Building WireGate: A WireGuard front to detect compromised keys
https://ift.tt/3CwaL3j
Submitted November 20, 2021 at 02:27AM by thinkst
via reddit https://ift.tt/3xioH05
https://ift.tt/3CwaL3j
Submitted November 20, 2021 at 02:27AM by thinkst
via reddit https://ift.tt/3xioH05
Thinkst Thoughts
Building WireGate: A WireGuard front to detect compromised keys
Earlier this year we released our WireGuard Canarytoken. This allows you to add a “fake” wireguard VPN endpoint on your device in seconds. The idea is that if your device is compromised, a knowledg…
Hadoop Yarn RPC RCE
https://ift.tt/3CB2tXO
Submitted November 20, 2021 at 10:39AM by 0x0021h
via reddit https://ift.tt/3FxW2a5
https://ift.tt/3CB2tXO
Submitted November 20, 2021 at 10:39AM by 0x0021h
via reddit https://ift.tt/3FxW2a5
GitHub
expbox/Hadoop Yarn RPC RCE.md at main · 0x0021h/expbox
Vulnerability Exploitation Code Collection Repository - expbox/Hadoop Yarn RPC RCE.md at main · 0x0021h/expbox
GitHub - mrexodia/dumpulator: An easy-to-use library for emulating code in minidump files.
https://ift.tt/3p5fIf1
Submitted November 21, 2021 at 04:40AM by mrexodia
via reddit https://ift.tt/3oTa4wq
https://ift.tt/3p5fIf1
Submitted November 21, 2021 at 04:40AM by mrexodia
via reddit https://ift.tt/3oTa4wq
GitHub
GitHub - mrexodia/dumpulator: An easy-to-use library for emulating memory dumps. Useful for malware analysis (config extraction…
An easy-to-use library for emulating memory dumps. Useful for malware analysis (config extraction, unpacking) and dynamic analysis in general (sandboxing). - mrexodia/dumpulator
CVE-2021-41277 MetaBase Arbitrary File Read
https://ift.tt/3CA2vzd
Submitted November 21, 2021 at 06:44AM by 0x0021h
via reddit https://ift.tt/3DJXp5a
https://ift.tt/3CA2vzd
Submitted November 21, 2021 at 06:44AM by 0x0021h
via reddit https://ift.tt/3DJXp5a
Command/Code injection prevention for Python
https://ift.tt/30OBYRu
Submitted November 22, 2021 at 06:35AM by inkz1
via reddit https://ift.tt/3nD9X8u
https://ift.tt/30OBYRu
Submitted November 22, 2021 at 06:35AM by inkz1
via reddit https://ift.tt/3nD9X8u
semgrep.dev
Command injection prevention for Python | Semgrep
Command injection prevention cheat sheet for Python.
Picky PPID Spoofing
https://ift.tt/32h6bJP
Submitted November 22, 2021 at 09:41AM by CaptMeelo
via reddit https://ift.tt/2Zfyes8
https://ift.tt/32h6bJP
Submitted November 22, 2021 at 09:41AM by CaptMeelo
via reddit https://ift.tt/2Zfyes8
Hack.Learn.Share
Picky PPID Spoofing
Performing PPID Spoofing by targeting a parent process with a specific integrity level.
Quick WAF "paranoid" Doctor Evaluation (WAFPARAN01D3 Tool)
https://ift.tt/3DI6dZ1
Submitted November 22, 2021 at 02:55PM by alt3kx
via reddit https://ift.tt/30KYmvM
https://ift.tt/3DI6dZ1
Submitted November 22, 2021 at 02:55PM by alt3kx
via reddit https://ift.tt/30KYmvM
GitHub
GitHub - alt3kx/wafparan01d3: Quick WAF "paranoid" Doctor Evaluation | WAFPARAN01D3 Tool
Quick WAF "paranoid" Doctor Evaluation | WAFPARAN01D3 Tool - GitHub - alt3kx/wafparan01d3: Quick WAF "paranoid" Doctor Evaluation | WAFPARAN01D3 Tool
Tor v2 Deprecation Shifts Darknet Landscape | DarkOwl
https://ift.tt/3cBw4pH
Submitted November 22, 2021 at 05:08PM by MiguelHzBz
via reddit https://ift.tt/3DL2Rob
https://ift.tt/3cBw4pH
Submitted November 22, 2021 at 05:08PM by MiguelHzBz
via reddit https://ift.tt/3DL2Rob
DarkOwl | Dark Web Search Engine
Tor v2 Deprecation Shifts Darknet Landscape | DarkOwl
Hear the latest from our engineers who have been tracking the progress of the Tor Project's v2 Onion Services deprecation timeline.
The UNIX malware landscape - Reviewing the goods at MALWAREbazaar
https://ift.tt/3oPhUXR
Submitted November 22, 2021 at 06:34PM by timb_machine
via reddit https://ift.tt/3cBYkbN
https://ift.tt/3oPhUXR
Submitted November 22, 2021 at 06:34PM by timb_machine
via reddit https://ift.tt/3cBYkbN
GitHub
presentations/The UNIX malware landscape - Reviewing the goods at MALWAREbazaar v5.pdf at master · CiscoCXSecurity/presentations
Presentations from the CX Security Labs team. Contribute to CiscoCXSecurity/presentations development by creating an account on GitHub.
Unlocking the Vault: Unauthenticated Remote Code Execution against CommVault Command Center
https://ift.tt/3HLxqN2
Submitted November 22, 2021 at 10:39PM by scopedsecurity
via reddit https://ift.tt/3xagB9E
https://ift.tt/3HLxqN2
Submitted November 22, 2021 at 10:39PM by scopedsecurity
via reddit https://ift.tt/3xagB9E
Godaddy hacked - including admin passwords for both WordPress sites hosted on the platform, as well as passwords for sFTPs, databases and SSL private keys.
https://ift.tt/3CCW3aN
Submitted November 22, 2021 at 10:11PM by digicat
via reddit https://ift.tt/30M8eFc
https://ift.tt/3CCW3aN
Submitted November 22, 2021 at 10:11PM by digicat
via reddit https://ift.tt/30M8eFc
reddit
Godaddy hacked - including admin passwords for both WordPress...
Posted in r/netsec by u/digicat • 2 points and 0 comments
Achieve RCE or lateral movement by abusing WSUS to perform NTLM relay attacks
https://ift.tt/3oJYGTm
Submitted November 23, 2021 at 07:56PM by obilodeau
via reddit https://ift.tt/3cDB3WU
https://ift.tt/3oJYGTm
Submitted November 23, 2021 at 07:56PM by obilodeau
via reddit https://ift.tt/3cDB3WU
GoSecure
GoSecure Investigates Abusing Windows Server Update Services (WSUS) to Enable NTLM Relaying Attacks - GoSecure
WSUS client automatically authenticates with NTLM as the current user or the machine account, allowing relay for remote code execution or lateral movement.
Black Friday Deals 2021 - Compiled from Github Repo
https://ift.tt/2Zh5crX
Submitted November 23, 2021 at 09:19PM by halencarjunior
via reddit https://ift.tt/30OX2aH
https://ift.tt/2Zh5crX
Submitted November 23, 2021 at 09:19PM by halencarjunior
via reddit https://ift.tt/30OX2aH
bt0’s Security Blog
Black Friday Infosec Deals
Black Friday Deals - 2021 Deals Repository
Web Fundamentals for Hackers YouTube Series release! With Hand Made Animations!
https://www.youtube.com/playlist?list=PLwnDE0CN30Q9x3JMsHrRMGoLhpF8vZ1ka
Submitted November 24, 2021 at 01:43AM by SecAura
via reddit https://ift.tt/3DOldEL
https://www.youtube.com/playlist?list=PLwnDE0CN30Q9x3JMsHrRMGoLhpF8vZ1ka
Submitted November 24, 2021 at 01:43AM by SecAura
via reddit https://ift.tt/3DOldEL
YouTube
Web Fundamentals for Cyber Security Series
A Web series dedicated to teaching Web fundamentals, for aspriring Web Hackers! In these series I hand produce animations and demos to teach real concepts th...
Full key extraction of NVIDIA™ TSEC
https://ift.tt/30QAEO2
Submitted November 24, 2021 at 06:26AM by Gallus
via reddit https://ift.tt/3nIQZ0s
https://ift.tt/30QAEO2
Submitted November 24, 2021 at 06:26AM by Gallus
via reddit https://ift.tt/3nIQZ0s
Reddit
r/netsec on Reddit: Full key extraction of NVIDIA™ TSEC
Posted by u/Gallus - 297 votes and 23 comments
OffensiveAutoIt - Offensive tooling notes and experiments in AutoIt v3
https://ift.tt/3CZcu1z
Submitted November 24, 2021 at 12:26PM by hanbei-undying
via reddit https://ift.tt/3cIviaE
https://ift.tt/3CZcu1z
Submitted November 24, 2021 at 12:26PM by hanbei-undying
via reddit https://ift.tt/3cIviaE
GitHub
GitHub - V1V1/OffensiveAutoIt: Offensive tooling notes and experiments in AutoIt v3 (https://www.autoitnoscript.com/site/autoit/)
Offensive tooling notes and experiments in AutoIt v3 (https://www.autoitnoscript.com/site/autoit/) - GitHub - V1V1/OffensiveAutoIt: Offensive tooling notes and experiments in AutoIt v3 (https://www.a...
Brida 0.5 released for Hack In Paris 2021
https://ift.tt/3xioREw
Submitted November 24, 2021 at 03:14PM by 0xdea
via reddit https://ift.tt/3cFyrIa
https://ift.tt/3xioREw
Submitted November 24, 2021 at 03:14PM by 0xdea
via reddit https://ift.tt/3cFyrIa
hn security
Brida 0.5 released for Hack In Paris 2021! - hn security
Hi! Last Friday my colleague Piergiovanni […]
Hunting for Persistence in Linux: Auditd, Sysmon, Osquery, and Webshells
https://ift.tt/3xghCwU
Submitted November 24, 2021 at 07:04PM by dashboard_monkey
via reddit https://ift.tt/3cHYfTV
https://ift.tt/3xghCwU
Submitted November 24, 2021 at 07:04PM by dashboard_monkey
via reddit https://ift.tt/3cHYfTV
pepe berba
Hunting for Persistence in Linux (Part 1): Auditd, Sysmon, Osquery (and Webshells)
An introduction to monitoring and logging in linux to look for persistence.
Voice recordings can reveal sensitive information based on a speaker’s voice and way of talking (geographical origin, health, personality, etc). Most people, including IT experts, are not aware of the detailed information that companies can infer from voice commands/messages/calls, new study warns.
https://ift.tt/3CJEPIO
Submitted November 24, 2021 at 07:59PM by alyss0122
via reddit https://ift.tt/3CQyOKx
https://ift.tt/3CJEPIO
Submitted November 24, 2021 at 07:59PM by alyss0122
via reddit https://ift.tt/3CQyOKx
Implementing SAML Authentication in Enterprise SaaS Applications
https://ift.tt/3r5N3Zz
Submitted November 24, 2021 at 07:53PM by bidrawrob
via reddit https://ift.tt/3nMEnp2
https://ift.tt/3r5N3Zz
Submitted November 24, 2021 at 07:53PM by bidrawrob
via reddit https://ift.tt/3nMEnp2
Frontegg
Implementing SAML Authentication in Enterprise SaaS Applications | Frontegg
Learn about the benefits of SAML, how SAML authentication works, SAML use cases, and how to implement SAML on the Cloud.
How to Detect Azure Active Directory Backdoors: Identity Federation
https://ift.tt/3oUFO4a
Submitted November 24, 2021 at 08:59PM by ksr_malware
via reddit https://ift.tt/3DOnEav
https://ift.tt/3oUFO4a
Submitted November 24, 2021 at 08:59PM by ksr_malware
via reddit https://ift.tt/3DOnEav
Inversecos
How to Detect Azure Active Directory Backdoors: Identity Federation