Ledger's Advanced Side-Channel Analysis Repository | Github.com
http://bit.ly/2IxVWq6
Submitted February 19, 2019 at 10:25PM by QuirkySpiceBush
via reddit http://bit.ly/2TXr7wu
http://bit.ly/2IxVWq6
Submitted February 19, 2019 at 10:25PM by QuirkySpiceBush
via reddit http://bit.ly/2TXr7wu
GitHub
Ledger-Donjon/lascar
Ledger's Advanced Side-Channel Analysis Repository - Ledger-Donjon/lascar
vFeed Community Edition Discontinued
http://bit.ly/2BHuyQX
Submitted February 20, 2019 at 12:45AM by WebHostingSaver
via reddit http://bit.ly/2BT7lLN
http://bit.ly/2BHuyQX
Submitted February 20, 2019 at 12:45AM by WebHostingSaver
via reddit http://bit.ly/2BT7lLN
Malware writing series - Python Malware, part 1 - Malware - 0x00sec
http://bit.ly/2GzV5Dz
Submitted February 20, 2019 at 12:30AM by Evil1337
via reddit http://bit.ly/2tvdOb3
http://bit.ly/2GzV5Dz
Submitted February 20, 2019 at 12:30AM by Evil1337
via reddit http://bit.ly/2tvdOb3
reddit
Malware writing series - Python Malware, part 1 - Malware - 0x00sec
Posted in r/netsec by u/Evil1337 • 10 points and 1 comment
Amtrak Mobile APIs - Multiple Vulnerabilities
http://bit.ly/2DSNP1X
Submitted February 20, 2019 at 03:09AM by Bishopfox
via reddit http://bit.ly/2Nfq749
http://bit.ly/2DSNP1X
Submitted February 20, 2019 at 03:09AM by Bishopfox
via reddit http://bit.ly/2Nfq749
Bishop Fox
Amtrak Mobile APIs - Multiple Vulnerabilities - Bishop Fox
The Amtrak mobile APIs are affected by vulnerabilities that can directly lead to the exposure of Personally Identifiable Information (PII) and partial payment data for at least 6 million Amtrak guest rewards members. The Amtrak customers’ exposed PII includes…
Password Managers: Under the Hood of Secrets Management. Popular password managers expose master password and secrets in memory even after locking.
http://bit.ly/2T3Pziu
Submitted February 20, 2019 at 02:57AM by Dyslectic_Sabreur
via reddit http://bit.ly/2V6Jak0
http://bit.ly/2T3Pziu
Submitted February 20, 2019 at 02:57AM by Dyslectic_Sabreur
via reddit http://bit.ly/2V6Jak0
Independent Security Evaluators
Password Managers: Under the Hood of Secrets Management - Independent Security Evaluators
We found that in all password managers we examined, trivial secrets extraction was possible from a locked password manager, including the master password in some cases, exposing up to 60 million users that use the password managers in this study to secrets…
Bug Writeup: FBCTF IDOR
https://ift.tt/2DTItU9
Submitted February 20, 2019 at 09:18AM by Giltheryn
via reddit https://ift.tt/2TWI4Hh
https://ift.tt/2DTItU9
Submitted February 20, 2019 at 09:18AM by Giltheryn
via reddit https://ift.tt/2TWI4Hh
Georgeosterweil
Bug Writeup: FBCTF IDOR
Introduction This is a writeup for a bug I found a few months ago in Facebook’s Capture the Flag Platform (FBCTF). It was a fixed a while ago, so I’ll describe the bug and how I found it. I discovered this bug when participating in Facebook’s 2018 CTF and…
Once hailed as unhackable, blockchains are now getting hacked
http://bit.ly/2SILwZu
Submitted February 20, 2019 at 01:57PM by It_Is1-24PM
via reddit https://ift.tt/2SOd13O
http://bit.ly/2SILwZu
Submitted February 20, 2019 at 01:57PM by It_Is1-24PM
via reddit https://ift.tt/2SOd13O
MIT Technology Review
Once hailed as unhackable, blockchains are now getting hacked
More and more security holes are appearing in cryptocurrency and smart contract platforms, and some are fundamental to the way they were built.
[Bug Bounty] UBER REWARDS INDIAN HACKER FOR FINDING A BUG IN UBER DEVELOPER PORTAL
https://ift.tt/2BKKNwn
Submitted February 20, 2019 at 02:14PM by hackerpost
via reddit https://ift.tt/2NeHLoQ
https://ift.tt/2BKKNwn
Submitted February 20, 2019 at 02:14PM by hackerpost
via reddit https://ift.tt/2NeHLoQ
Hackerpost
Uber rewards Indian hacker for finding a bug in Uber developer portal - Hackerpost
Tweet it Share on Google Pin it Share it Email This is not the first
Detecting Web Attacks with a Seq2Seq Autoencoder
https://ift.tt/2V9mzU0
Submitted February 20, 2019 at 06:24PM by alexlash
via reddit https://ift.tt/2V6obOj
https://ift.tt/2V9mzU0
Submitted February 20, 2019 at 06:24PM by alexlash
via reddit https://ift.tt/2V6obOj
Ptsecurity
Detecting Web Attacks with a Seq2Seq Autoencoder
Attack detection has been a part of information security for decades. The first known intrusion detection system (IDS) implementations d...
Combine a subtle bug in shrinkwrap software with unsafe ADI DNS defaults and you get more NTLM hashes than you can wish for. Even in a hardened environment.
https://ift.tt/2XfzwgE
Submitted February 20, 2019 at 07:43PM by obilodeau
via reddit https://ift.tt/2SOPdNe
https://ift.tt/2XfzwgE
Submitted February 20, 2019 at 07:43PM by obilodeau
via reddit https://ift.tt/2SOPdNe
GoSecure
Abusing Unsafe Defaults in Active Directory Domain Services: A Real-World Case Study - GoSecure
Combine a bug in Antidote, a popular enterprise spellchecker, and unsafe defaults in Active Directory, and you get more NTLM hashes than you can deal with.
Detecting Web Attacks with a Seq2Seq Autoencoder
https://ift.tt/2U6wfyc
Submitted February 20, 2019 at 09:19PM by atomlib_com
via reddit https://ift.tt/2V90Lrv
https://ift.tt/2U6wfyc
Submitted February 20, 2019 at 09:19PM by atomlib_com
via reddit https://ift.tt/2V90Lrv
Habr
Detecting Web Attacks with a Seq2Seq Autoencoder
Attack detection has been a part of information security for decades. The first known intrusion detection system (IDS) implementations date back to the early...
Extracting a 19 Year Old Code Execution from WinRAR - Check Point Research
https://ift.tt/2T6H6uS
Submitted February 20, 2019 at 08:39PM by eyalitki
via reddit https://ift.tt/2twBxYp
https://ift.tt/2T6H6uS
Submitted February 20, 2019 at 08:39PM by eyalitki
via reddit https://ift.tt/2twBxYp
Check Point Research
Extracting a 19 Year Old Code Execution from WinRAR - Check Point Research
Research by: Nadav Grossman Introduction In this article, we tell the story of how we found a logical bug using the WinAFL fuzzer and exploited it in WinRAR to gain full control over a victim’s computer. The exploit works by just extracting an archive, and…
Chomp Scan - A tool for bug bounty/penetration test domain reconnaissance.
https://ift.tt/2GEpcKr
Submitted February 20, 2019 at 11:15PM by IamJacksLackOf
via reddit https://ift.tt/2BIrmEI
https://ift.tt/2GEpcKr
Submitted February 20, 2019 at 11:15PM by IamJacksLackOf
via reddit https://ift.tt/2BIrmEI
GitHub
SolomonSklash/chomp-scan
A noscripted pipeline of tools to streamline the bug bounty/penetration test reconnaissance phase, so you can focus on chomping bugs. - SolomonSklash/chomp-scan
Never-ending WordPress vulnerabilities
https://ift.tt/2SM2DKc
Submitted February 21, 2019 at 12:05AM by ded1cated
via reddit https://ift.tt/2ImXwuT
https://ift.tt/2SM2DKc
Submitted February 21, 2019 at 12:05AM by ded1cated
via reddit https://ift.tt/2ImXwuT
Infosecurity Magazine
Two WordPress Plugin Authors Issue Bug Fixes
Users of WP Cost Estimation & Payment Forms Builder and Simple Social Buttons plugins urged to update.
WordPress 5.0.0 Remote Code Execution can lead to a full remote takeover
https://ift.tt/2TVoF9S
Submitted February 21, 2019 at 01:30AM by robert681
via reddit https://ift.tt/2Nhxvfz
https://ift.tt/2TVoF9S
Submitted February 21, 2019 at 01:30AM by robert681
via reddit https://ift.tt/2Nhxvfz
Pown Recon - target reconnaissance framework powered by graph theory
https://ift.tt/2GyjlWZ
Submitted February 21, 2019 at 03:27AM by _pdp_
via reddit https://ift.tt/2tv1Tdh
https://ift.tt/2GyjlWZ
Submitted February 21, 2019 at 03:27AM by _pdp_
via reddit https://ift.tt/2tv1Tdh
GitHub
pownjs/pown-recon
A powerful target reconnaissance framework powered by graph theory. - pownjs/pown-recon
Drupal core - Highly critical - Remote Code Execution - SA-CORE-2019-003
https://ift.tt/2GUyuBh
Submitted February 21, 2019 at 07:56AM by sbyo4263
via reddit https://ift.tt/2STB7dB
https://ift.tt/2GUyuBh
Submitted February 21, 2019 at 07:56AM by sbyo4263
via reddit https://ift.tt/2STB7dB
reddit
r/netsec - Drupal core - Highly critical - Remote Code Execution - SA-CORE-2019-003
0 votes and 0 comments so far on Reddit
Analyzing HijaIyh (APPLE SCAMPAGE V2) phishing kit
https://ift.tt/2Elid6E
Submitted February 21, 2019 at 08:23AM by ninoseki
via reddit https://ift.tt/2IpyBqI
https://ift.tt/2Elid6E
Submitted February 21, 2019 at 08:23AM by ninoseki
via reddit https://ift.tt/2IpyBqI
HackMD
Analyzing HijaIyh (APPLE SCAMPAGE V2) phishing kit - HackMD
# Analyzing HijaIyh (APPLE SCAMPAGE V2) phishing kit Today I found an interesting phishing kit targ
Paperclip to a House: Turning Useless Data into an Authenticated User
https://ift.tt/2E1Yc3x
Submitted February 21, 2019 at 12:45PM by mdulin2
via reddit https://ift.tt/2GGCdDh
https://ift.tt/2E1Yc3x
Submitted February 21, 2019 at 12:45PM by mdulin2
via reddit https://ift.tt/2GGCdDh
Drupal core - Highly critical - Remote Code Execution - SA-CORE-2019-003
https://ift.tt/2Nipabj
Submitted February 21, 2019 at 12:15PM by Adr1enb
via reddit https://ift.tt/2twsnv6
https://ift.tt/2Nipabj
Submitted February 21, 2019 at 12:15PM by Adr1enb
via reddit https://ift.tt/2twsnv6
reddit
r/netsec - Drupal core - Highly critical - Remote Code Execution - SA-CORE-2019-003
0 votes and 1 comment so far on Reddit
VPN for marketing
https://ift.tt/2TYYyi5
Submitted February 21, 2019 at 03:33PM by EastZookeepergame
via reddit https://ift.tt/2GCITlL
https://ift.tt/2TYYyi5
Submitted February 21, 2019 at 03:33PM by EastZookeepergame
via reddit https://ift.tt/2GCITlL
Medium
Why a VPN should be in your marketing tools list
If you are working in a digital marketing sphere, most of your work is done online, from managing social media channels to monitoring…