Sign in or Join FriendFeed
FriendFeed is the easiest way to share online. Learn more »
Re: Troy Hunt: Find crazy stuff in mobile app communications (and get free stuff!) -
"instead of "Not validating the SSL certificate when HTTPS is used (remove Fiddler’s root cert from your device – if stuff still loads, validation almost certainly isn’t happening)" I would personally suggest going one step further and implementing certificate pinning which will effectively stop the MitM completely. Coz the part where we say remove root CA we are basically allowing any trusted cert to be used. which in current age could also mean any govt cert and simmilar. Tip on how to perform cert pinning are described in detail here :" - Anant Shrivastava
Sharing: Snowman - a native code to C/C++ decompiler via /r/ReverseEngineering
Sharing: Vulnerability in Cuckoo Sandbox & Patch via /r/netsec
anantshri on What do you use for Flash? -
"Never go for lesser known browser. We don't know if security releases will ever happen for them. I personally have a chrome if I really want to see flash for other purposes ff / safari without flash works just fine." - Anant Shrivastava
Demasking Google Users With a Timing Attack -
DNS: More than just names (Pentesting with DNS) -
Password Managers: Attacks and Defenses (pdf) -
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection -
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
RT @lanmaster53: This was quite helpful today. Python script to strip all notes out of a pptx slide deck.
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014 -
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014
This is a list of puzzles, challenges, games, CTFs etc -
Matasano Crypto Challenges -
Dual/Multi-boot a rMBP with Windows and Linux -
F5 BIG-IP Unauthenticated rsync access to Remote Root Code Execution -
[PSA] You can install Apple's Boot Camp drivers on Windows to be able to access your HFS+ drives in Windows without paying for software. -
peepdf - PDF Analysis Tool -
bash-it: A community bash framework in the spirit of oh-my-zsh -
Dynamic instrumentation tool for Adobe Flash Player built on Intel Pin -
Introducing Gupt: A Backdoor which uses Wireless network names for command execution -
Chrome Performance on non graphic card machines -
Complete iOS 7 course for Free -
Bad crypto happens to ransomware too: Stealing back DirCrypt's ransom files, because reversing [pdf] -
Intro to BurpSuite V: Extracting Intrusions -
The Matasano Crypto Challenges -
Deanonymizing Facebook Users By CSP Bruteforcing -
List of Android Security Enhancements ordered by Android Version -
Reverse engineer fake Tor browser bundle -
CryptoShark: an open source cross-platform interactive debugger powered by Frida and Capstone -
Exploiting shared memory in Android GUI to obtain private user data without permission -
New Forensics Research Paper: In lieu of swap: Analyzing compressed RAM in Mac OS X and Linux -
Other ways to read this feed:Feed readerFacebook