Private Key Extraction from Qualcomm Hardware-backed Keystores
http://bit.ly/2GJfO5R
Submitted April 25, 2019 at 09:13AM by Titokhan
via reddit http://bit.ly/2IUNQ9M
http://bit.ly/2GJfO5R
Submitted April 25, 2019 at 09:13AM by Titokhan
via reddit http://bit.ly/2IUNQ9M
reddit
r/netsec - Private Key Extraction from Qualcomm Hardware-backed Keystores
0 votes and 0 comments so far on Reddit
Through the cloud – remote debugging to crack MQ
http://bit.ly/2GFtgsp
Submitted April 25, 2019 at 01:00PM by zoh4rs
via reddit http://bit.ly/2UVcqi0
http://bit.ly/2GFtgsp
Submitted April 25, 2019 at 01:00PM by zoh4rs
via reddit http://bit.ly/2UVcqi0
Komodosec | Cyber Security Consulting infrastructure and Application
Through the cloud – remote debugging to crack MQ
In a simple penetration test the tester is presented with a target, say a web application, and attacks it from his workstation. However, systems can be far more
Next Gen Phishing – Leveraging Azure Information Protection
http://bit.ly/2XISpbg
Submitted April 25, 2019 at 06:17PM by oddvarmoe
via reddit http://bit.ly/2UzDD4R
http://bit.ly/2XISpbg
Submitted April 25, 2019 at 06:17PM by oddvarmoe
via reddit http://bit.ly/2UzDD4R
TrustedSec
Cybersecurity Education from the Experts | TrustedSec Blog Posts
Learn more about how to safeguard your company through our educational blog posts on everything from updated tech to the newest scams infiltrating organizations today.
TA505 targeting banks with lolbins and ServHelper, what's crazy is how targeted an operation this was, not spray and pray
http://bit.ly/2DBhtJL
Submitted April 25, 2019 at 06:51PM by hackerxbella
via reddit http://bit.ly/2VkhBaN
http://bit.ly/2DBhtJL
Submitted April 25, 2019 at 06:51PM by hackerxbella
via reddit http://bit.ly/2VkhBaN
Cybereason
Threat Actor TA505 Targets Financial Enterprises Using LOLBins and a New Backdoor Malware
In this research, we introduce a meticulously planned, malicious operation against a financial institution in April of 2019 by TA505.
Website Is Now Just The Gateway; Intruders Now Want To Own Whole Infrastructure
http://bit.ly/2IUvh5G
Submitted April 25, 2019 at 08:09PM by la_manguste
via reddit http://bit.ly/2IVss45
http://bit.ly/2IUvh5G
Submitted April 25, 2019 at 08:09PM by la_manguste
via reddit http://bit.ly/2IVss45
Lamanguste
Website Is Now Just The Gateway; Intruders Now Want To Own Whole Infrastructure
Hackers lurking around your website for possible vulnerabilities to be exploited not only want to gain an unauthorized entry to your website but to control your entire infrastructure further creating
How AI is Solving the False Positives Problem in Network Security
http://bit.ly/2XHRR5B
Submitted April 26, 2019 at 01:08AM by MixModeAI
via reddit http://bit.ly/2GMk7NN
http://bit.ly/2XHRR5B
Submitted April 26, 2019 at 01:08AM by MixModeAI
via reddit http://bit.ly/2GMk7NN
MixMode (formerly PacketSled)
How AI is Solving the False Positives Problem in Network Security | MixMode (formerly PacketSled)
Chief Scientist explains how context-aware AI is helping solve alert fatigue in the SOC and the path to building an automated brain for network security.
Red Team Supply Chain Attacks in Modern Software Development Environments
http://bit.ly/2UCC5a5
Submitted April 26, 2019 at 12:38AM by myover
via reddit http://bit.ly/2XJTNue
http://bit.ly/2UCC5a5
Submitted April 26, 2019 at 12:38AM by myover
via reddit http://bit.ly/2XJTNue
Praetorian
Red Team Supply Chain Attacks in Modern Software Development Environments
The future of red teaming not only requires updated adversarial tradecraft – although that's a big part of it – but also a shift in buyer mindset to scope realistic scenarios that continue to test and challenge their defences.
Attaching to Windows Kernel with KDNET — a Short Guide
http://bit.ly/2GIslaQ
Submitted April 26, 2019 at 12:49PM by GelosSnake
via reddit http://bit.ly/2XDL10S
http://bit.ly/2GIslaQ
Submitted April 26, 2019 at 12:49PM by GelosSnake
via reddit http://bit.ly/2XDL10S
Medium
Attaching to Windows Kernel with KDNET — a Short Guide
Recently, I’ve been working on a task at work which required debugging a malicious Windows driver. To be able to do so, I had to set up a…
Exploring Continuous Integration Services as a Bug Bounty Hunter
http://bit.ly/2UX0gp1
Submitted April 26, 2019 at 06:57PM by benichmt1
via reddit http://bit.ly/2ZCnzD1
http://bit.ly/2UX0gp1
Submitted April 26, 2019 at 06:57PM by benichmt1
via reddit http://bit.ly/2ZCnzD1
EdOverflow
“CI Knew There Would Be Bugs Here” — Exploring Continuous Integration Services as a Bug Bounty Hunter
When it comes to bug bounty hunting and finding exciting areas to explore, it is vital to familiarise yourself with the technologies vendors, and companies rely on. One particularly interesting environment that caught our eye was popular integrations used…
Introducing Venator: A macOS tool for proactive detection
http://bit.ly/2ZsNWeN
Submitted April 26, 2019 at 07:48PM by digicat
via reddit http://bit.ly/2Vrkdnc
http://bit.ly/2ZsNWeN
Submitted April 26, 2019 at 07:48PM by digicat
via reddit http://bit.ly/2Vrkdnc
Posts By SpecterOps Team Members
Introducing Venator: A macOS tool for proactive detection
Background & Introduction
NYTimes: Marcus Hutchins Stopped a Global Cyberattack. Now He Deserves a Pardon.
https://nyti.ms/2GzQw9Y
Submitted April 26, 2019 at 08:31PM by wellstone
via reddit http://bit.ly/2GL5DyS
https://nyti.ms/2GzQw9Y
Submitted April 26, 2019 at 08:31PM by wellstone
via reddit http://bit.ly/2GL5DyS
NY Times
The WannaCry Hero Deserves a Pardon, Not a Conviction
Society owes this security researcher a very big favor.
Abusing the new default filter mode in Chrome to execute the XSS.
http://bit.ly/2L6eiA6
Submitted April 25, 2019 at 07:31PM by terjanq
via reddit http://bit.ly/2GKgUiU
http://bit.ly/2L6eiA6
Submitted April 25, 2019 at 07:31PM by terjanq
via reddit http://bit.ly/2GKgUiU
Medium
XSS-Auditor — the protector of unprotected
and the deceiver of protected.
Vulnhub Write-up —DC-1
http://bit.ly/2GK67oG
Submitted April 27, 2019 at 03:29AM by Eta-Meson
via reddit http://bit.ly/2Zz4py1
http://bit.ly/2GK67oG
Submitted April 27, 2019 at 03:29AM by Eta-Meson
via reddit http://bit.ly/2Zz4py1
Medium
Vulnhub Write-up —DC-1
This is the write-up of the Machine DC-1:1 from Vulnhub.
Dropping the password expiration policies (MS Security baseline for Win 10 / 2019)
http://bit.ly/2XFnFbq
Submitted April 27, 2019 at 04:48AM by the_gnarts
via reddit http://bit.ly/2V196Ss
http://bit.ly/2XFnFbq
Submitted April 27, 2019 at 04:48AM by the_gnarts
via reddit http://bit.ly/2V196Ss
reddit
r/netsec - Dropping the password expiration policies (MS Security baseline for Win 10 / 2019)
0 votes and 2 comments so far on Reddit
ARIN-prop-266: BGP Hijacking is an ARIN Policy Violation
http://bit.ly/2ZDSrmD
Submitted April 27, 2019 at 10:18AM by knotdjb
via reddit http://bit.ly/2UI4Xh6
http://bit.ly/2ZDSrmD
Submitted April 27, 2019 at 10:18AM by knotdjb
via reddit http://bit.ly/2UI4Xh6
www.arin.net
ARIN-prop-266: BGP Hijacking is an ARIN Policy Violation
Building your own JTAG, ISP, & Chip Off Lab
http://bit.ly/2ZAfRcJ
Submitted April 27, 2019 at 03:14PM by dukeofmola
via reddit http://bit.ly/2UEzzAl
http://bit.ly/2ZAfRcJ
Submitted April 27, 2019 at 03:14PM by dukeofmola
via reddit http://bit.ly/2UEzzAl
Farley Forensics
Building your own JTAG, ISP, & Chip Off Lab - Farley Forensics
Have you ever wanted to get started with JTAG, ISP, & Chip Off extractions but never knew what you needed to get started?
Docker Hub user data breach of 190,000 accounts
http://bit.ly/2W4UPkk
Submitted April 27, 2019 at 04:42PM by ston1th
via reddit http://bit.ly/2GM7IKS
http://bit.ly/2W4UPkk
Submitted April 27, 2019 at 04:42PM by ston1th
via reddit http://bit.ly/2GM7IKS
reddit
r/docker - Docker Hub user data breach of 190,000 accounts
93 votes and 16 comments so far on Reddit
sniff-paste: regex driven Pastebin OSINT Harvester
http://bit.ly/2XQBuDI
Submitted April 27, 2019 at 06:37PM by amusciano
via reddit http://bit.ly/2vqY21G
http://bit.ly/2XQBuDI
Submitted April 27, 2019 at 06:37PM by amusciano
via reddit http://bit.ly/2vqY21G
GitHub
needmorecowbell/sniff-paste
Pastebin OSINT Harvester. Contribute to needmorecowbell/sniff-paste development by creating an account on GitHub.
MuddyWater leak (OnGoing)
http://bit.ly/2GBKkhQ
Submitted April 27, 2019 at 07:45PM by GelosSnake
via reddit http://bit.ly/2J0mfUC
http://bit.ly/2GBKkhQ
Submitted April 27, 2019 at 07:45PM by GelosSnake
via reddit http://bit.ly/2J0mfUC
reddit
r/netsec - MuddyWater leak (OnGoing)
0 votes and 0 comments so far on Reddit
Hack The Box - Irked Write-up by 0xRick
http://bit.ly/2GOQb4E
Submitted April 27, 2019 at 08:32PM by Ahm3d_H3sham
via reddit http://bit.ly/2DA5qfC
http://bit.ly/2GOQb4E
Submitted April 27, 2019 at 08:32PM by Ahm3d_H3sham
via reddit http://bit.ly/2DA5qfC
0xRick Owned Root !
Hack The Box - Irked
Quick Summary Hey guys, today Irked retired and here’s my write-up about it. It was an easy straightforward machine, no rabbit holes and such things. To get an initial shell on the box we will exploit an RCE vulnerable irc server called UnrealIRCd. After…
6 buckets of a security bug (for product security teams)
http://bit.ly/2INBgd2
Submitted April 27, 2019 at 10:50PM by nibblesec
via reddit http://bit.ly/2IJWrwN
http://bit.ly/2INBgd2
Submitted April 27, 2019 at 10:50PM by nibblesec
via reddit http://bit.ly/2IJWrwN
reddit
r/netsec - 6 buckets of a security bug (for product security teams)
0 votes and 0 comments so far on Reddit