A free repo of AWS Security Configuration Items
https://asecure.cloud

Submitted May 02, 2019 at 02:23AM by elitistAlmond
via reddit http://bit.ly/2GWgHcs

Insane bad security for download server from O&O "ShutUp10" tool
http://bit.ly/2LingdC

Submitted May 02, 2019 at 03:51AM by rediii123
via reddit http://bit.ly/2JacrYu

Azure Security Logging – part 2: security-logging capabilities of Azure resources
http://bit.ly/2ISO2GI

Submitted May 02, 2019 at 02:59PM by daanraman
via reddit http://bit.ly/2VDfqPK

Strong password dilemma: tips on securing your data online
http://bit.ly/2VMsv9z

Submitted May 02, 2019 at 07:12PM by ArchieJackson
via reddit http://bit.ly/2Y8FMH1

Why You Shouldn't Use a Password Manager For Your Linode Account
http://bit.ly/2UVz6K3

Submitted May 02, 2019 at 06:25PM by utku1337
via reddit http://bit.ly/2Y2Eddk

BadWPAD, DNS suffix and wpad.pl / wpadblocking.com case
http://bit.ly/2GQQ0EJ

Submitted May 02, 2019 at 09:19PM by adamziaja_com
via reddit http://bit.ly/2V7hQGG

TCP/IP over Amazon Cloudwatch Logs
http://bit.ly/2Vgd9uw

Submitted May 02, 2019 at 11:08PM by nexxai
via reddit http://bit.ly/2GXUmv0

Process Injection and Process Hollowing Tool Release (Vulcan)
http://bit.ly/2VE8HoI

Submitted May 02, 2019 at 10:32PM by myover
via reddit http://bit.ly/2LhIb0d

An Old Cisco OpenSSH Bug
http://bit.ly/2JaJknJ

Submitted May 02, 2019 at 07:32PM by corp_account
via reddit http://bit.ly/2Vb1f4J

GitHub - tg12/SecurityHeaders_GovUK: A scan of all .gov.uk sites for the most common security headers
http://bit.ly/2GRP8j8

Submitted May 02, 2019 at 10:10PM by Quick_Stick
via reddit http://bit.ly/2vATIwW

Open source SIRP with Elasticsearch and TheHive
http://bit.ly/2IW8Xt6

Submitted May 03, 2019 at 02:55AM by HurdyDurdy
via reddit http://bit.ly/2JbsqFw

<b>CCDC Red Team Live Q&A - 5/3 @ 12PM CST!</b>
<strong>Note: Submit your questions via Sli.do Q&A!!!</strong>Hey <a href="/r/netsec">/r/netsec! Dave and I are excited to announce a new Q&A with the Red Team! Thanks to <a href="/r/netsec">/r/netsec mods for supporting this event!Dave and myself are hosting the event and he's written a little denoscription below about what to expect!Dave's Introduction (<a href="/u/NCCDC_DCowen">/u/NCCDC_DCowen)Hello Reddit! My name is David Cowen and since 2007 I’ve been the captain of the <a href="https://nationalccdc.org">National Collegiate Cyber Defense Competition Red Team (also known as NCCDC). CCDC is a network security defense contest where student teams are pitted against real world information security professionals. Student teams or blue teams defend their networks while the security professionals or red team attempts to break in. CCDC is a competition open to any college (2 or 4 year) who gets together a team of up to 12 full time students, of which two can be graduate students. Eight of those team members can compete in a CCDC event, and the events usually last 10-25 hours of gameplay over two days.Teams first qualify locally and then can move on to regionals. There are 10 regionals around the US and the winning team from each is flown to the National Championship (NCCDC) to face my team.My team consists of professional penetration testers, reverse engineers, social engineers, security software developers and other security professionals who get to ignore the normal rules of the world for a weekend and try their dirtiest tricks against the best college teams in the nation. How dirty? In the real world we can’t just go around leaving custom malware and wiping systems but in NCCDC we can! It’s the ability to play a real bad guy that brings in very motivated attackers to be on my team. CCDC, and specifically NCCDC, is different from other computer security contests as the red team is the only attacker. The student teams (blue teams) are there to defend their network while achieving business objectives given to them by organizers posing as their CEO.The scenario differs but usually follows this basic scenario, you and your team have just taken over an already active IT infrastructure. The prior IT team was fired and you have to quickly jump in and get things in shape. At the exact time as the teams start entering their rooms and securing their systems, the red team is given the IP addresses of the teams and nothing else. We both walk in blind, the blue team gets a packet about their network including passwords while the red team gets a list of IP address ranges and from that point on it’s a race to see who will win. Our objective is to emulate sophisticated threats that, just like the real world, don't play by the rules. We apply this mindset to all teams and act as the adversarial force. The team that can demonstrate the best proficiency in responding, remediating, and eradicating our intrusions wins.This year, myself and Alex Levinson, one of my core Red Team members, are going to do a Livestream AMA on the Forensic Lunch podcast! In order to help anyone that can't listen in live, we've put up a sli.do where you can submit, and vote on questions ahead of time. The podcast will also be recorded and published for anyone unable to attend.We're looking forward to having an amazing discussion with anyone interested on Friday!David CowenNational CCDC Red Team CaptainWhoDavid Cowen, Red Team CaptainDavid Cowen, CISSP, is a partner at <a href="https://www.g-cpartners.com">G-C Partners, LLC based in Dallas, Texas. Mr. Cowen is one of the authors of <a href="https://www.amazon.com/Hacking-Exposed-Computer-Forensics-Second/dp/0071626778">Hacking Exposed: Computer Forensics first and second editions, the third edition of the <a href="https://www.amazon.com/Anti-Hacker-Tool-Third-Mike-Shema-ebook/dp/B005EPU86M/ref=sr_1_1?keywords=anti-hacker+tool+kit&qid=1556545701&s=books&sr=1-1-catcorr">Anti-Hacker…

How to Reverse Malware on macOS Without Getting Infected | Part 1
http://bit.ly/2ZGVCtR

Submitted May 03, 2019 at 11:16AM by jeandrew
via reddit http://bit.ly/2H6hjLB

Story of a Hundred Vulnerable Jenkins Plugins
http://bit.ly/2UY86to

Submitted May 03, 2019 at 10:14AM by digicat
via reddit http://bit.ly/2GY8Jj4

ESI Injection Part 2: Abusing specific implementations
http://bit.ly/2LxknWz

Submitted May 03, 2019 at 02:46PM by albinowax
via reddit http://bit.ly/2ZSliUr

Throwing 500 vm's at your fuzzing target being an individual security researcher
http://bit.ly/2VFlXcK

Submitted May 03, 2019 at 08:39PM by kciredor_
via reddit http://bit.ly/2UXDI2z

Comprehensive walk-through of CTF reverse engineering challenges
http://bit.ly/2VH5gNL

Submitted May 03, 2019 at 09:33PM by LloydLabs
via reddit http://bit.ly/2LlTRiK

Wormable XSS in Twitter
http://bit.ly/2ZUYpzR

Submitted May 03, 2019 at 06:31AM by _kidd0
via reddit http://bit.ly/2H05sQ0

Insider Threats - Importance & Prevention
http://bit.ly/2JkloOZ

Submitted May 04, 2019 at 02:01AM by Eta-Meson
via reddit http://bit.ly/2IXSl4g

Shifting Left on Cloud Security and Compliance (Establishing Baseline as Contract)
http://bit.ly/2ZXJoxg

Submitted May 04, 2019 at 11:36AM by OnlyInstruction
via reddit http://bit.ly/2PMGTsF

Every FireFox extensions disabled due to expiration of intermediate signing cert
https://mzl.la/2PLBfa8

Submitted May 04, 2019 at 02:20PM by RodolpheB
via reddit http://bit.ly/2WohBUc