Step by step into Shellbot malware analysis, architecture, and malicious activity.
https://ift.tt/3ECKEJE
Submitted November 02, 2021 at 08:41PM by MiguelHzBz
via reddit https://ift.tt/3EHAdVd
https://ift.tt/3ECKEJE
Submitted November 02, 2021 at 08:41PM by MiguelHzBz
via reddit https://ift.tt/3EHAdVd
Sysdig
Malware analysis: Hands-On Shellbot malware | Sysdig
How this Shellbot malware works, dig into malware analysis, and how to detect it with Falco and Sysdig Secure.
Escalating XSS to Sainthood with Nagios (XSS -> Root RCE in Nagios Server)
https://ift.tt/3q84sAi
Submitted November 02, 2021 at 06:24PM by pocorgtfoftw
via reddit https://ift.tt/3CQmiva
https://ift.tt/3q84sAi
Submitted November 02, 2021 at 06:24PM by pocorgtfoftw
via reddit https://ift.tt/3CQmiva
Grimm-Co
Escalating XSS to Sainthood with Nagios
Introduction If you’re running a big enough network, chances are you have a monitoring server tucked away somewhere, silently watching and ...
Fuzzing workshop contents(5 hours)
http://fuzzing.in
Submitted November 02, 2021 at 09:20PM by secgeek
via reddit https://ift.tt/3CDZpuV
http://fuzzing.in
Submitted November 02, 2021 at 09:20PM by secgeek
via reddit https://ift.tt/3CDZpuV
fuzzing.in
Fuzzing.in | Master the Art of Fuzzing
Master the art of fuzzing with Hardik Shah. Practical training on Linux, Windows, and OSS platforms.
A tool to build PCAP syntax for tcpdump, Fortinet and Checkpoint
https://tcpdump101.com/
Submitted November 02, 2021 at 08:57PM by zsaile
via reddit https://ift.tt/3CE1c3n
https://tcpdump101.com/
Submitted November 02, 2021 at 08:57PM by zsaile
via reddit https://ift.tt/3CE1c3n
Tcpdump101
tcpdump101.com - Build Packet Captures Online
Build PCaps for: tcpdump, Fortigate, Check Point 'fw monitor' and Cisco ASA.
Toxiproxy: A TCP proxy to simulate network and system conditions for chaos and resiliency testing
https://ift.tt/1zfiCjl
Submitted November 02, 2021 at 11:24PM by Titokhan
via reddit https://ift.tt/3CHLS5D
https://ift.tt/1zfiCjl
Submitted November 02, 2021 at 11:24PM by Titokhan
via reddit https://ift.tt/3CHLS5D
GitHub
GitHub - Shopify/toxiproxy: A TCP proxy to simulate network and system conditions for chaos and resiliency testing
:alarm_clock: :fire: A TCP proxy to simulate network and system conditions for chaos and resiliency testing - GitHub - Shopify/toxiproxy: A TCP proxy to simulate network and system conditions for c...
Sitecore Experience Platform Pre-Auth RCE
https://ift.tt/3nRM4cq
Submitted November 03, 2021 at 02:13PM by Mempodipper
via reddit https://ift.tt/3bEb15g
https://ift.tt/3nRM4cq
Submitted November 03, 2021 at 02:13PM by Mempodipper
via reddit https://ift.tt/3bEb15g
Assetnote
Sitecore Experience Platform Pre-Auth RCE
Application security issues found by Assetnote
Lepus v3.4.0 is released. Lepus is a tool for enumerating subdomains, checking for subdomain takeovers and perform port scans - and boy, is it fast!
https://ift.tt/2ZUmeML
Submitted November 03, 2021 at 01:52PM by gfekkas
via reddit https://ift.tt/3mBHUpE
https://ift.tt/2ZUmeML
Submitted November 03, 2021 at 01:52PM by gfekkas
via reddit https://ift.tt/3mBHUpE
GitHub
GitHub - gfek/Lepus: Subdomain finder
Subdomain finder. Contribute to gfek/Lepus development by creating an account on GitHub.
How to defend good code
https://ift.tt/3BHjSxW
Submitted November 03, 2021 at 05:13PM by petparmar
via reddit https://ift.tt/3mDaC9G
https://ift.tt/3BHjSxW
Submitted November 03, 2021 at 05:13PM by petparmar
via reddit https://ift.tt/3mDaC9G
China's Built World's Fastest Quantum Computer, 10 Million Times Faster Than Google's
https://ift.tt/3Bx4aVS
Submitted November 03, 2021 at 07:29PM by ictinc
via reddit https://ift.tt/3mI5XTG
https://ift.tt/3Bx4aVS
Submitted November 03, 2021 at 07:29PM by ictinc
via reddit https://ift.tt/3mI5XTG
IndiaTimes
China's Built World's Fastest Quantum Computer, 10 Million Times Faster Than Google's
Chinese scientists claim to built the world's fastest supercomputer, even faster than Google Sycamore
A Technical Analysis of CVE-2021-30864: Bypassing App Sandbox Restrictions
https://ift.tt/3EDVrDe
Submitted November 03, 2021 at 08:46PM by shleimeleh
via reddit https://ift.tt/3GMIvNj
https://ift.tt/3EDVrDe
Submitted November 03, 2021 at 08:46PM by shleimeleh
via reddit https://ift.tt/3GMIvNj
Perception Point
A Technical Analysis of CVE-2021-30864: Bypassing App Sandbox Restrictions
Perception Point researchers have discovered a vulnerability in macOS which allows an attacker to bypass App Sandbox restrictions. The vulnerability was disclosed to Apple, and the fix was announced on the latest macOS Monterey 12.0.1 security update on October…
LDAP Password Hunter: Automated tool to lookup for world-readable secrets in LDAP database building a custom list of attributes at runtime based on the CN=Schema,CN=Configuration
https://ift.tt/3bCYJuc
Submitted November 03, 2021 at 08:37PM by oldboy21
via reddit https://ift.tt/3bCr03N
https://ift.tt/3bCYJuc
Submitted November 03, 2021 at 08:37PM by oldboy21
via reddit https://ift.tt/3bCr03N
GitHub
GitHub - oldboy21/LDAP-Password-Hunter: Password Hunter in Active Directory
Password Hunter in Active Directory. Contribute to oldboy21/LDAP-Password-Hunter development by creating an account on GitHub.
Malicious Code Analysis attack: Abuse code analysis tools to execute code on the analyzing host, or to bypass CI checks
https://ift.tt/3EGAWGa
Submitted November 03, 2021 at 10:26PM by Hefty_Knowledge_7449
via reddit https://ift.tt/3CKo5Sv
https://ift.tt/3EGAWGa
Submitted November 03, 2021 at 10:26PM by Hefty_Knowledge_7449
via reddit https://ift.tt/3CKo5Sv
Medium
Malicious code analysis: Abusing SAST (mis)configurations to hack CI systems
What happens when SAST tools do more than just scanning? What if security scanners abuse their privileges?
Great tech blog for securing AWS EC2 Instances with Microsoft Defender https://ift.tt/3BJgt1x
https://ift.tt/3BJgt1x
Submitted November 03, 2021 at 11:27PM by or-lightspin
via reddit https://ift.tt/3CI7qPv
https://ift.tt/3BJgt1x
Submitted November 03, 2021 at 11:27PM by or-lightspin
via reddit https://ift.tt/3CI7qPv
blog.lightspin.io
Microsoft Defender for Endpoint on AWS: Part 1
This blog serves as the first part of our series that deep dives into Microsoft Defender for Endpoint on AWS.
BugBuntu is a customized distro based on Ubuntu 18.04 and focused on Bug Bounty tools.
https://ift.tt/3Ez5cme
Submitted November 04, 2021 at 12:46AM by halencarjunior
via reddit https://ift.tt/3bFQVri
https://ift.tt/3Ez5cme
Submitted November 04, 2021 at 12:46AM by halencarjunior
via reddit https://ift.tt/3bFQVri
GitHub
GitHub - halencarjunior/BugBuntu: BugBuntu Linux
BugBuntu Linux. Contribute to halencarjunior/BugBuntu development by creating an account on GitHub.
SSS3 is a simple S3 Bucket testing software. It uses aws cli to search for public buckets in a list of domains/subdomains.
https://ift.tt/3q1spt5
Submitted November 04, 2021 at 12:45AM by halencarjunior
via reddit https://ift.tt/3wfAhIt
https://ift.tt/3q1spt5
Submitted November 04, 2021 at 12:45AM by halencarjunior
via reddit https://ift.tt/3wfAhIt
GitHub
GitHub - halencarjunior/sss3: Simple S3 Bucket Testing Software
Simple S3 Bucket Testing Software. Contribute to halencarjunior/sss3 development by creating an account on GitHub.
Getting DDoS everyday by a competitor, I have a dedicated server with OVH and have CSF Firewall and Mod Security installed and configurated to CT Limit 25 + Check every minute, but my competitor is still able to just keep changing the attack IP's and putting my site offline around 60-70% of the time
https://ift.tt/3bETytK
Submitted November 04, 2021 at 07:47AM by philkk
via reddit https://ift.tt/2ZUpJmx
https://ift.tt/3bETytK
Submitted November 04, 2021 at 07:47AM by philkk
via reddit https://ift.tt/2ZUpJmx
VESlocker: Hardware-grade PIN security API
https://veslocker.com
Submitted November 04, 2021 at 10:01AM by vesvault
via reddit https://ift.tt/3BIDTnM
https://veslocker.com
Submitted November 04, 2021 at 10:01AM by vesvault
via reddit https://ift.tt/3BIDTnM
reddit
VESlocker: Hardware-grade PIN security API
Posted in r/netsec by u/vesvault • 1 point and 0 comments
Finding and Fixing DOM-based XSS with Static Analysis
https://ift.tt/3nTKref
Submitted November 03, 2021 at 08:43PM by mozfreddyb
via reddit https://ift.tt/3q4uVPg
https://ift.tt/3nTKref
Submitted November 03, 2021 at 08:43PM by mozfreddyb
via reddit https://ift.tt/3q4uVPg
Attack & Defense
Finding and Fixing DOM-based XSS with Static Analysis
Despite all the efforts of fixing Cross-Site Scripting (XSS) on the web, it continuously ranks as one of the most dangerous security issues in software. In particular, DOM-based XSS is ...
WordPress and the new vulnerability Trojan Source (CVE-2021-42694 and CVE-2021-42574)
https://ift.tt/3q6tccv
Submitted November 04, 2021 at 08:40PM by jonas02
via reddit https://ift.tt/3o1rIxz
https://ift.tt/3q6tccv
Submitted November 04, 2021 at 08:40PM by jonas02
via reddit https://ift.tt/3o1rIxz
WPSec
WordPress and Trojan Source - WPSec
TL;DR: We have found no evidence that the new Trojan Source method has been used to sneak in backdoors in any of the WordPress plugins listed on WordPress.org (CVE-2021-42694 and CVE-2021-42574) A new vulnerability affecting the supply chain of Source Code…
Cloud Shadow Admins Revisited in Light of Nobelium
https://ift.tt/3wkm6Ci
Submitted November 04, 2021 at 10:39PM by jat0369
via reddit https://ift.tt/3GOEcRv
https://ift.tt/3wkm6Ci
Submitted November 04, 2021 at 10:39PM by jat0369
via reddit https://ift.tt/3GOEcRv
Cyberark
Cloud Shadow Admins Revisited in Light of Nobelium
A recently detected attack campaign involving threat actor Nobelium has caught our attention due to an attack vector our team has previously researched – Cloud Shadow Admins – that the adversary...
Widespread Security Risk Identified in Phones and Bluetooth Devices
https://ift.tt/3mJagOS
Submitted November 05, 2021 at 01:48PM by bunnyhoperornoter
via reddit https://ift.tt/3k96M6u
https://ift.tt/3mJagOS
Submitted November 05, 2021 at 01:48PM by bunnyhoperornoter
via reddit https://ift.tt/3k96M6u
IEEE Spectrum
Widespread Vulnerability Identified in Phones and Bluetooth Devices
Approximately 40 percent of mobile phones may be uniquely identified via Bluetooth signals