Supply chains attacks are all the rage these days, whether to deliver RATs, cryptocurrencies miners, or credential stealers. In Rust, packages are called crates and are (most of the time) hosted on a central repository: https://crates.io for better discoverability.…

Software supply chain security threat: automated scanning of Python packages in the PyPI repository uncovered stealthy malware and more. Find out about our latest findings.

Calling themselves “Memento team”, actors use Python-based ransomware that they reconfigured after setbacks.

Passwordless is a phrase generating a lot of buzz in the consumer space. But our infrastructure is full of passwords too and that needs to stop.

Earlier this year we released our WireGuard Canarytoken. This allows you to add a “fake” wireguard VPN endpoint on your device in seconds. The idea is that if your device is compromised, a knowledg…

Vulnerability Exploitation Code Collection Repository - expbox/Hadoop Yarn RPC RCE.md at main · 0x0021h/expbox

An easy-to-use library for emulating memory dumps. Useful for malware analysis (config extraction, unpacking) and dynamic analysis in general (sandboxing). - mrexodia/dumpulator

Command injection prevention cheat sheet for Python.

Performing PPID Spoofing by targeting a parent process with a specific integrity level.

Quick WAF "paranoid" Doctor Evaluation | WAFPARAN01D3 Tool - GitHub - alt3kx/wafparan01d3: Quick WAF "paranoid" Doctor Evaluation | WAFPARAN01D3 Tool

Hear the latest from our engineers who have been tracking the progress of the Tor Project's v2 Onion Services deprecation timeline.

Presentations from the CX Security Labs team. Contribute to CiscoCXSecurity/presentations development by creating an account on GitHub.

Posted in r/netsec by u/digicat • 2 points and 0 comments

WSUS client automatically authenticates with NTLM as the current user or the machine account, allowing relay for remote code execution or lateral movement.

Black Friday Deals - 2021 Deals Repository