Risk Discovery

	[ News \| Blogs \| Reddits \| Lists \| Media \| ? ] HoneyDB

/r/netsec - Information Security News & Discussion

macOS: how to gain root with CVE-2018-4193 in < 10s

How To Make The Best Out Of Security Conferences

2.7M phone calls to Swedish medical advice service left on unauthenticated web server

pwnable.kr - fd , Understanding Linux File Descriptors and creating a simple exploit with python pwntools

ROP-ing on Aarch64

Azure AD Connect for Red Teamers

WireGuard for macOS

Security vulnerabilities discovered in MiniUPnP

CVE-2019-8372: Local Privilege Elevation in LG Device Manager. Tutorial on auditing kernel drivers and token stealing via arbitrary read/write primitives.

Electrohunt Part 1: Hunting for the phishing campaigns on the Electrum network

Malware Analysis & Reports

Gandcrab ransomware demands Bitcoin payment to victims, while excluding users with Russian keyboard layouts from the attack

Malware analysis notebook for shellcode payloadsby @JohnLaTwC

Malicious word document analysis. On opening document, macro executes PowerShell and download executable file.

[FREE Video] Flare-On FireEye 2018 CTF - Malware Analysis With Amr Thabet - Flare Minesweeper

Begone! Microsoft Store Kicks Eight Malicious Cryptojacking Apps

Beginner Reverse Engineering CTF

Multi stage malicious LNK dropper analysis

“Can not obtain ownership information” listening on port 3389

New Crypto-Stealing 'Clipper' Malware Found in Google Play Store

Point of Contact for Bitpaymer

blackhat library: Documenting blackhat hacking techniques

HackTheBox - Giddy CTF Video Walkthrough

Bomb Threat Hoaxer Exposed by Hacked Gaming Site

I just completed the Bandit wargame at Overthewire, here are my takeaways.

Any good black hat Python drills?

PNG heap based buffer overflow (RCE) in Android 7-9

Visual Analysis with ProcDOT (X-Post)

First Android Clipper found on Google Play

Phishers Target Anti-Money Laundering Officers at U.S. Credit Unions

Downgrade Attack on TLS 1.3 and Vulnerabilities in Major TLS Libraries

Program to query passwords from a username

Discussion and Disclosure of Web Vulnerabilities

Is Tom's Guide Safe to Download From?

When your Memory Allocator hides Security Bugs

Storing your AES key in your code? How about a PGP-like solution for web apps?

Know What is Web Application Security

Could this be a subdomain takeover?

Website Security Check - 5 Security Breaches & Prevention from Hackers

How to check your Website Security?

How to setup an anonymous webpage ?

Best DDoS Protection Services

Common Web Application Vulnerabilities

Computer Forensics

Griffeye Pros and Cons

So a common first step when entering the IT world is to start out on a help desk and then work your way up from there. But what would be the best way to transition from that into a forensics role?

Imaging Mac but it comes out as 'no file system'

USB encryption security issues

Is it worth it for me to get into digital forensics if I'm not the greatest at coding/programming and aren't the best problem solver in comparison to others?

I know this may sound like a stupid question, but do you actually find any satisfaction in your work given the amount of horrific stuff you must find on a regular basis?

Are these devices for real or just a scam?

New to Volatility -- Question about implementation

Interesting way to process Sysmon logs

HELP: Brand New USB Drives Acting Funny + Corrupting Some Files Stored On Them?

XSS - Cross Site Scripting

Google working on new Chrome security feature to 'obliterate DOM XSS'

How I Found Stored XSS in Thousand’s of Sites Under Typepad

DOM XSS

Can XSS mitigate all anti-CSRF protections?

DOM-Based XSS Example.

So rather than using the standard alert(‘XSS’) for this informational video I thought I would do something a little bit different, hope you enjoy it!

Wormable Stored XSS on WordPress.org

XSS in Ghost - Write-up

XSSing Google Code-in thanks to improperly escaped JSON data

XSS testing for Quality assurance

pwned

Exposed wp-config.php files - database credentials.

Gnosticplayers is back - another brand new breach...

An Indian journalist pwned right wing twitter bots (including government ministers) into tweeting absolute non sense.

Holly fuck!

Australian Federal Parliament

Here is the leaked databases from Raidfourms

Security firm identifies hacker behind Collection 1 leak, as Collection 2-5 become public

Crypto Hacker Scores $28,600 After Hack Of Bitcoin Exchange

70,000 affected in B&Q data breach

Need help cracking individual passwords from Edmodo database

Cryptography news and discussions

Riot IM hits 1.0: brand new design, dramatically improved encryption UX, new login, new settings, new room list and dozens of stability and performance enhancements

Implementing End-to-End Encryption in Matrix clients

This guy is offering £10,000 if you can break his cipher

Is SHA-3 (Keccak) already broken?

Pentesterlab. ECDSA challenge

Looking to contribute!

What is the BLS signature scheme?

A question about cryptopals problem 6

Deterministic AES256 implementation ansible-vault secure?

Difference between ECDH and HPKE?

Hack Bloc

How the US Government took control of the Internet | The Hacker Crackdown a(A)a FTP

Dead Cells devs run as an “anarcho-syndical workers cooperative” with no bosses and equal pay for everyone

35c5 Chaos Communication Congress Komona assembly recap a(A)a

BreadTube.tv is Live and Open Source! You can help propagate and agitate.

Against the Google Campus - fuck google! google out of Europe! a(A)a

Ubuntu PR highlights US Navy assistance

You say you want a revolution? (reupload) [compas, hackers, lovers, is time to organize and stand up]

Hackerñol 35c3a a(A)a Resume video from #35c3 hacker conference [spanish]

Camover: Berlin Anarchists Against Surveillance - a(A)a

Imprisoned Hacktivist Jeremy Hammond Bumped a Guard With a Door — and Got Thrown in Solitary Confinement