This article is about the recently published security advisory for a pretty popular software, fail2ban (CVE-2021-32749). It is about a bug that may lead to Remote Code Execution.

The third quarter of 2021 brought a massive upheaval in the scale and intensity of DDoS attacks worldwide.It all led to September when together with Yandex, we uncovered one of the most devastating...

Using the flexibility of Semgrep patterns with taint mode to find injection vulnerabilities

Receive the status of Windows Defender Credential Guard on network hosts. - GitHub - chdav/SharpCGHunter: Receive the status of Windows Defender Credential Guard on network hosts.

This repo covers some code execution and AV Evasion methods for Macros in Office documents - S3cur3Th1sSh1t/OffensiveVBA

As the network becomes more and more developed, various kinds of traffic in the network are also increasing. Search engines, attack…

Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.

Vendor neutral Cyber Security Consulting company based in US,Uk,Singapore and India with services in SOC 2, PCI, GDPR,HIPAA, Cloud Security and Pen Testing.

Cách đây không lâu, mình bắt tay vào phân tích một vài bug deserialize của SolarWinds và cũng đã note lại tại đây

0.5.0 (2021-10-22)
Note
We have made significant changes in our middle-end (CFG recovery, and function
identification, etc.) engines for this version, and we are still improving it.
The current ver...

Posted in r/netsec by u/ksr_malware • 6 points and 0 comments

D(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange. (read-only clon...

I was staring at this part of the code for way too long already:
module Jobs class ConfirmSnsSubnoscription < ::Jobs::Base sidekiq_options retry: false def execute(args) return unless raw = args[:raw].presence return unless json = args[:json].presence return…

Posted in r/netsec by u/CyberMasterV • 9 points and 0 comments

As the S4E team, we found the use after free vulnerability that we detected in the latest version of Google Chrome. Although we focus on customer feedback on our products in the early stage of our startup, we conduct various vulnerability studies and challenging…

Here at Hackaday we love the good kinds of hacks, but now and then we need to bring up a less good kind. Today it was learned that the NPM package ua-parser-js was compromised, and any software usi…

An open-source Secure Email Gateway (SEG) evaluation toolkit designed for red-teamers. - GitHub - Rices/Phishious: An open-source Secure Email Gateway (SEG) evaluation toolkit designed for red-team...

A few months ago one of our customers found two suspicious user accounts with admin rights on its Internet-exposed GitLab […]