CVE-2021-31166: A Wormable Code Execution Bug in HTTP.sys
https://www.zerodayinitiative.com/blog/2021/5/17/cve-2021-31166-a-wormable-code-execution-bug-in-httpsys
https://www.zerodayinitiative.com/blog/2021/5/17/cve-2021-31166-a-wormable-code-execution-bug-in-httpsys
Zero Day Initiative
Zero Day Initiative — CVE-2021-31166: A Wormable Code Execution Bug in HTTP.sys
In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Kc Udonsi and Yazhi Wang of the Trend Micro Research Team detail a recent code execution vulnerability in the Microsoft Internet Information Services (IIS) for Windows.…
How I was able to bypass the admin portal by using the default credentials in BBC Corporation.
https://infosecwriteups.com/how-i-was-able-to-bypass-the-admin-portal-by-using-the-default-credentials-52bfb13e6f3
https://infosecwriteups.com/how-i-was-able-to-bypass-the-admin-portal-by-using-the-default-credentials-52bfb13e6f3
Medium
How I was able to bypass the admin portal by using the default credentials in BBC Corporation.
Hello everyone, today I will be talking about one of the critical bug which I found on the BBC website which is bypassing the admin portal…
FalconEye - Real-time detection software for Windows process injections.
https://github.com/rajiv2790/FalconEye
https://github.com/rajiv2790/FalconEye
GitHub
GitHub - rajiv2790/FalconEye
Contribute to rajiv2790/FalconEye development by creating an account on GitHub.
Hacker's guide to deep-learning side-channel attacks: the theory https://elie.net/blog/security/hacker-guide-to-deep-learning-side-channel-attacks-the-theory
elie.net
Hacker's guide to deep-learning side-channel attacks: the theory | blog post
Learn the concepts behind deep-learning side-channels attack, a powerful cryptanalysis technique, by using it to recover AES cryptographic keys from a hardware device.
Malware Can Use This Trick to Bypass Ransomware Defense in Antivirus Solutions
https://thehackernews.com/2021/06/malware-can-use-this-trick-to-bypass.html
https://thehackernews.com/2021/06/malware-can-use-this-trick-to-bypass.html
The Hacker News
Malware Can Use This Trick to Bypass Ransomware Defense in Antivirus Solutions
Malware Can Use This New Trick to Bypass Ransomware Defense in Popular Antivirus Solutions
Hidden parameters discovery suite written in Rust.
Features:
A lot of things to customize: key template, value template, encodings, and even injection points.
Supports 6 main methods: GET, POST, PUT, PATCH, DELETE, HEAD.
Has built in 2 main body types: json, urlencode.
Able to discover parameters with not random value, like admin=true
Compares responses line-by-line.
Adds to every request cachebuster by default.
#Rust #CTF #redteaming #parameters #web
https://github.com/Sh1Yo/x8
Features:
A lot of things to customize: key template, value template, encodings, and even injection points.
Supports 6 main methods: GET, POST, PUT, PATCH, DELETE, HEAD.
Has built in 2 main body types: json, urlencode.
Able to discover parameters with not random value, like admin=true
Compares responses line-by-line.
Adds to every request cachebuster by default.
#Rust #CTF #redteaming #parameters #web
https://github.com/Sh1Yo/x8
GitHub
GitHub - Sh1Yo/x8: Hidden parameters discovery suite
Hidden parameters discovery suite. Contribute to Sh1Yo/x8 development by creating an account on GitHub.
The Race to Native Code Execution in PLCs
https://www.claroty.com/2021/05/28/blog-research-race-to-native-code-execution-in-plcs/
https://www.claroty.com/2021/05/28/blog-research-race-to-native-code-execution-in-plcs/
Claroty
Siemens PLC Software Vulnerabilities Uncovered | Team82
Claroty has found a severe memory protection bypass vulnerability (CVE-2020-15782) in Siemens PLC Software, the SIMATIC S7-1200 and S7-1500. Learn more.