Your Developers Should be Your SDLC Immune System
https://ift.tt/35h0Sa8
Submitted December 11, 2019 at 11:51AM by DebugDucky
via reddit https://ift.tt/2PwD3Eo
https://ift.tt/35h0Sa8
Submitted December 11, 2019 at 11:51AM by DebugDucky
via reddit https://ift.tt/2PwD3Eo
blog.adversary.io
Your Developers Should be Your SDLC Immune System
The secure development lifecycle (SDLC) of an organization is not unlike the immune system of an organism. Here's how to strengthen your security health.
Persistence – Office Application Startup
https://ift.tt/2RCep89
Submitted December 11, 2019 at 04:22PM by netbiosX
via reddit https://ift.tt/2YF9K6B
https://ift.tt/2RCep89
Submitted December 11, 2019 at 04:22PM by netbiosX
via reddit https://ift.tt/2YF9K6B
Penetration Testing Lab
Persistence – Office Application Startup
Microsoft Office is the most popular product in Windows operating systems since it allows users to write and edit documents, create and present slides, gather notes, sent emails and perform calcula…
South Korea’s security agencies predict more crypto exchange hacks in 2020
https://ift.tt/2LICrKX
Submitted December 11, 2019 at 09:53PM by Tennis3765
via reddit https://ift.tt/2E8Xl1w
https://ift.tt/2LICrKX
Submitted December 11, 2019 at 09:53PM by Tennis3765
via reddit https://ift.tt/2E8Xl1w
Decrypt
South Korea’s security agencies predict more hacks in 2020 - Decrypt
Korea Internet & Security Agency (KISA) and the nation's top security firms said last week that they anticipate more crypto hacks in 2020.
Deserialized Double Dirty - Exploiting CVE-2017-12149
https://ift.tt/2LH7s1G
Submitted December 11, 2019 at 10:42PM by coalfirelabs
via reddit https://ift.tt/2LLEvBF
https://ift.tt/2LH7s1G
Submitted December 11, 2019 at 10:42PM by coalfirelabs
via reddit https://ift.tt/2LLEvBF
Coalfire.com
Deserialized Double Dirty
Resource covering the most important issues in IT security and compliance as well as insights on IT GRC issues that impact the industries that we serve.
Gold-Nuggeting: open-source tool to find outstanding network devices using machine learning on nmap scan report
https://ift.tt/2rFLvt9
Submitted December 12, 2019 at 12:29AM by soruso_laquinta
via reddit https://ift.tt/35dIgaW
https://ift.tt/2rFLvt9
Submitted December 12, 2019 at 12:29AM by soruso_laquinta
via reddit https://ift.tt/35dIgaW
GitHub
delvelabs/batea
AI-based, context-driven network device ranking. Contribute to delvelabs/batea development by creating an account on GitHub.
An introduction to the Router Exploit Kits
https://ift.tt/2EawYIA
Submitted December 12, 2019 at 01:31AM by _vavkamil_
via reddit https://ift.tt/38tasZl
https://ift.tt/2EawYIA
Submitted December 12, 2019 at 01:31AM by _vavkamil_
via reddit https://ift.tt/38tasZl
reddit
An introduction to the Router Exploit Kits
Posted in r/netsec by u/_vavkamil_ • 2 points and 0 comments
The “security.txt” proposal reached last step in the IETF process
https://ift.tt/2PBdVwh
Submitted December 12, 2019 at 02:44AM by nightwatchcyber
via reddit https://ift.tt/2rAZ1hu
https://ift.tt/2PBdVwh
Submitted December 12, 2019 at 02:44AM by nightwatchcyber
via reddit https://ift.tt/2rAZ1hu
reddit
The “security.txt” proposal reached last step in the IETF process
Posted in r/netsec by u/nightwatchcyber • 1 point and 0 comments
Cloud Network Security 101: AWS Security Groups vs NACLs
https://ift.tt/2m376so
Submitted December 12, 2019 at 03:06AM by OnlyInstruction
via reddit https://ift.tt/34iySla
https://ift.tt/2m376so
Submitted December 12, 2019 at 03:06AM by OnlyInstruction
via reddit https://ift.tt/34iySla
www.fugue.co
Cloud Network Security 101: AWS Security Groups vs NACLs
Cloud Network Security: AWS Security Groups vs NACLs. Both methods secure your network within Amazon Web Services.
Azure Privilege Escalation via Cloud Shell Storage File Modification
https://ift.tt/2t6OYS1
Submitted December 12, 2019 at 04:04AM by kfosaaen
via reddit https://ift.tt/36oAlYr
https://ift.tt/2t6OYS1
Submitted December 12, 2019 at 04:04AM by kfosaaen
via reddit https://ift.tt/36oAlYr
NetSPI Blog
Azure Privilege Escalation via Cloud Shell
Attacking an Azure environment that uses Cloud shell? Here are a couple of techniques that you can use to pivot and escalate privileges using Cloud shell.
Squiz Matrix CMS - Multiple Vulnerabilities [PDF]
https://ift.tt/2LMMgHy
Submitted December 12, 2019 at 08:04AM by Gallus
via reddit https://ift.tt/2RPzyff
https://ift.tt/2LMMgHy
Submitted December 12, 2019 at 08:04AM by Gallus
via reddit https://ift.tt/2RPzyff
Local Privilege Escalation in OpenBSD's dynamic loader (CVE-2019-19726)
https://ift.tt/2tbHJIx
Submitted December 12, 2019 at 09:22AM by th3typh00n
via reddit https://ift.tt/2PzZwQY
https://ift.tt/2tbHJIx
Submitted December 12, 2019 at 09:22AM by th3typh00n
via reddit https://ift.tt/2PzZwQY
reddit
Local Privilege Escalation in OpenBSD's dynamic loader...
Posted in r/netsec by u/th3typh00n • 2 points and 1 comment
Cracking Linux disk encryption (LUKS2) passphrases
https://ift.tt/2LNalOJ
Submitted December 12, 2019 at 02:45PM by div3rto
via reddit https://ift.tt/38x4lTZ
https://ift.tt/2LNalOJ
Submitted December 12, 2019 at 02:45PM by div3rto
via reddit https://ift.tt/38x4lTZ
diverto.github.io
Cracking LUKS/dm-crypt passphrases
Linux uses dm-crypt in order to provide transparent disk or partition encryption. What are the options in case you need to recover passphrase from such encryption? There are already ready-made tools, but we have also produced and published our own in order…
KeyWe Smart Lock - unauthorized access and traffic interception
https://ift.tt/2LOFOQp
Submitted December 12, 2019 at 02:26PM by hun7err
via reddit https://ift.tt/349J8vX
https://ift.tt/2LOFOQp
Submitted December 12, 2019 at 02:26PM by hun7err
via reddit https://ift.tt/349J8vX
Cached and Confused: Web Cache Deception in the Wild [PDF]
https://ift.tt/36tpcFS
Submitted December 12, 2019 at 02:25PM by albinowax
via reddit https://ift.tt/34g20Js
https://ift.tt/36tpcFS
Submitted December 12, 2019 at 02:25PM by albinowax
via reddit https://ift.tt/34g20Js
Updating adconnectdump - a journey into DPAPI
https://ift.tt/38qGLbf
Submitted December 12, 2019 at 08:37PM by got_nations
via reddit https://ift.tt/2sjoHzq
https://ift.tt/38qGLbf
Submitted December 12, 2019 at 08:37PM by got_nations
via reddit https://ift.tt/2sjoHzq
dirkjanm.io
Updating adconnectdump - a journey into DPAPI
Last year when I started playing with Azure I looked into Azure AD connect and how it stores its high privilege credentials. When I was revisiting this topic a few weeks ago, it turned out that some things had changed and my previous method of dumping credentials…
Live now: Watch the 2019 President's Cup hacking finals (Dec 12th 0745-1600 EST)
https://ift.tt/2rIkFAq
Submitted December 12, 2019 at 08:17PM by felddy
via reddit https://ift.tt/2rDqzTq
https://ift.tt/2rIkFAq
Submitted December 12, 2019 at 08:17PM by felddy
via reddit https://ift.tt/2rDqzTq
www.cisa.gov
CISA LIVE | CISA
2019 President's Cup Cybersecurity Competition
Event Date: December 12th, 2019, 07:45 a.m. - 4:00 p.m EST.
Event Date: December 12th, 2019, 07:45 a.m. - 4:00 p.m EST.
Winbox in the Wild: Port 8291 Scan Results
https://ift.tt/2Ec7KJQ
Submitted December 12, 2019 at 09:06PM by chicksdigthelongrun
via reddit https://ift.tt/2LLXJqS
https://ift.tt/2Ec7KJQ
Submitted December 12, 2019 at 09:06PM by chicksdigthelongrun
via reddit https://ift.tt/2LLXJqS
Medium
Winbox in the Wild
Port 8291 Scan Results
Thank you for your feedback! We are the top 5 searched for Hacked Password Validator!
https://hacware.com
Submitted December 12, 2019 at 09:18PM by hacware
via reddit https://ift.tt/38tssmh
https://hacware.com
Submitted December 12, 2019 at 09:18PM by hacware
via reddit https://ift.tt/38tssmh
Hacware
HacWare - 100% Automated Security Awareness & Training API
HacWare is an 100% automated security awareness training and
phishing simulation platform that is empowering organizations of all sizes to defend against evolving phishing attacks.
phishing simulation platform that is empowering organizations of all sizes to defend against evolving phishing attacks.
From iPhone to NT AUTHORITY\SYSTEM
https://ift.tt/2LISg4f
Submitted December 12, 2019 at 10:21PM by splinter_code
via reddit https://ift.tt/2LOz8Sx
https://ift.tt/2LISg4f
Submitted December 12, 2019 at 10:21PM by splinter_code
via reddit https://ift.tt/2LOz8Sx
Decoder's Blog
From iPhone to NT AUTHORITY\SYSTEM
As promised in my previous post , I will show you how to exploit the “Printconfig” dll with a real world example. But what does Apple’s iPhone have to do with it?? Well, keep on r…
What I Learned from Reverse Engineering Windows Containers
https://ift.tt/2M2U7Bd
Submitted December 13, 2019 at 01:23PM by pingpongfifa
via reddit https://ift.tt/2EpCTK5
https://ift.tt/2M2U7Bd
Submitted December 13, 2019 at 01:23PM by pingpongfifa
via reddit https://ift.tt/2EpCTK5
Unit42
What I Learned from Reverse Engineering Windows Containers
Our researcher provides an overview on containers - starting with their Linux history - and shows the different implementations of containers in Windows, how they work and the security pitfalls that may occur.
Security.txt – IESG issues final call for comment on proposed vulnerability reporting standard
https://ift.tt/34gOWDE
Submitted December 13, 2019 at 03:36PM by digicat
via reddit https://ift.tt/2EenQTq
https://ift.tt/34gOWDE
Submitted December 13, 2019 at 03:36PM by digicat
via reddit https://ift.tt/2EenQTq
The Daily Swig | Cybersecurity news and views
Security.txt – IESG issues final call for comment on proposed vulnerability reporting standard
Web security policy looks to streamline communication between researchers and organizations