Binary code-coverage fuzzer for macOS, based on libFuzzer and LLVM - GitHub - ant4g0nist/ManuFuzzer: Binary code-coverage fuzzer for macOS, based on libFuzzer and LLVM

A lot has been written on the topic of detecting SSH honeypots in the past, usually using their canned responses against them, SSH protocol quirks, them accepting every password, etc. While experim…

Today we are excited to release oramfs, a simple, flexible, Free Software ORAM implementation for Linux written in Rust. It is designed to support different ORAM schemes and encryption ciphers. It …

A new large-scale attack targets Kubeflow and TensorFlow to mine Monero cryptocurrency in Kubernetes cluster environments.

Advisories, proof of concept files and exploits that have been made public by @pedrib. - PoC/cisco_ise_rce.md at master · pedrib/PoC

Proof-of-concept exploit code was published on Github on June 29, 2021 for a vulnerability (CVE-2021-1675) in Print Spooler.

This article is in no way affiliated, sponsored, or endorsed with/by Fidelis Cybersecurity. All graphics are being displayed under fair use for the purposes of this article.

Operation Eagle Eye
Who remembers that movie about 15 years ago called Eagle…

Posted in r/netsec by u/0xdea • 332 points and 49 comments

Hello . In this writeup, i will show you how i found a potential remote code execution (CVE-2019–13561) in the dlink dir-615 firmware.

On this episode we begin to talk about the difference between zero trust and zero knowledge, ransomware groups going dark for the moment and recent tactics and techniques.Eric Taylor | LinkedInTwitter: barricadecyberwww.barricadecyber.comShiva Maharaj | …

Some people asked me about publishing a comparison between x8 and other major tools for parameter discovery: Arjun and Param Miner, so here it is!

Introduction Finding DOM XSS can be tricky when it's buried in thousands of lines of code. We recently developed DOM Invader to help tackle this using a combined dynamic+manual approach to vulnerabili

Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team. - nccfsas/Tools/spoolsystem at main · nccgroup/nccfsas

Data from 700 million LinkedIn users has been put up for sale online, making this one of the largest LinkedIn data leaks to date. After analyzing the data and making contact with the seller, we have updated this article with more information, including how…

First, let us look at and analyze a few examples of how events are counted and the rate of the stream is estimated in general. The next step is to see a generalization, namely some class of counters, which we call the u-model. Next, we explore what useful…

by Mitja Kolsek, the 0patch Team Update 8/11/2021: August 2021 Windows Updates brought a fix for PrintNightmare that has the same default ef...

The problem with enforcing TPMs on consumers

Resources for DFIR Professionals Responding to the REvil Ransomware Kaseya Supply Chain Attack - GitHub - cado-security/DFIR_Resources_REvil_Kaseya: Resources for DFIR Professionals Responding to t...