[PDF] “Johnny, you are fired!” – Spoofing OpenPGP and S/MIME Signatures in Emails
http://bit.ly/2J19VDI
Submitted May 01, 2019 at 01:50AM by _vavkamil_
via reddit http://bit.ly/2DDVP7E
http://bit.ly/2J19VDI
Submitted May 01, 2019 at 01:50AM by _vavkamil_
via reddit http://bit.ly/2DDVP7E
GitHub
RUB-NDS/Johnny-You-Are-Fired
Artifacts for the USENIX publication. Contribute to RUB-NDS/Johnny-You-Are-Fired development by creating an account on GitHub.
What I Learned After a Year as a Cybersecurity Mentor
http://bit.ly/2Pyt7d2
Submitted May 01, 2019 at 02:33AM by DorkNowitzki41
via reddit http://bit.ly/2GWgkic
http://bit.ly/2Pyt7d2
Submitted May 01, 2019 at 02:33AM by DorkNowitzki41
via reddit http://bit.ly/2GWgkic
VeteranSec
What I Learned After a Year as a Cybersecurity Mentor
When I
From Workstation to Domain Admin: Why Secure Administration Isn’t Secure and How to Fix It by Sean Metcalf
http://bit.ly/2PExROh
Submitted May 01, 2019 at 04:18AM by dukeofmola
via reddit http://bit.ly/2WeD5TH
http://bit.ly/2PExROh
Submitted May 01, 2019 at 04:18AM by dukeofmola
via reddit http://bit.ly/2WeD5TH
Insinuator.net
#TR19 Active Directory Security Summaries
This blogpost contains summaries of talks from this year’s TROOPERS19 Active Directory Security Track.
From Workstation to Domain Admin: Why Secure Administration Isn't Secure and How to Fix It by Sean Metcalf
Active Directory is probably used in almost…
From Workstation to Domain Admin: Why Secure Administration Isn't Secure and How to Fix It by Sean Metcalf
Active Directory is probably used in almost…
The /r/netsec Monthly Discussion Thread - May 2019
OverviewQuestions regarding netsec and discussion related directly to netsec are welcome here.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on /r/netsec.As always, the content & discussion guidelines should also be observed on /r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted May 01, 2019 at 10:06AM by AutoModerator
via reddit http://bit.ly/2LoV1K2
OverviewQuestions regarding netsec and discussion related directly to netsec are welcome here.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on /r/netsec.As always, the content & discussion guidelines should also be observed on /r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted May 01, 2019 at 10:06AM by AutoModerator
via reddit http://bit.ly/2LoV1K2
Reddit
Technical Information Security Content & Discussion
/r/netsec is a community-curated aggregator of technical information security content. Our mission is to extract signal from the noise — to provide value to security practitioners, students, researchers, and hackers everywhere.
Vulmap: Online Local Vulnerability Scanners Project
http://bit.ly/2J7fDns
Submitted May 01, 2019 at 01:26PM by drodrouw
via reddit http://bit.ly/2GUT4Rl
http://bit.ly/2J7fDns
Submitted May 01, 2019 at 01:26PM by drodrouw
via reddit http://bit.ly/2GUT4Rl
GitHub
vulmon/Vulmap
Vulmap Online Local Vulnerability Scanners Project - vulmon/Vulmap
5 Reasons Your Network Infrastructure Needs an Upgrade
http://bit.ly/2XQqWEA
Submitted May 01, 2019 at 01:55PM by anubhavsingh2709
via reddit http://bit.ly/2IUfyEC
http://bit.ly/2XQqWEA
Submitted May 01, 2019 at 01:55PM by anubhavsingh2709
via reddit http://bit.ly/2IUfyEC
elink
5 Reasons Your Network Infrastructure Needs an Upgrade
RCE in CGI Servlet – Apache Tomcat on Windows – CVE-2019-0232
http://bit.ly/2vubCl3
Submitted May 01, 2019 at 04:38PM by nightwatchcyber
via reddit http://bit.ly/2Vvgl4L
http://bit.ly/2vubCl3
Submitted May 01, 2019 at 04:38PM by nightwatchcyber
via reddit http://bit.ly/2Vvgl4L
Nightwatch Cybersecurity
Remote Code Execution (RCE) in CGI Servlet – Apache Tomcat on Windows – CVE-2019-0232
Summary Apache Tomcat has a vulnerability in the CGI Servlet which can be exploited to achieve remote code execution (RCE). This is only exploitable when running on Windows in a non-default configu…
Packaging the PwnedPassword data set
http://bit.ly/2URzqK3
Submitted May 01, 2019 at 05:12PM by fish-
via reddit http://bit.ly/2LhoHsF
http://bit.ly/2URzqK3
Submitted May 01, 2019 at 05:12PM by fish-
via reddit http://bit.ly/2LhoHsF
Why I deactivated Tesla app access
http://bit.ly/2J7qJZI
Submitted May 01, 2019 at 06:25PM by Pokaw0
via reddit http://bit.ly/2IUaOhY
http://bit.ly/2J7qJZI
Submitted May 01, 2019 at 06:25PM by Pokaw0
via reddit http://bit.ly/2IUaOhY
reddit
r/netsec - Why I deactivated Tesla app access
0 votes and 2 comments so far on Reddit
lor-axe: Multithreaded Slow HTTP DOS tool for stress testing web-servers. Written in 100% Safe Rust
http://bit.ly/2Y0zwRn
Submitted May 01, 2019 at 08:51PM by ajmwagar
via reddit http://bit.ly/2GXxU5o
http://bit.ly/2Y0zwRn
Submitted May 01, 2019 at 08:51PM by ajmwagar
via reddit http://bit.ly/2GXxU5o
GitHub
ajmwagar/lor-axe
🪓 a multi-threaded, low-bandwidth HTTP DOS tool. Contribute to ajmwagar/lor-axe development by creating an account on GitHub.
Remote Code Execution on most Dell computers
http://bit.ly/2VD63PQ
Submitted May 02, 2019 at 12:00AM by hacker_rodeo
via reddit http://bit.ly/2UTgytV
http://bit.ly/2VD63PQ
Submitted May 02, 2019 at 12:00AM by hacker_rodeo
via reddit http://bit.ly/2UTgytV
d4stiny.github.io
Remote Code Execution on most Dell computers
What computer do you use? Who made it? Have you ever thought about what came with your computer? When we think of Remote Code Execution (RCE) vulnerabilities in mass, we might think of vulnerabilities in the operating system, but another attack vector to…
Data Exfiltration via GCP Storage Buckets (PoC)
http://bit.ly/2PFclco
Submitted May 02, 2019 at 01:48AM by myover
via reddit http://bit.ly/2LgEGHC
http://bit.ly/2PFclco
Submitted May 02, 2019 at 01:48AM by myover
via reddit http://bit.ly/2LgEGHC
Praetorian
Cloud Data Exfiltration via GCP Storage Buckets and How to Prevent It
On a recent engagement, we gained the ability to execute code on a pod which we compromised through a SQL injection vulnerability. With the SQL injection, we could write pickled python objects to a table in a database and those objects would be unpickled…
Zero to Hero Pentesting
http://bit.ly/2DHEb2N
Submitted May 02, 2019 at 02:25AM by DorkNowitzki41
via reddit http://bit.ly/2XYeOBF
http://bit.ly/2DHEb2N
Submitted May 02, 2019 at 02:25AM by DorkNowitzki41
via reddit http://bit.ly/2XYeOBF
Cybersecurity Training | The Cyber Mentor
Zero to Hero Pentesting | Cybersecurity Training | The Cyber Mentor
The Cyber Mentor provides cybersecurity and penetration testing training via Twitch, YouTube, and more.
A free repo of AWS Security Configuration Items
https://asecure.cloud
Submitted May 02, 2019 at 02:23AM by elitistAlmond
via reddit http://bit.ly/2GWgHcs
https://asecure.cloud
Submitted May 02, 2019 at 02:23AM by elitistAlmond
via reddit http://bit.ly/2GWgHcs
asecure.cloud
ASecureCloud: Your AI-Powered Cloud Advisor
Build, secure and operate your AWS cloud environments
Insane bad security for download server from O&O "ShutUp10" tool
http://bit.ly/2LingdC
Submitted May 02, 2019 at 03:51AM by rediii123
via reddit http://bit.ly/2JacrYu
http://bit.ly/2LingdC
Submitted May 02, 2019 at 03:51AM by rediii123
via reddit http://bit.ly/2JacrYu
Azure Security Logging – part 2: security-logging capabilities of Azure resources
http://bit.ly/2ISO2GI
Submitted May 02, 2019 at 02:59PM by daanraman
via reddit http://bit.ly/2VDfqPK
http://bit.ly/2ISO2GI
Submitted May 02, 2019 at 02:59PM by daanraman
via reddit http://bit.ly/2VDfqPK
NVISO Labs
Azure Security Logging – part 2: security-logging capabilities of Azure resources
In this second blog post in a series about Azure Security Logging, we will focus on some of the key services that are used in most Azure deployments. We go into detail how logging can be enabled, w…
Strong password dilemma: tips on securing your data online
http://bit.ly/2VMsv9z
Submitted May 02, 2019 at 07:12PM by ArchieJackson
via reddit http://bit.ly/2Y8FMH1
http://bit.ly/2VMsv9z
Submitted May 02, 2019 at 07:12PM by ArchieJackson
via reddit http://bit.ly/2Y8FMH1
Medium
Strong password dilemma: tips on securing your data online
Problems with passwords in 2019
Why You Shouldn't Use a Password Manager For Your Linode Account
http://bit.ly/2UVz6K3
Submitted May 02, 2019 at 06:25PM by utku1337
via reddit http://bit.ly/2Y2Eddk
http://bit.ly/2UVz6K3
Submitted May 02, 2019 at 06:25PM by utku1337
via reddit http://bit.ly/2Y2Eddk
Utkusen
Why You Shouldn't Use a Password Manager For Your Linode Account
I was trying to find an anomaly on popular password managers. After a while, I realized that the most popular password managers such as Lastpass, 1password, Dashlane are supporting form autofill on subdomains by default. Which means, when I use a password…
BadWPAD, DNS suffix and wpad.pl / wpadblocking.com case
http://bit.ly/2GQQ0EJ
Submitted May 02, 2019 at 09:19PM by adamziaja_com
via reddit http://bit.ly/2V7hQGG
http://bit.ly/2GQQ0EJ
Submitted May 02, 2019 at 09:19PM by adamziaja_com
via reddit http://bit.ly/2V7hQGG
blog.redteam.pl
BadWPAD, DNS suffix and wpad.pl / wpadblocking.com case
Techblog o cyberbezpieczeństwie
TCP/IP over Amazon Cloudwatch Logs
http://bit.ly/2Vgd9uw
Submitted May 02, 2019 at 11:08PM by nexxai
via reddit http://bit.ly/2GXUmv0
http://bit.ly/2Vgd9uw
Submitted May 02, 2019 at 11:08PM by nexxai
via reddit http://bit.ly/2GXUmv0
Medium
TCP/IP over Amazon Cloudwatch Logs
Running network services inside AWS Lambda Functions
Process Injection and Process Hollowing Tool Release (Vulcan)
http://bit.ly/2VE8HoI
Submitted May 02, 2019 at 10:32PM by myover
via reddit http://bit.ly/2LhIb0d
http://bit.ly/2VE8HoI
Submitted May 02, 2019 at 10:32PM by myover
via reddit http://bit.ly/2LhIb0d
Praetorian
Process Injection and Process Hollowing (ATT&CK T1055 & T1093)
We are releasing Vulcan, a tool to make it easy and fast to test various forms of injection. All of the techniques included are already public. Vulcan brings them together in a single tool to test endpoint detection and response (EDR) coverage so that you…