recentpopularlog in
« earlier  
(429) https://twitter.com/i/web/status/965065050049404929
Good thread. I've done infosec interviewing and I have a ton of certs that one employer or another wanted me to ge…
3 hours ago
ROP, NX and ASLR - A Love Triangle - Remote Code Execution - CVE-2018-5767 - Fidus InfoSecurity | Cyber Security, Penetration Testing, Red Teaming
In this post we will be presenting a pre-authenticated remote code execution vulnerability present in Tenda’s AC15 router. We start by analysing the vulnerability, before moving on to our regular pattern of exploit development – identifying problems and then fixing those in turn to develop a working exploit.
exploit  development 
yesterday
Twitter
Today is my last day at have to say it has been some fun 7yr. Will miss my team and others. Now a…
yesterday
Twitter
I had to research Python secure coding standards recently. Turns out has a very useful secure developmen…
2 days ago
The Murray Gell-Mann Amnesia effect | SeekerBlog
In any case, you read with exasperation or amusement the multiple errors in a story-and then turn the page to national or international affairs, and read with renewed interest as if the rest of the newspaper was somehow more accurate about far-off Palestine than it was about the story you just read. You turn the page, and forget what you know.
psychology  journalism 
2 days ago
WSH Injection: A Case Study – Posts By SpecterOps Team Members
Some environments use whitelisting to prevent unsigned Windows Scripting Host (WSH) files from running, especially with the rise of malicious .js or .vbs files. However, by “injecting” our malicious code into a Microsoft signed WSH script, we can bypass such a restriction.
whitelist  pentest 
3 days ago
FOSDEM 2018 - DTrace for Linux
I would like to show some real life examples how DTrace can be used to inspect running system or as source for external telemetric system.
dtrace  linux 
3 days ago
Linux'izing your Windows PC into a dev machine – Part 1 | cepa.io
Prerequisites
Installing Bash on Windows (WSL)
Getting a decent terminal
Running Linux desktop apps with X server on Windows
Docker with WSL
Vagrant with WSL
LAMP stack for PHP development
MEAN stack for Node.js development
DevOps tools for Amazon AWS
Networking tools
Cygwin vs WSL
Tips & Tricks
Issues
linux  windows  wsl 
3 days ago
How to Bypass Application Whitelisting & AV - Black Hills Information Security
Here, we will show you one method of bypassing some application whitelisting products.
pentest 
3 days ago
Car Hacker's Handbook
Build an accurate threat model for your vehicle
Reverse engineer the CAN bus to fake engine signals
Exploit vulnerabilities in diagnostic and data-logging systems
Hack the ECU and other firmware and embedded systems
Feed exploits through infotainment and vehicle-to-vehicle communication systems
Override factory settings with performance-tuning techniques
Build physical and virtual test benches to try out exploits safely
books  car  cars  hacking  tools  security 
3 days ago
Economists Say the Rise of Monopoly Power Explains Five Puzzling Trends - Bloomberg
Two changes explain all the discrepancies, they say. First, there’s been an increase in monopoly power, likely caused by an increase of power in the hands of dominant companies. Second, productivity growth has slowed and the population has aged, driving down the natural rate of interest.
economics 
3 days ago
Kialo - Empowering Reason
Kialo is designed to facilitate constructive debate about the most important issues in the world, without turning into the usual Internet Shouting Factory. We aspire to become not just where you come to argue, but also where you can explore the reasons why people disagree and see diverse points of view on the issues that matter.
economics  politics  debate 
3 days ago
StreisandEffect/streisand: Streisand sets up a new server running L2TP/IPsec, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, a Tor bridge, and WireGuard. It also generates custom instructions for all of these services. At the end of the run yo
Streisand sets up a new server running L2TP/IPsec, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, a Tor bridge, and WireGuard. It also generates custom instructions for all of these services. At the end of the run you are given an HTML file with instructions that can be shared with friends, family members, and fellow activists.
github  privacy  security  tool  vpn 
3 days ago
Mark J. Wielaard » Blog Archive » dtrace for linux; Oracle does the right thing
At Fosdem we had a talk on dtrace for linux in the Debugging Tools devroom.

Not explicitly mentioned in that talk, but certainly the most exciting thing, is that Oracle is doing a proper linux kernel port:
linux  dtrace  tools 
3 days ago
Mexican Cuisine With a California Vibe Arrives In Irving - Eater Dallas
Charlie Green of Olivella’s envisioned the concept when he traveled Southern California in search of the perfect Mexican street food. In his travels, Green visited the state’s barely-surviving midcentury diners, and wanted to revive that aesthetic in DFW.
restaurnat  dallas 
3 days ago
Restaurateur Opens Third West End Business, a Cocktail Bar and Patio Lounge
As DFW's Asian Food Scene Booms, 30-Year Mainstay Jeng Chi Still Stands Out
restaurant 
3 days ago
Bill Gates says tech firms invite scrutiny in government showdowns | TheHill
"The tech companies have to be ... careful that they're not trying to think their view is more important than the government's view, or than the government being able to function in some key areas," Gates said in an interview with Axios.

IT's SAD THAT EVEN THE RICHEST MAN IN THE WORLD HAS TO KOWTOW, HONESTLY.
wealth  politics 
3 days ago
Gambler - Hacking and other stuffs
Recently I posted how to get ssh password using strace, but it’s no 100% effective, because the strace output changes on different distros, so searching for another approach I found this site ChokePoint where they show how to create a PAM module using python to log failed attempts on ssh, now all I have to do, was change where they log the password.
ssh  pentest 
3 days ago
Blog
Evolving a Decompiler
decompiler 
3 days ago
11 Excellent Dallas Brunch Spots
This city is practically littered with excellent brunch options, but these 11 spots are definitely worthy of any brunch bucket list. Carpe chilaquiles, Dallas.
restaurants 
3 days ago
The 2018 Toyota Camry might be proof most people don’t care about cars | Ars Technica
On the inside, things probably weren't helped by the Camry's bright red leather interior. It looks like the office of what Terry Pratchett memorably called a lady of negotiable affection

I LAFFED
cars 
3 days ago
College football games are too damn long. I have 3 solutions so far. | Bill Connelly for college football commissioner
College football games averaged nearly three and a half hours in 2016, and some went for nearly five hours. One game lasted so long, Mack Brown had to leave the announcer's booth on air. That’s absurd, and people have plenty of ideas on how to rectify that.

Some of those ideas are ridiculous. We’re not going to change quarter length from 15 minutes to 12. It seems unfair to reduce the number of replays in a game; if your officiating crew is having a bad night, saying "just accept it" doesn’t work.
football 
3 days ago
Lessons from 3,000 technical interviews… or how what you do after graduation matters way more than where you went to school – interviewing.io blog
But, even with that, I’d be hard pressed to say that completing great online CS classes isn’t going to help you become a better interviewee, especially if you didn’t have the benefit of a rigorous algorithms class up until then. Indeed, a lot of the courses we saw people take focused around algorithms, so it’s no surprise that supplementing your preparation with courses like this could be tremendously useful. Some of the most popular courses we saw were:
career  interview  interviews  learning 
3 days ago
The cost of forsaking C – Bradfield
We give students four reasons for learning C:
It is still one of the most commonly used languages outside of the Bay Area web/mobile startup echo chamber;
C’s influence can be seen in many modern languages;
C helps you think like a computer; and,
Most tools for writing software are written in C (or C++)
c 
3 days ago
The Intellectual War on Science - The Chronicle of Higher Education
The most frequently assigned book on science in universities (aside from a popular biology textbook) is Thomas Kuhn’s The Structure of Scientific Revolutions. That 1962 classic is commonly interpreted as showing that science does not converge on the truth but merely busies itself with solving puzzles before lurching to some new paradigm that renders its previous theories obsolete; indeed, unintelligible. Though Kuhn himself disavowed that nihilist interpretation, it has become the conventional wisdom among many intellectuals. A critic from a major magazine once explained to me that the art world no longer considers whether works of art are "beautiful" for the same reason that scientists no longer consider whether theories are "true."
science  culture 
3 days ago
The Burdensome Myth of Romantic Love | David C. Dollahite and Betsy VanDenBerghe | First Things
Americans increasingly value romance over the institution of marriage, just as they shun religious institutions for the ethereal appeal of spirituality. But even as we fall out of love with institutions, we continue to have the needs they once satisfied, displacing those needs onto relationships that collapse under a weight only God and faith can lift.

NOT EXACTLY, BUT CLOSE ENOUGH.
love  romance  relationships  religion 
3 days ago
BBC - Future - An effortless way to improve your memory
In each case, the researchers simply asked the participants to sit in a dim, quiet room, without their mobile phones or similar distractions. “We don’t give them any specific instructions with regards to what they should or shouldn’t do while resting,” Dewar says. “But questionnaires completed at the end of our experiments suggest that most people simply let their minds wander.”
learning  memory 
3 days ago
The Plan to Extract Rare Earth Metals from Coal Mining Waste - Motherboard
They say one person’s trash is another person’s treasure, and that could quite literally be the case for toxic coal mine waste. A group of researchers at West Virginia University is currently building a prototype treatment facility that will clean up runoff from old coal mines while simultaneously skimming out rare earth metals—the difficult-to-separate elements needed to make high tech products, including smartphones.
business  environment 
3 days ago
West sent lizards as nuclear spies, claims Iran defense official – Ars Technica
The senior military advisor to Iran's supreme leader Ayatollah Ali Khamenei claimed in a press conference in Tehran today that Western nations had deployed reptiles as nuclear spies. Agence France-Presse reports that Hassan Firuzabadi, previously chief of staff of Iran's military, justified the recent arrest of environmentalists by claiming that the West had used scientists and environmental activists to spy on Iran's nuclear program by deploying lizards that could "attract atomic waves."
iran  idiocracy  foreignpolicy  politics 
3 days ago
Could Self-Driving Trucks Be Good for Truckers? - The Atlantic
The other set of numbers in the model—the utilization rate of the self-driving trucks—is the component that leads Uber to a different analysis of the effect that these vehicles will have on truckers. Basically, if the self-driving trucks are used far more efficiently, it would drive down the cost of freight, which would stimulate demand, leading to more business. And, if more freight is out on the roads, and humans are required to run it around local areas, then there will be a greater, not lesser, need for truck drivers.
driving  economics  trucking  business  finance  uber 
3 days ago
U.S. Strikes Killed Scores of Russia Fighters in Syria, Sources Say - Bloomberg
The Russian assault may have been a rogue operation, underscoring the complexity of a conflict that started as a domestic crackdown only to morph into a proxy war involving Islamic extremists, stateless Kurds and regional powers Iran, Turkey and now Israel. Russia’s military said it had nothing to do with the attack and the U.S. accepted the claim. Defense Secretary Jim Mattis called the whole thing “perplexing,” but provided no further details.
syria  russia  war  foreignpolicy 
3 days ago
Ask HN: What project did you tackle to learn C? | Hacker News
For those who don't know the backstory (many here will) -- crypto is hard to implement correctly; protocols are hard to implement correctly; and C isn't the easiest language to use. [Disclaimer: I've used C "since forever", love it, and am pretty decent with it, but I've made my goofs. I've also implemented crypto & protocols myself, neither probably very well...]
Apparently in ~1995, Eric A. Young ("EAY") decided to implement his own SSL stack (called "SSLeay"), at least partially with the goal of learning the C programming language.
At some point, SSLeay became OpenSSL, EAY moved off the project, and OpenSSL went on to become a staple of network computer security (and insecurity).
I can't find a reference to back this up right now, but I know I've seen it in the past somewhere credible enough that I'm here repeating the folklore.
c  openssl  funny 
3 days ago
(429) https://twitter.com/i/web/status/963438676884770816
As a pen tester I am usually one of the people adding stress to the SOC, as in "why didn't you catc…
4 days ago
Twitter
Thanks for saying that. If I can end a day knowing I’ve helped someone better empathize with someone else ac…
4 days ago
(429) https://twitter.com/i/web/status/963436724591480832
Whole thread is good. I've never worked in a SOC (I did vendor assessment and vuln management briefly, and before…
4 days ago
cloudtracer/paskto: Paskto - Passive Web Scanner
Paskto will passively scan the web using the Common Crawl internet index either by downloading the indexes on request or parsing data from your local system. URLs are then processed through Nikto and known URL lists to identify interesting content.
webapp  pentest 
5 days ago
Replicator
Replicator helps developers to reproduce issues discovered by pen testers. The pen tester produces a Replicator file which contains the findings in the report. Each finding includes a request, associated session rules or macros, and logic to detect presence of the vulnerability. The tester sends the Replicator file to the client alongside the report. Developers can then open the file within Burp and replicate the issues. When vulnerabilities have been fixed, Replicator provides confirmation that the attack vector used in the pen test is now blocked. A retest is still recommended, in case alternative attack vectors remain exploitable.
burp  webapp  pentest  report 
5 days ago
Twitter
RT : ssh-audit is a tool for checking the security of SSH servers (think of it as like SSL Labs for your SSH server), wh…
5 days ago
Twitter
I’ve been looking looking at IDS logs (Security Onion). You can learn a lot from them. CapMe…
5 days ago
codeexpress/respounder: Respounder detects presence of responder in the the network.
Respounder sends LLMNR name resolution requests for made-up hostnames that do not exist. In a normal non-adversarial network we do not expect such names to resolve. However, a responder, if present in the network, will resolve such queries and therefore will be forced to reveal itself.
responder  security  tool 
5 days ago
R-Smith/tcpTrigger: A windows service that notifies you of incoming network connections
As far as I know, tcpTrigger is currently the only solution capable of detecting NetBIOS and LLMNR name poisoning.  The way it works is very simple:  every few minutes it broadcasts NetBIOS and LLMNR name queries for fictitious names, and if a response is returned, an alert is triggered.
responder  windows  security  tool  github 
5 days ago
These Two ETFs could go Bankrupt in a Flash – MKTSTK
This opens up the scenario that a fund may exhaust all its investor’s capital and have to liquidate its positions in a possibly illiquid and unfriendly environment. Today we present two such funds that at first glance do not look like they fall into a liquidity trap: XIV and SVXY. Rest assured, however, these two funds will suddenly and violently go to zero.

FROM 2014. XIV DID GO TO ZERO. GOOD CALL.
etf  finance 
5 days ago
Difference Between apt and apt-get Explained
Bottom line: apt=most common used command options from apt-get and apt-cache.
debian  linux  sysadmin  ubuntu 
5 days ago
Type-Checking Python Programs With Type Hints and mypy - YouTube
Avoid the bugs that Python type hinting will catch in the first place and see how to write clean and Pythonic code
python 
5 days ago
Get Ready for Most Cryptocurrencies to Hit Zero, Goldman Says - Bloomberg
Most digital currencies are unlikely to survive in their current form, and investors should prepare for coins to lose all their value as they’re replaced by a small set of future competitors, Goldman’s Steve Strongin said in a report dated Feb. 5. While he didn’t posit a timeframe for losses in existing coins, he said recent price swings indicated a bubble and that the tendency for different tokens to move in lockstep wasn’t rational for a “few-winners-take-most” market.
bitcoin  cryptocurrency 
5 days ago
Science Says Silence Is Much More Important To Our Brains Than We Think
Follow-up research found that the default mode is also used during the process of self-reflection. In 2013, in Frontiers in Human Neuroscience, Joseph Moran et al. wrote, the brain’s default mode network “is observed most closely during the psychological task of reflecting on one’s personalities and characteristics (self-reflection), rather than during self-recognition, thinking of the self-concept, or thinking about self-esteem, for example.”
When the brain rests it is able to integrate internal and external information into “a conscious workspace,” said Moran and colleagues.
meditation 
5 days ago
Code your own blockchain in less than 200 lines of Go!
Almost every developer in the world has heard of the blockchain but most still don’t know how it works. They might only know about it because of Bitcoin and because they’ve heard of things like smart contracts. This post is an attempt to demystify the blockchain by helping you write your own simple blockchain in Go, with less than 200 lines of code!
go  cryptocurrency  programming 
5 days ago
Podcast #377: 12 Rules for Life With Jordan Peterson | The Art of Manliness
Well, my guest today says that perhaps the way you start to get out of that rut is to clean your room, bucko. His name is Jordan B. Peterson, and I’ve had him on the show before. Peterson is a psychoanalyst and lecturer, and he’s got a new book out called 12 Rules for Life: An Antidote to Chaos. Today on the show, Dr. Peterson and I discuss why men have been disengaging from work and family and why his YouTube lectures resonate with so many modern men.
podcast  jordanpeterson  politics  culture  psychology 
5 days ago
CodeNewbie
If you've heard of containers and this thing called Kubernetes, but you're not sure exactly how they work and what they are, this episode is for you. Kelsey Hightower of Google gives us a newbie friendly tour of the world of containers. We talk about what problems they solve, and what new developers should know about them.
kubernetes  podcasts 
5 days ago
thefLink/HEXER: Fuzzing Suite
File format fuzzer for Windows and Linux ( in combination with ASAN ).
fuzzing  linux  vulnerability  windows  github 
5 days ago
Yubikey All The Things | EngineerBetter | More than Cloud Foundry specialists
Each team member now has a single Yubikey USB security device that does all of the following:
Stores and loads our personal SSH keys
Provides one-touch two-factor authentication
Stores and recalls our 1Password secret keys
2fa  security  ssh  yubikey 
5 days ago
This Tiny Hedge Fund Just Made 8,600% On a Vix Bet - Bloomberg
On Jan. 2, the managers put down $200,000 on what looked like a lottery ticket, with each SVXY put costing 34 cents. On Feb. 6, they sold the 6,300 contracts at about $28 each, leaving them with $17.5 million.
trading  finance  economics 
5 days ago
If you haven't already killed Lotus Notes, IBM just gave you the perfect reason to do it now, fast • The Register
All that's needed to reproduce the bug, Borup wrote, is to compile his proof-of-concept code and give it a static link as MSIMG32.dll; copy that file to C:\windows\temp; and run sc control lnsusvc 136 at the command line.
ibm  lotusnotes  security  pentest 
5 days ago
Eplox/TCP-Starvation
Some time ago, I found a design flaw/vulnerability which affects most TCP services and allows for a new variant of denial of service. This attack can multiply the efficiency of a traditional DoS by a large amount, depending on what the target and purpose may be.

The idea behind this attack is to close a TCP session on the attacker's side, while leaving it open for the victim. Looping this will quickly fill up the victim’s session limit, effectively denying other users to access the service.
tcp  security  ddos 
5 days ago
Direct Instruction: A Half Century of Research Shows Superior Results - Marginal REVOLUTION
Direct Instruction was pioneered by Siegfried Engelmann in the 1960s and is a scientific approach to teaching. First, a skill such as reading or subtraction is broken down into simple components, then a method to teach that component is developed and tested in lab and field. The method must be explicitly codified and when used must be free of vagueness so students are reliably led to the correct interpretation. Materials, methods and scripts are then produced for teachers to follow very closely. Students are ability not age-grouped and no student advances before mastery. The lessons are fast-paced and feedback and assessment are quick. You can get an idea of how it works in the classroom in this Thales Academy promotional video. Here is a math lesson on counting. It looks odd but it works.
education 
5 days ago
Pssst: Crime May Be Near an All-Time Low - Bloomberg
There's been a lot of talk over the past couple of years about rising crime. For good reason: Violent crime and murder were in fact up in the U.S. in 2015 and 2016. Early indications are that crime rates fell in 2017, though. 1 And the really big crime story of our time remains how much it has fallen in this country over the past quarter-century.
crime  politics 
5 days ago
The Economy Is Full of Crypto (And Collective Delusion) - Bloomberg
"Berkeley is the center of the resistance, and for the resistance to work, it must have a coin," says a city council member, in a sentence that makes as little sense as every other sentence in this story. You can just sell the municipal bonds. Why sell "tokens" that are backed by municipal bonds? Fine, fine, you want to issue the bonds "on the blockchain"? I will allow it, you gotta keep track of the bonds somehow, that is some harmless buzzwordery. But throwing in the buzzword "token" is, I think, a bridge too far.
cryptocurrency  politics 
5 days ago
We Need Everyone at the Immigration Table - Bloomberg
As someone who wants strong counter-majoritarian protections for all sorts of minority rights, this troubles me. But even if it doesn’t bother you to declare that millions of voters need to be kept out of the political process, you should be troubled by the evidence that it hasn’t worked. The conspiracy has been out-conspired; the experiment has blown up. It’s time to abandon the magic formula before the damage gets worse.
politics 
5 days ago
There's a Time Bomb Bigger Than the VIX in the Market - Bloomberg
The worry is that investors will stampede out of loan ETFs, which account for about $10 billion of the $156 billion in loan fund investments, faster than the ETF managers can sell the underlying loans in their portfolio. This would cause a gap in the value of the ETF and the value of the loans in it, or worse, the possibility the funds may not be able to immediately come up with money for investors looking to cash out. Fear of not being able to get your money back is what causes bank runs and financial mayhem in general.
economics  investing 
5 days ago
« earlier      
per page:    204080120160

Copy this bookmark:





to read