 06:24PM by alexlash
via reddit https://ift.tt/2V6obOj
https://ift.tt/2V9mzU0
Submitted February 20, 2019 at 06:24PM by alexlash
via reddit https://ift.tt/2V6obOj
Ptsecurity
Detecting Web Attacks with a Seq2Seq Autoencoder
Attack detection has been a part of information security for decades. The first known intrusion detection system (IDS) implementations d...
Combine a subtle bug in shrinkwrap software with unsafe ADI DNS defaults and you get more NTLM hashes than you can wish for. Even in a hardened environment.
https://ift.tt/2XfzwgE
Submitted February 20, 2019 at 07:43PM by obilodeau
via reddit https://ift.tt/2SOPdNe
https://ift.tt/2XfzwgE
Submitted February 20, 2019 at 07:43PM by obilodeau
via reddit https://ift.tt/2SOPdNe
GoSecure
Abusing Unsafe Defaults in Active Directory Domain Services: A Real-World Case Study - GoSecure
Combine a bug in Antidote, a popular enterprise spellchecker, and unsafe defaults in Active Directory, and you get more NTLM hashes than you can deal with.
Detecting Web Attacks with a Seq2Seq Autoencoder
https://ift.tt/2U6wfyc
Submitted February 20, 2019 at 09:19PM by atomlib_com
via reddit https://ift.tt/2V90Lrv
https://ift.tt/2U6wfyc
Submitted February 20, 2019 at 09:19PM by atomlib_com
via reddit https://ift.tt/2V90Lrv
Habr
Detecting Web Attacks with a Seq2Seq Autoencoder
Attack detection has been a part of information security for decades. The first known intrusion detection system (IDS) implementations date back to the early...
Extracting a 19 Year Old Code Execution from WinRAR - Check Point Research
https://ift.tt/2T6H6uS
Submitted February 20, 2019 at 08:39PM by eyalitki
via reddit https://ift.tt/2twBxYp
https://ift.tt/2T6H6uS
Submitted February 20, 2019 at 08:39PM by eyalitki
via reddit https://ift.tt/2twBxYp
Check Point Research
Extracting a 19 Year Old Code Execution from WinRAR - Check Point Research
Research by: Nadav Grossman Introduction In this article, we tell the story of how we found a logical bug using the WinAFL fuzzer and exploited it in WinRAR to gain full control over a victim’s computer. The exploit works by just extracting an archive, and…
Chomp Scan - A tool for bug bounty/penetration test domain reconnaissance.
https://ift.tt/2GEpcKr
Submitted February 20, 2019 at 11:15PM by IamJacksLackOf
via reddit https://ift.tt/2BIrmEI
https://ift.tt/2GEpcKr
Submitted February 20, 2019 at 11:15PM by IamJacksLackOf
via reddit https://ift.tt/2BIrmEI
GitHub
SolomonSklash/chomp-scan
A noscripted pipeline of tools to streamline the bug bounty/penetration test reconnaissance phase, so you can focus on chomping bugs. - SolomonSklash/chomp-scan