Search: [cybersecurity] - Liens utiles et à partager

Security 101 for SAAS startups & PME

So which security considerations are relevant at an early stage?

What security concerns were raised by customers willing to pay for your product?
What are the security expectations in your industry (Medical, Finance, Enterprise)?
What are the target market (country) regulations (Data Privacy, Data Residency)? Europeans are known to have tougher regulations. Different US States have different regulations.
Which tools and policies would not hurt your team's morale.
How long would it take you to prepare a security risk plan (see example at the bottom of this document)?

cybersecurity

April 19, 2017 10:06:30 AM GMT+02:00 · permalink

·

https://github.com/forter/security-101-for-saas-startups/blob/english/security.md

Censys

Prog · cybersecurity

December 16, 2015 07:53:23 PM GMT+01:00 · permalink

·

https://censys.io/

AWS Best Practices for DDOS Resiliency - White_Paper_June2015.pdf

Prog · AWS · DDOS · cybersecurity

July 18, 2015 03:17:28 PM GMT+02:00 * · permalink

·

http://d0.awsstatic.com/whitepapers/DDoS_White_Paper_June2015.pdf

x86 Disassembly - Wikibooks, open books for an open world

Prog · Reverse_Engineering_&_file_identification · cybersecurity

April 5, 2015 11:20:20 PM GMT+02:00 · permalink

·

http://en.wikibooks.org/wiki/X86_Disassembly

joelpx/reverse - Reverse engineering for x86 binaries. Generation of pseudo-C.

reverse - Reverse engineering for x86 binaries. Generation of pseudo-C.

Prog · Reverse_Engineering_&_file_identification · cybersecurity

March 16, 2015 07:54:31 PM GMT+01:00 · permalink

·

https://github.com/joelpx/reverse

Password Hashing according to Facebook - Bristol Cryptography Blog: Real World Crypto 2015

Prog · Crypto · cybersecurity

March 13, 2015 09:43:31 PM GMT+01:00 · permalink

·

http://bristolcrypto.blogspot.ch/2015/01/password-hashing-according-to-facebook.html

Social Engineering & 2-factor auth - Anatomy of a Hack

A step-by-step account of an overnight digital heist

Prog · cybersecurity

March 10, 2015 10:50:18 AM GMT+01:00 · permalink

·

http://www.theverge.com/a/anatomy-of-a-hack

wapiflapi/binglide - Visual reverse engineering tool showing some of the current techniques

binglide - Visual reverse engineering tool showing some of the current techniques.

Prog · Reverse_Engineering_&_file_identification · cybersecurity

March 8, 2015 12:11:36 PM GMT+01:00 · permalink

·

https://github.com/wapiflapi/binglide

Frida, la nouvelle amie des reversers et hackers - virtualabs.fr

Prog · Reverse_Engineering_&_file_identification · cybersecurity

March 8, 2015 10:36:19 AM GMT+01:00 · permalink

·

http://www.virtualabs.fr/Frida-la-nouvelle-amie-des

Cloud & Enterprise Security Automation and (Sec)DevOps

Prog · cybersecurity

February 25, 2015 05:22:11 PM GMT+01:00 · permalink

·

http://www.rationalsurvivability.com/presentations/DuelingBanjos.pdf

Outils de hack et de sécurisation des réseaux : Dsniff, Dnsspoof, Filesnarf, macof, Mailsnarf, Msgsnarf, Sshmitm, Tcpkill, Tcpnice, Webmitm, Urlsnarf, Webspy, Arpspoof - sabcat.tk

Prog · cybersecurity

January 14, 2015 01:22:36 PM GMT+01:00 · permalink

·

http://sabcat.tk/Dsniff.html

Linux Exploit Suggester by PenturaLabs

Prog · cybersecurity

January 5, 2015 10:40:05 PM GMT+01:00 · permalink

·

https://penturalabs.github.io/Linux_Exploit_Suggester/

Why are free proxies free? because it's an easy way to infect thousands of users and collect their data

Prog · cybersecurity

January 5, 2015 10:38:10 PM GMT+01:00 · permalink

·

https://blog.haschek.at/post/fd9bc

sophron/wifiphisher - Fast automated phishing attacks against WPA networks

wifiphisher - Fast automated phishing attacks against WPA networks

Prog · cybersecurity

January 5, 2015 10:35:12 PM GMT+01:00 · permalink

·

https://github.com/sophron/wifiphisher

Rekall Memory Forensic Framework

Prog · Reverse_Engineering_&_file_identification · cybersecurity

December 29, 2014 02:32:05 PM GMT+01:00 * · permalink

·

http://www.rekall-forensic.com/documentation-1/rekall-documentation/rekall-at-a-glance

"Reverse Engineering for Beginners" free book

Prog · Reverse_Engineering_&_file_identification · cybersecurity

December 29, 2014 02:09:14 PM GMT+01:00 · permalink

·

http://beginners.re/

Replicating PHPSESSID and srctoken session authentication with mitmproxy

A month ago, I wanted to automate queries to a website that is using the PHPSESSID cookie to keep track of sessions. I struggled a lot and couldn't find any documentation covering the behaviour I was observing. But yesterday I finally found a solution !

Meme image: a guy is going down some stairs swaying happily

In hope it could help others …

lang:en · python · proxy · php · session · mitmproxy · srctoken · phpsessid · network · FromPelican · Networking_And_Servers · cybersecurity · hack

December 11, 2014 09:12:00 AM GMT+01:00 * · permalink

·

https://chezsoi.org/lucas/blog/replicating-phpsessid-and-srctoken-session-authentication-with-mitmproxy.html

Reset the Net

Prog · PrivacyRespectfulTools_and_tracking · cybersecurity

December 10, 2014 06:09:14 PM GMT+01:00 · permalink

·

http://www.resetthenet.org/

Python 3 non consistent set & dict iteration gotcha

Consider the following Python expression:

print("".join(set("ABCDE")))

What do you think it produces ?

Not necessarily "ABCDE". Right, but you would expect the result to be consistent, isn't it ?

$ for i in {1..3}; do python2.7 -c 'print("".join(set("ABCDE")))'; done
ACBED
ACBED
ACBED

Great !

...

But with …

lang:en · python · dict · perl · hash · iteration · gotcha · backward-compatibility · set · ministat · csvstat · FromPelican · cybersecurity

December 8, 2014 07:12:00 PM GMT+01:00 · permalink

·

https://chezsoi.org/lucas/blog/python-3-non-consistent-set-dict-iteration-gotcha.html

cea-sec/miasm - Reverse engineering framework in Python

miasm - Reverse engineering framework in Python

Prog · Reverse_Engineering_&_file_identification · cybersecurity

December 6, 2014 11:46:13 AM GMT+01:00 · permalink

·

https://github.com/cea-sec/miasm