At @ConfiantIntel we had some “luck” finding a new malware targeting the new Apple flagship M1 computers. I put “luck” between quotes, as…

Run individual configuration, compliance and security controls or full compliance benchmarks for CIS for Zoom. - GitHub - turbot/steampipe-mod-zoom-compliance: Run individual configuration, complia...

Posted in r/netsec by u/lacraig2 • 16 points and 0 comments

Writeup for a cross-site noscripting bug I found in the AWS Console.

If you are coming back, and just here for the cheatsheet, you can find that here. If it’s your first time, hopefully you’ll read through the whole thing. Note: For my own sanity, I have inten…

One high risk XSS vulnerability was identified within the Froala application.

This is a write-up of the recent trends in credential stuffing attacks that the CUJO AI Labs detected in our honeypots. Find out what password brute-force techniques and tools attackers are using in 2021.

SSRF explained and the techniques to indentify, and bypass server side SSRF filtering.

The User Enrollment MDM option added with iOS 13 does not restrict MDM-deployed certificates to MDM-deployed applications, and in the absence of additional controls such as certificate pinning these certificates are, surprisingly, trusted by personally installed…

A privileged user can obtain remote code execution on Q'center through a manipulated QPKG installation package.

Kubernetes Goat 🐐 is a "Vulnerable by Design" Kubernetes Cluster. Designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security 🔐 - Git...

In this blog we discuss a project we are open sourcing: An In-memory Embedding of CPython. We provide a brief overview of this research and also share our results with the community. A paper [1] on this research was accepted in the USENIX Workshop on Offensive…

Posted in r/netsec by u/adulau • 2 points and 0 comments

In this blog article I demonstrate several bullet-proof ways how to detect Brightdata Data Collector as a bot without any doubt.

After completing Cridex Malware analysis decided to take up jackcr difr challenge for further learning . I will continue to use Volatility Open Source Framework for this analysis .Also, you can read, Cridex Malware analysis here Challenge The challenge consist…

a benchmarking&stressing tool that can send raw HTTP requests - utkusen/reqstress

Learn how to protect your SaaS applications with the SaaS CTO security checklist. Doing the basics goes a long way in keeping your company and product secure.

Joomla password reset vulnerability and a stored XSS for full compromise. chaining a password reset vulnerability and a XSS for joomla RCE