/r/netsec's Q2 2019 Information Security Hiring Thread
OverviewIf you have open positions at your company for information security professionals and would like to hire from the /r/netsec user base, please leave a comment detailing any open job listings at your company.We would also like to encourage you to post internship positions as well. Many of our readers are currently in school or are just finishing their education.Please reserve top level comments for those posting open positions.Rules & GuidelinesInclude the company name in the post. If you want to be topsykret, go recruit elsewhere.Include the geographic location of the position along with the availability of relocation assistance or remote work.If you are a third party recruiter, you must disclose this in your posting.Please be thorough and upfront with the position details.Use of non-hr'd (realistic) requirements is encouraged.While it's fine to link to the position on your companies website, provide the important details in the comment.Mention if applicants should apply officially through HR, or directly through you.Please clearly list citizenship, visa, and security clearance requirements.You can see an example of acceptable posts by perusing past hiring threads.FeedbackFeedback and suggestions are welcome, but please don't hijack this thread (use moderator mail instead.)
Submitted April 03, 2019 at 10:22PM by ranok
via reddit https://ift.tt/2K23XEx
OverviewIf you have open positions at your company for information security professionals and would like to hire from the /r/netsec user base, please leave a comment detailing any open job listings at your company.We would also like to encourage you to post internship positions as well. Many of our readers are currently in school or are just finishing their education.Please reserve top level comments for those posting open positions.Rules & GuidelinesInclude the company name in the post. If you want to be topsykret, go recruit elsewhere.Include the geographic location of the position along with the availability of relocation assistance or remote work.If you are a third party recruiter, you must disclose this in your posting.Please be thorough and upfront with the position details.Use of non-hr'd (realistic) requirements is encouraged.While it's fine to link to the position on your companies website, provide the important details in the comment.Mention if applicants should apply officially through HR, or directly through you.Please clearly list citizenship, visa, and security clearance requirements.You can see an example of acceptable posts by perusing past hiring threads.FeedbackFeedback and suggestions are welcome, but please don't hijack this thread (use moderator mail instead.)
Submitted April 03, 2019 at 10:22PM by ranok
via reddit https://ift.tt/2K23XEx
Manipulating your autosuggestion list on Google Search.
https://ift.tt/2UcfvK4
Submitted April 03, 2019 at 10:59PM by terjanq
via reddit https://ift.tt/2WH8i1B
https://ift.tt/2UcfvK4
Submitted April 03, 2019 at 10:59PM by terjanq
via reddit https://ift.tt/2WH8i1B
Medium
How I am able to hijack you.
or rather: How I am able to hijack your autosuggestions in Google Search.
App Developers Left 540 Million Facebook Users' Records on the Public Internet
https://ift.tt/2D4L4v5
Submitted April 04, 2019 at 02:20AM by zen_rishi
via reddit https://ift.tt/2VkVH3I
https://ift.tt/2D4L4v5
Submitted April 04, 2019 at 02:20AM by zen_rishi
via reddit https://ift.tt/2VkVH3I
Motherboard
App Developers Left 540 Million Facebook Users' Records on the Public Internet
The exposures didn’t come from Facebook itself, but do show how data generated by one company can end up exposed thanks to another service.
Active Directory Visualization for Blue Teams and Threat Hunters
https://ift.tt/2HU7Jhq
Submitted April 04, 2019 at 02:50AM by myover
via reddit https://ift.tt/2IaYeKa
https://ift.tt/2HU7Jhq
Submitted April 04, 2019 at 02:50AM by myover
via reddit https://ift.tt/2IaYeKa
Praetorian
Active Directory Visualization for Blue Teams and Threat Hunters
As a network defender, it can be easy to attribute a certain degree of omnipotence to attackers. Advanced threats have an uncanny knack for figuring out how to move through an environment without regards for passwords, roles, permissions, or what “should”…
CVE-2019–5418: on WAF bypass and caching
https://ift.tt/2OTdo8p
Submitted April 04, 2019 at 03:41AM by ffyns
via reddit https://ift.tt/2ViEcRK
https://ift.tt/2OTdo8p
Submitted April 04, 2019 at 03:41AM by ffyns
via reddit https://ift.tt/2ViEcRK
PentesterLab
CVE-2019–5418: on WAF bypass and caching
If you follow PentesterLab on Twitter, you probably saw the following tweet:
Using a Yubikey as smartcard for SSH public key authentication
https://ift.tt/2EJzKph
Submitted April 04, 2019 at 04:52AM by ffyns
via reddit https://ift.tt/2uSuJoN
https://ift.tt/2EJzKph
Submitted April 04, 2019 at 04:52AM by ffyns
via reddit https://ift.tt/2uSuJoN
reddit
r/netsec - Using a Yubikey as smartcard for SSH public key authentication
0 votes and 0 comments so far on Reddit
Sending Glenn Greenwald A PGP Encrypted Message
https://ift.tt/2uKfMVu
Submitted April 04, 2019 at 07:50AM by lawandordercandidate
via reddit https://ift.tt/2YOUS5i
https://ift.tt/2uKfMVu
Submitted April 04, 2019 at 07:50AM by lawandordercandidate
via reddit https://ift.tt/2YOUS5i
menz-o-matic.com
Sending Glenn Greenwald A PGP Encrypted Message
Discovering New And Open-Source Software.
Assessing Unikernel Security | NCC Group Whitepaper
https://ift.tt/2UdQwX2
Submitted April 04, 2019 at 01:00PM by digicat
via reddit https://ift.tt/2K2Mo7q
https://ift.tt/2UdQwX2
Submitted April 04, 2019 at 01:00PM by digicat
via reddit https://ift.tt/2K2Mo7q
reddit
r/netsec - Assessing Unikernel Security | NCC Group Whitepaper
0 votes and 0 comments so far on Reddit
Attack surface in Sciter-based applications (UI engine similar to Electron)
https://ift.tt/2HYcXcg
Submitted April 04, 2019 at 03:18PM by apanonimo
via reddit https://ift.tt/2I7wciK
https://ift.tt/2HYcXcg
Submitted April 04, 2019 at 03:18PM by apanonimo
via reddit https://ift.tt/2I7wciK
Tarlogic Security - Cyber Security and Ethical hacking
Security in Sciter-based applications
Sciter is an embeddable engine for user interfaces in multi-platform applications. Through Sciter engine the user interfaces are created using HTML, CSS and TISnoscript, the latter being a language similar to JavaScript and capable of handling files, connections…
Two More Cases of Third-Party Facebook App Data Exposure
https://ift.tt/2UexbVI
Submitted April 04, 2019 at 06:43PM by pgl
via reddit https://ift.tt/2G1woi1
https://ift.tt/2UexbVI
Submitted April 04, 2019 at 06:43PM by pgl
via reddit https://ift.tt/2G1woi1
Upguard
Losing Face: Two More Cases of Third-Party Facebook App Data Exposure
Third-party Facebook apps gather Facebook data about the people who use them. While Facebook struggles to contain these exposures, insecure third-party data practices & misconfigured cloud systems continue to leak Facebook data to the internet. See how UpGuard…
Ghidra source code officially released!
https://ift.tt/2EQelLi
Submitted April 04, 2019 at 07:24PM by frrossty
via reddit https://ift.tt/2FRIglf
https://ift.tt/2EQelLi
Submitted April 04, 2019 at 07:24PM by frrossty
via reddit https://ift.tt/2FRIglf
GitHub
GitHub - NationalSecurityAgency/ghidra: Ghidra is a software reverse engineering (SRE) framework
Ghidra is a software reverse engineering (SRE) framework - GitHub - NationalSecurityAgency/ghidra: Ghidra is a software reverse engineering (SRE) framework
Huawei and Security Analysis | grsecurity
https://ift.tt/2TWRlOW
Submitted April 04, 2019 at 10:05PM by shawn_webb
via reddit https://ift.tt/2YMve1a
https://ift.tt/2TWRlOW
Submitted April 04, 2019 at 10:05PM by shawn_webb
via reddit https://ift.tt/2YMve1a
grsecurity.net
grsecurity - Huawei and Security Analysis
grsecurity is an extensive security enhancement to the Linux kernel that defends against a wide range of security threats through intelligent access control, memory corruption-based exploit prevention, and a host of other system hardening that generally require…
Apache HTTPD: Apache HTTP Server privilege escalation from modules' noscripts (CVE-2019-0211)
https://ift.tt/2K3Esmf
Submitted April 05, 2019 at 12:12AM by BruteIPTV
via reddit https://ift.tt/2Uv3PBr
https://ift.tt/2K3Esmf
Submitted April 05, 2019 at 12:12AM by BruteIPTV
via reddit https://ift.tt/2Uv3PBr
reddit
r/netsec - Apache HTTPD: Apache HTTP Server privilege escalation from modules' noscripts (CVE-2019-0211)
0 votes and 0 comments so far on Reddit
Apache Server Bug Gives Root Level Access to Any Level Account
https://ift.tt/2VmQLeH
Submitted April 05, 2019 at 03:05AM by threaltwizzla
via reddit https://ift.tt/2Uvna5v
https://ift.tt/2VmQLeH
Submitted April 05, 2019 at 03:05AM by threaltwizzla
via reddit https://ift.tt/2Uvna5v
Secure Intelligence
Cybersecurity Threat Advisory 0014-19: Apache Server Bug Gives Root Level Access to Any Level Account
Check Out Our New Cybersecurity Threat Advisory! SkOUT Specializes in helping SMBs and MSPs stay secure and safe from Cybersecurity Threats.
Subverting Electron Apps via Insecure Preload. Wire App and Discord XSS to RCE bugs.
https://ift.tt/2TZe78O
Submitted April 04, 2019 at 02:29AM by nibblesec
via reddit https://ift.tt/2YPBzsQ
https://ift.tt/2TZe78O
Submitted April 04, 2019 at 02:29AM by nibblesec
via reddit https://ift.tt/2YPBzsQ
Doyensec
Subverting Electron Apps via Insecure Preload · Doyensec's Blog
Doyensec's Blog :: Doyensec is an independent security research and development company focused on vulnerability discovery and remediation.
Ongoing DNS hijacking campaign targeting consumer routers
https://ift.tt/2Id7gGI
Submitted April 05, 2019 at 05:19AM by bad_packets
via reddit https://ift.tt/2Unk5Wg
https://ift.tt/2Id7gGI
Submitted April 05, 2019 at 05:19AM by bad_packets
via reddit https://ift.tt/2Unk5Wg
badpackets.net
Ongoing DNS hijacking campaign targeting consumer routers
Over the last three months, our honeypots have detected DNS hijacking attacks targeting various types of consumer routers. All exploit attempts have originated from hosts on the network of Google Cloud Platform (AS15169). In this campaign, we've identified…
What is penetration testing and how does it differ from vulnerability scanning? It's an important distinction that those in most need of these tests don't know and sometimes get mislead about.
http://bit.ly/2D09MMX
Submitted April 05, 2019 at 05:29PM by travishat
via reddit http://bit.ly/2Vk6Emd
http://bit.ly/2D09MMX
Submitted April 05, 2019 at 05:29PM by travishat
via reddit http://bit.ly/2Vk6Emd
spriteCloud
What is penetration testing?
There is a considerable amount of confusion in the security testing industry regarding the differences between penetration testing and vulnerability scanning.
Handlebars template injection and RCE in a Shopify app
http://bit.ly/2D0LjHh
Submitted April 05, 2019 at 05:41AM by ml33t3r
via reddit http://bit.ly/2Igv4tk
http://bit.ly/2D0LjHh
Submitted April 05, 2019 at 05:41AM by ml33t3r
via reddit http://bit.ly/2Igv4tk
Blogspot
Handlebars template injection and RCE in a Shopify app
TL;DR We found a zero-day within a JavaScript template library called handlebars and used it to get Remote Code Execution in the Sh...
Our take on social engineering
http://bit.ly/2UhdLiY
Submitted April 05, 2019 at 08:29PM by dn3t
via reddit http://bit.ly/2G25LJJ
http://bit.ly/2UhdLiY
Submitted April 05, 2019 at 08:29PM by dn3t
via reddit http://bit.ly/2G25LJJ
Giggity: cli tool/python module to scrape useful information from a github user/org
http://bit.ly/2DbD1gr
Submitted April 05, 2019 at 08:21PM by amusciano
via reddit http://bit.ly/2UD1jZY
http://bit.ly/2DbD1gr
Submitted April 05, 2019 at 08:21PM by amusciano
via reddit http://bit.ly/2UD1jZY
GitHub
needmorecowbell/giggity
Wraps github api for openly available information about an organization, user, or repo - needmorecowbell/giggity
IResponse to IEncrypt - a Detailed Incident Response to an IEncrypt Ransomware Attack
http://bit.ly/2CY0vVN
Submitted April 06, 2019 at 12:05AM by ophirharpaz
via reddit http://bit.ly/2D08xx4
http://bit.ly/2CY0vVN
Submitted April 06, 2019 at 12:05AM by ophirharpaz
via reddit http://bit.ly/2D08xx4
Guardicore - Data Center and Cloud Security
IResponse to IEncrypt | Guardicore Labs
A detailed investigation into an IEncrypt ransomware attack, analysis of the decryption process and the decryptor. Also providing a safe to use version of Guardicore’s IEncrypt decryptor