Microsoft made its Project OneFuzz open to the public. This is an open source fuzzing framework for Azure that the tech giant has been using internally for past years to find and patch bugs.
Take a look:
https://github.com/microsoft/onefuzz
Take a look:
https://github.com/microsoft/onefuzz
GitHub
GitHub - microsoft/onefuzz: A self-hosted Fuzzing-As-A-Service platform
A self-hosted Fuzzing-As-A-Service platform. Contribute to microsoft/onefuzz development by creating an account on GitHub.
SNMP Arbitrary Command Execution
https://medium.com/@ojasookert/snmp-arbitrary-command-execution-19a6088c888e?source=email-578be4a0b4a7-1600482129620-digest.reader------1-71------------------5bf00a92_14c6_4d71_a181_e885cb21d85c-27-d7ede1f7_c6c5_4740_a82b_3777b41fc2c1----
https://medium.com/@ojasookert/snmp-arbitrary-command-execution-19a6088c888e?source=email-578be4a0b4a7-1600482129620-digest.reader------1-71------------------5bf00a92_14c6_4d71_a181_e885cb21d85c-27-d7ede1f7_c6c5_4740_a82b_3777b41fc2c1----
Medium
SNMP Arbitrary Command Execution
SNMP, the Simple Network Management Protocol, which in certain communities is better known as Security Not My Problem, is a protocol to…
CVE-2020-74
FreeBSD Kernel Privilege Escalation (PoC)
https://www.zerodayinitiative.com/blog/2020/9/1/cve-2020-7460-freebsd-kernel-privilege-escalation
PoC code:
https://github.com/thezdi/PoC/tree/master/CVE-2020-7460
FreeBSD Kernel Privilege Escalation (PoC)
https://www.zerodayinitiative.com/blog/2020/9/1/cve-2020-7460-freebsd-kernel-privilege-escalation
PoC code:
https://github.com/thezdi/PoC/tree/master/CVE-2020-7460
Zero Day Initiative
Zero Day Initiative — CVE-2020-7460: FreeBSD Kernel Privilege Escalation
In August, an update to FreeBSD was released to address a time-of-check to time-of-use (TOCTOU) bug that could be exploited by an unprivileged malicious userspace program for privilege escalation. This vulnerability was reported to the ZDI program by a researcher…
Vulnerability in Kaspersky antivirus makes your browsing history public
https://medium.com/@iics/vulnerability-in-kaspersky-antivirus-makes-your-browsing-history-public-68e2861d4951?source=email-578be4a0b4a7-1600568311473-digest.reader------0-72------------------594e28e9_3197_4394_829a_6b715c714874-28-----
https://medium.com/@iics/vulnerability-in-kaspersky-antivirus-makes-your-browsing-history-public-68e2861d4951?source=email-578be4a0b4a7-1600568311473-digest.reader------0-72------------------594e28e9_3197_4394_829a_6b715c714874-28-----
Medium
Vulnerability in Kaspersky antivirus makes your browsing history public
Antivirus solutions are one of the basic protection tools for computer users; however, this software is not safe from flaws that alter the…
How I earned $500 from Google - Flaw in Authentication
https://medium.com/@hemantsolo/how-i-earned-500-from-google-flaw-in-authentication-a40018c05616
https://medium.com/@hemantsolo/how-i-earned-500-from-google-flaw-in-authentication-a40018c05616
Medium
How I earned $500 from Google - Flaw in Authentication
Hello Everyone!
Fortinet's Fortigate VPN solution running default settings leave over 200,000 businesses vulnerable to man-in-the-middle (MitM) attacks.
Learn how: https://thehackernews.com/2020/09/fortigate-vpn-security.html
Learn how: https://thehackernews.com/2020/09/fortigate-vpn-security.html
The Hacker News
Fortinet VPN with Default Settings Leave 200,000 Businesses Open to Hackers
Fortinet's Fortigate VPN solution running default settings leave over 200,000 businesses vulnerable to man-in-the-middle (MitM) attacks.
Forwarded from Security Analysis
UAC bypass (Privilege escalation)
Real Time Detection of User Account Control (UAC) bypass via hijacking The DiskCleanup Scheduled Task
https://github.com/elastic/detection-rules/blob/main/rules/windows/privilege_escalation_uac_bypass_diskcleanup_hijack.toml
#UAS_Bypass
@securation
Real Time Detection of User Account Control (UAC) bypass via hijacking The DiskCleanup Scheduled Task
https://github.com/elastic/detection-rules/blob/main/rules/windows/privilege_escalation_uac_bypass_diskcleanup_hijack.toml
#UAS_Bypass
@securation
Offensive Terraform Modules
Automated multi step offensive attack modules with Infrastructure as Code(IAC)
https://offensive-terraform.github.io/
Automated multi step offensive attack modules with Infrastructure as Code(IAC)
https://offensive-terraform.github.io/
offensive-terraform.github.io
Offensive Terraform
Automated multi step offensive attack modules with Infrastructure as Code(IAC)
Exploit Development (Format Strings Series 1 - 6 which covers :
Intro & dumping sensitive data
Redirecting code flow
More control over the writing process
Rewriting the GOT table
Memory leak + ASLR bypass
x86 exploitation :
https://www.youtube.com/playlist?list=PL9T4qUiaXpm5kpeqEQOpYVUaHF-FyAHHc
Intro & dumping sensitive data
Redirecting code flow
More control over the writing process
Rewriting the GOT table
Memory leak + ASLR bypass
x86 exploitation :
https://www.youtube.com/playlist?list=PL9T4qUiaXpm5kpeqEQOpYVUaHF-FyAHHc
YouTube
Exploit Development - YouTube
https://betrusted.io
A prototype security-foccussed open-software/hardware device (akin to a PDA) for delegating your sensitive information and tasks to. It has a microkernel and userspace in rust and the development version uses a reconfigurable FPGA instead of a CPU.
Betrusted is a secure and private communications system. It gives users an evidence-based reason to believe that private matters are kept private.
Betrusted is more than just an app, and more than just a gadget – it is a co-designed hardware + software solution that provides safe defaults for everyday users. It’s also open source, empowering advanced users to analyze, extend and explore this secure mobile computer.
#betrusted #mobile #phone #alternatives
A prototype security-foccussed open-software/hardware device (akin to a PDA) for delegating your sensitive information and tasks to. It has a microkernel and userspace in rust and the development version uses a reconfigurable FPGA instead of a CPU.
Betrusted is a secure and private communications system. It gives users an evidence-based reason to believe that private matters are kept private.
Betrusted is more than just an app, and more than just a gadget – it is a co-designed hardware + software solution that provides safe defaults for everyday users. It’s also open source, empowering advanced users to analyze, extend and explore this secure mobile computer.
#betrusted #mobile #phone #alternatives