A new super light protocol resistant to Eclipse Attacks
http://bit.ly/2WvagW8

Submitted May 31, 2019 at 08:08AM by yahsintw
via reddit http://bit.ly/2WfE61z

My thoughts after my first (real) attempt at Hackthebox - Beginner Guides - 0x00sec
http://bit.ly/2Mlz6nH

Submitted May 31, 2019 at 01:33PM by Evil1337
via reddit http://bit.ly/2HMwGdp

I made this tool to look for all the build logs of CI tools such as Travis-CI which can then be used to find sensitive information
http://bit.ly/2KgHKkK

Submitted May 31, 2019 at 03:55PM by darshkpatel
via reddit http://bit.ly/2YWQu3x

Bypass default AppLocker rules - A post about a small discovery in AppLocker
http://bit.ly/2wEIHLT

Submitted May 31, 2019 at 05:50PM by oddvarmoe
via reddit http://bit.ly/30X1oZ0

Infosec career path
http://bit.ly/2Z00M36

Submitted May 31, 2019 at 09:08PM by trajanhorses
via reddit http://bit.ly/2MvEHbk

Public DNS in Taiwan the latest victim to BGP hijack
http://bit.ly/2Wcog7Y

Submitted May 31, 2019 at 11:30PM by danyork
via reddit http://bit.ly/2I9Dota

Analyzing a Coin Mining and Remote Access Hybrid Campaign
http://bit.ly/2KhoDHl

Submitted May 31, 2019 at 11:45PM by kindredsec
via reddit http://bit.ly/2Ke08uq

Exploiting File Uploads Pt. 1 – MIME Sniffing to Stored XSS
http://bit.ly/2WAaLOR

Submitted May 31, 2019 at 11:53PM by deft3
via reddit http://bit.ly/2XjE8Sz

Pgen – Command-line passphrase generator
The EFF has made and published three lists of words to use that are easy to spell and generally easy to remember.I wrote a command-line tool in Rust for generating passphrase using these wordlists. I use it myself any time I need a password.My tool is fast, free of charge, open source and it can also tell you the entropy that will result for any given choice of number of words.For example let’s say I want it to give me four words from the long wordlist, and I want to know how many bits of entropy this corresponds to.

pgen -l -n 4 -e Current settings will create passphrases with 51.70 bits of entropy. 

51.70 bits of entropy.What does that mean, you might ask.The Wikipedia article on password strength (https://en.wikipedia.org/wiki/Password_strength) explains it well:A password with an entropy of 42 bits calculated in this way would be as strong as a string of 42 bits chosen randomly, for example by a fair coin toss. Put another way, a password with an entropy of 42 bits would require 242 (4,398,046,511,104) attempts to exhaust all possibilities during a brute force search. Thus, by increasing the entropy of the password by one bit the number of guesses required doubles, making an attacker's task twice as difficult. On average, an attacker will have to try half the possible number of passwords before finding the correct one.Ok, so how good is 51.70 bits of entropy?Wikipedia, same article again:The minimum number of bits of entropy needed for a password depends on the threat model for the given application. [...] RFC 4086, "Randomness Requirements for Security", presents some example threat models and how to calculate the entropy desired for each one. Their answers vary between 29 bits of entropy needed if only online attacks are expected, and up to 96 bits of entropy needed for important cryptographic keys used in applications like encryption where the password or key needs to be secure for a long period of time and stretching isn't applicable.So let's say that you are satisfied with 51.70 bits of entropy in this case. What does a password like that look like? Let's generate one.

pgen -l -n 4 plastic case refocus demise 

Pretty memorable right? :)Oh yeah, and about the claim that it's fast. Just how fast is it? Have a look.

time pgen -l -n 4 browbeat hummus sandbox unfixable real 0m0.005s user 0m0.001s sys 0m0.006s 

That's 5 milliseconds.But hey, let's say we wanted to generate a bunch of passphrases at once.How much time does it take to generate 10.000 passphrases and dump them into a text file?

time pgen -l -n 4 -k 10000 > 10k.txt real 0m0.132s user 0m0.073s sys 0m0.058s 

About zero point one seconds. Not that generating 10.000 passphrases is something that you are likely to do, but it just speaks to how fast this tool is ^^Source and instructions on how to install it are on GitHub.https://github.com/ctsrc/Pgen

Submitted May 31, 2019 at 10:27PM by codetrotter
via reddit http://bit.ly/2ENBxsS

Passive DNS - a tutorial to setup your own Passive DNS using D4 Project
http://bit.ly/2WzGpvR

Submitted June 01, 2019 at 02:13AM by adulau
via reddit http://bit.ly/2Mm1MwL

The /r/netsec Monthly Discussion Thread - June 2019
OverviewQuestions regarding netsec and discussion related directly to netsec are welcome here.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on /r/netsec.As always, the content & discussion guidelines should also be observed on /r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.

Submitted June 01, 2019 at 10:06AM by AutoModerator
via reddit http://bit.ly/2HP2A9e

Disclosing TOR users' real IP address through 301 HTTP Redirect Cache Poisoning
http://bit.ly/30YpGSl

Submitted June 01, 2019 at 10:32AM by piotrd_
via reddit http://bit.ly/2WhPFFJ

Using osquery for remote forensics
http://bit.ly/2We36X2

Submitted June 01, 2019 at 10:53AM by digicat
via reddit http://bit.ly/2JSoNFI

Hack The Box - Sizzle Write-up by 0xRick
http://bit.ly/2XkxmMm

Submitted June 01, 2019 at 08:33PM by Ahm3d_H3sham
via reddit http://bit.ly/2Iaig5N

Information Security Mental Models
http://bit.ly/2VZYOhd

Submitted June 02, 2019 at 01:09PM by atomlib_com
via reddit http://bit.ly/2KhQhno

A life of crime
http://bit.ly/2wlN9Pu

Submitted June 02, 2019 at 03:12PM by bvdbijl
via reddit http://bit.ly/2wwY34T

First of a kind? Mobile web application vulnerability scanner app for Android by Vulners
http://bit.ly/313lDnV

Submitted June 03, 2019 at 01:03PM by isox_xx
via reddit http://bit.ly/2Wfhh9K

Social influence on security sensitivity
http://bit.ly/2KgBTfa

Submitted June 03, 2019 at 05:03PM by PrizeControl
via reddit http://bit.ly/2Z6MaP9

Code Analysis of Basic Cryptomining Malware
http://bit.ly/2EOq64o

Submitted June 03, 2019 at 09:54PM by kindredsec
via reddit http://bit.ly/312kEEo

NVIDIA GeForce Experience OS Command Injection: CVE-2019-5678
http://bit.ly/2W8SML3

Submitted June 03, 2019 at 09:24PM by hackers_and_builders
via reddit http://bit.ly/2WEj5xb

Fraud and Deception (Part 1)
http://bit.ly/2QJ0PNS

Submitted June 04, 2019 at 12:59AM by skeeto
via reddit http://bit.ly/2EQehKZ