Challenges from Google CTF, HTB CTF & more
https://ift.tt/38oCeXY
Submitted August 30, 2021 at 10:50PM by NapongiZero
via reddit https://ift.tt/3jvpsxa
https://ift.tt/38oCeXY
Submitted August 30, 2021 at 10:50PM by NapongiZero
via reddit https://ift.tt/3jvpsxa
NapongiZero’s Blog
Google CTF, HTB CTF & more
Since my last post, I had the pleasure to participate in a lot of CTFs.
0-day SPARROW: How to Exploit LTE/5G & Beyond for Your M2M Communication. The new breakthrough research presented at DEFCON 29. The following preprint expands on the framework, impact and remediation.
https://ift.tt/3sZeD9S
Submitted August 31, 2021 at 02:13AM by rsohos
via reddit https://ift.tt/3yz7i1Y
https://ift.tt/3sZeD9S
Submitted August 31, 2021 at 02:13AM by rsohos
via reddit https://ift.tt/3yz7i1Y
Replay-based attack on Honda and Acura vehicles
https://ift.tt/3Bs7fqq
Submitted August 31, 2021 at 01:08PM by innpattag
via reddit https://ift.tt/3zxoYMQ
https://ift.tt/3Bs7fqq
Submitted August 31, 2021 at 01:08PM by innpattag
via reddit https://ift.tt/3zxoYMQ
GitHub
GitHub - HackingIntoYourHeart/Unoriginal-Rice-Patty: "Unoriginal-Rice-Patty" is my personal noscript for the Replay-based attack on…
"Unoriginal-Rice-Patty" is my personal noscript for the Replay-based attack on Honda and Acura vehicles - GitHub - HackingIntoYourHeart/Unoriginal-Rice-Patty: "Unoriginal-Ri...
Getting the maximum of your C compiler, for security
https://ift.tt/3mIlNyi
Submitted August 31, 2021 at 07:56PM by alain_proviste
via reddit https://ift.tt/3BpWLrO
https://ift.tt/3mIlNyi
Submitted August 31, 2021 at 07:56PM by alain_proviste
via reddit https://ift.tt/3BpWLrO
reddit
Getting the maximum of your C compiler, for security
Posted in r/netsec by u/alain_proviste • 18 points and 0 comments
Iptables / Nftables firewall examples with multi-routing & port knocking
https://ift.tt/2V5Uy5o
Submitted August 31, 2021 at 07:48PM by philippe_crowdsec
via reddit https://ift.tt/2WGi0X5
https://ift.tt/2V5Uy5o
Submitted August 31, 2021 at 07:48PM by philippe_crowdsec
via reddit https://ift.tt/2WGi0X5
GitHub
GitHub - philippecrowdsec/iptables-nftables-multiroute-firewall: A collection of nftables, multi routing noscripts, port knocked…
A collection of nftables, multi routing noscripts, port knocked, and iptables files. To get inspiration to make your own firewalls. - GitHub - philippecrowdsec/iptables-nftables-multiroute-firewall: ...
What's dumber than an open redirect? An open redirect with extra steps.
https://ift.tt/38ruu7J
Submitted August 31, 2021 at 09:28PM by dinobyt3s
via reddit https://ift.tt/3gOgrOb
https://ift.tt/38ruu7J
Submitted August 31, 2021 at 09:28PM by dinobyt3s
via reddit https://ift.tt/3gOgrOb
Medium
Cisco WebEx Universal Links Redirect
What’s dumber than an open redirect? This.
WebLogic pentest notes
https://ift.tt/3gNlFKe
Submitted August 31, 2021 at 09:51PM by gquere
via reddit https://ift.tt/38qigMv
https://ift.tt/3gNlFKe
Submitted August 31, 2021 at 09:51PM by gquere
via reddit https://ift.tt/38qigMv
reddit
WebLogic pentest notes
Posted in r/netsec by u/gquere • 27 points and 1 comment
PersonalDirectoryService.com - Authentication/Discovery service written in rust for any and all p2p applications that don't want to develop and maintain their own authentication/discovery server.
https://ift.tt/3yvZ6zw
Submitted August 31, 2021 at 11:02PM by geloux
via reddit https://ift.tt/3mLfIkE
https://ift.tt/3yvZ6zw
Submitted August 31, 2021 at 11:02PM by geloux
via reddit https://ift.tt/3mLfIkE
An Introduction to Hardware Security Modules (HSMs)
https://ift.tt/3t3Ci92
Submitted August 31, 2021 at 10:54PM by Valien
via reddit https://ift.tt/3jw6VRo
https://ift.tt/3t3Ci92
Submitted August 31, 2021 at 10:54PM by Valien
via reddit https://ift.tt/3jw6VRo
Goteleport
An Introduction to Hardware Security Modules (HSMs)
In this blog post we explain how hardware security modules (HSM) help protect sensitive data and how Teleport 7.2 uses HSM to make remote access more secure.
Vulnerabilities on vmwareidentity.de (XSS) and in VMware UEM (exportable authentication certificate)
https://ift.tt/3zzJgVN
Submitted August 30, 2021 at 01:15AM by edermi
via reddit https://ift.tt/3t3rg3L
https://ift.tt/3zzJgVN
Submitted August 30, 2021 at 01:15AM by edermi
via reddit https://ift.tt/3t3rg3L
edermi's Blog
Vulnerabilities on vmwareidentity.de (XSS) and in VMware UEM …
This post is a short notice about vulnerabilities in VMware products I found earlier this year. During a penetration test of a freshly built environment, I took a closer look at VMware Unified Access …
Quarterly reviews of selected infosec talks/papers - (no login required)
https://thinkst.com/ts
Submitted September 01, 2021 at 12:53AM by thinkst
via reddit https://ift.tt/3mPBK5C
https://thinkst.com/ts
Submitted September 01, 2021 at 12:53AM by thinkst
via reddit https://ift.tt/3mPBK5C
reddit
Quarterly reviews of selected infosec talks/papers - (no login...
Posted in r/netsec by u/thinkst • 2 points and 0 comments
Instrumenting Swift binaries using Frida
https://ift.tt/3yxmVqE
Submitted September 01, 2021 at 04:03AM by goldenergott
via reddit https://ift.tt/3jwVw41
https://ift.tt/3yxmVqE
Submitted September 01, 2021 at 04:03AM by goldenergott
via reddit https://ift.tt/3jwVw41
GitHub
GitHub - frida/frida-swift-bridge: Frida's finally getting Swifty
Frida's finally getting Swifty. Contribute to frida/frida-swift-bridge development by creating an account on GitHub.
GitHub - goldfiglabs/sgCheckup: Generate nmap output based on scanning your AWS Security Groups for unexpected open ports
https://ift.tt/3yxss0o
Submitted September 01, 2021 at 05:39AM by vikrum5000
via reddit https://ift.tt/3t4Kk1O
https://ift.tt/3yxss0o
Submitted September 01, 2021 at 05:39AM by vikrum5000
via reddit https://ift.tt/3t4Kk1O
GitHub
GitHub - goldfiglabs/sgCheckup: sgCheckup generates nmap output based on scanning your AWS Security Groups for unexpected open…
sgCheckup generates nmap output based on scanning your AWS Security Groups for unexpected open ports. - goldfiglabs/sgCheckup
CREST Investigation Finds NCC did help employees cheat in CREST exams
https://ift.tt/3gRDlUR
Submitted September 01, 2021 at 08:14AM by redweka
via reddit https://ift.tt/38ruOmP
https://ift.tt/3gRDlUR
Submitted September 01, 2021 at 08:14AM by redweka
via reddit https://ift.tt/38ruOmP
Collection of packet captures from real ddos attacks
https://ift.tt/3DEqDTo
Submitted September 01, 2021 at 01:17PM by Ayoungcoder
via reddit https://ift.tt/3zzSZeZ
https://ift.tt/3DEqDTo
Submitted September 01, 2021 at 01:17PM by Ayoungcoder
via reddit https://ift.tt/3zzSZeZ
GitHub
GitHub - StopDDoS/packet-captures: packet captures of real-world ddos attacks
packet captures of real-world ddos attacks. Contribute to StopDDoS/packet-captures development by creating an account on GitHub.
Securing Your SQL Server Application: Enabling Client-Initiated Encrypted Connections
https://ift.tt/3t5FelW
Submitted September 01, 2021 at 03:31PM by tub612
via reddit https://ift.tt/3DzRWhw
https://ift.tt/3t5FelW
Submitted September 01, 2021 at 03:31PM by tub612
via reddit https://ift.tt/3DzRWhw
Perforce Software
Securing Your SQL Server Application: Enabling Client-Initiated Encrypted Connections | Perforce Software
In part two of our series on securing SQL server applications, we explore a scenario in which you do not want to incur the overhead of encryption for every application. See the solution here.
SSH Lateral Movement Cheat Sheet
https://ift.tt/2RsBUTi
Submitted September 01, 2021 at 06:59PM by HighOnCoffee
via reddit https://ift.tt/2WLBc6n
https://ift.tt/2RsBUTi
Submitted September 01, 2021 at 06:59PM by HighOnCoffee
via reddit https://ift.tt/2WLBc6n
highon.coffee
SSH Lateral Movement Cheat Sheet
SSH lateral movement cheat sheet, a collection of lateral movement techniques to move deeper through the network.
Go Fuzz Yourself – How to Find More Vulnerabilities in APIs Through Fuzzing [Whitepaper download] | Detectify Labs
https://ift.tt/3yAm20v
Submitted September 01, 2021 at 06:59PM by intheclairdelune
via reddit https://ift.tt/2Ybz0Fv
https://ift.tt/3yAm20v
Submitted September 01, 2021 at 06:59PM by intheclairdelune
via reddit https://ift.tt/2Ybz0Fv
Detectify Labs
Go Fuzz Yourself – How to Find More Vulnerabilities in APIs Through Fuzzing [Whitepaper download]
What's best way to test API security? You need to go fuzz yourself! Leading API hacker Alissa Knight show how to test APIs through fuzzing.
Research about reverse proxies
https://ift.tt/3yEnj6K
Submitted September 01, 2021 at 10:57PM by agrrrdog
via reddit https://ift.tt/3t7giKP
https://ift.tt/3yEnj6K
Submitted September 01, 2021 at 10:57PM by agrrrdog
via reddit https://ift.tt/3t7giKP
Speaker Deck
Weird proxies/2 and a bit of magic
https://zeronights.ru/en/reports-en/weird-proxies-2-and-a-bit-of-magic/
Reverse proxies and their variations are used everywhere in modern web applications for routing, caching, and access differentiation. This talk is dedicated to new research results…
Reverse proxies and their variations are used everywhere in modern web applications for routing, caching, and access differentiation. This talk is dedicated to new research results…
A review of the highly flawed electronic driver's licenses issued by the Icelandic government
https://ift.tt/2WD5LL4
Submitted September 01, 2021 at 08:20PM by hjaltmann
via reddit https://ift.tt/3tiJmiB
https://ift.tt/2WD5LL4
Submitted September 01, 2021 at 08:20PM by hjaltmann
via reddit https://ift.tt/3tiJmiB
reddit
A review of the highly flawed electronic driver's licenses issued...
Posted in r/netsec by u/hjaltmann • 8 points and 0 comments
6 Pro Tricks for Rapid macOS Malware Triage with Radare2
https://ift.tt/3zvVE9v
Submitted August 31, 2021 at 11:55AM by Cyberthere
via reddit https://ift.tt/3tiM1sB
https://ift.tt/3zvVE9v
Submitted August 31, 2021 at 11:55AM by Cyberthere
via reddit https://ift.tt/3tiM1sB
SentinelOne
6 Pro Tricks for Rapid macOS Malware Triage with Radare2 - SentinelLabs
Learn more about reversing real-world macOS malware in this new series for intermediate to advanced analysts, starting with these r2 tips!