Content curation / Veille informationnelle


Le blog de MISC 100% sécurité informatique

  • À nouveau disponible en kiosque : notre hors-série spécial Windows & Active Directory !
    par Aline Hof le 29 janvier 2020 à 10 h 30 min

    Si vous l’avez manqué chez votre marchand de journaux, sachez que ce hors-série consacré à Windows & Active Directory est de retour en kiosque ! Au menu : une initiation aux techniques de sécurisation de votre Active Directory, une meilleure compréhension des attaques contre les mécanismes d’authentification de Windows, un tour d’horizon des problèmes liés aux relations

  • Complétez votre collection 2019 !
    par Aline Hof le 27 décembre 2019 à 8 h 00 min

    Retrouvez toutes nos publications pour l’année 2019 dans nos packs annuels Flipbook à un tarif avantageux. Ces packs annuels numériques incluent, au choix, les numéros standards uniquement ou ces derniers accompagnés de leurs hors-séries. Rendez-vous sans plus tarder sur https://boutique.ed-diamond.com/15-promos pour les découvrir !

  • L’édito de MISC n°107 !
    par Aline Hof le 23 décembre 2019 à 8 h 00 min

    L’actualité de la SSI a été riche ces dernières semaines avec une nouvelle vague de rançongiciels ayant touché plusieurs structures et tout particulièrement le CHU de Rouen [1]. Cette attaque a été très médiatisée du fait de l’impact particulièrement tangible et compréhensible même pour la partie de la population la plus hermétique aux enjeux du


    Feed has no items.

Hacking Articles Raj Chandel's Blog

  • Evil SSDP: Spoofing the SSDP and UPnP Devices
    par Raj Chandel le 17 février 2020 à 16 h 14 min

    TL; DR Spoof SSDP replies and creates fake UPnP devices to phish for credentials and NetNTLM challenge/response. Disclaimer Table of Content Introduction What is SSDP? What are UPnP devices? Installation Spoofing Scanner SSDP Template Configuration Manipulating User Grabbing the Credentials Spoofing Office365 SSDP Template Configuration Manipulating User Grabbing the Credentials Spoofing Password Vault SSDP Template... Continue reading → The post Evil SSDP: Spoofing the SSDP and UPnP Devices appeared first on Hacking Articles.

  • Hack the Box: Writeup Walkthrough
    par Raj Chandel le 17 février 2020 à 6 h 06 min

    Today, we’re sharing another Hack Challenge Walkthrough box: Writeup and the machine is part of the retired lab, so you can connect to the machine using your HTB VPN and then start to solve the CTF. The level of the Lab is set : Beginner to intermediate. Task: Capture the user.txt and root.txt flags. Pentesting... Continue reading → The post Hack the Box: Writeup Walkthrough appeared first on Hacking Articles.

  • Steal Windows Password using FakeLogonScreen
    par Raj Chandel le 13 février 2020 à 13 h 06 min

    In this article, we are going to focus on a tool that caught my attention. This is a tool that creates a fake Windows Logon Screen and then forces the user to enter the correct credentials and then relay the credentials to the attacker. It can work in different scenarios. This tool was developed by... Continue reading → The post Steal Windows Password using FakeLogonScreen appeared first on Hacking Articles.

RSS - Actualité CNIL.fr Fil RSS des actualités de la Commission Nationale de L'Informatique et des Libertés (CNIL)


Internet Society Working for an Internet that is open, globally connected, and secure.

  • The Week in Internet News: CIA Had Encryption Backdoor for Decades
    par Grant Gross le 17 février 2020 à 14 h 07 min

    We’re watching you: The U.S. CIA secretly had an ownership stake in Swiss encryption company Crypto AG for decades and was able to read encrypted messages sent using the company’s technology, the Washington Post reports. West German intelligence agencies worked with the CIA. Forbes columnist Jody Westby called for a congressional investigation. We’re watching you, The post The Week in Internet News: CIA Had Encryption Backdoor for Decades appeared first on Internet Society.

  • Member News: Internet Society Chapters Focus on Security
    par Grant Gross le 14 février 2020 à 17 h 57 min

    Security on your mind: The Internet Society’s Chapter in Benin recently hosted a conference focused on online security and on connectivity issues. Much of the discussion focused on instability of connections in the country, with participants concerned about degraded connections. Participants also talked about limited coverage for mobile services. On the topic of security, speakers The post Member News: Internet Society Chapters Focus on Security appeared first on Internet Society.

  • Let’s Improve Routing Security at APRICOT 2020
    par Aftab Siddiqui le 13 février 2020 à 15 h 23 min

    Internet builders in Asia-Pacific get together around this time every year at APRICOT to learn from each other and other leaders from around the world. Routing security will be a key theme, and we will be sharing in multiple sessions why the MANRS initiative is important to the global routing system. Also called the Asia-Pacific The post Let’s Improve Routing Security at APRICOT 2020 appeared first on Internet Society.


Security.NL maakt Nederland veilig Security.NL maakt Nederland veilig


Naked Security Computer Security News, Advice and Research


Security Weekly Security Market Validation

  • Hacking is… (A definition of Hacking From a Hacker’s Perspective)
    par Paul Asadoorian le 2 janvier 2020 à 19 h 10 min

    “Hacking is satisfying one’s curiosity. Hacking is finding a way to accomplish a goal, never accepting no for an answer, and being more persistent and patient than anyone else. Hacking is pushing technology to its limits and making technology more resilient through testing, tinkering, and exploration. Hacking is a mindset, a culture, a spirit, and The post Hacking is… (A definition of Hacking From a Hacker’s Perspective) appeared first on Security Weekly.

  • Security Market Validation for the Buyer and Seller
    par Matt Alderman le 2 janvier 2020 à 13 h 00 min

    While everyone else talks about 2020 predictions and New Year’s resolutions, let’s start the year with some practical and useful information… The post Security Market Validation for the Buyer and Seller appeared first on Security Weekly.

  • How Mature is Your Security Automation? See the Survey Results and How You Compare.
    par Matt Alderman le 15 novembre 2019 à 22 h 42 min

    We hear a lot about security orchestration, automation, and response.  It will help us with our security skills gap.  It will improve our operational efficiency, thus reducing mean time to detect and respond to incidents.  It will give us more time for threat hunting.  But how much is really being automated? In sponsorship with ServiceNow, The post How Mature is Your Security Automation? See the Survey Results and How You Compare. appeared first on Security Weekly.


Liquidmatrix Security Digest Bringing Fire To The Village: Your Source For Computer, Network & Information Security News

  • Exploring Legacy Unix Security Issues
    par Larry Cashdollar le 11 décembre 2019 à 15 h 51 min

    Sometimes after looking at web application security, IoT botnets, and various malware I long for the pre-2000 hacking days. Where, instead of looking for XSS or SQL injection vulnerabilities, you would be hunting for server-side vulnerabilities. This summer, I was gifted an SGI Indy R5000. I’d mentioned on Twitter a while back that I’d love The post Exploring Legacy Unix Security Issues appeared first on Liquidmatrix Security Digest.

  • We Don’t Take Vendor Pitches
    par Dave Lewis le 14 juillet 2019 à 5 h 51 min

    This site has been online for more than a couple decades now. I removed all advertising from the site a couple years ago to maintain as impartial of an approach as I can. The post We Don’t Take Vendor Pitches appeared first on Liquidmatrix Security Digest.

  • War Stories: Just Shut Off Telnet
    par Dave Lewis le 14 juillet 2019 à 5 h 26 min

    Years ago I was working on a project that had a rather interesting premise. It was a way to send a file between two parties that was stamped as verified by a third party intermediary. Pretty basic stuff but, in the 90s it was rather neat. One of the things that I discovered was that The post War Stories: Just Shut Off Telnet appeared first on Liquidmatrix Security Digest.


  • Blind ROP ARM - ECSC Préquals 2019 - Secure Vault - Writeup
    par Geluchat le 22 mai 2019 à 16 h 00 min

    Dans le cadre des préqualifications de l'ECSC, j'ai eu l'occasion de tester un challenge original dans la catégorie pwn : le challenge Secure Vault. La mention "aucun binaire n'est fourni avec ce challenge" nous indique que le challenge va être intéressant ! Pour commencer, on se connecte au challenge : root@Miaou:/# nc …

  • Exploitation d'un programme 64 bits sous Windows 10
    par Geluchat le 15 mai 2018 à 12 h 30 min

    Introduction Lorsque l'on débute dans le domaine de l'exploitation de binaire, notre choix se tourne le plus souvent vers Linux. En effet, beaucoup de challenges ont été développés sous Linux et la documentation sur l'exploitation Linux ne manque pas. Néanmoins, créer des exploits pour Linux n'a pas le même impact …

  • Les Server Side Request Forgery : Comment contourner un pare-feu
    par Geluchat le 15 septembre 2017 à 22 h 40 min

    Qu'est ce que les Server Side Request Forgery ? Les Server Side Request Forgery, ou en abrégé SSRF, sont des vulnérabilités Web permettant de lire des fichiers sur le serveur local. Il ne faut pas les confondre avec les CSRF (Cross Site Request Forgery), qui, elles, ont pour but l'exécution d'une …


IT Security Guru The Site for our Community

  • Second Likud Party app voter data leak
    par SophieDowdell le 17 février 2020 à 10 h 25 min

    A second and more serious data breach has been uncovered in the Elector firm’s election software that Likud has been using in its Knesset campaign, as reported by the Calcalist business daily on Sunday. Both hacking incidents, which occurred within a week of one another, involved the leak of the entire registry of Israeli voters The post Second Likud Party app voter data leak appeared first on IT Security Guru.

  • 144K Canadians’ personal information breached by federal entities
    par SophieDowdell le 17 février 2020 à 10 h 24 min

    A handful of Canadian government departments and agencies have reportedly compromised the personal information of 144,000 individuals across 7,992 breaches experienced over the past two years. As reported by the Canadian Broadcasting Corporation (CBC), the Canadian government revealed the information in an answer to an order paper question filed by Conservative MP Dean Allison late The post 144K Canadians’ personal information breached by federal entities appeared first on IT Security Guru.

  • Olympics and FC Barcelona Twitter accounts hacked
    par SophieDowdell le 17 février 2020 à 10 h 21 min

    The official Twitter accounts for the Olympics and FC Barcelona were hacked Saturday by the same group responsible for years of other prominent Twitter account hacks. A Twitter spokesperson confirmed to Business Insider that both the Olympics and FC Barcelona accounts were hacked by a group called OurMine and through a “third-party platform.” Source: Business The post Olympics and FC Barcelona Twitter accounts hacked appeared first on IT Security Guru.


    Feed has no items.

    Feed has no items.

CERT-FR Centre gouvernemental de veille, d'alerte et de réponse aux attaques informatiques