endlessh: SSH tarpit that slowly sends an endless banner
https://ift.tt/2WgSvGv
Submitted December 28, 2019 at 04:51PM by drspeaker
via reddit https://ift.tt/2Ztt8UP
https://ift.tt/2WgSvGv
Submitted December 28, 2019 at 04:51PM by drspeaker
via reddit https://ift.tt/2Ztt8UP
GitHub
skeeto/endlessh
SSH tarpit that slowly sends an endless banner. Contribute to skeeto/endlessh development by creating an account on GitHub.
CORS Misconfigurations
https://ift.tt/2QuPFMD
Submitted December 28, 2019 at 09:55PM by ghostlulz
via reddit https://ift.tt/2QqzHn0
https://ift.tt/2QuPFMD
Submitted December 28, 2019 at 09:55PM by ghostlulz
via reddit https://ift.tt/2QqzHn0
Ghostlulz Hacks
Cross-Origin Resource Sharing (CORS) - Ghostlulz Hacks
Cross-Origin Resource Sharing (CORS) can be used to bypass the Same Origin Policy(SOP) and read sensitive user data.
Bumble: Finding dates and WiFi access points
https://ift.tt/2QsYpD5
Submitted December 28, 2019 at 10:25PM by theappanalyst
via reddit https://ift.tt/2Q5GKT9
https://ift.tt/2QsYpD5
Submitted December 28, 2019 at 10:25PM by theappanalyst
via reddit https://ift.tt/2Q5GKT9
reddit
Bumble: Finding dates and WiFi access points
Posted in r/netsec by u/theappanalyst • 2 points and 0 comments
Sleuthing from public sources to figure out how the Hateful Eight leaker was caught
https://ift.tt/37fzmKq
Submitted December 29, 2019 at 01:24AM by jjj98
via reddit https://ift.tt/2rA8q98
https://ift.tt/37fzmKq
Submitted December 29, 2019 at 01:24AM by jjj98
via reddit https://ift.tt/2rA8q98
Boing Boing
Sleuthing from public sources to figure out how the Hateful Eight leaker was caught
In 2014, Quentin Tarantino sued Gawker for publishing a link to a leaked pre-release screener of his movie “The Hateful Eight.” The ensuing court-case revealed that the screeners Tarant…
D-Link DIR-859 — Unautenticated RCE (CVE-2019–17621)
https://ift.tt/2t7ntYu
Submitted December 27, 2019 at 07:45AM by secenv
via reddit https://ift.tt/37eoSev
https://ift.tt/2t7ntYu
Submitted December 27, 2019 at 07:45AM by secenv
via reddit https://ift.tt/37eoSev
Medium
D-Link DIR-859 — Unautenticated RCE (CVE-2019–17621) [EN]
Researchers
NCSC Cyber Security Body Of Knowledge Published.
https://ift.tt/2oNGdu4
Submitted December 29, 2019 at 06:41AM by 1nt3rnalv01d
via reddit https://ift.tt/2Q5wKcj
https://ift.tt/2oNGdu4
Submitted December 29, 2019 at 06:41AM by 1nt3rnalv01d
via reddit https://ift.tt/2Q5wKcj
www.ncsc.gov.uk
First full version of the Cyber Security Body of Knowledge published
Authoritative guide to the foundational knowledge underpinning cyber security.
Demonstrating the Capital One breach on your own AWS account
https://ift.tt/2MBpX8d
Submitted December 29, 2019 at 04:40PM by sanitybit
via reddit https://ift.tt/37huqol
https://ift.tt/2MBpX8d
Submitted December 29, 2019 at 04:40PM by sanitybit
via reddit https://ift.tt/37huqol
GitHub
avishayil/caponeme
Repository demonstrating the Capital One breach on your AWS account - avishayil/caponeme
Various Android Apps allow anyone to remotely edit db/prefs due to debugging library in prod
https://ift.tt/354L618
Submitted December 29, 2019 at 04:16PM by Deletescape
via reddit https://ift.tt/2QvKMD8
https://ift.tt/354L618
Submitted December 29, 2019 at 04:16PM by Deletescape
via reddit https://ift.tt/2QvKMD8
deletescape
Debugging in prod: Maximizing user attack surface
Some people really just want to see their users and the world burn.
cve-search/git-vuln-finder - Finding potential software vulnerabilities from git commit messages
Finding potential software vulnerabilities from git commit messages. The output format is a JSON with the associated commits which could contain a fix regarding a software vulnerability. The search is based on a set of regular expressions against the commit messages only. If CVE IDs are present, those are added automatically in the output.https://github.com/cve-search/git-vuln-finder
Submitted December 28, 2019 at 08:40PM by adulau
via reddit https://ift.tt/37gFkuG
Finding potential software vulnerabilities from git commit messages. The output format is a JSON with the associated commits which could contain a fix regarding a software vulnerability. The search is based on a set of regular expressions against the commit messages only. If CVE IDs are present, those are added automatically in the output.https://github.com/cve-search/git-vuln-finder
Submitted December 28, 2019 at 08:40PM by adulau
via reddit https://ift.tt/37gFkuG
GitHub
GitHub - cve-search/git-vuln-finder: Finding potential software vulnerabilities from git commit messages
Finding potential software vulnerabilities from git commit messages - cve-search/git-vuln-finder
PCG Random number generators are flawed and easy to predict
https://ift.tt/2rFRGKD
Submitted December 29, 2019 at 11:36PM by mgostIH
via reddit https://ift.tt/2thPnkj
https://ift.tt/2rFRGKD
Submitted December 29, 2019 at 11:36PM by mgostIH
via reddit https://ift.tt/2thPnkj
reddit
PCG Random number generators are flawed and easy to predict
Posted in r/netsec by u/mgostIH • 5 points and 2 comments
Threat intelligence, building your citadel
https://ift.tt/39jI1O5
Submitted December 29, 2019 at 11:58PM by 0xsha
via reddit https://ift.tt/2F5uvQc
https://ift.tt/39jI1O5
Submitted December 29, 2019 at 11:58PM by 0xsha
via reddit https://ift.tt/2F5uvQc
reddit
Threat intelligence, building your citadel
Posted in r/netsec by u/0xsha • 7 points and 0 comments
Call your tier-one support engineer a "hacker" for fixing a problem your system designers couldn't figure out? Good luck finding that zero-day exploit I told you about.
/r/ProRevenge/comments/eh89df/call_your_tierone_support_engineer_a_hacker_for/
Submitted December 30, 2019 at 03:17AM by _vavkamil_
via reddit https://ift.tt/2rCkvdV
/r/ProRevenge/comments/eh89df/call_your_tierone_support_engineer_a_hacker_for/
Submitted December 30, 2019 at 03:17AM by _vavkamil_
via reddit https://ift.tt/2rCkvdV
reddit
Call your tier-one support engineer a "hacker" for fixing a...
A community for technical news and discussion of information security and closely related topics.
An attacker logged into the RDP Honeypot a few weeks ago and was able to dump credentials and move laterally in 36 minutes. They used Advanced Scanner + ProcDump + PsExec to move laterally to a Domain Controller. Would you have detected and responded to this activity?
https://ift.tt/2F5sB1W
Submitted December 30, 2019 at 02:48AM by InfoSecJim
via reddit https://ift.tt/36a0avt
https://ift.tt/2F5sB1W
Submitted December 30, 2019 at 02:48AM by InfoSecJim
via reddit https://ift.tt/36a0avt
Some LOLbin Examples for Antivirus Evasion - Silly Rabbit, Trix are for Kids
https://ift.tt/2Q8Wyob
Submitted December 30, 2019 at 07:52AM by thickofits
via reddit https://ift.tt/2MIbkQG
https://ift.tt/2Q8Wyob
Submitted December 30, 2019 at 07:52AM by thickofits
via reddit https://ift.tt/2MIbkQG
reddit
Some LOLbin Examples for Antivirus Evasion - Silly Rabbit, Trix...
Posted in r/netsec by u/thickofits • 29 points and 4 comments
Bashar Bachir Infection Chain Analysis
https://ift.tt/354eVyy
Submitted December 30, 2019 at 09:15AM by kindredsec
via reddit https://ift.tt/359tj8V
https://ift.tt/354eVyy
Submitted December 30, 2019 at 09:15AM by kindredsec
via reddit https://ift.tt/359tj8V
GitHub
itsKindred/malware-analysis-writeups
A repository of my completed writeups, along with the samples themselves. - itsKindred/malware-analysis-writeups
Compatible Wireless Penetration Hardware for Rolling Kali
https://ift.tt/369ai7N
Submitted December 30, 2019 at 09:59AM by pentest4life
via reddit https://ift.tt/2FgFeYd
https://ift.tt/369ai7N
Submitted December 30, 2019 at 09:59AM by pentest4life
via reddit https://ift.tt/2FgFeYd
Medium
Compatible Wireless Penetration Hardware for Kali Rolling
This post will talk about what USB devices are supported out of the box for Kali in the year 2020, include a quick cheat sheet, and and…
In the face of password breaches, we are equal - A quick study of data breaches vs. decision-makers in 11 top market cap companies in Finland
https://ift.tt/37psn1x
Submitted December 30, 2019 at 12:04PM by btriani
via reddit https://ift.tt/36jDl93
https://ift.tt/37psn1x
Submitted December 30, 2019 at 12:04PM by btriani
via reddit https://ift.tt/36jDl93
Medium
In the face of password breaches, we are equal
A quick study of data breaches vs. decision-makers in 11 top market cap companies in Finland
InfoCon Collection: Hacking Conference Audio and Video Archive
https://infocon.org/
Submitted December 30, 2019 at 03:49PM by digicat
via reddit https://ift.tt/2SEvQp8
https://infocon.org/
Submitted December 30, 2019 at 03:49PM by digicat
via reddit https://ift.tt/2SEvQp8
infocon.org
InfoCon.org is an archive of hacking and security conference videos, documentaries, rainbow tables, word lists and podcasts.
Lesser-known Tools for Android Application PenTesting
https://ift.tt/39osDQr
Submitted December 30, 2019 at 05:15PM by CaptMeelo
via reddit https://ift.tt/357rhpN
https://ift.tt/39osDQr
Submitted December 30, 2019 at 05:15PM by CaptMeelo
via reddit https://ift.tt/357rhpN
Hack.Learn.Share
Lesser-known Tools for Android Application PenTesting
This blog contains write-ups of the things that I researched, learned, and wanted to share to others.
Reverse Engineering new-gen Web Assembly applications using Chrome dev tools
https://ift.tt/37jH8TJ
Submitted December 30, 2019 at 07:20PM by ISeeFacesInClouds
via reddit https://ift.tt/2MF4xHt
https://ift.tt/37jH8TJ
Submitted December 30, 2019 at 07:20PM by ISeeFacesInClouds
via reddit https://ift.tt/2MF4xHt
Medium
Reversing Web Assembly (WASM)
xmas_future
Android VPN app with 10,000,000+ downloads exposes users' VPN usernames & IP addresses in android logs
https://ift.tt/35a7m9F
Submitted December 31, 2019 at 06:00AM by WannaMakeAnApp
via reddit https://ift.tt/2SC9uEF
https://ift.tt/35a7m9F
Submitted December 31, 2019 at 06:00AM by WannaMakeAnApp
via reddit https://ift.tt/2SC9uEF
RIIS
VPN App With 10,000,000+ downloads exposes users' VPN logins and servers in android logs • RIIS
Learn how to use AI to improve your app or website's UI tests.