POPULARITY
A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.
In today's podcast by Whats New On The Net: In a reversal, WhatApp has said that it won't restrict any functionality even if you haven't accepted the app's updated privacy policy yet. Also, you may have heard of using a VPN but did you know domain fronting is even better? --- Send in a voice message: https://anchor.fm/whatsnewonthenet/message
Neste episódio, analisamos uma técnica apresentada na DEFCON28 que explora os aprimoramentos de segurança e privacidade trazidos pelo TLS1.3 com ENSI para reviver a técnica de Domain Fronting. Fizemos um lab da ferramenta disponibilizada pelo pesquisador para demonstração da técnica e seu potencial de uso para mascaramento de endereços maliciosos, trazendo novos desafios de defesa. O MorphusCast também está disponível nas plataformas: - YouTube: https://youtu.be/2oYCuguM6Qw - Apple Podcasts: https://podcasts.apple.com/br/podcast/morphuscast-10-novos-desafios-defesa-com-o-retorno/id1367241273?i=1000487944426 - Google Podcasts: https://podcasts.google.com/feed/aHR0cDovL2ZlZWRzLnNvdW5kY2xvdWQuY29tL3VzZXJzL3NvdW5kY2xvdWQ6dXNlcnM6MjY3Mjg3NTExL3NvdW5kcy5yc3M/episode/dGFnOnNvdW5kY2xvdWQsMjAxMDp0cmFja3MvODc0NjM0Mzk1?sa=X&ved=2ahUKEwihx-251JbrAhUfajABHbGgDu4QkfYCegQIARAF ------------ Links de referência: https://www.defcon.org/html/defcon-safemode/dc-safemode-speakers.html#Hunstad https://www.youtube.com/watch?v=TDg092qe50g&feature=youtu.be&t=1417 https://github.com/SixGenInc/Noctilucent https://www.zdnet.com/article/china-is-now-blocking-all-encryptedhttps-traffic-using-tls-1-3-and-esni/ -------- ACOMPANHE OS NOSSOS CANAIS: https://www.linkedin.com/company/morphusecurity https://www.instagram.com/morphusecurity https://www.facebook.com/morphustecnologia NOSSOS CONTEÚDOS: Morphus Labs: https://morphuslabs.com/ Morphus Blog: https://www.medium.com/morphusblog -------- INFORMAÇÕES: https://www.morphus.com.br
Google and Amazon recently shutdown Domain Fronting. Their abrupt change has created a building backlash. We’ll explain what Domain Fronting is, how activists can use it to avoid censorship, and why large organizations are compelled to disable it. Plus how road navigation systems can be spoofed with $223 in hardware, and another bad Bluetooth bug.
We’ll explain what Domain Fronting is, how activists can use it to avoid censorship, and why large organizations are compelled to disable it.
We’ll explain what Domain Fronting is, how activists can use it to avoid censorship, and why large organizations are compelled to disable it.
We’ll explain what Domain Fronting is, how activists can use it to avoid censorship, and why large organizations are compelled to disable it.
In today's podcast we hear that they're hoping in Australia that backup tapes made it to the shredder, and didn't fall off the truck. Equifax's board of directors gets reelected. Are China's espionage services preparing the battlespace for a supply chain attack. New Spectre-like vulnerabilities are found in Intel chips. Google and Amazon clamp down on domain fronting, and anti-censorship advocates are unhappy. Here Kitty…we have Monero for you. And a change of command at NSA and US Cyber Command. Johannes Ullrich from SANS and the Internet Stormcast podcast, reviewing the history of hardware flaws. Guest is Philip Tully from ZeroFox with a recap of a talk he gave at RSA on AI.
Domain fronting is a technique used to mask command and control (C2) traffic. It is possible for C2 channels to be proxied through CDN's like Cloudfront to make it appear like normal Internet traffic. It is very difficult to detect and block for defenders as it appears as if clients on a network are connecting to valid CDN domains. But, in reality it is transporting a command and control channel. In this episode of Tradecraft Security Weekly Beau Bullock (@dafthack) is joined by Ralph May (@ralphte1) to talk about what domain fronting is and how to set it up using Cloudfront and PowerShell Empire. Full Show Notes: https://wiki.securityweekly.com/TS_Episode18 LINKS: https://blog.cobaltstrike.com/2017/02/06/high-reputation-redirectors-and-domain-fronting/ https://signal.org/blog/doodles-stickers-censorship/ https://www.securityartwork.es/2017/01/24/camouflage-at-encryption-layer-domain-fronting/ https://trac.torproject.org/projects/tor/wiki/doc/meek http://bryceboe.com/2012/03/12/bypassing-gogos-inflight-internet-authentication/
Domain fronting is a technique used to mask command and control (C2) traffic. It is possible for C2 channels to be proxied through CDN's like Cloudfront to make it appear like normal Internet traffic. It is very difficult to detect and block for defenders as it appears as if clients on a network are connecting to valid CDN domains. But, in reality it is transporting a command and control channel. In this episode of Tradecraft Security Weekly Beau Bullock (@dafthack) is joined by Ralph May (@ralphte1) to talk about what domain fronting is and how to set it up using Cloudfront and PowerShell Empire. LINKS: https://blog.cobaltstrike.com/2017/02/06/high-reputation-redirectors-and-domain-fronting/ https://signal.org/blog/doodles-stickers-censorship/ https://www.securityartwork.es/2017/01/24/camouflage-at-encryption-layer-domain-fronting/ https://trac.torproject.org/projects/tor/wiki/doc/meek http://bryceboe.com/2012/03/12/bypassing-gogos-inflight-internet-authentication/ Full Show Notes: https://wiki.securityweekly.com/TS_Episode18
http://ironsysadmin.com/wp-content/uploads/2017/02/IronSysadmin-EP9.mp3 Welcome Episode 9 News https://bugs.chromium.org/p/project-zero/issues/detail?id=1139 http://fortune.com/2017/02/21/google-site-search-discontinued/ (sorry for the obnoxious auto-play) Cellebrite can now unlock iPhone 6 and 6+, also extract data from array of popular apps https://www.bloomberg.com/news/articles/2017-02-23/social-media-is-driving-americans-insane Announcements http://www.patreon.com/ironsysadmin Plans for ironsysadmin.com LVHackers Round 2: Security Bugaloo Wednesday, Mar 1, 2017, 6:00 PM Two Rivers Brewing 542 Northampton St Easton, PA 17 Hackers Went Holy crap, it’s less than a week away. Guess I should tell y’all why it’s going to be an amazing night.6-7pmDinner, Drinks, MARIO KART.7pmBen Heise – Domain Fronting: Redirect Like A Boss.https://twitter.com/benheiseFor more information on Domain Fronting:https://blog.cobaltstrike.com/2017/02/06/high-reputation-redirectors-and-domain-frontin… Check out this Meetup → Chat http://www.liverpoolecho.co.uk/news/liverpool-news/signs-your-child-computer-hacker-12626527 rpgKids Main topic Basic Linux Security build environment updates local firewall disable root ssh logins Is sudo a blessing, a risk, or a curse? Totally a facebook post. Intro and Outro music credit: Tri Tachyon, Digital MK 2 http://freemusicarchive.org/music/Tri-Tachyon/