Previous WhyNotWin11 Releases Vulnerable to DLL Hijacking, Privilege Escalation
https://ift.tt/3wsECXm
Submitted July 09, 2021 at 12:13PM by rcmaehl
via reddit https://ift.tt/3AKwrsP
https://ift.tt/3wsECXm
Submitted July 09, 2021 at 12:13PM by rcmaehl
via reddit https://ift.tt/3AKwrsP
GitHub
Vulnerability Disclosure 07 09 2021
Detection Script to help identify why your PC isn't Windows 11 Release Ready - rcmaehl/WhyNotWin11
UDP Technology IP Camera vulnerabilities - unauthenticated RCE Root.
https://ift.tt/2TJIiXH
Submitted July 09, 2021 at 02:35PM by M0t0k0Kus4n4g1
via reddit https://ift.tt/3jWfxSd
https://ift.tt/2TJIiXH
Submitted July 09, 2021 at 02:35PM by M0t0k0Kus4n4g1
via reddit https://ift.tt/3jWfxSd
Hacking Rendertron and Puppeteer, what to expect if you put a browser on the internet. - even recent version of Rendertron runs outdated browser with no-sandbox by default; you have to keep it safe
https://ift.tt/3ejAu63
Submitted July 09, 2021 at 05:48PM by 4lreadytekken
via reddit https://ift.tt/3yH2XKw
https://ift.tt/3ejAu63
Submitted July 09, 2021 at 05:48PM by 4lreadytekken
via reddit https://ift.tt/3yH2XKw
Medium
Hacking Rendertron and Puppeteer— What to expect if you put a browser on the internet
tldr: do not expose Rendertron! If you run headless browsers for things other than testing, design the infra expecting they will get owned.
"Surveilling the Gamers": New research paper illustrates how video games can be exploited for illegitimate surveillance and user profiling
https://ift.tt/3hVJHSG
Submitted July 09, 2021 at 05:44PM by bayashad
via reddit https://ift.tt/3hN8tEG
https://ift.tt/3hVJHSG
Submitted July 09, 2021 at 05:44PM by bayashad
via reddit https://ift.tt/3hN8tEG
Ssrn
Surveilling the Gamers: Privacy Impacts of the Video Game Industry by Jacob Leon Kröger, Philip Raschke, Jessica Percy Campbell…
With many million users across all age groups and income levels, video games have become the world’s leading entertainment industry. Behind the fun experience t
Analysing an O.MG cable
https://ift.tt/3dXy78r
Submitted July 09, 2021 at 06:52PM by kev-thehermit
via reddit https://ift.tt/2UCGgbS
https://ift.tt/3dXy78r
Submitted July 09, 2021 at 06:52PM by kev-thehermit
via reddit https://ift.tt/2UCGgbS
TechAnarchy
Analysing an O.MG cable
Setting up an O.MG cable for keystroke injection attacks, and then forensically dumping the firmware for analysis.
I wrote a local browser tool to query Nessus reports via SQL for easy analysis and reporting.
https://ift.tt/3htVfxC
Submitted July 10, 2021 at 06:38PM by The_Login
via reddit https://ift.tt/3xwhGYH
https://ift.tt/3htVfxC
Submitted July 10, 2021 at 06:38PM by The_Login
via reddit https://ift.tt/3xwhGYH
GitHub
GitHub - The-Login/nessSQL: Query nessus reports via SQL!
Query nessus reports via SQL! Contribute to The-Login/nessSQL development by creating an account on GitHub.
Getting Partial AWS Account IDs for any Cloudfront Website
https://ift.tt/2VmVUs1
Submitted July 10, 2021 at 06:48PM by arkadiyt
via reddit https://ift.tt/3wyslAC
https://ift.tt/2VmVUs1
Submitted July 10, 2021 at 06:48PM by arkadiyt
via reddit https://ift.tt/3wyslAC
Arkadiyt
Getting Partial AWS Account IDs for any Cloudfront Website
A bug in AWS ACM allows you to import valid TLS certificates for domains you don't own. Combined with a new Cloudfront feature this lets you extract AWS Account IDs for websites hosted on CloudFront.
This article was written for high schoolers that have heard of InfoSec at the surface and are unsure if it is for them. I was in that scenario in high school at one point and I hope to help others. This is my first ever blog post. Hold me to my word, I will never blog for monetary gain. Love you all
https://ift.tt/3k5HsiI
Submitted July 10, 2021 at 11:41PM by cradersec
via reddit https://ift.tt/3r1K2aD
https://ift.tt/3k5HsiI
Submitted July 10, 2021 at 11:41PM by cradersec
via reddit https://ift.tt/3r1K2aD
I created a program that automatically creates fuzzing harnesses for any library or program.
https://ift.tt/3e4blft
Submitted July 11, 2021 at 04:07AM by Green_Same
via reddit https://ift.tt/3r2c0Dk
https://ift.tt/3e4blft
Submitted July 11, 2021 at 04:07AM by Green_Same
via reddit https://ift.tt/3r2c0Dk
GitHub
GitHub - parikhakshat/autoharness: A tool that automatically creates fuzzing harnesses based on a library
A tool that automatically creates fuzzing harnesses based on a library - GitHub - parikhakshat/autoharness: A tool that automatically creates fuzzing harnesses based on a library
Whose app are you downloading? Link hijacking Binance’s shortlinks through AppsFlyer
https://ift.tt/2VtVYXc
Submitted July 11, 2021 at 08:05AM by samwcurry
via reddit https://ift.tt/3qZAcGu
https://ift.tt/2VtVYXc
Submitted July 11, 2021 at 08:05AM by samwcurry
via reddit https://ift.tt/3qZAcGu
Palisade
Link hijacking Binance’s shortlinks through AppsFlyer — Palisade
While auditing the Binance program through their public bug bounty program, we noticed that some of the site’s shortlinks were being routed through a third-party app analytics platform called AppsFlyer. The shortlinks were available after authenticating to…
Wrote a small, portable and fast PowerShell portscanner
https://ift.tt/3e6yVIm
Submitted July 11, 2021 at 01:13PM by The-Luemmel
via reddit https://ift.tt/3wrNP2g
https://ift.tt/3e6yVIm
Submitted July 11, 2021 at 01:13PM by The-Luemmel
via reddit https://ift.tt/3wrNP2g
GitHub
Pentest-Tools-Collection/portscan.ps1 at main · LuemmelSec/Pentest-Tools-Collection
Contribute to LuemmelSec/Pentest-Tools-Collection development by creating an account on GitHub.
Adding a native sniffer to your implants: decomposing and recomposing PktMon
https://ift.tt/3hVUexh
Submitted July 11, 2021 at 04:52PM by gid0rah
via reddit https://ift.tt/3hwV0lp
https://ift.tt/3hVUexh
Submitted July 11, 2021 at 04:52PM by gid0rah
via reddit https://ift.tt/3hwV0lp
reddit
Adding a native sniffer to your implants: decomposing and...
Posted in r/netsec by u/gid0rah • 73 points and 2 comments
BSides Charlotte CFP Is Now Open
https://ift.tt/2VuHCWy
Submitted July 11, 2021 at 05:08PM by agreenbhm
via reddit https://ift.tt/3k7cQgM
https://ift.tt/2VuHCWy
Submitted July 11, 2021 at 05:08PM by agreenbhm
via reddit https://ift.tt/3k7cQgM
Google Docs
BSides Charlotte 2021 Call for Papers (CFP)
User enumeration on Microsoft Teams
https://ift.tt/3hxnH1L
Submitted July 11, 2021 at 09:59PM by nodauf
via reddit https://ift.tt/2VqAk5X
https://ift.tt/3hxnH1L
Submitted July 11, 2021 at 09:59PM by nodauf
via reddit https://ift.tt/2VqAk5X
GitHub
GitHub - immunIT/TeamsUserEnum: User enumeration with Microsoft Teams API
User enumeration with Microsoft Teams API. Contribute to immunIT/TeamsUserEnum development by creating an account on GitHub.
Hmmm 🤔
https://ift.tt/3wzPmTQ
Submitted July 12, 2021 at 05:08AM by chumze_simius
via reddit https://ift.tt/3ATPwZC
https://ift.tt/3wzPmTQ
Submitted July 12, 2021 at 05:08AM by chumze_simius
via reddit https://ift.tt/3ATPwZC
Illinois News Today
Organization prepares for cyber attacks from quantum computers - Illinois News Today
In this aerial photograph taken on October 10, 2005, the GCHQ of Government Communications Headquarters is located in a house and parking lot. David Goddard | Getty Images London — A lesser-known British company called Arqit is quietly preparing companies…
Risk Assessment of GitHub Copilot
https://ift.tt/2TRTtO5
Submitted July 12, 2021 at 11:44AM by 0xdea
via reddit https://ift.tt/3yLFM1N
https://ift.tt/2TRTtO5
Submitted July 12, 2021 at 11:44AM by 0xdea
via reddit https://ift.tt/3yLFM1N
Gist
Risk Assessment of GitHub Copilot
Risk Assessment of GitHub Copilot. GitHub Gist: instantly share code, notes, and snippets.
Practical MFA Bypass Techniques
https://ift.tt/36tmP7W
Submitted July 13, 2021 at 12:50AM by InfoSecGuy2K14
via reddit https://ift.tt/3hB1b86
https://ift.tt/36tmP7W
Submitted July 13, 2021 at 12:50AM by InfoSecGuy2K14
via reddit https://ift.tt/3hB1b86
Medium
You ain’t got no problem, Jules. I’m on the Multifactor.
Practical Bypasses for MFA with Poor Implementations
Enumerate reverse ports open to reverse shell
https://ift.tt/3kd1NT2
Submitted July 12, 2021 at 08:59PM by piosec
via reddit https://ift.tt/3kaCBwD
https://ift.tt/3kd1NT2
Submitted July 12, 2021 at 08:59PM by piosec
via reddit https://ift.tt/3kaCBwD
GitHub
GitHub - Piosec/Golconda
Contribute to Piosec/Golconda development by creating an account on GitHub.
Examining Crypto and Bypassing Authentication in Schneider Electric PLCs (M340/M580)
https://ift.tt/3yKbQ6e
Submitted July 13, 2021 at 08:16PM by stargravy
via reddit https://ift.tt/3kexeg2
https://ift.tt/3yKbQ6e
Submitted July 13, 2021 at 08:16PM by stargravy
via reddit https://ift.tt/3kexeg2
Medium
Examining Crypto and Bypassing Authentication in Schneider Electric PLCs (M340/M580)
It looks like authentication, but is it really?
ETM v1.0 - How BLS approaches Threat Matrices and how we're improving their effectiveness within the community
https://ift.tt/3eest1T
Submitted July 13, 2021 at 09:22PM by debifrank
via reddit https://ift.tt/2UKSeQN
https://ift.tt/3eest1T
Submitted July 13, 2021 at 09:22PM by debifrank
via reddit https://ift.tt/2UKSeQN
Black Lantern Security
Threat Matrices
How BLS approaches Threat Matrices and how we’re improving their effectiveness within the community
A Golang firewall tool to whitelist ASN IP ranges based on organization name.
https://ift.tt/3xwzToW
Submitted July 13, 2021 at 09:12PM by ok_bye_now_
via reddit https://ift.tt/3k8Y4WK
https://ift.tt/3xwzToW
Submitted July 13, 2021 at 09:12PM by ok_bye_now_
via reddit https://ift.tt/3k8Y4WK
GitHub
GitHub - jordanpotti/goAllowOrgs: A Golang tool to whitelist ASN's based on organization name
A Golang tool to whitelist ASN's based on organization name - GitHub - jordanpotti/goAllowOrgs: A Golang tool to whitelist ASN's based on organization name