US Bureau of Industry and Security bans export of hacking tools to authoritarian regimes

The Commerce Department’s Bureau of Industry and Security (BIS) would ban U.S. firms from selling hacking tools to authoritarian regimes. The Commerce Department’s Bureau of Industry and Security (BIS) would introduce a new export control rule aimed at banning the export or resale of hacking tools to authoritarian regimes.  The rule announced by the BIS […]

The post US Bureau of Industry and Security bans export of hacking tools to authoritarian regimes appeared first on Security Affairs.

October 21, 2021
Read More >>

Top 5 Attack Vectors to Look Out For in 2022

Threat actors are continually looking for better ways to target organizations, here are the top five attack vectors to look out for in 2022. Malicious actors are continually looking for better ways to carry out successful cyber attacks. Whether motivated by a potential payday or the ability to access confidential information, cybercriminals have plenty of […]

The post Top 5 Attack Vectors to Look Out For in 2022 appeared first on Security Affairs.

October 21, 2021
Read More >>

Cloudfront takeover !

I found an unclaimed Cloudfront instance on a subdomain I was testing. However when I went to create a new Cloudfront distribution with the URL as the CNAME it didn’t work, it showed an error explaining how you need to upload a trusted cert from a CA. …

October 21, 2021
Read More >>

Attending a conference hosted by a company sanctioned by the feds?

Asking here because I know most of Reddit users are from the US but there’s a popular hacking conference held in Moscow by a company called Positive Technologies. The company is sanctioned by the US government for recruiting/working with Russian intelligence services lol

Anyways, the Russians I’ve swapped notes with really know their stuff and I’d love to attend their next in person event. Problem is that you have to pay to get in, and I’m not sure if there’s consequences to me doing that.

Before I get to the visa/booking portion when the conference dates are announced, I was hoping to find out (or find out where to look) if I will run into any drama.

Last thing I want to do is look like a total buffoon on something like my reentry into the US asking what I was doing in Russia

submitted by /u/heap-spray-n-pray
[link] [comments]

October 21, 2021
Read More >>

ISO being able to create a new windows admin user?

Hello. So I have one crk of a windows pass recovery but it can only reset current pass and I need to create a new admin user for one thing.

I will give you a few methods for both Windows 7 and 10 hacking as a thank you.. not very private but you probably didn’t know some of them 🙂 cheers.

*It’s all for my own PC, as I already said above I have a tool to reset the pass already and I know few methods of bypassing windows 7/10 pass. It’s just for my own use.

submitted by /u/bhwolf0d
[link] [comments]

October 21, 2021
Read More >>

PurpleFox botnet variant uses WebSockets for more secure C2 communication

Researchers warn of a new evolution of the PurpleFox botnet, operators included exploits and leverage WebSockets for C2 communication. Researchers from TrendMicro have documented a recent evolution of the PurpleFox botnet, the experts discovered a new .NET backdoor, dubbed FoxSocket, that is highly associated with the PurpleFox operation. Its operators have added new exploits and […]

The post PurpleFox botnet variant uses WebSockets for more secure C2 communication appeared first on Security Affairs.

October 20, 2021
Read More >>

How do you tell people you’re a hacker without annoying questions?

I’ve said it all by now Pen-tester, Penetration tester, Cyber Security Consultant, Hacker, Computer guy, IT personal. But eventually it always leads to me saying I hack into computers and customers pay me for a report about my findings.

And then Everytime “oh I need to be careful of you”

Don’t get me wrong it’s a cool job, one I’m really proud of but I’m so sick of getting asked “can you hack into my ex’s Facebook” “can you get me the exam answers, for my upcoming exam” my fave is when the offer “compensation” I’ll buy you a barrel of beer.

Funny quibble

Till today my favorite story I sorta equally enjoyed and hated this exchange. I was working on a white box, and set up a jump host the son of the owner (about 21) came up and said:”master hacker, I lost my phone either on a ship or the toilet can you hack that for me?”

In the end he lost it on a ship that was destined for the cape, and wouldn’t return for several months to home port. He had to have someone send it through post next time they got to port.

Because I HACKED (find my iPhone) his phone he actually brought a crate of beer for when we had our final report so that was actually really tight of him.

submitted by /u/comrade-linux
[link] [comments]

October 20, 2021
Read More >>

Bruteforce

I am trying to get into my DVR, I no longer have the admin password. I tried to use some applications for bruteforce, but most seem to require the hash file. Is there a program that will type in password for me? The dvr is log on able from the computer…

October 20, 2021
Read More >>