Trick & Treat! 🎃 Paying Leets and Sweets for Linux Kernel privescs and k8s escapes
https://ift.tt/3GFCIJi
Submitted November 02, 2021 at 01:31AM by sirdarckcat
via reddit https://ift.tt/3btAVZu
https://ift.tt/3GFCIJi
Submitted November 02, 2021 at 01:31AM by sirdarckcat
via reddit https://ift.tt/3btAVZu
Google Online Security Blog
Trick & Treat! 🎃 Paying Leets and Sweets for Linux Kernel privescs and k8s escapes
Posted by Eduardo Vela, Google Bug Hunters Team Starting today and for the next 3 months (until January 31 2022), we will pay 31,337 USD to...
Independently secure, together not so much - a story of 2 WP plugins
https://ift.tt/3CRr2RD
Submitted November 02, 2021 at 12:35PM by adrian_rt
via reddit https://ift.tt/3Bw83dG
https://ift.tt/3CRr2RD
Submitted November 02, 2021 at 12:35PM by adrian_rt
via reddit https://ift.tt/3Bw83dG
Cyber Security Services - London
Independently secure, together not so much - a story of 2 WP plugins
Independently secure, together not so much. A story of 2 WP plugins.
5 Ways To Exploit A Domain Takeover Vulnerability
https://ift.tt/3GvWVkF
Submitted November 02, 2021 at 12:24PM by redhuntlabs
via reddit https://ift.tt/3Ezhn2o
https://ift.tt/3GvWVkF
Submitted November 02, 2021 at 12:24PM by redhuntlabs
via reddit https://ift.tt/3Ezhn2o
RedHunt Labs
5 Ways to Exploit a Domain Takeover Vulnerability - RedHunt Labs
Domain Takeover occurs when the organization did not renew its domain but still use it in their code and infrastructure. When the attacker registers the abandoned domain, they own the domain, including its subdomains and other types of DNS records.
Honeypot Journals Part II: Attacks on Residential Endpoints
https://ift.tt/2Yc9ErA
Submitted November 02, 2021 at 06:45PM by kernelv0id
via reddit https://ift.tt/3BB4djl
https://ift.tt/2Yc9ErA
Submitted November 02, 2021 at 06:45PM by kernelv0id
via reddit https://ift.tt/3BB4djl
CUJO AI
Honeypot Journals Part II: Attacks on Residential Endpoints - CUJO AI
The second episode of the Honeypot Journals. This time in our honeynet: attacks in the “cloud” vs attacks on residential endpoints.
Step by step into Shellbot malware analysis, architecture, and malicious activity.
https://ift.tt/3ECKEJE
Submitted November 02, 2021 at 08:41PM by MiguelHzBz
via reddit https://ift.tt/3EHAdVd
https://ift.tt/3ECKEJE
Submitted November 02, 2021 at 08:41PM by MiguelHzBz
via reddit https://ift.tt/3EHAdVd
Sysdig
Malware analysis: Hands-On Shellbot malware | Sysdig
How this Shellbot malware works, dig into malware analysis, and how to detect it with Falco and Sysdig Secure.
Escalating XSS to Sainthood with Nagios (XSS -> Root RCE in Nagios Server)
https://ift.tt/3q84sAi
Submitted November 02, 2021 at 06:24PM by pocorgtfoftw
via reddit https://ift.tt/3CQmiva
https://ift.tt/3q84sAi
Submitted November 02, 2021 at 06:24PM by pocorgtfoftw
via reddit https://ift.tt/3CQmiva
Grimm-Co
Escalating XSS to Sainthood with Nagios
Introduction If you’re running a big enough network, chances are you have a monitoring server tucked away somewhere, silently watching and ...
Fuzzing workshop contents(5 hours)
http://fuzzing.in
Submitted November 02, 2021 at 09:20PM by secgeek
via reddit https://ift.tt/3CDZpuV
http://fuzzing.in
Submitted November 02, 2021 at 09:20PM by secgeek
via reddit https://ift.tt/3CDZpuV
fuzzing.in
Fuzzing.in | Master the Art of Fuzzing
Master the art of fuzzing with Hardik Shah. Practical training on Linux, Windows, and OSS platforms.
A tool to build PCAP syntax for tcpdump, Fortinet and Checkpoint
https://tcpdump101.com/
Submitted November 02, 2021 at 08:57PM by zsaile
via reddit https://ift.tt/3CE1c3n
https://tcpdump101.com/
Submitted November 02, 2021 at 08:57PM by zsaile
via reddit https://ift.tt/3CE1c3n
Tcpdump101
tcpdump101.com - Build Packet Captures Online
Build PCaps for: tcpdump, Fortigate, Check Point 'fw monitor' and Cisco ASA.
Toxiproxy: A TCP proxy to simulate network and system conditions for chaos and resiliency testing
https://ift.tt/1zfiCjl
Submitted November 02, 2021 at 11:24PM by Titokhan
via reddit https://ift.tt/3CHLS5D
https://ift.tt/1zfiCjl
Submitted November 02, 2021 at 11:24PM by Titokhan
via reddit https://ift.tt/3CHLS5D
GitHub
GitHub - Shopify/toxiproxy: A TCP proxy to simulate network and system conditions for chaos and resiliency testing
:alarm_clock: :fire: A TCP proxy to simulate network and system conditions for chaos and resiliency testing - GitHub - Shopify/toxiproxy: A TCP proxy to simulate network and system conditions for c...
Sitecore Experience Platform Pre-Auth RCE
https://ift.tt/3nRM4cq
Submitted November 03, 2021 at 02:13PM by Mempodipper
via reddit https://ift.tt/3bEb15g
https://ift.tt/3nRM4cq
Submitted November 03, 2021 at 02:13PM by Mempodipper
via reddit https://ift.tt/3bEb15g
Assetnote
Sitecore Experience Platform Pre-Auth RCE
Application security issues found by Assetnote
Lepus v3.4.0 is released. Lepus is a tool for enumerating subdomains, checking for subdomain takeovers and perform port scans - and boy, is it fast!
https://ift.tt/2ZUmeML
Submitted November 03, 2021 at 01:52PM by gfekkas
via reddit https://ift.tt/3mBHUpE
https://ift.tt/2ZUmeML
Submitted November 03, 2021 at 01:52PM by gfekkas
via reddit https://ift.tt/3mBHUpE
GitHub
GitHub - gfek/Lepus: Subdomain finder
Subdomain finder. Contribute to gfek/Lepus development by creating an account on GitHub.
How to defend good code
https://ift.tt/3BHjSxW
Submitted November 03, 2021 at 05:13PM by petparmar
via reddit https://ift.tt/3mDaC9G
https://ift.tt/3BHjSxW
Submitted November 03, 2021 at 05:13PM by petparmar
via reddit https://ift.tt/3mDaC9G
China's Built World's Fastest Quantum Computer, 10 Million Times Faster Than Google's
https://ift.tt/3Bx4aVS
Submitted November 03, 2021 at 07:29PM by ictinc
via reddit https://ift.tt/3mI5XTG
https://ift.tt/3Bx4aVS
Submitted November 03, 2021 at 07:29PM by ictinc
via reddit https://ift.tt/3mI5XTG
IndiaTimes
China's Built World's Fastest Quantum Computer, 10 Million Times Faster Than Google's
Chinese scientists claim to built the world's fastest supercomputer, even faster than Google Sycamore
A Technical Analysis of CVE-2021-30864: Bypassing App Sandbox Restrictions
https://ift.tt/3EDVrDe
Submitted November 03, 2021 at 08:46PM by shleimeleh
via reddit https://ift.tt/3GMIvNj
https://ift.tt/3EDVrDe
Submitted November 03, 2021 at 08:46PM by shleimeleh
via reddit https://ift.tt/3GMIvNj
Perception Point
A Technical Analysis of CVE-2021-30864: Bypassing App Sandbox Restrictions
Perception Point researchers have discovered a vulnerability in macOS which allows an attacker to bypass App Sandbox restrictions. The vulnerability was disclosed to Apple, and the fix was announced on the latest macOS Monterey 12.0.1 security update on October…
LDAP Password Hunter: Automated tool to lookup for world-readable secrets in LDAP database building a custom list of attributes at runtime based on the CN=Schema,CN=Configuration
https://ift.tt/3bCYJuc
Submitted November 03, 2021 at 08:37PM by oldboy21
via reddit https://ift.tt/3bCr03N
https://ift.tt/3bCYJuc
Submitted November 03, 2021 at 08:37PM by oldboy21
via reddit https://ift.tt/3bCr03N
GitHub
GitHub - oldboy21/LDAP-Password-Hunter: Password Hunter in Active Directory
Password Hunter in Active Directory. Contribute to oldboy21/LDAP-Password-Hunter development by creating an account on GitHub.
Malicious Code Analysis attack: Abuse code analysis tools to execute code on the analyzing host, or to bypass CI checks
https://ift.tt/3EGAWGa
Submitted November 03, 2021 at 10:26PM by Hefty_Knowledge_7449
via reddit https://ift.tt/3CKo5Sv
https://ift.tt/3EGAWGa
Submitted November 03, 2021 at 10:26PM by Hefty_Knowledge_7449
via reddit https://ift.tt/3CKo5Sv
Medium
Malicious code analysis: Abusing SAST (mis)configurations to hack CI systems
What happens when SAST tools do more than just scanning? What if security scanners abuse their privileges?
Great tech blog for securing AWS EC2 Instances with Microsoft Defender https://ift.tt/3BJgt1x
https://ift.tt/3BJgt1x
Submitted November 03, 2021 at 11:27PM by or-lightspin
via reddit https://ift.tt/3CI7qPv
https://ift.tt/3BJgt1x
Submitted November 03, 2021 at 11:27PM by or-lightspin
via reddit https://ift.tt/3CI7qPv
blog.lightspin.io
Microsoft Defender for Endpoint on AWS: Part 1
This blog serves as the first part of our series that deep dives into Microsoft Defender for Endpoint on AWS.
BugBuntu is a customized distro based on Ubuntu 18.04 and focused on Bug Bounty tools.
https://ift.tt/3Ez5cme
Submitted November 04, 2021 at 12:46AM by halencarjunior
via reddit https://ift.tt/3bFQVri
https://ift.tt/3Ez5cme
Submitted November 04, 2021 at 12:46AM by halencarjunior
via reddit https://ift.tt/3bFQVri
GitHub
GitHub - halencarjunior/BugBuntu: BugBuntu Linux
BugBuntu Linux. Contribute to halencarjunior/BugBuntu development by creating an account on GitHub.
SSS3 is a simple S3 Bucket testing software. It uses aws cli to search for public buckets in a list of domains/subdomains.
https://ift.tt/3q1spt5
Submitted November 04, 2021 at 12:45AM by halencarjunior
via reddit https://ift.tt/3wfAhIt
https://ift.tt/3q1spt5
Submitted November 04, 2021 at 12:45AM by halencarjunior
via reddit https://ift.tt/3wfAhIt
GitHub
GitHub - halencarjunior/sss3: Simple S3 Bucket Testing Software
Simple S3 Bucket Testing Software. Contribute to halencarjunior/sss3 development by creating an account on GitHub.
Getting DDoS everyday by a competitor, I have a dedicated server with OVH and have CSF Firewall and Mod Security installed and configurated to CT Limit 25 + Check every minute, but my competitor is still able to just keep changing the attack IP's and putting my site offline around 60-70% of the time
https://ift.tt/3bETytK
Submitted November 04, 2021 at 07:47AM by philkk
via reddit https://ift.tt/2ZUpJmx
https://ift.tt/3bETytK
Submitted November 04, 2021 at 07:47AM by philkk
via reddit https://ift.tt/2ZUpJmx
VESlocker: Hardware-grade PIN security API
https://veslocker.com
Submitted November 04, 2021 at 10:01AM by vesvault
via reddit https://ift.tt/3BIDTnM
https://veslocker.com
Submitted November 04, 2021 at 10:01AM by vesvault
via reddit https://ift.tt/3BIDTnM
reddit
VESlocker: Hardware-grade PIN security API
Posted in r/netsec by u/vesvault • 1 point and 0 comments