[ News | Blogs | Reddits | Lists | Media | ? ] HoneyDB

/r/netsec - Information Security News & Discussion
Building REST APIs for hacking tools
Webex Meetings are vulnerable to Mitm
Risk of Phishing Attacks and Malware Downloads from Visiting Adult Websites - WebTitan
Results published for keys.openpgp.org OSINT analysis
Getting Started with ATT&CK: Detection and Analytics
Page Admin Disclosure || Facebook Bug Bounty 2019
Hack The Box - Querier Write-up by 0xRick
awesome-yara: A curated list of awesome YARA rules, tools, and people.
Operation Crack: Hacking IDA Pro Installer PRNG from an Unusual Way
We are security researchers at Carnegie Mellon University's Software Engineering Institute, CERT division. I'm here today with Zach Kurtz, a data scientist attempting to use machine learning techniques to detect vulnerabilities and malicious code. /r/netsec, ask us anything!
Malware Analysis & Reports
Patch This Vulnerability Now to Avoid WannaCry Style Malware Attack
Malware Restore - Incidents happen which affect business operations
Fake Game of Thrones Video Files Embedded with Malware
Reality of signed files
Analysis of the Uroburos malware with a dynamic solution
Good day! GandGrab (v5.2) Decryption tool by Bitdefender has been released!
New technique to bypass SMS permission restriction on Google Play to obtain 2FA & OTP codes
Detecting (Malware) Persistence in Memory (X-Post)
I created a website that compares the privacy and security of online services, and I need your help
Malware analysis lab guide needed
blackhat library: Documenting blackhat hacking techniques
I created a website that compares the privacy and security of online services, and I need your help
Electronegativity is a tool to find vulnerabilities and security anti-patterns in Electron apps. A new improved version (v1.3.0) has just been released!
Physical Pen testing
Code Analysis of Basic Cryptomining Malware
How To Maximize Anonymity?
Analyzing a Coin Mining and Remote Access Hybrid Campaign
Where do I learn more?
Gaining access for fun
What folders (excluding current user folders) are always writable to in Windows? (looking for a list, thanks!)
WD My Cloud RCE
Discussion and Disclosure of Web Vulnerabilities
Web application security testing methodology / checklist / mindmap
How To Choose Right SSL Certificate?
How I was able to access AWS credentials by first finding an unusual redirection then getting kind of Remote File Inclusion (RFI), escalating it to Server Side Request Forgery (SSRF) and finally getting hold of AWS EC2 Credentials.
Help with securing a Wordpress site on AWS's EC2 + LEMP (Ubuntu, Nginx, MySQL & PHP-FPM)
How I was able to bypass the application firewall then bypass web cache layer to get hold of AWS credentials via SSRF in one of the biggest stock broker company?
Client-Side - The Security Blindspot of your Website
Subdomain Takeover: Microsoft loses control over Windows Tiles
The Ping is the Thing: Popular HTML5 Feature Used to Trick Chinese Mobile Users into Joining Latest DDoS Attack | Imperva
5 Surprisingly Easy Ways We Let People Steal Our Identity.
RCE on Social Warfare went (luckily) undetected
Computer Forensics
How do you run your forensics distribution ?
Best way to recover data from hard drive.
How can I get experience, when everyone wants it, but no one seems to give it?
[Question] Kai OS with UFED Physical Analyzer
So I've been exploring my interests in cyber sec for a while and thing computer Forensics (and its sub-fields) might be best for me. But I'm also studying for my A+ cert to break into IT. Any ideas on how to balance honing my skills while also studying for the exam?
What open-source tools have you used that are no longer working?
What kind of mental toll has the job taken on you from the kind of stuff you've been exposed to
APFS to exFat size bug?
Operationalize the Power of HackerTarget’s Security Tools with IncMan SOAR
What specification of computer is suitable for an imager
XSS - Cross Site Scripting
Looking for XSS automation or scanner.
Executing a blind XSS on googleplex.com to get access to Google's internal sites
How to understand XSS?
Hack the old MySpace XSS vulnerability and recreate the MySpace Samy Worm (JS.Spacehero) in HackEDU's MySpace Sandbox.
from parameter pollution to XSS
XSS without parentheses and semi-colons
How can I bypass some filters for an XSS attack in Firefox?
Tale of a Wormable Twitter XSS
Simple site
How to prevent web browser to URL encode a quote
pwned
Australian Catholic University data breach
Password breaches with docker and h8mail
Have I Been S0ld? Troy Hunt’s “Have I Been Pwned” security website is up for acquisition
U.S. Customs and Border Protection says traveler photos and license plate images stolen in data breach
Have you ever wondered how much leaked DB's are sold for before someone uploads it for everyone?
Tech Data leaked 264GB in client data to include payment information, passwords, and API keys
Millions of machines affected by command execution flaw in Exim mail server
Google confirms that advanced backdoor came preinstalled on Android devices (...in 2017)
LabCorp: 7.7 Million Consumers Hit in Collections Firm Breach
Quest Diagnostics says 11.9 million patients' financial and medical information may have been exposed in data breach
Cryptography news and discussions
macOS and Yarrow [Update]
How do you generate supersingular isogeny graphs?
How Does IV Work in Block Cipher?
Introducing CIRCL: An Advanced Cryptographic Library
Elliptic Curve searchable encryption for message delivery
How to decrypt .ts file (AES-128) with OpenSSL?
SSH gets protection against side channel attacks
How do password managers know your credentials to submit to the various services? (Gmail, Facebook, IG etc)
Addressing GOLDEN DOODLE & ZOMBIE POODLE without disabling CBC
128-bits collision resistance is less scary than 128-bit preimage resistance
Hack Bloc
DWeb Camp 2019 Tickets, Hacker Anarchist Social Justice activists, build a new world! a mix of CCC and BurningMan
Subvertisers for London (2019) #hacking #anticapitalism #activism
Weechat for Matrix with e2ee
DarkDuckGo
Spot the Surveillance
Capitalism has to go.
The Microsoft Windows _NSAKEY backdoor
Hacker group posts hundreds of law officer records: The Associated Press counted at least 1,400 unique records of employees of the FBI, Secret Service, Capitol Police, U.S. Park Police and other federal agencies as well as police and sheriffs’ deputies in North Carolina and Florida.
The Anarcho Hacker Manifesto (2018) v.2 [The Anarchist Library]
5 Surprisingly Easy Ways We Let People Steal Our Identity.