D-Link DIR-859 — Unautenticated RCE (CVE-2019–17621)
https://ift.tt/2t7ntYu

Submitted December 27, 2019 at 07:45AM by secenv
via reddit https://ift.tt/37eoSev

NCSC Cyber Security Body Of Knowledge Published.
https://ift.tt/2oNGdu4

Submitted December 29, 2019 at 06:41AM by 1nt3rnalv01d
via reddit https://ift.tt/2Q5wKcj

Demonstrating the Capital One breach on your own AWS account
https://ift.tt/2MBpX8d

Submitted December 29, 2019 at 04:40PM by sanitybit
via reddit https://ift.tt/37huqol

Various Android Apps allow anyone to remotely edit db/prefs due to debugging library in prod
https://ift.tt/354L618

Submitted December 29, 2019 at 04:16PM by Deletescape
via reddit https://ift.tt/2QvKMD8

cve-search/git-vuln-finder - Finding potential software vulnerabilities from git commit messages
Finding potential software vulnerabilities from git commit messages. The output format is a JSON with the associated commits which could contain a fix regarding a software vulnerability. The search is based on a set of regular expressions against the commit messages only. If CVE IDs are present, those are added automatically in the output.https://github.com/cve-search/git-vuln-finder

Submitted December 28, 2019 at 08:40PM by adulau
via reddit https://ift.tt/37gFkuG

PCG Random number generators are flawed and easy to predict
https://ift.tt/2rFRGKD

Submitted December 29, 2019 at 11:36PM by mgostIH
via reddit https://ift.tt/2thPnkj

Threat intelligence, building your citadel
https://ift.tt/39jI1O5

Submitted December 29, 2019 at 11:58PM by 0xsha
via reddit https://ift.tt/2F5uvQc

Call your tier-one support engineer a "hacker" for fixing a problem your system designers couldn't figure out? Good luck finding that zero-day exploit I told you about.
/r/ProRevenge/comments/eh89df/call_your_tierone_support_engineer_a_hacker_for/

Submitted December 30, 2019 at 03:17AM by _vavkamil_
via reddit https://ift.tt/2rCkvdV

An attacker logged into the RDP Honeypot a few weeks ago and was able to dump credentials and move laterally in 36 minutes. They used Advanced Scanner + ProcDump + PsExec to move laterally to a Domain Controller. Would you have detected and responded to this activity?
https://ift.tt/2F5sB1W

Submitted December 30, 2019 at 02:48AM by InfoSecJim
via reddit https://ift.tt/36a0avt

Some LOLbin Examples for Antivirus Evasion - Silly Rabbit, Trix are for Kids
https://ift.tt/2Q8Wyob

Submitted December 30, 2019 at 07:52AM by thickofits
via reddit https://ift.tt/2MIbkQG

Bashar Bachir Infection Chain Analysis
https://ift.tt/354eVyy

Submitted December 30, 2019 at 09:15AM by kindredsec
via reddit https://ift.tt/359tj8V

Compatible Wireless Penetration Hardware for Rolling Kali
https://ift.tt/369ai7N

Submitted December 30, 2019 at 09:59AM by pentest4life
via reddit https://ift.tt/2FgFeYd

In the face of password breaches, we are equal - A quick study of data breaches vs. decision-makers in 11 top market cap companies in Finland
https://ift.tt/37psn1x

Submitted December 30, 2019 at 12:04PM by btriani
via reddit https://ift.tt/36jDl93

InfoCon Collection: Hacking Conference Audio and Video Archive
https://infocon.org/

Submitted December 30, 2019 at 03:49PM by digicat
via reddit https://ift.tt/2SEvQp8

Lesser-known Tools for Android Application PenTesting
https://ift.tt/39osDQr

Submitted December 30, 2019 at 05:15PM by CaptMeelo
via reddit https://ift.tt/357rhpN

Reverse Engineering new-gen Web Assembly applications using Chrome dev tools
https://ift.tt/37jH8TJ

Submitted December 30, 2019 at 07:20PM by ISeeFacesInClouds
via reddit https://ift.tt/2MF4xHt

Android VPN app with 10,000,000+ downloads exposes users' VPN usernames & IP addresses in android logs
https://ift.tt/35a7m9F

Submitted December 31, 2019 at 06:00AM by WannaMakeAnApp
via reddit https://ift.tt/2SC9uEF

Lesser-known Tools for Android Application PenTesting
https://ift.tt/39osDQr

Submitted December 31, 2019 at 08:57AM by CaptMeelo
via reddit https://ift.tt/2szd73A

CVE-2019-19632 and CVE-2019-19631: XSS and Sensitive Information Disclosure
https://ift.tt/2Fa3bjO

Submitted December 31, 2019 at 01:24AM by breach_house
via reddit https://ift.tt/2Qb4PYz

The /r/netsec Monthly Discussion Thread - January 2020
OverviewQuestions regarding netsec and discussion related directly to netsec are welcome here.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on /r/netsec.As always, the content & discussion guidelines should also be observed on /r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.

Submitted January 01, 2020 at 10:06AM by AutoModerator
via reddit https://ift.tt/2sBYyfE

How To Secure Apache From Clickjack attack using X-Frame-Options
https://ift.tt/2CNjYIF

Submitted January 01, 2020 at 03:41PM by vulpinecode
via reddit https://ift.tt/2QwONHy