Content curation / Veille informationnelle


Le blog de MISC 100% sécurité informatique

  • OpenID Connect : présentation du protocole et étude de l’attaque Broken End-User Authentication
    par redaction le 28 mars 2019 à 8 h 30 min

      L’emploi quotidien de nombreux services sur le Web rend l’utilisation de méthodes d’authentification unifiées très utile. La fédération d’identité avec OpenID Connect est une manière de mettre en œuvre cette authentification unique. Cependant, ce jeu à trois acteurs (utilisateur, fournisseur d’identité, fournisseur de service) ne fonctionne que si tout le monde a la même […]

  • Émulation du bootloader de NotPetya avec Miasm
    par redaction le 21 mars 2019 à 8 h 30 min

      NotPetya est un célèbre malware issu de la famille Petya, apparu en juin 2017. La partie s’exécutant depuis le MBR a souvent été étudiée en statique ou en dynamique grâce au débogueur Bochs pour IDA. Une autre approche d’analyse est-elle possible ? Nous proposons ici d’émuler pas à pas le bootloader de NotPetya en […]

  • Web authentification / Password reset : REX de Bug Bounty
    par redaction le 14 mars 2019 à 8 h 30 min

      Présentation de faiblesses communément observées lors de recherches de vulnérabilités dans le cadre de Bug Bounty publics et privés, à l’encontre des modules web d’authentification et de réinitialisation de mot de passe. Au sommaire de l’article 1 Authentification web et faiblesses communes 1.1 Énumération passive / OSINT 1.2 Énumération active/incrémentale ou déductible 1.3 Gestion […]


    Feed has no items.

    Hacking Articles Raj Chandel's Blog

    • SP eric: Vulnhub Lab Walkthrough
      par Raj Chandel le 17 avril 2019 à 15 h 06 min

      Hello friends! Today we are going to take another CTF challenge known as “SP eric”. The credit for making this VM machine goes to “Daniel Solstad”. Our goal is to get 2 flags to complete the challenge. They are located at: /root/flag.txt /home/eric/flag.txt You can download this VM here. Security Level: Beginner Penetrating Methodology: Network... Continue reading → The post SP eric: Vulnhub Lab Walkthrough appeared first on Hacking Articles. […]

    • Command & Control: Ares
      par Raj Chandel le 16 avril 2019 à 6 h 13 min

      In this article, we will learn how to use Ares tool. This tool performs the Command and Control over the Web Interface. This tool can be found on GitHub. Table of Content: Introduction Installation Exploiting Target Command Execution Capturing Screenshot File Download Compressing Files Persistence Agent Clean Up Introduction                                                                                                                                                  Ares is a Python Remote Access... Continue reading → The post Command & Control: Ares appeared first on Hacking Articles. […]

    • Command & Control: WebDav C2
      par Raj Chandel le 14 avril 2019 à 7 h 55 min

      In this article, we will learn how to use WebDav C2 tool. Table of Content: Introduction Installation Exploiting Target Command Execution Introduction                                                                                                                                                  WebDavC2 uses the WebDAV protocol with PROPFIND only requests to serve as a C2 communication channel between an agent, running on the target system, and a controller acting as the actual C2 server.... Continue reading → The post Command & Control: WebDav C2 appeared first on Hacking Articles. […]


    RSS - Actualité CNIL.fr Fil RSS des actualités de la Commission Nationale de L'Informatique et des Libertés (CNIL)

    • Quelle stratégie de contrôle pour 2019 ?
      par CNIL le 18 avril 2019 à 22 h 00 min

      En 2019, la CNIL concentrera son action de contrôle sur trois grandes thématiques, directement issues de l’entrée en application du RGPD : le respect des droits, le traitement des données des mineurs et la répartition des responsabilités entre responsable de traitements et sous-traitants.&nbs […]

    • Comment gérer vos données ?
      par CNIL le 15 avril 2019 à 22 h 00 min

      Cette page vous propose une série de ressources utiles à la définition et à la mise en œuvre de votre projet. Vous apprendrez à gérer vos données en conformité avec le RGPD, et notamment comment définir les données à collecter et comment cartographier les traitements de données que vous mettez en œuvre pour vos activités. […]

    • Comment intégrer le RGPD à votre startup ?
      par CNIL le 15 avril 2019 à 22 h 00 min

      Les startups, comme tout organisme, sont soumises au RGPD dès lors qu’elles traitent des données personnelles. Cette page vous permettra de comprendre les grands principes du RGPD, et de savoir comment adapter votre organisation et vos contrats. […]


    Internet Society Working for an Internet that is open, globally connected, and secure.

    • A World Without the IGF
      par Raquel Gatto le 19 avril 2019 à 13 h 39 min

      Last week in Geneva, the Internet Governance Forum (IGF) Multistakeholder Advisory Group (MAG) met to discuss preparations for IGF Berlin. The Internet Society is concerned that the IGF community is showing signs of fatigue and believes that certain things must be improved in order for it to survive in an increasingly crowded Internet policy arena. […] The post A World Without the IGF appeared first on Internet Society. […]

    • 2019 Internet Society Board of Trustees Final Election Results & IETF Appointment
      par Walid Al-Saqaf le 18 avril 2019 à 16 h 03 min

      The Internet Society Elections Committee is pleased to announce the final results of the 2019 elections for the Internet Society Board of Trustees. The voting concluded on 8 April. The challenge period (for appeals) was opened on 9 April and closed on 17 April. There were no challenges filed. Therefore the election results stand: Olga […] The post 2019 Internet Society Board of Trustees Final Election Results & IETF Appointment appeared first on Internet Society. […]

    • Applications Open: Training for New Chapter Leaders in Latin America and the Caribbean
      par Nancy Quiros le 17 avril 2019 à 15 h 59 min

      For us at the Internet Society, the role that people play in our community is vital to carrying our message in favor of an open and trusted Internet for all. We rely on the contributions, knowledge, and experience of our members. For this reason, the Chapters of the Latin American and Caribbean region have come […] The post Applications Open: Training for New Chapter Leaders in Latin America and the Caribbean appeared first on Internet Society. […]


    Security.NL maakt Nederland veilig Security.NL maakt Nederland veilig


    Naked Security Computer Security News, Advice and Research


    Security Weekly Security Market Validation

    • Insider Threat Management – Detect and Respond to Data Exfiltration
      par Matt Alderman le 18 avril 2019 à 19 h 05 min

      As the perimeter shifts to the user and application, traditional network-based data loss prevention solutions are no longer effective. There is no longer a central network egress point to control the flow of data, as users, and the applications they access, are now distributed across the Internet. We need to rethink how we detect and […] The post Insider Threat Management – Detect and Respond to Data Exfiltration appeared first on Security Weekly. […]

    • SOC Intel: Wire, Logs, & Endpoint – Enterprise Security Weekly #133
      par Security Weekly Productions le 18 avril 2019 à 12 h 28 min

          Matt Cauthorn is the VP of Cyber Security Engineering at ExtraHop. Matt Cauthorn leads a team of technical security engineers who work directly with customers and prospects. Matt uses his expertise with ExtraHop to explain The Three Horsemen of SOC Intel: Wire, Logs, Endpoint! To get involved with ExtraHop, vist: https://securityweekly.com/extrahopFull Show Notes […] The post SOC Intel: Wire, Logs, & Endpoint – Enterprise Security Weekly #133 appeared first on Security Weekly. […]

    • Patrick Tierney, Endgame – Enterprise Security Weekly #133
      par Security Weekly Productions le 17 avril 2019 à 20 h 18 min

          We interview Patrick Tierney, the Sales Engineer at Endgame. To get involved with Endgame, visit: https://securityweekly.com/endgameFull Show Notes Visit https://securityweekly.com/esw for all the latest episodes! Hosts The post Patrick Tierney, Endgame – Enterprise Security Weekly #133 appeared first on Security Weekly. […]


    Liquidmatrix Security Digest Bringing Fire To The Village: Your Source For Computer, Network & Information Security News

    • Having The Security Rug Pulled Out From Under You
      par Larry Cashdollar le 18 octobre 2018 à 19 h 24 min

      Apache .htaccess changes led to arbitrary file upload vulnerabilities in jQuery project I attended the Messaging, Malware and Mobile Anti-Abuse Working Group (m3aawg.org) meeting in Brooklyn, NY.   I expected better weather to wander around the city while enjoying the conference and the neighborhood’s wide selection of food. I had been so confident of clear skies […] The post Having The Security Rug Pulled Out From Under You appeared first on Liquidmatrix Security Digest. […]

    • Long Term Security Attitudes and Practices Study
      par Ben Sapiro le 29 septembre 2018 à 23 h 27 min

      What makes security practitioners tick? That’s a simple question with a lot of drivers underneath it. We want to find out; please help us by signing up for our study. The Ask We’re launching a long term study of security practitioners to understand how they approach security, please sign up for our Long Term Security Attitudes […] The post Long Term Security Attitudes and Practices Study appeared first on Liquidmatrix Security Digest. […]

    • Fortnite: When Dollars and Cents Trumps Security!
      par Thomas Fischer le 16 août 2018 à 14 h 47 min

      When Epic Games recently announced and subsequently released Fortnite for Android, it took the decision to bypass the Play Store and ask users to side-load the app. After I read that Epic Games’ brilliant idea was to ask Android users to essentially downgrade the security on their devices, there was a lot of head-on-desk action. […] The post Fortnite: When Dollars and Cents Trumps Security! appeared first on Liquidmatrix Security Digest. […]


    IT Security Guru The Site for our Community

    • The Ping Is The Thing: Popular HTML5 Feature Used To Trick Chinese Mobile Users Into Joining Latest DDoS Attack.
      par The Gurus le 18 avril 2019 à 18 h 08 min

      By Vitaly Simonovich and Dima Bekerman DDoS attacks have always been a major threat to network infrastructure and web applications. Attackers are always creating new ways to exploit legitimate services for malicious purposes, forcing us to constantly research DDoS attacks in our CDN to build advanced mitigations. We recently investigated a DDoS attack which was […] The post The Ping Is The Thing: Popular HTML5 Feature Used To Trick Chinese Mobile Users Into Joining Latest DDoS Attack. appeared first on IT Security Guru. […]

    • Ecuador fights off 40 million DDoS attacks after Assange arrest.
      par The Gurus le 18 avril 2019 à 12 h 36 min

      The Ecuadorean government says that it has been targeted with 40 million cyber attacks in the few days since WikiLeaks founder Julian Assange was removed from the country’s London embassy. Source: Engineering & Technology The post Ecuador fights off 40 million DDoS attacks after Assange arrest. appeared first on IT Security Guru. […]

    • Malware installed on PoS systems Compromised credit card data.
      par The Gurus le 18 avril 2019 à 12 h 36 min

      A Point-of-Sale (PoS) data breach exposed more than 2 million debit and credit cards that belongs to the diners at Earl Enterprises. Earl Enterprises is a restaurant company owning national chains such as Earl of Sandwich, Buca di Beppo, and Planet Hollywood. Although the chain restaurant operator have not disclosed themselves how many customers got […] The post Malware installed on PoS systems Compromised credit card data. appeared first on IT Security Guru. […]