Manuel D'Orso @cirku17@infosec.exchange
- Keybase
- cirku17
Ⓐ INTJ • Infosec analyst • Metaveillance practitioner • Crypto-anarchism enthusiast • Fellow at Cyber Saiyan
Italy
Joined May 2019
Security Headers da F ad A: Cookie Flags e Cookie Prefix https://youtu.be/3LM3BP7aqY0 via @rev3rsesecurity@twitter.com
RT @PrivacyProject@twitter.com
"We must ban facial recognition in both public and private sectors, before we grow so dependent on it that we accept its inevitable harms as necessary for 'progress,'" write @EvanSelinger@twitter.com and @hartzog@twitter.com https://nyti.ms/2MSM09B
RT @inj3ct0r@twitter.com
#0daytoday #Whatsapp 2.19.216 - Remote Code Execution Exploit #RCE CVE-2019-11932 [remote #exploits #0day #Exploit] http://dlvr.it/RGQp86
Threat Modelling Stories From The Trenches - David Johannson and Andrew Lee-Thorp
Security Vulnerabilities Decomposition: Another Way To Look At Vulnerabilities - Katy Anton
How To Find And Prevent Entire Classes Of Security Vulnerabilities with Variant Analysis
https://www.youtube.com/watch?v=1wbt1xM9jUc
Banca d'Italia - Banca d'Italia - N. 517 - Sviluppo di un sistema di cyber threat intelligence in una banca centrale https://www.bancaditalia.it/pubblicazioni/qef/2019-0517/index.html
How Dropbox Security builds tools for threat detection and incident response https://blogs.dropbox.com/tech/2019/10/how-dropbox-security-builds-better-tools-for-threat-detection-and-incident-response/
Manuel D'Orso
boosted
Mozilla will change security and privacy indicators in upcoming Firefox 
70:
https://blog.mozilla.org/security/2019/10/15/improved-security-and-privacy-indicators-in-firefox-70/
So it is time to change the "look for the green padlock icon" security tips that are around for years (and were actually never sufficient as written in https://infosec-handbook.eu/blog/web-security-myths/#m3).
#mozilla #firefox #security #privacy #indicator #padlock #infosec #cybersecurity
WordPress 5.2.4 Security Release Breakdown
https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
RT @ORARiccardo@twitter.com
"Dance like no one is watching, encrypt like everyone is." Ho parlato con @edok_lotosov@twitter.com dei TransCyberian CryptoParty https://www.vice.com/it/article/vb5xbd/transcyberian-cryptoparty-intervista-xenia-ermoshina
Securing Docker Containers https://0x00sec.org/t/securing-docker-containers/16913
RT @Secjuice@twitter.com
Security researcher and OSINT practioner @n0mad42@twitter.com has put together this awesome #osint beginner guide to detecting firewalls and gateways.
https://www.secjuice.com/osint-detecting-enumerating-firewalls-gateways/
RT @evaristegal0is@twitter.com
Così i partiti manipolano l’opinione pubblica online: un problema globale https://www.agendadigitale.eu/cultura-digitale/cosi-i-partiti-manipolano-lopinione-pubblica-online-un-problema-globale/
Manuel D'Orso
boosted
Working on compiling a Ryuk/Grim Spider layer for the MITRE ATT&CK navigator, based on available OSINT, in case anyone wants to help out.
Manuel D'Orso
boosted
~Open Source Security Tool of the Day~
Nebulo is a free, open-source, non-root and small sized DNS changer utilizing dns-over-https and dns-over-tls to bring privacy and security to your phone.
It is fast, contains no ads or tracking and offers a lot of flexibility.
https://git.frostnerd.com/PublicAndroidApps/smokescreen/blob/master/README.md
Vendor related - Intelligence From Internet Background Noise
Analysis of an Exploited #NPM Package || Jarrod Overson
https://www.youtube.com/watch?v=2cyib2MgvdM&feature=youtu.be
Manuel D'Orso
boosted
Blog post: CVE-2019-10392 — Yet Another 2k19 Authenticated Remote Command Execution in Jenkins - https://iwantmore.pizza/posts/cve-2019-10392.html
Reading: 3 min
Published: 09/12/2019
- Keybase
- cirku17
Ⓐ INTJ • Infosec analyst • Metaveillance practitioner • Crypto-anarchism enthusiast • Fellow at Cyber Saiyan
Italy
Joined May 2019
