Risk Discovery

	[ News \| Blogs \| Reddits \| Lists \| Media \| ? ] HoneyDB

/r/netsec - Information Security News & Discussion

L1 Terminal Fault / CVE-2018-3615 , CVE-2018-3620,CVE-2018-3646 / INTEL-SA-00161

Playback - a TLS 1.3 story

Linux kernel: CVE-2017-18344: arbitrary-read vulnerability in the timer subsystem

August 2018 .NET Framework Security and Quality Rollup

Multi-Factor Mixup: Who Were You Again? Exploiting Microsoft ADFS MFA integration

Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution

The Dangers of Key Reuse: Practical Attacks on IPsec IKE

Endpoint Security Self-Protection on MacOS

Evading Anomaly-Based NIDS with Empire

I thought I found a browser security bug

Malware Analysis & Reports

VirusTotal Intelligence

Malware Privilege Escalation

Persistence Mechanisms (X-Post)

Examining Code Reuse Reveals Undiscovered Links Among North Korea’s Malware Families

Xori - A automation-ready disassembly and static analysis library

Help with Malware created for demonstration purposes (c++)

Malware detection using machine learning

Why is a new Ramnit campaign creating a huge network of malicious proxies?

Kovter malware teardown, including "invisible" registry persistence

Pointers with PowerGhost analysis

blackhat library: Documenting blackhat hacking techniques

Osmo-FL2k: A $15 DTV transmitter, FM radio hijack and GPS Spoofing device.

Build Your Own Botnet

Incredibly fast crawler which extracts urls, emails, files, website accounts and much more : Photon 🛩️

Intertrust and Jscrambler Launch AppShield360 to Protect Mobile and JS Apps @ BHUSA

Anatomy of a Modern PDF Embedding Attack

DeepLocker: How AI Can Power a Stealthy New Breed of Malware (BlackHat 2018 talk)

Cookie stuffing

CMSeeK - Detect and exploit over 40 CMSs [WordPress, Joomla, Drupal etc] !

PASM - Linux assembler/disassembler based on Rasm2

Bashark - UNIX post exploitation toolkit

Discussion and Disclosure of Web Vulnerabilities

Are alpha-numeric passwords outdated yet?

Bugcrowd University

Netcraft Review?

Is biometric authentication outdated yet?

Mind the hackers

Emojis webshell

Share your webshell collection

Simple article about what is Web Application Firewall aka WAF

Web Hacking w/ Python: OverTheWire: Natas Video Walkthrough Series

Wrote an article about the journey of building the website security tool for web agencies. What do you think?

Computer Forensics

Any project ideas for working with RaspberryPi products (focusing on digital-forensics)?. Recommendations on reads or books out there to get started?.

Magnet Axiom issue

Defcon DFIR CTF 2018 Open to the Public

Possible to see the time a USB device was inserted into Windows computer?

Elcomsoft Distributed Password Recovery 4.0 with Automatic Dictionary Distribution and Intel GPU Acceleration

Using Intel Built-in Graphic Cores to Accelerate Password Recovery

DFRWS Challenge 2018

Association Credibility

Career in Forensics

Investigating companies

XSS - Cross Site Scripting

Practical Web Cache Poisoning

looking for people who could help me a bit more with xss

Jumbled List of XSS payloads

How do you prevent cross site scripting on a workstation ?

HTTPView - In-browser Web Application Security Testing Tool (client-side only)

The $12,000 Intersection between Clickjacking and XSS

XSS in Google Colaboratory + CSP bypass

How to bypass double quotes filter ?

Whats difference between ' " and `? Where can I read about that?

Simulate ENTER keypress event with Javascript on textarea form element.

pwned

@Paytm -India’s largest digital wallet company. Customer Information is at risk. How I was able to access their user information!

Subdomain Takeover: Yet another Starbucks case

Butlin’s Hacked – 34,000 customers affected

Popular website reddit.com leaks a bunch of username-email pairs

Companies with data breaches in 2018

Australian Government National Health Practitioner Ombudsman and Privacy Commissioner leaks database

"Have I been Pwned" V3 passwords 95% cracked on Hashes.org

MyEtherWallet HOLA VPN Compromised

Hackers caught selling access to airport security systems for $10

Macy’s, Bloomingdales Alert Online Customers of Data Breach

Cryptography news and discussions

Will PGP encrypted emails be vulnerable to quantum computers?

New System vs New Ciphers

Foreshadow: Breaking the Virtual Memory Abstraction with Transient Out-of-Order Execution

Can the use of multiple cyphers increase security ?

Crypton: an educational library to learn and practice offensive and defensive crypto(graphy)

cuda-fixnum: Extended-precision modular arithmetic library for CUDA

Best Hardware --> OS --> Browser Setup?

I need help decoding a message my stalker keeps sending me

Client puzzle protocol with manual verification

A collection of some cryptographic primitives in python (for educational purposes only)

Hack Bloc

The Rhetoric Tricks, Traps, and Tactics of White Nationalism

[Video] Anonymous Operation QAnon

A report-back from Berkeley today • r/Anarchism

Dear alt-right morons and other miscreants: Disrupt DEF CON, and the goons will 'ave you

Minimum viable decentralization -- how to decentralize with users in mind while staying alive

Resistant protocols: how decentralization evolves -- detailed walkthrough of file sharing history exploring how decentralization interacted with the law. Really interesting for thinking about how to build decentralized tech in 2018

'We Are Not Bots': Facebook Censors U.S. Activists After Falsely Claiming They 'Unwittingly' Planned Protest

No HOPE for Fascism: Myths & Facts – No Fascists at HOPE – Medium

Center for a Stateless Society » No Code Alone Will Save You - Blog post regarding HOPE XII

No Hope For Fascists | heartsucker.com