The /r/netsec Monthly Discussion Thread - December 2017 Security News & Discussion

---

• The /r/netsec Monthly Discussion Thread - December 2017
• Bucket Stream: Finding S3 Buckets by watching certificate transparency logs
• iOS 11 Horror Story: The Rise and Fall of iOS Security
• Domain Fronting with Meterpreter
• Tools Gathered from Recent CTF Travels
• NorthSec 2018 Registration + CFP now open!
• Yet Another Google Caja bypasses hat-trick
• ContextIS Xmas Challenge
• ManageEngine Password Pro - Weak Master Encryption Key Generation
• Hooking via InstrumentationCallback
• Edge & Windows 10 TH2 new safety features / DLL Injection.
• New JPCERT tool - LogonTracer
• LFI to Command Execution: Deutche Telekom Bug Bounty

The /r/netsec Monthly Discussion Thread - December 2017 Posted: 30 Nov 2017 08:35 PM PST Overview Questions regarding netsec and discussion related directly to netsec are welcome here. Rules & Guidelines Always maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary. Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely. If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely. Avoid use of memes. If you have something to say, say it with real words. All discussions and questions should directly relate to netsec. No tech support is to be requested or provided on /r/netsec. As always, the content & discussion guidelines should also be observed on /r/netsec. Feedback Feedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox. submitted by /u/AutoModerator [link] [comments]

Bucket Stream: Finding S3 Buckets by watching certificate transparency logs Posted: 01 Dec 2017 04:49 AM PST submitted by /u/eth0izzle [link] [comments]

iOS 11 Horror Story: The Rise and Fall of iOS Security Posted: 01 Dec 2017 04:58 AM PST submitted by /u/JacksSmirkingRevenge [link] [comments]

Domain Fronting with Meterpreter Posted: 01 Dec 2017 07:36 AM PST submitted by /u/nullminded [link] [comments]

Tools Gathered from Recent CTF Travels Posted: 01 Dec 2017 10:56 AM PST submitted by /u/m3t0lius [link] [comments]

NorthSec 2018 Registration + CFP now open! Posted: 01 Dec 2017 10:53 AM PST submitted by /u/bvanheu [link] [comments]

Yet Another Google Caja bypasses hat-trick Posted: 30 Nov 2017 09:33 PM PST submitted by /u/tunnelshade [link] [comments]

ContextIS Xmas Challenge Posted: 01 Dec 2017 03:38 AM PST submitted by /u/frustratedlurker123 [link] [comments]

ManageEngine Password Pro - Weak Master Encryption Key Generation Posted: 30 Nov 2017 05:27 PM PST submitted by /u/INIT_6 [link] [comments]

Hooking via InstrumentationCallback Posted: 01 Dec 2017 09:57 AM PST submitted by /u/khasaia [link] [comments]

Edge & Windows 10 TH2 new safety features / DLL Injection. Posted: 01 Dec 2017 09:26 AM PST submitted by /u/userpcblog [link] [comments]

New JPCERT tool - LogonTracer Posted: 30 Nov 2017 08:49 AM PST EDIT: doesn't seem like submitting a URL in the title worked, it's here: http://blog.jpcert.or.jp/2017/11/visualise-event-logs-to-identify-compromised-accounts---logontracer-.html Looks interesting, nice to see defenders tackling the problem of 'Defenders think in lists. Attackers think in graphs' https://blogs.technet.microsoft.com/johnla/2015/04/26/defenders-think-in-lists-attackers-think-in-graphs-as-long-as-this-is-true-attackers-win/ submitted by /u/SOCslave0 [link] [comments]

LFI to Command Execution: Deutche Telekom Bug Bounty Posted: 30 Nov 2017 05:13 AM PST submitted by /u/danmaxone [link] [comments]

You are subscribed to email updates from /r/netsec - Information Security News & Discussion. To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States