[ News | Blogs | Reddits | Lists | Media | ? ] HoneyDB

/r/netsec - Information Security News & Discussion
Gaining persistent access to Burp Suite's Collaborator sessions - a step-by-step guide
Using Android as a malicious USB device
Modern Android Password Managers and FLAG_SECURE Misuse
The Imitation Game: Attacker Emulation
Finding Neutrino: a massive malware campaign ongoing since 2013
CVE-2019-15092 WordPress Plugin Import Export Users = 1.3.0 - CSV Injection
BitDefender Antivirus Free 2020 - Privilege Escalation to SYSTEM
Learn how to use and scale osquery to detect evasive or fileless malware, stealthy persistence, unseen attacks etc. (Free Video Training)
Researcher banned from Valve's bug bounty program publishes 2nd Steam Local Privilege Escalation 0-day
Attack (with) Jupyter!
Malware Analysis & Reports
Self replicating trojan - binary malware analysis [blogpost] newbie.
Learn how to use and scale osquery to detect evasive or fileless malware, stealthy persistence, unseen attacks etc. (Free Video Training)
Patch This Vulnerability Now to Avoid WannaCry Style Malware Attack
23 Texan Towns Hit By Coordinated Ransomware Attack
Cobalt Strike’s Process Injection: The Details
How Malware Works – Malicious Strategies and Tactics
How Malware Works – Malicious Strategies and Tactics
Banking Trojans: A Reference Guide to the Malware Family Tree
Browser Hijacked by Searchmine - Is now Manager
Malware analysis - learning How To Reverse Malware: A collection of guides and tools
blackhat library: Documenting blackhat hacking techniques
1Password, Keeper, Dashlane exposed secrets to third-party apps installed on the user device, due to an improper implementation of the FLAG_SECURE setting used to prevent screenshots
DejaBlue: Analyzing a RDP Heap Overflow
Anyone know where to find the 2019 leaked Dubsmash usernames and passwords?
DNS based threat hunting and DoH (DNS over HTTPS)
Bluetooth hacking — Cheatsheet
Live Malware Analysis | Checking out a User-land Rootkit
RouterOS Post Exploitation
Live Video Malware Analysis - "loligang" Botnet Sample
Does someone have a poc for the CVE-2019-9506? The Bluetooth attack to decrypt the traffic. Works with nearly all android and apple phones.
Microsoft HTTAPI (SSDP/UPnP) running on target at several higher level ports. Attack vector?
Discussion and Disclosure of Web Vulnerabilities
Instead of enriching Google, try making a market for click work
How do you approach to a target without any user input taken?
RCE through open PHP-FPM ports
Nemesida WAF Free for Nginx (Virtual Appliance for KVM/VMware/VirtualBox with Debian 10, Nginx 1.16 and Nemesida WAF Free, 1.3 GB)
Imperva Blocks Our Largest DDoS L7/Brute Force Attack Ever (Peaking at 292,000 RPS) | Imperva
Nginx Free WAF: NAXSI vs Nemesida WAF Free
Nemesida WAF Free now supports Nginx Stable, Mainline and Plus version
Content-type charset
WordPress Vulnerability Table
Web application security testing methodology / checklist / mindmap
Computer Forensics
Wired for Success: How to Keep Your Security Operations Team Satisfied
eDiscovery & MDM software suggestions
Is Samsung Secure Folder really secure?
Extracting ios 12.1 keychain data from a keychain-backup.plist file
DOL-OIG is hiring a Digital Forensics Lab Manager.
Is Cellebrite able to indicate if the sms or mms a spoof text yet?
Cellebrite Report Generating Chat Bubbles for SMS and MMS?
Galaxy s9 confiscated by authoritarian regime. Looking for opinions
GCFA exam passed
Digital Forensics Pathways for International Students in AUS
XSS - Cross Site Scripting
From a self-XSS to a valid XSS with the help of clickjacking on Google.org
Microsoft: We're disabling VBScript in Windows 7, 8 to block attackers | ZDNet
JavaScript with only 5 characters
Cracking my windshield and earning $10,000 on the Tesla Bug Bounty Program
Google deprecates XSS Auditor for Chrome
Outlook for Android XSS
Looking for XSS automation or scanner.
Executing a blind XSS on googleplex.com to get access to Google's internal sites
How to understand XSS?
Hack the old MySpace XSS vulnerability and recreate the MySpace Samy Worm (JS.Spacehero) in HackEDU's MySpace Sandbox.
pwned
Anyone know where to find the 2019 leaked Dubsmash usernames and passwords?
Hacker site’s incriminating database published online by rival group
Chegg.com data breach public disclosure - 35.5 million users with MD5
Poshmark.com data breach public disclosure - 36.1 million users impacted
StockX.com data breach public disclosure - 7.4 million users with MD5
Wirecard.com.br data breach impacts 4.3 million users; SHA1 hash algo used
Misconfigured Jira instances exposed data of hundreds of Fortune 500 companies
University record loss
Troy Hunt: Authentication and the Have I Been Pwned API
Any repository with data from insecure S3 buckets, especially log files?
Cryptography news and discussions
is this strong?
New State of Matter to Boost Quantum Computers - The Happy Neuron
Fix curl SSL certificate problem
The Second Post-Quantum Computing Standardization Conference is Happening this Weekend
Modular conversion, encoding and encryption online
side channel elimination (ePrint: Formal Verification of a Constant-Time Preserving C Compiler)
Passage Cipher - A new way of dealing with ciphers
How to get started in to cryptography ?
The Discrete Logarithm Problem and Diffe-Hellman
A secure, manual crypto system
Hack Bloc
Session:Anti Capitalist CTF a(A)a ACAB
CCCamp 2019 Wiki - We will be with the Komona contingent come join us
Cloudflare is terminating it’s service for 8chan.net
GitHub - tg12/RUBC: R U Been being censored?
Mystery man broadcasts pig grunts and obscene abuse on police radio
DWeb Camp 2019 Tickets, Hacker Anarchist Social Justice activists, build a new world! a mix of CCC and BurningMan
Subvertisers for London (2019) #hacking #anticapitalism #activism
Weechat for Matrix with e2ee
DarkDuckGo
Spot the Surveillance