[ News | Blogs | Reddits | Lists | Media | ? ] HoneyDB

/r/netsec - Information Security News & Discussion
Shelling Apache Felix With Java Bundles
Documenting and Attacking a Windows Defender Application Control Feature the Hard Way — A Case Study in Security Research Methodology
DNS Rebind Toolkit - A front-end JavaScript toolkit for creating DNS rebinding attacks
FileZilla malware
Layer 8 Social engineering conference videos
Frida Engage | Part One | Building an ELF Parser with Frida
Reverse engineering AWS Lambda
BSides London 2018 Talks Now Online
How I hacked Apple.com
Containers and cloud security
Malware Analysis & Reports
Browser Cryptojacking Samples
Beginner Malware Reversing Challenges - MalwareTech
Security Conferences focused on Malware/botnets and analysis (the ones i know of, hopefully there is more)
Betabot still alive with multi-stage packing
MirageFox: APT15 Resurfaces With New Tools Based On Old Ones
Prowli - Or how people make money from unsecured and unpatched machines
Pentester's NTFS Tricks Collection (CVE-2018-1036, NTFS Elevation of Privileges)
Kronos vs. UPAS Kit - The technical analysis (aka. The usual suspect?!)
YouTube Malware Distribution Campaigns & Basic Operation Analysis (Article)
InvisiMole spyware hunting for secrets while staying deep in the shadows since 2013
blackhat library: Documenting blackhat hacking techniques
The Teens Who Hacked Microsoft's Xbox Empire—And Went Too Far
Zeratool: Automatic Exploit Generation (AEG) and remote flag capture for exploitable CTF problems
Mach-O Tricks (PDF warning)
Unix Wildcards Gone Wild (2014)
How to Exploit a Router Using RouterSploit
phpMyAdmin 4.8.x Authenticated LFI -> RCE
Reverse Shell from an OpenVPN Config File
Backdooring PE files with ASLR
What is a command injection vulnerability and how do you protect against it? Can you figure out the vulnerability in the application once the command injection is fixed?
An in depth look at phishkits. (part of the ActiveAntiPhish project).
Discussion and Disclosure of Web Vulnerabilities
Advanced CORS Exploitation Techniques (x-post from /r/netsec)
Is there a way for me to see what a man in the middle attacker would see if he were to look at the data leaving my computer?
Restaurant website uses http form requesting credit card for reservations
User submitted images security precautions
Attacks on Cassandra Database
Meet WebARX - The Web Application Firewall for Digital Agencies
Few methods of how WAF can be bypassed on your web application.
How to keep site login secure?
Book review: "OAuth 2 In Action" by Justin Richer and Antonio Sanso
Introducing Snallygaster - a Tool to Scan for Secrets on Web Servers
Computer Forensics
view activity from 6 months ago
afro (APFS file recovery)
A hacker figured out how to brute force iPhone passcodes
Registry Key for reset IE settings
MFTECmd is my take on an...MFT parser! Try it out and compare it against your favorite!
Image File Comparison Tools
Drone Forensics Gets a Boost With New Data on NIST Website
Digital Forensics – PlugX and Artifacts left behind
Using the Office 365 Activities API to Investigate Business Email Compromises
APFS / macOS Forensics books recommendations?
XSS - Cross Site Scripting
Whats difference between ' " and `? Where can I read about that?
Simulate ENTER keypress event with Javascript on textarea form element.
Firefox uXSS and CSS XSS
Steam, Fire, and Paste - A Story of UXSS via DOM-XSS & Clickjacking in Steam Inventory Helper
How to bypass filter x-javascript:?
Why isn't my injection firing, it looks perfect! - An XSS Troubleshooting Guide
What is XSS? Cross-site Scripting Explained
Microsoft Word Document Upload to Stored XSS: A Case Study
How I Found Stored XSS in Yahoo!
Possible to circumvent server-side RegEx string sanitization?
pwned
flightradar24.com breach
How hacked websites are used by hackers to monetize traffic
Chinese video streaming platform AcFun reveals security breach
Open Redirect Vulnerability @SCB.se
Database hacked of India’s Popular Sports company- How I was able to exploit Host Header to find out SQL injection, bypassing rule using sqlmap tamper script and later on dump the database.
MyHeritage Says Over 92 Million User Accounts Have Been Compromised
A teen phone spying app has leaked thousands of user passwords [x-post: /r/privacy]
The SEC created its own scammy ICO to teach investors a lesson
ZooPark, Iranian APT leaked data, Please Mirror.
Cyber attack may have exposed the personal information of 8000 Family Planning NSW clients
Cryptography news and discussions
"Software" Security Role
MD5 hash decryption need help!!
Elliptic curves in simple Weierstrass form (video series)
Can't decrypt big file after encrypting with picocrypt
As an undergrad in CS should I prioritize applied Crypto knowledge or math
[Newbie] Your thoughts on my project.
How does elliptic curve domain parameters be chosen?
Encryption alone is not enough
Mental Poker Demonstration in Go
CipherSweet: Fast, searchable field-level encryption for PHP projects
Hack Bloc
10 Common Hacking Techniques
Private Instant-Messenger Keeps You Anonymous on All Browsers & Devices.
how to hack wifi || Capture Handshake & decrypt WPA/WPA2
Talking with Phineas Fisher: Hacking as Direct Action against the Surveillance State
Tech Workers Versus the Pentagon -- Workers at Google just scored an impressive victory against US militarism.
HackBack! Talking with Phineas Fisher - Hacking as Direct Action against the Surveillance State
Forget The GDPR, The EU's New Copyright Proposal Will Be A Complete And Utter Disaster For The Internet
Bail Bloc
Hey all, I started a pretty active Liberation Tech room on Matrix, come have a look!
This Device could bring emergency power to Puerto Rico