Defeating Code Obfuscation with Angr
https://ift.tt/3i9mSN5
Submitted June 01, 2021 at 03:01PM by NapongiZero
via reddit https://ift.tt/2SJeM3d
https://ift.tt/3i9mSN5
Submitted June 01, 2021 at 03:01PM by NapongiZero
via reddit https://ift.tt/2SJeM3d
NapongiZero’s Blog
Defeating Code Obfuscation with Angr
A few weeks back I encountered an obfuscated piece of code. Reversing it seemed very tedious.
New AWS attack technique - Attackers can spoof their IP address on CloudTrail logs
https://ift.tt/3oKFSCW
Submitted May 30, 2021 at 08:32PM by Sayag_Security
via reddit https://ift.tt/2Tw6v38
https://ift.tt/3oKFSCW
Submitted May 30, 2021 at 08:32PM by Sayag_Security
via reddit https://ift.tt/2Tw6v38
www.hunters.security
Hunters Research: Detecting Obfuscated Attacker IPs in AWS
Hunters' research team discovers obfuscation technique using AWS VPC feature. Attackers could change the IP address written to AWS CloudTrail logs.
what do you think guys, is it OK to hook API call to get key or part of the key which is generated from a ransomware side.
https://ift.tt/3c92TKS
Submitted June 01, 2021 at 04:26PM by vah_13
via reddit https://ift.tt/3i51zwb
https://ift.tt/3c92TKS
Submitted June 01, 2021 at 04:26PM by vah_13
via reddit https://ift.tt/3i51zwb
French Quebec/Quebecker passwords list for your pentest!
https://ift.tt/3wRakxZ
Submitted June 01, 2021 at 08:13PM by pathetiq
via reddit https://ift.tt/3uE1emT
https://ift.tt/3wRakxZ
Submitted June 01, 2021 at 08:13PM by pathetiq
via reddit https://ift.tt/3uE1emT
Reddit
From the netsec community on Reddit: French Quebec/Quebecker passwords list for your pentest!
Posted by pathetiq - No votes and no comments
Configure AWS DNS Firewall to Control DNS Traffic in VPCs (Terraform and CloudFormation Templates)
https://ift.tt/3fZOim6
Submitted June 01, 2021 at 08:42PM by elitistAlmond
via reddit https://ift.tt/3fYqyP7
https://ift.tt/3fZOim6
Submitted June 01, 2021 at 08:42PM by elitistAlmond
via reddit https://ift.tt/3fYqyP7
asecure.cloud
Route53 Resolver Security: Route53 Resolver DNS Firewall Custom Template
CloudFormation, Terraform, and AWS CLI Templates: Configuration templates to deploy an AWS Route53 Resolver Firewall and related settings including firewall rule groups, custom domain lists, and VPC associations. This configuration can be used to block DNS…
Technical analysis of two RCE in Grav CMS 1.7.10 (CVE-2021-29439, CVE-2021-29440)
https://ift.tt/3i7WuDn
Submitted June 01, 2021 at 08:35PM by monoimpact
via reddit https://ift.tt/3g0YTgz
https://ift.tt/3i7WuDn
Submitted June 01, 2021 at 08:35PM by monoimpact
via reddit https://ift.tt/3g0YTgz
Sonarsource
SonarSource Blog
SonarSource builds world-class Code Quality & Code Security tools. Our products, SonarLint, SonarQube, and SonarCloud are trusted by 200k+ organizations globally.
Akamai EAA Impersonation Vulnerability - A Deep Dive
https://ift.tt/3vJVCsO
Submitted June 02, 2021 at 06:07AM by more_muscle_aim
via reddit https://ift.tt/3c7Th36
https://ift.tt/3vJVCsO
Submitted June 02, 2021 at 06:07AM by more_muscle_aim
via reddit https://ift.tt/3c7Th36
Akamai
Akamai Blog | Akamai EAA Impersonation Vulnerability - A Deep Dive
In this post, we cover the technical details of CVE-2021-28091, the vulnerability impacting Akamai's Enterprise Application Access (EAA) platform.
New CVE database that visualizes CVEs and shows exploit price and eco impact
https://ift.tt/3yVEOkA
Submitted June 02, 2021 at 01:53PM by vowie92
via reddit https://ift.tt/3fFcbjV
https://ift.tt/3yVEOkA
Submitted June 02, 2021 at 01:53PM by vowie92
via reddit https://ift.tt/3fFcbjV
Vault1317 protocol: a modern approach for metadata protection with deniability
https://ift.tt/3i8qsaj
Submitted June 02, 2021 at 03:10PM by hardenedvault
via reddit https://ift.tt/3yYlZgk
https://ift.tt/3i8qsaj
Submitted June 02, 2021 at 03:10PM by hardenedvault
via reddit https://ift.tt/3yYlZgk
reddit
Vault1317 protocol: a modern approach for metadata protection with...
Posted in r/netsec by u/hardenedvault • 11 points and 1 comment
Revisiting Realtek – A New Set of Critical Wi-Fi Vulnerabilities Discovered by Automated Zero-Day Analysis
https://ift.tt/3uHHwGT
Submitted June 02, 2021 at 06:02PM by SRMish3
via reddit https://ift.tt/3g06ZGo
https://ift.tt/3uHHwGT
Submitted June 02, 2021 at 06:02PM by SRMish3
via reddit https://ift.tt/3g06ZGo
VDOO
Realtek Critical Wi-Fi Vulnerabilities Discovered
A comprehensive analysis revealing two new critical vulnerabilities discovered in a popular Realtek Wi Fi module by Vdoo’s automated product security platform, including a demonstration of the exploitation.
WE.LOCK: Unlocking Smart Locks with Web Vulnerabilities
https://ift.tt/3g1CCz7
Submitted June 02, 2021 at 07:39PM by CriticalSec
via reddit https://ift.tt/2RXEXTY
https://ift.tt/3g1CCz7
Submitted June 02, 2021 at 07:39PM by CriticalSec
via reddit https://ift.tt/2RXEXTY
GitHub
CriticalSecurity/welock
Contribute to CriticalSecurity/welock development by creating an account on GitHub.
Guide to P-code Injection: Changing the intermediate representation of code on the fly in Ghidra
https://ift.tt/2S3m8i4
Submitted June 02, 2021 at 08:22PM by yarbabin
via reddit https://ift.tt/3ipa8Cv
https://ift.tt/2S3m8i4
Submitted June 02, 2021 at 08:22PM by yarbabin
via reddit https://ift.tt/3ipa8Cv
PT SWARM
Guide to P-code Injection: Changing the intermediate representation of code on the fly in Ghidra
When we were developing the ghidra nodejs module for Ghidra, we realized that it was not always possible to correctly implement V8 (JavaScript engine that is used by Node.js) opcodes in SLEIGH. In such runtime environments as V8 and JVM, a single opcode might…
Exploiting a zero-day WebAssembly Vulnerability (CVE-2021-30734) in Apple Safari
https://ift.tt/2SNnL3q
Submitted June 02, 2021 at 08:44PM by gaasedelen
via reddit https://ift.tt/3fJy8y9
https://ift.tt/2SNnL3q
Submitted June 02, 2021 at 08:44PM by gaasedelen
via reddit https://ift.tt/3fJy8y9
RET2 Systems Blog
32 bits, 32 gigs, 1 click...
In this post we will examine a vulnerability in the WebAssembly subsystem of JavaScriptCore, the JavaScript engine used in WebKit and Apple Safari. The issue...
WordPress PHPMailer vulnerability analysis - WPSec
https://ift.tt/3wM3WZ0
Submitted June 03, 2021 at 12:03AM by jonas02
via reddit https://ift.tt/3cbRLgn
https://ift.tt/3wM3WZ0
Submitted June 03, 2021 at 12:03AM by jonas02
via reddit https://ift.tt/3cbRLgn
WPSec
WordPress PHPMailer vulnerability analysis - WPSec
On 13th May 2021, WordPress released WordPress 5.7.2, which was a security release fixing one vulnerability that affected versions 3.7 to 5.7. This vulnerability is a PHP Object Injection vulnerability in PHPMailer (CVE-2020-36326, CVE-2018-19296) that occurs…
Hiring Security Engineers/ Pen Testers at all levels for Security Innovation, apply below :)
https://ift.tt/34IO7Go
Submitted June 03, 2021 at 03:22AM by cheycat306
via reddit https://ift.tt/34O065v
https://ift.tt/34IO7Go
Submitted June 03, 2021 at 03:22AM by cheycat306
via reddit https://ift.tt/34O065v
Pinpointhq
Us Courts Penetration Tester
Job Opening: Us Courts Penetration Tester at Security Innovation in Seattle .
Why We Hash Passwords
https://ift.tt/3idsENO
Submitted June 03, 2021 at 06:23AM by dennisbyrne
via reddit https://ift.tt/2SQe707
https://ift.tt/3idsENO
Submitted June 03, 2021 at 06:23AM by dennisbyrne
via reddit https://ift.tt/2SQe707
dzone.com
Why We Hash Passwords - DZone Security
Learn about password hashing, salting, and key derivation functions in Python.
UI Security - Thinking Outside the Viewport
https://ift.tt/3vJVoBH
Submitted June 03, 2021 at 01:11PM by albinowax
via reddit https://ift.tt/3yY4sF4
https://ift.tt/3vJVoBH
Submitted June 03, 2021 at 01:11PM by albinowax
via reddit https://ift.tt/3yY4sF4
Microsoft Browser Vulnerability Research
UI Security - Thinking Outside the Viewport
Introduction
More macOS Installer Flaws
https://ift.tt/3fZchBG
Submitted June 03, 2021 at 06:33PM by dinobyt3s
via reddit https://ift.tt/3z862EL
https://ift.tt/3fZchBG
Submitted June 03, 2021 at 06:33PM by dinobyt3s
via reddit https://ift.tt/3z862EL
Medium
More macOS Installer Flaws
Unexpected “Expected” Behavior
WebLogic RCE Leads to XMRig
https://ift.tt/3x7X2xB
Submitted June 03, 2021 at 08:37PM by TheDFIRReport
via reddit https://ift.tt/3uIwNff
https://ift.tt/3x7X2xB
Submitted June 03, 2021 at 08:37PM by TheDFIRReport
via reddit https://ift.tt/3uIwNff
The DFIR Report
WebLogic RCE Leads to XMRig
This report will review an intrusion where the threat actor took advantage of a WebLogic remote code execution vulnerability (CVE-2020–14882) to gain initial access to the system before installing a coin miner (XMRig).
Automatically deploy only relevant security updates for Linux CentOS using Errata plugin from Vulners
https://ift.tt/2SVVJTy
Submitted June 03, 2021 at 09:30PM by redsailor
via reddit https://ift.tt/3pjoXb1
https://ift.tt/2SVVJTy
Submitted June 03, 2021 at 09:30PM by redsailor
via reddit https://ift.tt/3pjoXb1
Vulners
Free CentOS errata from Vulners – Vulners Blog
OSX/Hydromac: A new macOS malware leaked from a Flashcards app
https://ift.tt/2S6yki5
Submitted June 03, 2021 at 11:39PM by lordx64
via reddit https://ift.tt/3cdEtQi
https://ift.tt/2S6yki5
Submitted June 03, 2021 at 11:39PM by lordx64
via reddit https://ift.tt/3cdEtQi
Medium
OSX/Hydromac: A new macOS malware leaked from a Flashcards app
At @ConfiantIntel we had some “luck” finding a new malware targeting the new Apple flagship M1 computers. I put “luck” between quotes, as…