cve-search/git-vuln-finder - Finding potential software vulnerabilities from git commit messages
Finding potential software vulnerabilities from git commit messages. The output format is a JSON with the associated commits which could contain a fix regarding a software vulnerability. The search is based on a set of regular expressions against the commit messages only. If CVE IDs are present, those are added automatically in the output.https://github.com/cve-search/git-vuln-finder
Submitted December 28, 2019 at 08:40PM by adulau
via reddit https://ift.tt/37gFkuG
Finding potential software vulnerabilities from git commit messages. The output format is a JSON with the associated commits which could contain a fix regarding a software vulnerability. The search is based on a set of regular expressions against the commit messages only. If CVE IDs are present, those are added automatically in the output.https://github.com/cve-search/git-vuln-finder
Submitted December 28, 2019 at 08:40PM by adulau
via reddit https://ift.tt/37gFkuG
GitHub
GitHub - cve-search/git-vuln-finder: Finding potential software vulnerabilities from git commit messages
Finding potential software vulnerabilities from git commit messages - cve-search/git-vuln-finder
PCG Random number generators are flawed and easy to predict
https://ift.tt/2rFRGKD
Submitted December 29, 2019 at 11:36PM by mgostIH
via reddit https://ift.tt/2thPnkj
https://ift.tt/2rFRGKD
Submitted December 29, 2019 at 11:36PM by mgostIH
via reddit https://ift.tt/2thPnkj
reddit
PCG Random number generators are flawed and easy to predict
Posted in r/netsec by u/mgostIH • 5 points and 2 comments
Threat intelligence, building your citadel
https://ift.tt/39jI1O5
Submitted December 29, 2019 at 11:58PM by 0xsha
via reddit https://ift.tt/2F5uvQc
https://ift.tt/39jI1O5
Submitted December 29, 2019 at 11:58PM by 0xsha
via reddit https://ift.tt/2F5uvQc
reddit
Threat intelligence, building your citadel
Posted in r/netsec by u/0xsha • 7 points and 0 comments
Call your tier-one support engineer a "hacker" for fixing a problem your system designers couldn't figure out? Good luck finding that zero-day exploit I told you about.
/r/ProRevenge/comments/eh89df/call_your_tierone_support_engineer_a_hacker_for/
Submitted December 30, 2019 at 03:17AM by _vavkamil_
via reddit https://ift.tt/2rCkvdV
/r/ProRevenge/comments/eh89df/call_your_tierone_support_engineer_a_hacker_for/
Submitted December 30, 2019 at 03:17AM by _vavkamil_
via reddit https://ift.tt/2rCkvdV
reddit
Call your tier-one support engineer a "hacker" for fixing a...
A community for technical news and discussion of information security and closely related topics.
An attacker logged into the RDP Honeypot a few weeks ago and was able to dump credentials and move laterally in 36 minutes. They used Advanced Scanner + ProcDump + PsExec to move laterally to a Domain Controller. Would you have detected and responded to this activity?
https://ift.tt/2F5sB1W
Submitted December 30, 2019 at 02:48AM by InfoSecJim
via reddit https://ift.tt/36a0avt
https://ift.tt/2F5sB1W
Submitted December 30, 2019 at 02:48AM by InfoSecJim
via reddit https://ift.tt/36a0avt
Some LOLbin Examples for Antivirus Evasion - Silly Rabbit, Trix are for Kids
https://ift.tt/2Q8Wyob
Submitted December 30, 2019 at 07:52AM by thickofits
via reddit https://ift.tt/2MIbkQG
https://ift.tt/2Q8Wyob
Submitted December 30, 2019 at 07:52AM by thickofits
via reddit https://ift.tt/2MIbkQG
reddit
Some LOLbin Examples for Antivirus Evasion - Silly Rabbit, Trix...
Posted in r/netsec by u/thickofits • 29 points and 4 comments
Bashar Bachir Infection Chain Analysis
https://ift.tt/354eVyy
Submitted December 30, 2019 at 09:15AM by kindredsec
via reddit https://ift.tt/359tj8V
https://ift.tt/354eVyy
Submitted December 30, 2019 at 09:15AM by kindredsec
via reddit https://ift.tt/359tj8V
GitHub
itsKindred/malware-analysis-writeups
A repository of my completed writeups, along with the samples themselves. - itsKindred/malware-analysis-writeups
Compatible Wireless Penetration Hardware for Rolling Kali
https://ift.tt/369ai7N
Submitted December 30, 2019 at 09:59AM by pentest4life
via reddit https://ift.tt/2FgFeYd
https://ift.tt/369ai7N
Submitted December 30, 2019 at 09:59AM by pentest4life
via reddit https://ift.tt/2FgFeYd
Medium
Compatible Wireless Penetration Hardware for Kali Rolling
This post will talk about what USB devices are supported out of the box for Kali in the year 2020, include a quick cheat sheet, and and…
In the face of password breaches, we are equal - A quick study of data breaches vs. decision-makers in 11 top market cap companies in Finland
https://ift.tt/37psn1x
Submitted December 30, 2019 at 12:04PM by btriani
via reddit https://ift.tt/36jDl93
https://ift.tt/37psn1x
Submitted December 30, 2019 at 12:04PM by btriani
via reddit https://ift.tt/36jDl93
Medium
In the face of password breaches, we are equal
A quick study of data breaches vs. decision-makers in 11 top market cap companies in Finland
InfoCon Collection: Hacking Conference Audio and Video Archive
https://infocon.org/
Submitted December 30, 2019 at 03:49PM by digicat
via reddit https://ift.tt/2SEvQp8
https://infocon.org/
Submitted December 30, 2019 at 03:49PM by digicat
via reddit https://ift.tt/2SEvQp8
infocon.org
InfoCon.org is an archive of hacking and security conference videos, documentaries, rainbow tables, word lists and podcasts.
Lesser-known Tools for Android Application PenTesting
https://ift.tt/39osDQr
Submitted December 30, 2019 at 05:15PM by CaptMeelo
via reddit https://ift.tt/357rhpN
https://ift.tt/39osDQr
Submitted December 30, 2019 at 05:15PM by CaptMeelo
via reddit https://ift.tt/357rhpN
Hack.Learn.Share
Lesser-known Tools for Android Application PenTesting
This blog contains write-ups of the things that I researched, learned, and wanted to share to others.
Reverse Engineering new-gen Web Assembly applications using Chrome dev tools
https://ift.tt/37jH8TJ
Submitted December 30, 2019 at 07:20PM by ISeeFacesInClouds
via reddit https://ift.tt/2MF4xHt
https://ift.tt/37jH8TJ
Submitted December 30, 2019 at 07:20PM by ISeeFacesInClouds
via reddit https://ift.tt/2MF4xHt
Medium
Reversing Web Assembly (WASM)
xmas_future
Android VPN app with 10,000,000+ downloads exposes users' VPN usernames & IP addresses in android logs
https://ift.tt/35a7m9F
Submitted December 31, 2019 at 06:00AM by WannaMakeAnApp
via reddit https://ift.tt/2SC9uEF
https://ift.tt/35a7m9F
Submitted December 31, 2019 at 06:00AM by WannaMakeAnApp
via reddit https://ift.tt/2SC9uEF
RIIS
VPN App With 10,000,000+ downloads exposes users' VPN logins and servers in android logs • RIIS
Learn how to use AI to improve your app or website's UI tests.
Lesser-known Tools for Android Application PenTesting
https://ift.tt/39osDQr
Submitted December 31, 2019 at 08:57AM by CaptMeelo
via reddit https://ift.tt/2szd73A
https://ift.tt/39osDQr
Submitted December 31, 2019 at 08:57AM by CaptMeelo
via reddit https://ift.tt/2szd73A
Hack.Learn.Share
Lesser-known Tools for Android Application PenTesting
This blog contains write-ups of the things that I researched, learned, and wanted to share to others.
CVE-2019-19632 and CVE-2019-19631: XSS and Sensitive Information Disclosure
https://ift.tt/2Fa3bjO
Submitted December 31, 2019 at 01:24AM by breach_house
via reddit https://ift.tt/2Qb4PYz
https://ift.tt/2Fa3bjO
Submitted December 31, 2019 at 01:24AM by breach_house
via reddit https://ift.tt/2Qb4PYz
Bishopfox
Big Monitoring Fabric Application
High-risk vulnerabilities in the Big Monitoring Fabric app that would grant a remote attacker admin access and SSH console access to affected system.
The /r/netsec Monthly Discussion Thread - January 2020
OverviewQuestions regarding netsec and discussion related directly to netsec are welcome here.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on /r/netsec.As always, the content & discussion guidelines should also be observed on /r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted January 01, 2020 at 10:06AM by AutoModerator
via reddit https://ift.tt/2sBYyfE
OverviewQuestions regarding netsec and discussion related directly to netsec are welcome here.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on /r/netsec.As always, the content & discussion guidelines should also be observed on /r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted January 01, 2020 at 10:06AM by AutoModerator
via reddit https://ift.tt/2sBYyfE
Reddit
Technical Information Security Content & Discussion
/r/netsec is a community-curated aggregator of technical information security content. Our mission is to extract signal from the noise — to provide value to security practitioners, students, researchers, and hackers everywhere.
How To Secure Apache From Clickjack attack using X-Frame-Options
https://ift.tt/2CNjYIF
Submitted January 01, 2020 at 03:41PM by vulpinecode
via reddit https://ift.tt/2QwONHy
https://ift.tt/2CNjYIF
Submitted January 01, 2020 at 03:41PM by vulpinecode
via reddit https://ift.tt/2QwONHy
Tutorials24x7
How To Secure Apache From Clickjack attack using X-Frame-Options
Explains the way to secure websites and web-based applications from Clickjacking hosted on Apache HTTP Server using the Header option X-Frame-Options.
/r/netsec's Q1 2020 Academic Program Thread
Many of our members are searching or applying for college now so, like the hiring thread, we'd like to aggregate information about great security programs at colleges and universities. We did this once in 2015 and most of the information is still relevant, check it out.If you work for or attend an educational institution that covers security (including non computer science, like law, business, etc), please leave a comment outlining the program and its unique features. There a few requirements/requests:No admissions counselors.Please be thorough and upfront with details about the program. Include links to relevant websites detailing the coursework and your College Scorecard.List the top career paths that graduates take. Industry, academia, and government use security expertise in many different ways. What career paths does the program best prepare you for?Reserve top-level comments for those posting about their academic programs. Feedback and suggestions are welcome, but please don't hijack this thread (use moderator mail instead.)Share this post on Twitter and Facebook to increase exposure
Submitted January 01, 2020 at 10:51PM by ranok
via reddit https://ift.tt/35gFSPP
Many of our members are searching or applying for college now so, like the hiring thread, we'd like to aggregate information about great security programs at colleges and universities. We did this once in 2015 and most of the information is still relevant, check it out.If you work for or attend an educational institution that covers security (including non computer science, like law, business, etc), please leave a comment outlining the program and its unique features. There a few requirements/requests:No admissions counselors.Please be thorough and upfront with details about the program. Include links to relevant websites detailing the coursework and your College Scorecard.List the top career paths that graduates take. Industry, academia, and government use security expertise in many different ways. What career paths does the program best prepare you for?Reserve top-level comments for those posting about their academic programs. Feedback and suggestions are welcome, but please don't hijack this thread (use moderator mail instead.)Share this post on Twitter and Facebook to increase exposure
Submitted January 01, 2020 at 10:51PM by ranok
via reddit https://ift.tt/35gFSPP
reddit
/r/netsec's Q3 2015 Academic Program Thread
Many of our members are applying for college now so, like the hiring thread, we'd like to aggregate information about great security programs at...
Decrypting config.bin files for TP-Link WR841N, WA855RE, and probably more…
https://ift.tt/37pfOU7
Submitted January 01, 2020 at 11:01PM by thatstevelord
via reddit https://ift.tt/2ua7Wrj
https://ift.tt/37pfOU7
Submitted January 01, 2020 at 11:01PM by thatstevelord
via reddit https://ift.tt/2ua7Wrj
Blogspot
Decrypting config.bin files for TP-Link WR841N, WA855RE, and probably more…
Notice - moved from medium.com, as their pricing model is just plain wrong... This is also hosted here , but updated below. Tl;Dr — i...
Disclosure of exploit in Home alarms in Sweden.
https://ift.tt/39yD1F9
Submitted January 02, 2020 at 12:09AM by showmeyourprincess
via reddit https://ift.tt/2QhgnJK
https://ift.tt/39yD1F9
Submitted January 02, 2020 at 12:09AM by showmeyourprincess
via reddit https://ift.tt/2QhgnJK
reddit
Disclosure of exploit in Home alarms in Sweden.
Posted in r/netsec by u/showmeyourprincess • 4 points and 0 comments
Alert Alarm SMS exploit
https://ift.tt/39yD1F9
Submitted January 02, 2020 at 12:25AM by giffengrabber
via reddit https://ift.tt/35gQ6jb
https://ift.tt/39yD1F9
Submitted January 02, 2020 at 12:25AM by giffengrabber
via reddit https://ift.tt/35gQ6jb
reddit
Alert Alarm SMS exploit
Posted in r/netsec by u/giffengrabber • 5 points and 1 comment