The Old Reader

20 Jun 18:55

Windows Incident Response Cheat Sheet

by /u/digicat

submitted by /u/digicat to r/computerforensics
[link] [comments]

18 Jun 14:35

Decrypting SSL/TLS traffic with Wireshark

by Howard Poston

Introduction The Internet wasn’t designed to be secure from the start. Many protocols (such as HTTP and DNS) were designed to serve their purpose of conveying information over the network without spending time on security. However, in the modern Internet, privacy and security are major priorities. As a result, the Transport Level Security (TLS) protocol […]

The post Decrypting SSL/TLS traffic with Wireshark appeared first on Infosec Resources.

Decrypting SSL/TLS traffic with Wireshark was first posted on June 18, 2019 at 8:03 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

14 Jun 22:41

IDA and Decompilers v7.3 have been released!

by /u/trmns

submitted by /u/trmns to r/ReverseEngineering
[link] [comments]

13 Jun 18:43

hm0x14 CTF: reversing a (not so simple) crackme

by /u/aparata_s4tan

submitted by /u/aparata_s4tan to r/ReverseEngineering
[link] [comments]

13 Jun 15:10

How to get caught by Fallout76's anti-cheat

by /u/Douggem

submitted by /u/Douggem to r/REGames
[link] [comments]

05 Jun 14:04

.NET network trace - Collects network traces of .NET applications.

by /u/owen800q

submitted by /u/owen800q to r/csharp
[link] [comments]

03 Jun 20:22

Circle City Con 2019 Videos

Link: http://www.irongeek.com/i.php?page=videos/circlecitycon2019/mainlist
These are the Circle City Con videos. Thanks to the staff for inviting me down to record. Big thanks to @irishjack, @TheHomoHacker, @Paint27, @songsthatsaved, @nogoodrobot, @kitwessendorf, @cxstephens, @uncrustabl3 and others for helping set up AV and record.

Opening

Data Access Rights Exploits under New Privacy Laws
Amber Welch

How to reach and teach youth about Cybersecurity (if anybody will let you)
Jason Smith

More Tales from the Crypt...Analyst
Jeff Man

Could Static Code Analysis and Secure Coding have Saved the Death Star?
Mary Waddick

I’ll Complete My Threat Model Later Mom!: Infosec in Middle School.
Ashley Benitez Smith

Cons & Careers
Steven Bernstein

3D printing canister-launchable drones for city-scale wardriving
Glytch Tech

The Hunter Games: How to find the adversary with Event Query Language
Ross Wolf

Star Wars: How an ineffective Data Governance Program destroyed the Galactic Empire
Micah Brown

Security lessons from the Woofmutt…
Chris Roberts

What The Frida Gave Me: A Novel Take on E-Ticket Forging and E-Ticket Stealing
Priyank Nigam
(Not Recorded)

It's Coming From Inside the House: An Inside-Out Approach to NodeJS Application Security
Yolonda Smith

Get off my lawn… or are we looking for the right people?
Mike (Shecky) Kavka

Endpoint Security, Swimming Through the Snake Oil
Dan Beavin

Do You Have What It Takes? How to Support Your Career From Community Involvement
Kathleen Smith

Catching the Guerrilla: Powershell Counterinsurgency
Aaron Sawyer

SigInt for the Masses: Building and Using a Signals Intelligence Platform for Less than $150
Josh Conway

InfoSuck: The Nasty Bits Of The Industry We Want To Tell Noobs But Aren't Allowed To In Polite Company.
Danny Akacki

Standardizer: a standardization framework for your security alerts
Christian Burrows

Call Of Duty, Modernest Browser Warfare v2
Dhiraj Mishra
(Did not happen)

Information Security Practice Principles a Rosetta Stone for information security work
Susan Sons

What Can Data Science Do for Security?
Wendy Edwards

Deepfakes: If anything can be real then nothing is real
April Wright
(Not Recorded)

Evicting the Password from the Digital Estate
Alex Chalmers

A Theme of Fear: Hacking the Paradigm
Catherine Ullman

Beginning DFIR - How to get started with Cooties
Lisa Wallace

Of CORS it's Exploitable! What's Possible with Cross-Origin Resource Sharing?
Rebecca Deck

Nexus Zeta - How a newbie hacker managed to create a monster botnet
Adi Ikan

5G: Security Pitfalls and Considerations
Swapnil Deshmukh
(Did not happen)

Training and Education for the New Realities of Privacy and Security
Mitchell Parker

Container Security Deep Dive
Yashvier Kosaraju

Hacking Humans: Addressing Vulnerabilities in the Advancing Medical Device Landscape
Gabrielle Hempel

One Random Insecure Wep Application Please (ORIWAP)
Nancy Snoke

an Implantable Computer
Doug "c00p3r" Copeland

Modern AppSec Gotchas
Fletcher Heisler

A Few Things Right: Insights from Live and Simulated Incident Response
Chad Calease

The Resilient Reddit C2
Zach Zenner

Behind The Locked Door: we built an escape room for security awareness
Matthew Southworth Christian Bobadilla

F! Attribution
Xena Olsen Jared Peck

Inside Out Security - Building Castles not Warehouses
Alyssa Miller

Failure Is Not an Option: Developing Realistic Disaster Recovery Tests
Colin Campbell

Wibbly Wobbly: Designing Security for Systems that are Bigger on the Inside
Wolfgang Goerlich

Closing Ceremonies

03 Jun 20:19

How I was able to access AWS credentials by first finding an unusual redirection then getting kind of Remote File Inclusion (RFI), escalating it to Server Side Request Forgery (SSRF) and finally getting hold of AWS EC2 Credentials.

by /u/logic_bomb_1

submitted by /u/logic_bomb_1 to r/websec
[link] [comments]

03 Jun 20:08

Code Analysis of Basic Cryptomining Malware

by /u/kindredsec

submitted by /u/kindredsec to r/blackhat
[link] [comments]

30 May 15:13

microsoft/SymCrypt: Cryptographic library used by current versions of Windows

by /u/knotdjb

submitted by /u/knotdjb to r/crypto
[link] [comments]

30 May 15:12

I finally wrote up my notes on hacking iOS Xamarin apps with Frida!

by /u/fridgehead

submitted by /u/fridgehead to r/netsec
[link] [comments]

30 May 15:00

POC of CVE-2019-0708 (Not Weaponized)

by /u/netsec_burn

submitted by /u/netsec_burn to r/blackhat
[link] [comments]

29 May 17:54

Experience the security flaw in Whatsapp hands-on

by /u/DebugDucky

submitted by /u/DebugDucky to r/netsec
[link] [comments]

28 May 19:42

CVE-2019-0708: A Comprehensive Analysis of a Remote Desktop Services Vulnerability

by /u/RedmondSecGnome

submitted by /u/RedmondSecGnome to r/ReverseEngineering
[link] [comments]

28 May 13:54

Frida 12.6 is out with major stability improvements on all platforms

by /u/oleavr

submitted by /u/oleavr to r/ReverseEngineering
[link] [comments]

26 May 17:09

Setup and Debug JavaScriptCore / WebKit

by /u/LiveOverflow

submitted by /u/LiveOverflow to r/LiveOverflow
[link] [comments]

22 May 19:35

I wrote a blog on return-to-libc attacks

by /u/0x10F8

submitted by /u/0x10F8 to r/netsecstudents
[link] [comments]

21 May 21:04

Electro music website

by /u/bonobolol

I remember a liveoverflow video where he mentions a cyberpunk looking website with like albums of electro music. Anyone can help me find that? It was amazing.

PS: Sorry for my sloppy description that's pretty much all I remember

submitted by /u/bonobolol to r/LiveOverflow
[link] [comments]

21 May 15:34

Sojobo - Yet another binary analysis framework

by /u/owen800q

submitted by /u/owen800q to r/ReverseEngineering
[link] [comments]

21 May 14:25

Your company is socially engineering you to increase your loyalty and maximize your output

by /u/lux_7

submitted by /u/lux_7 to r/SocialEngineering
[link] [comments]

20 May 16:19

>20,000 Linksys routers leak historic record of every device ever connected

by Dan Goodin

This post has been updated to add comments Linksys made online, which says company researchers couldn't reproduce the information disclosure exploit on routers that installed a patch released in 2014. Representatives of Belkin, the company that acquired Linksys in 2013, didn't respond to the request for comment that Ars sent on Monday. Ars saw the statement only after this article went live.

More than 20,000 Linksys wireless routers are regularly leaking full historic records of every device that has ever connected to them, including devices' unique identifiers, names, and the operating systems they use. The data can be used by snoops or hackers in either targeted or opportunistic attacks.

(credit: Troy Mursch)

Independent researcher Troy Mursch said the leak is the result of a flaw in almost three dozen models of Linksys routers. It took about 25 minutes for the BinaryEdge search engine of Internet-connected devices to find 21,401 vulnerable devices on Friday. A scan earlier in the week found 25,617. They were leaking a total of 756,565 unique MAC addresses. Exploiting the flaw requires only a few lines of code that harvest every MAC address, device name, and operating system that has ever connected to each of them.

Read 9 remaining paragraphs | Comments

20 May 16:18