Public DNS in Taiwan the latest victim to BGP hijack
http://bit.ly/2Wcog7Y

Submitted May 31, 2019 at 11:30PM by danyork
via reddit http://bit.ly/2I9Dota

Analyzing a Coin Mining and Remote Access Hybrid Campaign
http://bit.ly/2KhoDHl

Submitted May 31, 2019 at 11:45PM by kindredsec
via reddit http://bit.ly/2Ke08uq

Exploiting File Uploads Pt. 1 – MIME Sniffing to Stored XSS
http://bit.ly/2WAaLOR

Submitted May 31, 2019 at 11:53PM by deft3
via reddit http://bit.ly/2XjE8Sz

Pgen – Command-line passphrase generator
The EFF has made and published three lists of words to use that are easy to spell and generally easy to remember.I wrote a command-line tool in Rust for generating passphrase using these wordlists. I use it myself any time I need a password.My tool is fast, free of charge, open source and it can also tell you the entropy that will result for any given choice of number of words.For example let’s say I want it to give me four words from the long wordlist, and I want to know how many bits of entropy this corresponds to.

pgen -l -n 4 -e Current settings will create passphrases with 51.70 bits of entropy. 

51.70 bits of entropy.What does that mean, you might ask.The Wikipedia article on password strength (https://en.wikipedia.org/wiki/Password_strength) explains it well:A password with an entropy of 42 bits calculated in this way would be as strong as a string of 42 bits chosen randomly, for example by a fair coin toss. Put another way, a password with an entropy of 42 bits would require 242 (4,398,046,511,104) attempts to exhaust all possibilities during a brute force search. Thus, by increasing the entropy of the password by one bit the number of guesses required doubles, making an attacker's task twice as difficult. On average, an attacker will have to try half the possible number of passwords before finding the correct one.Ok, so how good is 51.70 bits of entropy?Wikipedia, same article again:The minimum number of bits of entropy needed for a password depends on the threat model for the given application. [...] RFC 4086, "Randomness Requirements for Security", presents some example threat models and how to calculate the entropy desired for each one. Their answers vary between 29 bits of entropy needed if only online attacks are expected, and up to 96 bits of entropy needed for important cryptographic keys used in applications like encryption where the password or key needs to be secure for a long period of time and stretching isn't applicable.So let's say that you are satisfied with 51.70 bits of entropy in this case. What does a password like that look like? Let's generate one.

pgen -l -n 4 plastic case refocus demise 

Pretty memorable right? :)Oh yeah, and about the claim that it's fast. Just how fast is it? Have a look.

time pgen -l -n 4 browbeat hummus sandbox unfixable real 0m0.005s user 0m0.001s sys 0m0.006s 

That's 5 milliseconds.But hey, let's say we wanted to generate a bunch of passphrases at once.How much time does it take to generate 10.000 passphrases and dump them into a text file?

time pgen -l -n 4 -k 10000 > 10k.txt real 0m0.132s user 0m0.073s sys 0m0.058s 

About zero point one seconds. Not that generating 10.000 passphrases is something that you are likely to do, but it just speaks to how fast this tool is ^^Source and instructions on how to install it are on GitHub.https://github.com/ctsrc/Pgen

Submitted May 31, 2019 at 10:27PM by codetrotter
via reddit http://bit.ly/2ENBxsS

Passive DNS - a tutorial to setup your own Passive DNS using D4 Project
http://bit.ly/2WzGpvR

Submitted June 01, 2019 at 02:13AM by adulau
via reddit http://bit.ly/2Mm1MwL

The /r/netsec Monthly Discussion Thread - June 2019
OverviewQuestions regarding netsec and discussion related directly to netsec are welcome here.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on /r/netsec.As always, the content & discussion guidelines should also be observed on /r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.

Submitted June 01, 2019 at 10:06AM by AutoModerator
via reddit http://bit.ly/2HP2A9e

Disclosing TOR users' real IP address through 301 HTTP Redirect Cache Poisoning
http://bit.ly/30YpGSl

Submitted June 01, 2019 at 10:32AM by piotrd_
via reddit http://bit.ly/2WhPFFJ

Using osquery for remote forensics
http://bit.ly/2We36X2

Submitted June 01, 2019 at 10:53AM by digicat
via reddit http://bit.ly/2JSoNFI

Hack The Box - Sizzle Write-up by 0xRick
http://bit.ly/2XkxmMm

Submitted June 01, 2019 at 08:33PM by Ahm3d_H3sham
via reddit http://bit.ly/2Iaig5N

Information Security Mental Models
http://bit.ly/2VZYOhd

Submitted June 02, 2019 at 01:09PM by atomlib_com
via reddit http://bit.ly/2KhQhno

A life of crime
http://bit.ly/2wlN9Pu

Submitted June 02, 2019 at 03:12PM by bvdbijl
via reddit http://bit.ly/2wwY34T

First of a kind? Mobile web application vulnerability scanner app for Android by Vulners
http://bit.ly/313lDnV

Submitted June 03, 2019 at 01:03PM by isox_xx
via reddit http://bit.ly/2Wfhh9K

Social influence on security sensitivity
http://bit.ly/2KgBTfa

Submitted June 03, 2019 at 05:03PM by PrizeControl
via reddit http://bit.ly/2Z6MaP9

Code Analysis of Basic Cryptomining Malware
http://bit.ly/2EOq64o

Submitted June 03, 2019 at 09:54PM by kindredsec
via reddit http://bit.ly/312kEEo

NVIDIA GeForce Experience OS Command Injection: CVE-2019-5678
http://bit.ly/2W8SML3

Submitted June 03, 2019 at 09:24PM by hackers_and_builders
via reddit http://bit.ly/2WEj5xb

Fraud and Deception (Part 1)
http://bit.ly/2QJ0PNS

Submitted June 04, 2019 at 12:59AM by skeeto
via reddit http://bit.ly/2EQehKZ

BlueKeep PoC
http://bit.ly/30VDnBu

Submitted June 04, 2019 at 02:02AM by bill__24
via reddit http://bit.ly/2Wf32Br

NorthSec 2019 — Windows Track Writeup
http://bit.ly/2Ih3uug

Submitted June 04, 2019 at 05:04AM by becojo
via reddit http://bit.ly/2ESJ5dU

Repository of malware samples paired with blog writeups
http://bit.ly/2WzVk6j

Submitted June 04, 2019 at 03:53AM by amusciano
via reddit http://bit.ly/2KnNmtz

I wonder where Huawei will be in 6 months.
http://bit.ly/2wy2AUF

Submitted June 04, 2019 at 03:45AM by MLTechi
via reddit http://bit.ly/2WlJosK

Reverse Engineering of a Not-so-Secure IoT Device
http://bit.ly/2HLyjIo

Submitted June 04, 2019 at 01:19PM by nada_mau
via reddit http://bit.ly/2XjL1n3