[ News | Blogs | Reddits | Lists | Media | ? ] HoneyDB

/r/netsec - Information Security News & Discussion
A model for building and improving your internal Red Team
Zephyr and MCUboot Security Assessment: our research uncovered 25 vulnerabilities affecting the Zephyr RTOS and 1 vulnerability affecting MCUboot.
An honest comparison between CRTE and OSCP
Shikata ga nai (仕方がない) encoder ported into go with several improvements.
RMIScout: Safely and Quickly Brute-Force Java RMI Interfaces for Code Execution
Attacking CloudGoat 2: A step-by-step walkthrough of CloudGoat 2.0 scenarios.
AppDomainManager Injection and Detection
Securely hiding secrets in strings using invisible characters
RCE in Portainer with Golang Request Splitting
Security researchers auditing Aus. Gov. COVID tracking app open CVE-2020-12586: "this issue allows an attacker to track a target device even after the app is uninstalled"
Malware Analysis & Reports
Scared the hell out of my dad.
ExpBoot.exe Malware Analysis Paper
[Blog Post] This Week in Malware - 18 May 2020
Youth Cyber Geeks Telegram Channel is a channel for youth people interested in Malware Analysis and Reverse Engineering
Shining a light on “Silent Night” Zloader/Zbot - Malwarebytes Labs
New ransomware “Instabot” encrypts users’ files and demands some Bitcoin to unlock them.
[Sophos Blog] Ragnar Locker ransomware deploys virtual machine to dodge security
NorthstarC2, an OpenSource Command&Control Framework
PandaBanker Analysis: Fixing PE Header Corruption and Unmapping Executables
How to unpack Modified UPX ELF binary
blackhat library: Documenting hacking techniques
LadderLeak: Breaking ECDSA With Less Than One Bit Of Nonce Leakage
Attacking MSI RGB Lighting From The Browser
New DNS Vulnerability let attackers launch Large-Scale DDOS Attacks
REMINDER: Rules do exist on this subreddit.
I converted the code from "Black Hat Python" into Python 3, applied PEP8 and resolved dependency issues. It's available on GitHub.
No more JuicyPotato? Old story, welcome RoguePotato!
Kaiten - A New Payload Generator now Open Source
DOM XSS in Facebook worth $20k by Vinoth Kumar
Using Intel PT for Vulnerability Triaging with IPTAnalyzer
Is Facebook able to Fetch the darkweb on Post and Messenger ?
Discussion and Disclosure of Web Vulnerabilities
WordPress website attack using JavaScript and XSS
Guardian Web Application Firewall - Open Source
Application Modernisation: What Are the Main Security Concerns?
Nginx Free WAF: ModSecurity vs Nemesida WAF Free
Webinar on recent REST API breaches: The Anatomy of 4 API Breaches
Generating CRIME safe CSRF Tokens
OriginTracer: An In-Browser System for Identifying Extension-based Ad Injection
Userdir URLs like https://example.org/~username/ are dangerous
Excision: An In-Browser System for Detection of Malicious Third-Party Content Inclusions
Crawlium (DeepCrawling): A crawling platform based on Chrome (Chromium) browser to get a deeper look into the ecosystem of content inclusion on the Web.
Computer Forensics
Looking for inexpensive introductory Digital Forensics courses
Verify if a Domain user has a local admin rights?
Does windows log the cmd history?
Best way to clarify muffled dialogue for audio forensics?
Workstation specification
How do you build Linux volatility profiles with the compiled kernel?
Qualifications for cyber threat intelligence
JPG Unsupported File Format - Possibly Bit Shifted?
Need professional help installing monitoring
Finding a digital forensic job in pandemic
XSS - Cross Site Scripting
What is the need for a forward slash(/) in <svg/onload=alert() ? Why not just <svg onload=alert() ?
Michał Bentkowski XSS Challenge Write-Up
Delivering more than just presents: An Xmas story of self-XSS on Amazon.com
is this enough to prevent an xss attack?
Documenting the impossible: Unexploitable XSS labs | PortSwigger Research
Who's the undisputed king of XSS ?
WordPress website attack using JavaScript and XSS
Finding XSS
Did I include an XSS Exploit in my code?
Need help with a Server-Side Template Injection CTF Problem
pwned
Home Chef announces data breach after hacker sells 8M user records
EasyJet admits nine million customers hacked
Hackers' private chats leaked in stolen WeLeakData database
ULMON (Maps2Go) USER ACCOUNT DATA BREACH - 778K Accounts Compromised
Dating app MobiFriends silent on security breach impacting 3.6 million users | ZDNet
GoDaddy Hack Breaches Hosting Account Credentials
Hacker leaks 15 million records from Tokopedia, Indonesia's largest online store | ZDNet
Nintendo confirms 160,000 Nintendo Accounts accessed in hacking attempts
Hacker leaks 23 million usernames and passwords from Webkinz children's game | ZDNet
SFO Websites Hacked: Airport Discloses Data Breach
Cryptography news and discussions
How do I learn BouncyCastle API for Java?
LadderLeak: Breaking ECDSA With Less Than One Bit Of Nonce Leakage
Elgamal: Can I obtain a ciphertext 2m, from ciphertext m ?
How end-to-end encryption work in whatsapp group (not direct message)?
For what smallest integer n is xorAll(sha256Cycle(xor(512BitInput,next512BitSalt))), more secure than sha3?
Logging TLS session keys in LibreSSL
KDF state of the art?
Is this correct usage of the Crypto API for Javascript?
Chaotic Permutation Circuit - Request for comments
Filter here too?
Hack Bloc
TBS | Property Relations on the Blockchain feat. Dr. Joel Garrod (Part 1)
The Cyberpunk Movement - The documentary [Best independent cyberpunk documentary]
First Blockchain 101 for Socialists Live Session Recording
A master's level electrical engineer obsessed with quantum physics, ecological sustainability, worker cooperatives, is seeking comments on his White Paper proposing a demurrage based "Living Currency" system that could convert the US dollar from something destructive into something regenerative.
Own the Value of your Labor with DAOs feat. Daniel Kronovet from Colony
Hackers Leak Thousands of Coronavirus Research Papers
Fighting Uber with blockchain cooperatives feat. Dardan Isufi from Eva Coop
Do you?
The EARN IT Bill Is the Government's Plan to Scan Every Message Online
Leftists like Noam Chomsky and Richard Wolff Think About Blockchain Positively