Exploiting the Sudo Baron Samedit vulnerability (CVE-2021-3156) on VMWare vCenter Server 7.0
https://ift.tt/3ACrBxF
Submitted July 07, 2021 at 01:38AM by digicat
via reddit https://ift.tt/36jphxD
https://ift.tt/3ACrBxF
Submitted July 07, 2021 at 01:38AM by digicat
via reddit https://ift.tt/36jphxD
NCC Group Research
Exploiting the Sudo Baron Samedit vulnerability (CVE-2021-3156) on VMWare vCenter Server 7.0
NCC Group’s Exploit Development Group document exploiting the sudo vulnerability on VMWare vCenter Server
Hookshot - A Python Tool to Scrape Websites for Emails and Check Them for Data Breaches with HIBP
https://ift.tt/2Vf3ODW
Submitted July 07, 2021 at 01:18AM by malanom3
via reddit https://ift.tt/36ezQ5j
https://ift.tt/2Vf3ODW
Submitted July 07, 2021 at 01:18AM by malanom3
via reddit https://ift.tt/36ezQ5j
GitHub
hookshot/README.md at master · andrew-vii/hookshot
Integrated web scraper and email account data breach comparison tool - hookshot/README.md at master · andrew-vii/hookshot
Damn Vulnerable Bank Guide
https://ift.tt/3yvvans
Submitted July 07, 2021 at 03:52AM by Rewanth_Tammana
via reddit https://ift.tt/2SVoMXI
https://ift.tt/3yvvans
Submitted July 07, 2021 at 03:52AM by Rewanth_Tammana
via reddit https://ift.tt/2SVoMXI
These Data leaks are literally backdoors, they always come out much later.
https://ift.tt/2UGxQ3a
Submitted July 07, 2021 at 05:19AM by chumze_simius
via reddit https://ift.tt/3hFjwjk
https://ift.tt/2UGxQ3a
Submitted July 07, 2021 at 05:19AM by chumze_simius
via reddit https://ift.tt/3hFjwjk
A PrintNightmare (CVE-2021-34527) Python Scanner. Scan entire subnets for hosts vulnerable to the PrintNightmare RCE
https://ift.tt/3jKnEkH
Submitted July 07, 2021 at 10:58AM by byt3bl33d3r
via reddit https://ift.tt/3jKYgLE
https://ift.tt/3jKnEkH
Submitted July 07, 2021 at 10:58AM by byt3bl33d3r
via reddit https://ift.tt/3jKYgLE
VaultHSM report: The way to confirm whether the Smart Card (J3H145) supports RFC-6979 ECDSA implementation
https://ift.tt/3xtfilC
Submitted July 07, 2021 at 12:22PM by hardenedvault
via reddit https://ift.tt/36gVpSu
https://ift.tt/3xtfilC
Submitted July 07, 2021 at 12:22PM by hardenedvault
via reddit https://ift.tt/36gVpSu
Kaspersky Password Manager: All your passwords are belong to us
https://ift.tt/3AzL2HF
Submitted July 06, 2021 at 06:02PM by lormayna
via reddit https://ift.tt/3ADsSVa
https://ift.tt/3AzL2HF
Submitted July 06, 2021 at 06:02PM by lormayna
via reddit https://ift.tt/3ADsSVa
Donjon
Kaspersky Password Manager: All your passwords are belong to us
Password generated by Kaspersky Password Manager were predictable (CVE-2020-27020).
Detecting Cowrie in “proxy” Mode.
https://ift.tt/3wolBp9
Submitted July 07, 2021 at 01:41PM by katyushas_lab
via reddit https://ift.tt/3qRg74V
https://ift.tt/3wolBp9
Submitted July 07, 2021 at 01:41PM by katyushas_lab
via reddit https://ift.tt/3qRg74V
Darren Martyn
Detecting Cowrie in “proxy” Mode
So in “proxy” mode, Cowrie is pretty damn powerful. It proxies you through to a backend pool of live systems or virtual machines. It is god damn awesome. My previous detection methods b…
CVE-2021-20595: Unauthenticated XXE in Multiple Mitsubishi Electric Air Conditioner Control Systems | Aon
https://ift.tt/3xpypN5
Submitted July 07, 2021 at 06:31PM by b1x3r
via reddit https://ift.tt/3ho1D9E
https://ift.tt/3xpypN5
Submitted July 07, 2021 at 06:31PM by b1x3r
via reddit https://ift.tt/3ho1D9E
Aon
CVE-2021-20595: Unauthenticated XXE in Multiple Mitsubishi Electric Air Conditioner Control Systems | Aon
Aon’s Cyber Solutions discovered a security vulnerability affecting over 20 Mitsubishi Electric Air Conditioner Control Systems leading to information disclosure and/or denial of service via unauthenticated XML External Entity Injection (XXE). For a complete…
Leveraging Burp Suite extension for finding HTTP Request Smuggling.
https://ift.tt/2SPIkMY
Submitted July 07, 2021 at 08:22PM by myshit11
via reddit https://ift.tt/2TKLL83
https://ift.tt/2SPIkMY
Submitted July 07, 2021 at 08:22PM by myshit11
via reddit https://ift.tt/2TKLL83
Medium
Leveraging Burp Suite extension for finding HTTP Request Smuggling.
HTTP Request Smuggling is often left behind in bug bounty findings. But with the right extension, you can automate the task of finding HTTP…
LibAFL: Rust Library to Develop Customized Fuzzers
https://ift.tt/3hLzsQW
Submitted July 07, 2021 at 08:51PM by domenukk
via reddit https://ift.tt/3ALZ2hF
https://ift.tt/3hLzsQW
Submitted July 07, 2021 at 08:51PM by domenukk
via reddit https://ift.tt/3ALZ2hF
GitHub
GitHub - AFLplusplus/LibAFL: Advanced Fuzzing Library - Slot your Fuzzer together in Rust! Scales across cores and machines. For…
Advanced Fuzzing Library - Slot your Fuzzer together in Rust! Scales across cores and machines. For Windows, Android, MacOS, Linux, no_std, ... - GitHub - AFLplusplus/LibAFL: Advanced Fuzzing Libra...
Old dog, same tricks. Remote Command Injection as-a-service
https://ift.tt/3dT7b9W
Submitted July 08, 2021 at 01:49AM by pocorgtfoftw
via reddit https://ift.tt/2UsDiGH
https://ift.tt/3dT7b9W
Submitted July 08, 2021 at 01:49AM by pocorgtfoftw
via reddit https://ift.tt/2UsDiGH
Script to help mitigate the PrintNightmare CVE-2021-34527 exploit
https://ift.tt/3dRo8l2
Submitted July 08, 2021 at 04:39AM by jokezone
via reddit https://ift.tt/3jTWasY
https://ift.tt/3dRo8l2
Submitted July 08, 2021 at 04:39AM by jokezone
via reddit https://ift.tt/3jTWasY
GitHub
PowerShell-Scripts/Configure-PrintSpooler.ps1 at main · jokezone/PowerShell-Scripts
Random PowerShell noscripts worth sharing. Contribute to jokezone/PowerShell-Scripts development by creating an account on GitHub.
ASProtect embedded runtime DLL memory corruption aka Windows Defender RCE
https://ift.tt/3jVBKQe
Submitted July 08, 2021 at 10:04AM by 0xdea
via reddit https://ift.tt/3AIfD5Y
https://ift.tt/3jVBKQe
Submitted July 08, 2021 at 10:04AM by 0xdea
via reddit https://ift.tt/3AIfD5Y
Reddit
From the netsec community on Reddit: ASProtect embedded runtime DLL memory corruption aka Windows Defender RCE
Posted by 0xdea - 33 votes and 4 comments
Security Scorecards - Security health metrics for Open Source
https://ift.tt/32tFWwX
Submitted July 08, 2021 at 11:44AM by mycall
via reddit https://ift.tt/3yxR9dx
https://ift.tt/32tFWwX
Submitted July 08, 2021 at 11:44AM by mycall
via reddit https://ift.tt/3yxR9dx
GitHub
GitHub - ossf/scorecard: Security Scorecards - Security health metrics for Open Source
Security Scorecards - Security health metrics for Open Source - GitHub - ossf/scorecard: Security Scorecards - Security health metrics for Open Source
hacker5.org is a blog providing bite-size information about five recent things happened in netsec that update not so frequently as compared with other security news site. Data are mostly collected from here (r/netsec) and ycombinator hackernews.
https://hacker5.org/
Submitted July 08, 2021 at 12:36PM by MilonMaze
via reddit https://ift.tt/3dPDRBl
https://hacker5.org/
Submitted July 08, 2021 at 12:36PM by MilonMaze
via reddit https://ift.tt/3dPDRBl
reddit
hacker5.org is a blog providing bite-size information about five...
Posted in r/netsec by u/MilonMaze • 0 points and 0 comments
A series of free interactive AWS security training modules that teach developers how to identify and mitigate security vulnerabilities in their AWS hosted cloud applications.
https://ift.tt/2SW8j5r
Submitted July 08, 2021 at 08:03PM by Cool-Return
via reddit https://ift.tt/3hrW3Dn
https://ift.tt/2SW8j5r
Submitted July 08, 2021 at 08:03PM by Cool-Return
via reddit https://ift.tt/3hrW3Dn
Kontra
Application Security Training For Developers | Kontra
Kontra is an Application Security Training platform built for modern development teams.
Global Phishing Campaign Targets Energy Sector and its Suppliers
https://ift.tt/36plE9s
Submitted July 08, 2021 at 08:03PM by Milafasents
via reddit https://ift.tt/3yyidta
https://ift.tt/36plE9s
Submitted July 08, 2021 at 08:03PM by Milafasents
via reddit https://ift.tt/3yyidta
Intezer
Global Phishing Campaign Targets Energy Sector and its Suppliers
Attack also targets oil & gas suppliers likely as a stepping-stone to infect companies that work with the suppliers.
Conti Unpacked | Understanding Ransomware Development As a Response to Detection
https://ift.tt/3jYsR8o
Submitted July 08, 2021 at 09:32PM by Cyberthere
via reddit https://ift.tt/3qVVJzK
https://ift.tt/3jYsR8o
Submitted July 08, 2021 at 09:32PM by Cyberthere
via reddit https://ift.tt/3qVVJzK
SentinelOne
Conti Unpacked | Understanding Ransomware Development As a Response to Detection - SentinelLabs
Conti's rapid encryption speed is matched only by its rapid evolution. SentinelLabs' deep dive explores its development in unprecedented detail.
NIST CSF Framework Benchmark (85 open source controls for AWS)
https://ift.tt/3wv6Mku
Submitted July 09, 2021 at 12:51AM by CloudSpout
via reddit https://ift.tt/3k1rlT4
https://ift.tt/3wv6Mku
Submitted July 09, 2021 at 12:51AM by CloudSpout
via reddit https://ift.tt/3k1rlT4
Steampipe Hub
AWS Compliance Mod for Steampipe
Run individual configuration, compliance and security controls or full compliance benchmarks for CIS, PCI, NIST, HIPAA, RBI CSF, and AWS Foundational Security Best Practices controls across all your AWS accounts using Steampipe.
Sneaky malware reconfigures Hive OS wallet so attacker gets mined coins
https://ift.tt/3dYcTY8
Submitted July 09, 2021 at 02:07AM by securehoney
via reddit https://ift.tt/2T1svTE
https://ift.tt/3dYcTY8
Submitted July 09, 2021 at 02:07AM by securehoney
via reddit https://ift.tt/2T1svTE
Secure Honey
Sneaky Malware Reconfigures Hive OS Wallet for Profit | Secure Honey
I recently observed some malware (uploaded to my honeypot) that targets Hive OS's wallet configuration -- to redirect mined coins to the attacker.