it_sicherheit   25

| bohops | – A blog about red teaming, penetration testing, and security research
Greetings! Thank you for visiting this security blog. Topics will focus on offensive security (red teaming, pen testing, vulnerability analysis, etc.), defense, community, and trends.

I will do my best to keep this blog up-to-date and will send out notifications through social media when a new topic is posted.
blog  it_sicherheit 
6 weeks ago by grenzreiter
Mind Maps
Information Security related Mind Maps
hacking  it_sicherheit 
12 weeks ago by grenzreiter
Mind Maps
A collection of awesome mind maps on infosec topics
mindmap  infosec  security  hacking  exploits  pentest  Archive  ctf  cybersecurity  it_sicherheit  from twitter_favs
12 weeks ago by gyaresu
PGP und S/MIME: So funktioniert Efail | heise Security
Die Angriffe auf verschlüsselte E-Mails mit S/MIME und OpenPGP lassen sich eigentlich ganz einfach erklären. Wenn man sie einmal verstanden hat, weiß man auch, warum das mit dem Fixen nicht ganz so einfach ist.
verschlüsselung  it_sicherheit  mail 
12 weeks ago by grenzreiter
Set up your own malware analysis lab with VirtualBox, INetSim and Burp - Christophe Tafani-Dereeper
In this post we will set up a virtual lab for malware analysis. We’ll create an isolated virtual network separated from the host OS and from the Internet, in which we’ll setup two victim virtual machines (Ubuntu and Windows 7) as well as an analysis server to mimic common Internet services like HTTP or DNS. Then, we’ll be able to log and analyze the network communications of any Linux or Windows malware, which will unknowingly connect to our server instead of the Internet. We demonstrate the setup with a real life use case where we analyze the traffic of the infamous TeslaCrypt ransomware, a now defunct ransomware which infected a large number of systems from 2015 to mid-2016.
virtual_machine  it_sicherheit  hacking  homelab 
12 weeks ago by grenzreiter
How the Twitter and GitHub Password Logging Issues Could Happen · System Overlord
There have recently been a couple of highly-publicized (at least in the security community) issues with two tech giants logging passwords in plaintext. First, GitHub found they were logging plaintext passwords on password reset. Then, Twitter found they were logging all plaintext passwords. Let me begin by saying that I have no insider knowledge of either bug, and I have never worked at either Twitter or GitHub, but I enjoy randomly speculating on the internet, so I thought I would speculate on this. (Especially since the /r/netsec thread on the Twitter article is amazingly full of misconceptions.)
passwort  it_sicherheit 
may 2018 by grenzreiter
Preparing for Penetration Testing with Kali Linux · System Overlord
If you spend any time at all on Reddit or forums for information security students, you’ll find dozens of questions about preparing for the Penetration Testing with Kali Linux (PWK, aka OSCP) class from Offensive Security. Likewise, I’ve been asked by a number of people I know personally about moving into the security realm. I figured I’d put together some notes on how to prepare and the knowledge that I believe is necessary to succeed with the PWK class. Additionally, all of the skills listed here are skills I would expect even the most junior of penetration testers to possess.
linux  it_sicherheit  hacking 
april 2018 by grenzreiter
Breaking the Security Model of Subgraph OS | Micah Lee's Blog
I recently traveled to Amsterdam to attend a meeting with Tor Project staff, volunteers, and other members of the wider Tor community. Before trips like this, I prepare a separate travel computer, only bringing with me data and credentials that I might need during my trip. My primary laptop runs Qubes, but this time I decided to install Subgraph OS on my travel laptop. I had only briefly messed with it before, and there’s no better way to learn about a new operating system than by forcing yourself to actually use it for a few days.
linux  it_sicherheit  subgrapgh_os 
april 2018 by grenzreiter
So, you want to work in security?
Every once in a while, I’ll get an email from an eager stranger asking for advice on how to have a career in security (computer, information, cyber… whatever). This is great! We need more passionate, creative, hard-working people that want to work on making technology safer to use. It also turns out to be a pretty financially stable way to make a living.
it_sicherheit  karriere 
april 2018 by grenzreiter
So you want to be a security engineer? – Niru Ragupathy – Medium
Security engineering is different from traditional computer engineering: it requires a different mindset and viewpoint. I can spend hours going into the nuances of why and how, but instead I will point you to this eloquent essay by Parisa Tabriz. I strongly recommend reading it before continuing with the rest of this article. If you are not one for long essays then check out TL;DR by Michal Zalewski (@lcamtuf)
it_sicherheit  karriere 
march 2018 by grenzreiter
Hacker OPSEC with The Grugq
The Grugq is a world renowned information security researcher with 15 years of industry experience. Grugq started his career at a Fortune 100 company, before transitioning to @stake, where he was forced to resign for publishing a Phrack article on anti-forensics. Since then the Grugq has presented on anti-forensics at dozens of international security conferences, as well as talks on numerous other security topics. As an independent information security consultant the Grugq has performed engagements for a wide range of customers, from startups to enterprises and the public sector. He has worked as a professional penetration tester, a developer, and a full time security researcher. The Grugq’s research has always been heavily biased towards counterintelligence aspects of information security. His research has been referenced in books, papers, magazines, and newspapers. Currently an independent researcher, the grugq is actively engaged in exploring the intersection of traditional tradecraft and the hacker skillset, learning the techniques that covert organisations use to operate clandestinely and applying them to the Internet. You can follow him on Twitter @thegrugq.
march 2018 by grenzreiter
A forum for reverse engineering, OS internals and malware analysis
it_sicherheit  forum  hacking 
march 2018 by grenzreiter
Top 5 Free Learning Resources for Cyber-Security Beginners
Today, the obligation of strong cyber-security measures is self-evident. A large number of cyber-attacks are causing escalating damage to companies, governments, and individuals. Yahoo’s disclosure of a massive breach is still making headlines. Organizations need to respond to this increased threat by adopting strict cyber-security measures.
march 2018 by grenzreiter
Android Open Pwn Project (AOPP) | Pwnie Express
At DEFCON 24 we announced the Android Open Pwn Project (AOPP) that released the software for both the Pwn Pad and Pwn Phone into the community.  Not only did we release the software itself, we also open sourced the build system used to create ROMs for new devices.  In short anyone can now build their own Pwn Phone or Pwn Pad from our existing image library, and build new ROMs to support new Android devices.
it_sicherheit  android 
march 2018 by grenzreiter
Subgraph OS
Subgraph OS is a desktop computing and communications platform that is designed to be resistant to network-borne exploit and malware attacks. It is also meant to be familiar and easy to use. Even in alpha, Subgraph OS looks and feels like a modern desktop operating system.

Subgraph OS includes strong system-wide attack mitigations that protect all applications as well as the core operating system, and key applications are run in sandbox environments to reduce the impact of any attacks against applications that are successful.
linux  it_sicherheit 
september 2017 by grenzreiter
Home Lab for researching, learning and testing - Networking / Discussion - 0x00sec - The Home of the Hacker
Hey everyone,
how do you realize you lab used for testing, reversing, playing around, etc? Do you use virtualization or do you have seperate hardware, or do you even simply work on your normal working system?

At the moment I am thinking about building up a small network testing lab using several raspberry pis, two TP-link routers and in future may also some old x86 Linux and Windows SoC. The first use case for this setup would be to learn more about IP-Sec, sniffing, spoofing and general network setup.
homelab  it_sicherheit  hacking 
july 2017 by grenzreiter
How To Build A Password Cracking Rig
Why build a cracking rig? Because it's fun! This article will explain every step in building what I call a "budget" cracking rig. I wanted to save as much money as possible while still maintaining a robust solution that can perform at a small enterprise class level. I never could have imagined the hardest part was getting Nvidia drivers to install properly on Ubuntu, but never fear, every step of the process is included below. With a budget of $5,000 you will find the parts list, assembly, installation, and expected benchmarks if you want to try your hand at building this rig. Or you can go all out and attempt to match the awesome speed of Sagitta's Brutalis.
passwort  it_sicherheit 
may 2017 by grenzreiter
Cracking 12 Character & Above Passwords
What do I mean by cracking 12 characters passwords and above? I'm simply stating that with modern hardware, like the "budget" cracking rig, we can almost exhaustively search the highest probability keyspace for candidate passwords, against fast hashes like MD5, NTLM, SHA1, etc..., in a reasonable amount of time. Normally anything above 8 characters isn’t practical and/or feasible to brute force against standard fast hashing algorithms. When factoring in language and human peculiarities, like the average English word is only 4.79 characters long and people preferring multiple common words when creating 10 characters or longer passwords, you are within cracking distance of these passwords. For a quick reference guide to the various cracking tools and their usage check out Hash Crack on Amazon.
hacking  passwort  it_sicherheit 
january 2017 by grenzreiter

related tags

android  archive  blog  botnetz  bots  ctf  cybersecurity  exploits  forum  hacker  hacking  heartbleed  homelab  infosec  internet  internetsicherheit  karriere  kryptographie  linux  mail  mathematik  mindmap  netzwerktechnik  passwort  pentest  security  subgrapgh_os  tech  verschlüsselung  virtual_machine 

Copy this bookmark: