recentpopularlog in
« earlier  
XSS Vulnerabilities Found In Tinder | Information Security Buzz
Over the past weeks we have seen massive impacts to sensitive and personal data exposure resulting from DOM manipulation and behaviour modification that is possibly due to the nature of browser-applications being streamed and assembled at run time in a consumer’s browser.  From malicious browser plugins to Magecart, the browser poses a significant attack vector that is resulting in consumer loss, and the erosion of trust in businesses.
xss 
4 days ago
Twitter
This is the epitome of transferable job skills
6 days ago
How Does The Kubernetes Networking Work? : Part 1 - Level UpLevel Up
To stay focused and less loaded, I have decided to split the post into three different posts. The first part includes containers and pods. The second part includes service examination and the extraction layers. They allow the pods to be ephemeral. The third part includes ingress and accumulating traffic to the pods from outside the cluster.
kubernetes  networking 
6 days ago
A System for Remembering What you Read
I’d argue that a better approach is to build a latticework of mental models. That is, acquire core multi-disciplinary knowledge and use that as your foundation. This is the best investment because this stuff doesn’t change, or if it does, it changes really slowly. This knowledge becomes your foundation.
books  memory  productivity  reading  learning 
6 days ago
The OSINT Podcast
This is the Open Source Intelligence (OSINT) podcast. Here I will discuss news related to social media, data privacy, open source intelligence, investigative journalism as well as talk about tools and resources you can use to improve your research.
blogs  osint  podcast 
6 days ago
Terminalizer - A Tool To Record Your Terminal And Generate Animated Gif Images | 2daygeek.com
Terminalizer allow users to record their terminal activity and allow them to generate animated gif images. It’s highly customizable CLI tool that user can share a link for an online player, web player for a recording file.
terminal  linux  cli  video 
6 days ago
The Rise of C# and using Kali as a C2 Server with SILENTTRINITY – root@Hausec
byt3bl33d3r, who wrote crackmapexec, Empire, and Deathstar, developed a tool called SILENTTRINITY, which utilizes IronPython to create the C# code in python, then develop the XML file needed by msbuild (If using that payload option). This is how it works:
silenttrinity  pentest  c2  C# 
9 days ago
Twitter
Use unicornscan to quickly scan all open ports, and then pass the open ports to nmap for detailed scans.

9 days ago
Twitter
I just watched the Kanye WH video. I don't agree with everything he said, but in the media circus reporting, I susp…
10 days ago
Twitter
Thinking of my mom today she always loved the “ leaves “ and went to the mountains every fall to see them this is…
10 days ago
Twitter
RT : Those who demanded Facebook & other Silicon Valley giants censor political content - something they didn't actually…
10 days ago
Twitter
RT : While I have made a big deal about how easy Mallet is to set up, and doesn't REQUIRE iptables rules IF you control…
11 days ago
Twitter
RT : The one guy watching the trade war thinking FINALLY THIS IS MY MOMENT
11 days ago
Twitter
Sexy Meeting With Federal Regulators. Not sure the neighborhood kids are gonna get it.
12 days ago
Twitter
"Domain Controller as Print Server + Unconstrained Kerberos Delegation = Pwned Active Directory Forest", by Sean Me…
12 days ago
Twitter
So, if we fight right-wing collectivism with left-wing collectivism, this is what we get? It's almost as if the sol…
12 days ago
Twitter
I'm sure the behavior is vile, but I wouldn't know because I can't stay for more than 5 minutes without…
13 days ago
Twitter
I will be retweeting this as DEFCON is reapproaching next year.
13 days ago
Twitter
This makes me a little sad. For I seem to recall a legendary article in which the New York Times referred to Meatlo…
13 days ago
Twitter
We talk about this a bit on the podcast getting posted this week, but I don’t like the trend of “my friends and I a…
13 days ago
Twitter
If you ever get access to a jenkins server, you can decrypt stored credentials via the script console using println…
14 days ago
(429) https://twitter.com/i/web/status/1048732205202268160
Configure & build a full-blown embedded system starting with the bootloader! Embedded/IoT L…
16 days ago
Twitter
Great presentation on IPv6 by at . I had a whole unit on it for my CCNP and I learned…
17 days ago
Twitter
I think the first stage looks like a little be-hoodied hacker.
17 days ago
Twitter
Some people are here to ruin technology for the rest of us.
18 days ago
Twitter
More the cost of firing than hiring, I believe. Employee laid off with 10 years service at a Fortune 5…
18 days ago
Schelling fences on slippery slopes - LessWrong 2.0
Slippery slopes legitimately exist wherever a policy not only affects the world directly, but affects people's willingness or ability to oppose future policies. Slippery slopes can sometimes be avoided by establishing a "Schelling fence" - a Schelling point that the various interest groups involved - or yourself across different values and times - make a credible precommitment to defend.
gametheory  rationality 
18 days ago
Building A Network Automation Lab | Lab Time
The management part is a Linux box (Debian 9.5) with Docker being used to provide the automation tools. For routing, I chose BIRD. Free Range Routing and ExaBGP are also possible. I’ve understood ExaBGP to be pretty complex though. Free Range Routing is also a very interesting choice, and not a bad one to have some exposure to for network engineers either because it’s used by Cumulus nowadays. I sticked with BIRD because of its reputation and because I read the documentation and like the philosophy.
lab 
18 days ago
Popping shells on Splunk – n00py Blog
One lesser know trick is that you can use Splunk apps to execute python.  The cool team at TBG Security developed a Splunk app which can be used for pentesting.  They have presented their app at a number of cons in 2017.  Despite this, I feel like very few people know about this tool and I felt it deserved much more attention.
splunk  shell 
18 days ago
Gathering Open Source Intelligence – Posts By SpecterOps Team Members
One constant throughout my career has been my fascination with what can be learned about an organization from basic public records. The aggregation of a multitude of small pieces of information can paint a picture that is sometimes startling in its completeness. Then some holes can be filled-in with small logical leaps and inferences.
osint 
18 days ago
linuz/Sticky-Keys-Slayer: Scans for accessibility tools backdoors via RDP
Establishes a Remote Destop session (RDP) with the specified hosts and sends key presses to launch the accessibility tools within the Windows Login screen. stickyKeysSlayer.sh will analyze the console and alert if a command prompt window opens up. Screenshots will be put into a folder ('./rdp-screenshots' by default) and screenshots with a cmd.exe window are put in a subfolder ('./rdp-screenshots/discovered' by default). stickyKeysSlayer.sh accepts a single host or a list of hosts, delimited by line and works with multiple hosts in parallel.
pentest  rdp  scanner  osint  recon 
18 days ago
Twitter
When I was younger I knew all the state capitals but also I only knew the name of one city in every state. N…
18 days ago
Twitter
Keep singing the words to the tune of Karma Chameleon. Bacon and egg breakfast taco. Yessuh. Getting th…
18 days ago
Twitter
Countries that seem to be better at the cybers than their size or economic power would indicate: Israel, the Nether…
18 days ago
Twitter
Good thread, read from beginning for context. I have seen a lot of backlash against this today but it is a valid f…
18 days ago
Twitter
It gets even better. From the DOJ exhibits ...

Is there a Wikipedia list for most humiliated intelligence agencie…
18 days ago
Twitter
I envy your brain repurposing skills. I can name the 13 colonies, plus all 50 state capitals and most wo…
18 days ago
Twitter
Slow news day in infosec
18 days ago
Twitter
I'm usually totes on board with blaming Security if end users do security wrong, especially at big corps. Awarenes…
19 days ago
Twitter
I eagerly await Michael Avenatti representing me in the § 17200 class action I intend to file when I don't win the…
19 days ago
Twitter
RT : Since bar fights are apparently a popular discussion in... politics? now, here's a thread for how to survive them i…
19 days ago
Twitter
For my friends. I'm playing host to Cyrus Farivar () next week. He'll be in to promote his…
20 days ago
Twitter
[free 28-page eBook] and Cookbook for (and others) …
20 days ago
Twitter
I am not 100% sure this is is what hapless means. He had some haps, he was functionally hapful, so to…
20 days ago
Twitter
RT : Is Pittsburgh The New Austin? The Austin We Hoped And Dreamed Of, The Austin That Was Foretold?…
20 days ago
Twitter
This is a really cool first step towards making SharpSploit easier to use! Love the use of Costura, makes it much e…
20 days ago
Gathering Open Source Intelligence – Posts By SpecterOps Team Members
The key to managing all of this data is automation. By automating the initial research phases, the manual research is much simpler and more easily organized. Automation and reporting will be discussed at the end, in “Phase 4.” Let’s begin with what to look for first.
osint  automation 
20 days ago
Bizarre Particles Keep Flying Out of Antarctica's Ice, and They Might Shatter Modern Physics - Scientific American
And, combining the IceCube and ANITA data sets, the Penn State researchers calculated that, whatever particle is bursting up from the Earth, it has much less than a 1-in-3.5 million chance of being part of the Standard Model.
science  physics 
20 days ago
The Riemann Hypothesis, explained – Jørgen Veisdal – Medium
Present an argument or formula which (even barely) predicts what the next prime number will be (in any given sequence of numbers), and your name will be forever linked to one of the greatest achievements of the human mind, akin to Newton, Einstein and Gödel. Figure out why the primes act as they do, and you will never have to do anything else, ever again.
math 
20 days ago
Twitter
RT : The most effective strategy I've seen for identifying bias in your investigative conclusions (and really, in any co…
20 days ago
Untitled (https://www.pscp.tv/w/1ynJOYYXQYzKR)
Traffic Analysis: TShark Unleashed: Tips n Tricks: Decode-As
21 days ago
Twitter
Pro tip: get the bling fetters
21 days ago
Twitter
Thread. College football is my favorite sport, and the callous indifference to player health and welfare and eel-l…
21 days ago
Twitter
RT : The "Learn You Some Code" Humble Bundle benefits ! Support a great cause and get a bunch of…
21 days ago
Twitter
"But Main Street's still all cracked and broken!"
21 days ago
Operating Systems: Three Easy Pieces
Welcome to Operating Systems: Three Easy Pieces (now version 1.00 -- see book news for details), a free online operating systems book! The book is centered around three conceptual pieces that are fundamental to operating systems: virtualization, concurrency, and persistence. In understanding the conceptual, you will also learn the practical, including how an operating system does things like schedule the CPU, manage memory, and store files persistently. Lots of fun stuff!
os  programming  book 
21 days ago
Twitter
can now be used to check passwords against list, both online and off…
23 days ago
Twitter
Learn post-exploitations from the very basics guides you through 12+hrs of Pow…
23 days ago
Twitter
Wrote a JavaScript parser for XSStrike v3 and it's quite badass.
Now XSStrike is able to generate payloads as compl…
23 days ago
Twitter
I've released SpecuCheck v.1.1.0 which adds support for SSBD/Spectre V4 (CVE-2018-3639) and L1TF/Foreshadow (CVE-20…
24 days ago
Twitter
So making Facebook a central hub for authentication across the internet was a bad idea...and Facebook has one of th…
24 days ago
Twitter
You might be cool, but you’re probably not “wrote our own TCP/IP stacks for IPv4 & IPv6 to avoid detection” cool 😂…
25 days ago
Twitter
[BLOG] Manipulating Named Pipes, Token Privileges, and Minifilters with the Tokenvator v.2 Release - Super cool stu…
25 days ago
(429) https://twitter.com/SparkZheng/status/1045265728318754816/photo/1
iOS 12 Jailbreak on iPhone XS by ! Bypass PAC mitigation on the new A12 chip. That's amazing!!!👏👏👏
26 days ago
Rationality: From AI to Zombies
In modern society so little is taught of the skills of rational belief and decision-making, so little of the mathematics and sciences underlying them… that it turns out that just reading through a massive brain-dump full of problems in philosophy and science can, yes, be surprisingly good for you.
rationality 
26 days ago
50 Useful Docker Tutorials for IT Professionals (from Beginner to Advanced) - Security Boulevard
Containers bring many benefits to DevOps teams along with a number of security concerns. This post brings you details about 50 Docker training resources that are designed to train beginner, intermediate, and advanced practitioners on current knowledge about Docker.
docker 
26 days ago
xip.io: wildcard DNS for everyone
xip.io is a magic domain name that provides wildcard DNS
for any IP address. Say your LAN IP address is 10.0.0.1.
Using xip.io,

10.0.0.1.xip.io resolves to 10.0.0.1
www.10.0.0.1.xip.io resolves to 10.0.0.1
mysite.10.0.0.1.xip.io resolves to 10.0.0.1
foo.bar.10.0.0.1.xip.io resolves to 10.0.0.1
dns 
26 days ago
« earlier      
per page:    204080120160

Copy this bookmark:





to read