Fuzzing Windows’ RDP client and server
https://ift.tt/3DmMaQ2
Submitted August 27, 2021 at 06:28PM by jat0369
via reddit https://ift.tt/3kpirxk
https://ift.tt/3DmMaQ2
Submitted August 27, 2021 at 06:28PM by jat0369
via reddit https://ift.tt/3kpirxk
Cyberark
Fuzzing RDP: Holding the Stick at Both Ends
Introduction This post describes the work we’ve done on fuzzing the Windows RDP client and server, the challenges of doing so, and some of the results. The Remote Desktop Protocol (RDP) by...
Crypto miner attack: Sysrv-Hello Botnet targeting WordPress pods for crypto mining
https://ift.tt/2UTwToH
Submitted August 27, 2021 at 08:23PM by capitangolo
via reddit https://ift.tt/3ymjVgW
https://ift.tt/2UTwToH
Submitted August 27, 2021 at 08:23PM by capitangolo
via reddit https://ift.tt/3ymjVgW
AWS ReadOnlyAccess: Not Even Once
https://ift.tt/2WqXGJi
Submitted August 27, 2021 at 08:53PM by hotnops
via reddit https://ift.tt/2XTjZbe
https://ift.tt/2WqXGJi
Submitted August 27, 2021 at 08:53PM by hotnops
via reddit https://ift.tt/2XTjZbe
Medium
AWS ReadOnlyAccess: Not Even Once
A story of too much access and a false sense of security.
Everything you need to know about Pegasus Spyware
https://ift.tt/3BgxoZd
Submitted August 27, 2021 at 11:15PM by Techflashesinfo
via reddit https://ift.tt/38iUOkl
https://ift.tt/3BgxoZd
Submitted August 27, 2021 at 11:15PM by Techflashesinfo
via reddit https://ift.tt/38iUOkl
techflashes.com
Everything you need to know about Pegasus Spyware techflashes.com
This Pegasus Spyware virus is very dangerous and that spyware multiple ways attacks of that system that saw that article... techflashes.com
Lots of Sec tools unclear about what they mean when they talk about their “masking” & “transformation” features. HashiCorp Vault just made it clear what those terms mean for them.
https://ift.tt/3DklIqs
Submitted August 28, 2021 at 12:22AM by piedpiperpivot
via reddit https://ift.tt/3Ba6D90
https://ift.tt/3DklIqs
Submitted August 28, 2021 at 12:22AM by piedpiperpivot
via reddit https://ift.tt/3Ba6D90
Detecting Potential Bad Actors in OSS Contributions
https://ift.tt/3jkBwBy
Submitted August 28, 2021 at 03:07AM by ambray_
via reddit https://ift.tt/3yrAcRw
https://ift.tt/3jkBwBy
Submitted August 28, 2021 at 03:07AM by ambray_
via reddit https://ift.tt/3yrAcRw
blog.phylum.io
Detecting Potential Bad Actors in GitHub
Phylum is continually working to improve our author risk analysis to allow users to manage the risk presented by using code written by random strangers on the Internet. The work documented here provides valuable evidence as input into Phylum’s author risk…
DNSTake — A fast tool to check missing hosted DNS zones that can lead to subdomain takeover
https://ift.tt/3DtoedO
Submitted August 28, 2021 at 04:20PM by dwisiswant0
via reddit https://ift.tt/38jFCmW
https://ift.tt/3DtoedO
Submitted August 28, 2021 at 04:20PM by dwisiswant0
via reddit https://ift.tt/38jFCmW
GitHub
GitHub - pwnesia/dnstake: DNSTake — A fast tool to check missing hosted DNS zones that can lead to subdomain takeover
DNSTake — A fast tool to check missing hosted DNS zones that can lead to subdomain takeover - GitHub - pwnesia/dnstake: DNSTake — A fast tool to check missing hosted DNS zones that can lead to subd...
US company Zimperium, claims that it can protect you from Pegasus
https://ift.tt/38mnMzW
Submitted August 28, 2021 at 09:46PM by TheLastLived
via reddit https://ift.tt/38jouOr
https://ift.tt/38mnMzW
Submitted August 28, 2021 at 09:46PM by TheLastLived
via reddit https://ift.tt/38jouOr
Technotification
US company Zimperium, claims that it can protect you from Pegasus
A US company, Zimperium, claims that it can protect organisations and individuals from Pegasus although it is not clear if it claims.
[WIP] Web Hacking mindmap
https://ift.tt/3gHtQaD
Submitted August 28, 2021 at 10:25PM by megatr0nz
via reddit https://ift.tt/2WyNJtv
https://ift.tt/3gHtQaD
Submitted August 28, 2021 at 10:25PM by megatr0nz
via reddit https://ift.tt/2WyNJtv
What You Need to Know About PrintNightmare Vulnerability (CVE-2021-34527)
https://ift.tt/3eVWEeA
Submitted August 29, 2021 at 12:36PM by rimdig219
via reddit https://ift.tt/3h0OWRN
https://ift.tt/3eVWEeA
Submitted August 29, 2021 at 12:36PM by rimdig219
via reddit https://ift.tt/3h0OWRN
Cymulate
What You Need to Know About PrintNightmare Vulnerability (CVE-2021-34527)
This tech-blog post demonstrates how PrintNightmare (CVE-2021-34527) attack is implemented in the Cymulate Continuous Security Validation Platform.
A new AppSec newsletter (5 editions old) focusing on timeless AppSec topics
https://ift.tt/3jnJYA0
Submitted August 29, 2021 at 04:57PM by jubbaonjeans
via reddit https://ift.tt/2WyUvQc
https://ift.tt/3jnJYA0
Submitted August 29, 2021 at 04:57PM by jubbaonjeans
via reddit https://ift.tt/2WyUvQc
Substack
Boring AppSec
A (not so) regular newsletter on getting the boring parts of AppSec right
To visualize the Cloud Security work and manage it, I’m working on a Cloud Security Kanban board that is broken down into Work Items that are prioritized into their Workflows
https://ift.tt/3zurxz4
Submitted August 30, 2021 at 12:41AM by blokdijkg
via reddit https://ift.tt/2WElee5
https://ift.tt/3zurxz4
Submitted August 30, 2021 at 12:41AM by blokdijkg
via reddit https://ift.tt/2WElee5
Theartofservice
Cloud Security Kanban- The Art of Service, Standard Requirements Self Assessments
Server Side Request Forgery Ssrf
https://ift.tt/3BljrcG
Submitted August 30, 2021 at 12:27AM by banginpadr
via reddit https://ift.tt/3mJRRSw
https://ift.tt/3BljrcG
Submitted August 30, 2021 at 12:27AM by banginpadr
via reddit https://ift.tt/3mJRRSw
Medium
Server-Side Request Forgery (SSRF)
Broken Access Control (BAC) > Server-Side Request Forgery (SSRF)
Cobalt Strike, a Defender’s Guide
https://ift.tt/3zuNVbA
Submitted August 30, 2021 at 05:47AM by TheDFIRReport
via reddit https://ift.tt/3gJ2kcX
https://ift.tt/3zuNVbA
Submitted August 30, 2021 at 05:47AM by TheDFIRReport
via reddit https://ift.tt/3gJ2kcX
The DFIR Report
Cobalt Strike, a Defender’s Guide
Intro In our research, we expose adversarial Tactics, Techniques and Procedures (TTPs) as well as the tools they use to execute their mission objectives. In most of our cases, we see the threat act…
BSidesSF 2022 CFP is now open!
https://ift.tt/2WxaQo7
Submitted August 30, 2021 at 01:36PM by reedloden
via reddit https://ift.tt/3kHblEK
https://ift.tt/2WxaQo7
Submitted August 30, 2021 at 01:36PM by reedloden
via reddit https://ift.tt/3kHblEK
BSidesSF
BSidesSF Call For Participation
BSidesSF 2024 CFP is Closed! Thanks to all who submitted.We received a total of 334 reviewable submissions (up 59.8% from 209 in 2023), but could only accept 60. This means we had an unusual...
Understanding Cobalt Strike Profiles
https://ift.tt/3zt1lVy
Submitted August 30, 2021 at 04:36PM by ZephrX112
via reddit https://ift.tt/3jusNwO
https://ift.tt/3zt1lVy
Submitted August 30, 2021 at 04:36PM by ZephrX112
via reddit https://ift.tt/3jusNwO
ZeroSec - Adventures In Information Security
Understanding Cobalt Strike Profiles
A deep dive into specifics around cobalt strike malleable c2 profiles and key information that is new in cobalt strike 4.4.
Exploiting GraphQL
https://ift.tt/3gKeyC7
Submitted August 30, 2021 at 05:19PM by Mempodipper
via reddit https://ift.tt/3sWD9bE
https://ift.tt/3gKeyC7
Submitted August 30, 2021 at 05:19PM by Mempodipper
via reddit https://ift.tt/3sWD9bE
Assetnote
Exploiting GraphQL
Application security issues found by Assetnote
Challenges from Google CTF, HTB CTF & more
https://ift.tt/38oCeXY
Submitted August 30, 2021 at 10:50PM by NapongiZero
via reddit https://ift.tt/3jvpsxa
https://ift.tt/38oCeXY
Submitted August 30, 2021 at 10:50PM by NapongiZero
via reddit https://ift.tt/3jvpsxa
NapongiZero’s Blog
Google CTF, HTB CTF & more
Since my last post, I had the pleasure to participate in a lot of CTFs.
0-day SPARROW: How to Exploit LTE/5G & Beyond for Your M2M Communication. The new breakthrough research presented at DEFCON 29. The following preprint expands on the framework, impact and remediation.
https://ift.tt/3sZeD9S
Submitted August 31, 2021 at 02:13AM by rsohos
via reddit https://ift.tt/3yz7i1Y
https://ift.tt/3sZeD9S
Submitted August 31, 2021 at 02:13AM by rsohos
via reddit https://ift.tt/3yz7i1Y
Replay-based attack on Honda and Acura vehicles
https://ift.tt/3Bs7fqq
Submitted August 31, 2021 at 01:08PM by innpattag
via reddit https://ift.tt/3zxoYMQ
https://ift.tt/3Bs7fqq
Submitted August 31, 2021 at 01:08PM by innpattag
via reddit https://ift.tt/3zxoYMQ
GitHub
GitHub - HackingIntoYourHeart/Unoriginal-Rice-Patty: "Unoriginal-Rice-Patty" is my personal noscript for the Replay-based attack on…
"Unoriginal-Rice-Patty" is my personal noscript for the Replay-based attack on Honda and Acura vehicles - GitHub - HackingIntoYourHeart/Unoriginal-Rice-Patty: "Unoriginal-Ri...
Getting the maximum of your C compiler, for security
https://ift.tt/3mIlNyi
Submitted August 31, 2021 at 07:56PM by alain_proviste
via reddit https://ift.tt/3BpWLrO
https://ift.tt/3mIlNyi
Submitted August 31, 2021 at 07:56PM by alain_proviste
via reddit https://ift.tt/3BpWLrO
reddit
Getting the maximum of your C compiler, for security
Posted in r/netsec by u/alain_proviste • 18 points and 0 comments