Full key extraction of NVIDIA™ TSEC
https://ift.tt/30QAEO2
Submitted November 24, 2021 at 06:26AM by Gallus
via reddit https://ift.tt/3nIQZ0s
https://ift.tt/30QAEO2
Submitted November 24, 2021 at 06:26AM by Gallus
via reddit https://ift.tt/3nIQZ0s
Reddit
r/netsec on Reddit: Full key extraction of NVIDIA™ TSEC
Posted by u/Gallus - 297 votes and 23 comments
OffensiveAutoIt - Offensive tooling notes and experiments in AutoIt v3
https://ift.tt/3CZcu1z
Submitted November 24, 2021 at 12:26PM by hanbei-undying
via reddit https://ift.tt/3cIviaE
https://ift.tt/3CZcu1z
Submitted November 24, 2021 at 12:26PM by hanbei-undying
via reddit https://ift.tt/3cIviaE
GitHub
GitHub - V1V1/OffensiveAutoIt: Offensive tooling notes and experiments in AutoIt v3 (https://www.autoitnoscript.com/site/autoit/)
Offensive tooling notes and experiments in AutoIt v3 (https://www.autoitnoscript.com/site/autoit/) - GitHub - V1V1/OffensiveAutoIt: Offensive tooling notes and experiments in AutoIt v3 (https://www.a...
Brida 0.5 released for Hack In Paris 2021
https://ift.tt/3xioREw
Submitted November 24, 2021 at 03:14PM by 0xdea
via reddit https://ift.tt/3cFyrIa
https://ift.tt/3xioREw
Submitted November 24, 2021 at 03:14PM by 0xdea
via reddit https://ift.tt/3cFyrIa
hn security
Brida 0.5 released for Hack In Paris 2021! - hn security
Hi! Last Friday my colleague Piergiovanni […]
Hunting for Persistence in Linux: Auditd, Sysmon, Osquery, and Webshells
https://ift.tt/3xghCwU
Submitted November 24, 2021 at 07:04PM by dashboard_monkey
via reddit https://ift.tt/3cHYfTV
https://ift.tt/3xghCwU
Submitted November 24, 2021 at 07:04PM by dashboard_monkey
via reddit https://ift.tt/3cHYfTV
pepe berba
Hunting for Persistence in Linux (Part 1): Auditd, Sysmon, Osquery (and Webshells)
An introduction to monitoring and logging in linux to look for persistence.
Voice recordings can reveal sensitive information based on a speaker’s voice and way of talking (geographical origin, health, personality, etc). Most people, including IT experts, are not aware of the detailed information that companies can infer from voice commands/messages/calls, new study warns.
https://ift.tt/3CJEPIO
Submitted November 24, 2021 at 07:59PM by alyss0122
via reddit https://ift.tt/3CQyOKx
https://ift.tt/3CJEPIO
Submitted November 24, 2021 at 07:59PM by alyss0122
via reddit https://ift.tt/3CQyOKx
Implementing SAML Authentication in Enterprise SaaS Applications
https://ift.tt/3r5N3Zz
Submitted November 24, 2021 at 07:53PM by bidrawrob
via reddit https://ift.tt/3nMEnp2
https://ift.tt/3r5N3Zz
Submitted November 24, 2021 at 07:53PM by bidrawrob
via reddit https://ift.tt/3nMEnp2
Frontegg
Implementing SAML Authentication in Enterprise SaaS Applications | Frontegg
Learn about the benefits of SAML, how SAML authentication works, SAML use cases, and how to implement SAML on the Cloud.
How to Detect Azure Active Directory Backdoors: Identity Federation
https://ift.tt/3oUFO4a
Submitted November 24, 2021 at 08:59PM by ksr_malware
via reddit https://ift.tt/3DOnEav
https://ift.tt/3oUFO4a
Submitted November 24, 2021 at 08:59PM by ksr_malware
via reddit https://ift.tt/3DOnEav
Inversecos
How to Detect Azure Active Directory Backdoors: Identity Federation
RT @sectalks: Join us. We all need one! #Sydney https://t.co/RtyXXo1o1i
https://ift.tt/3oYUejF
Submitted November 25, 2021 at 11:53AM by pi3ch
via reddit https://ift.tt/3HQpH04
https://ift.tt/3oYUejF
Submitted November 25, 2021 at 11:53AM by pi3ch
via reddit https://ift.tt/3HQpH04
Meetup
Login to Meetup | Meetup
Not a Meetup member yet? Log in and find groups that host online or in person events and meet people in your local community who share your interests.
Android APT spyware, targeting Middle East victims, enhances evasiveness
https://ift.tt/3HK9d9R
Submitted November 24, 2021 at 12:38AM by ksr_malware
via reddit https://ift.tt/3DR92at
https://ift.tt/3HK9d9R
Submitted November 24, 2021 at 12:38AM by ksr_malware
via reddit https://ift.tt/3DR92at
Sophos News
Android APT spyware, targeting Middle East victims, enhances evasiveness
The phone spyware has new features that confer resistance to takedowns or manual removal
Blue Team - Black Friday Deals
https://ift.tt/3p7nhln
Submitted November 26, 2021 at 09:50PM by SnooGadgets2368
via reddit https://ift.tt/3xqD5Dm
https://ift.tt/3p7nhln
Submitted November 26, 2021 at 09:50PM by SnooGadgets2368
via reddit https://ift.tt/3xqD5Dm
GitHub
GitHub - lolnoscript/BlueTeam-BlackFriday-Deals
Contribute to lolnoscript/BlueTeam-BlackFriday-Deals development by creating an account on GitHub.
Vulnerability in the Insulet OmniPod Insulin Management System allows an attacker nearby to schedule or immediately inject insulin
https://ift.tt/3cS8chD
Submitted November 27, 2021 at 05:44PM by CommanderHutli
via reddit https://ift.tt/3xuL6ar
https://ift.tt/3cS8chD
Submitted November 27, 2021 at 05:44PM by CommanderHutli
via reddit https://ift.tt/3xuL6ar
Reddit
r/netsec on Reddit: Vulnerability in the Insulet OmniPod Insulin Management System allows an attacker nearby to schedule or immediately…
Posted by u/CommanderHutli - 543 votes and 62 comments
WordPress Plugin Confusion: How an update can get you pwned
https://ift.tt/3nPj5XK
Submitted November 25, 2021 at 09:38PM by _vavkamil_
via reddit https://ift.tt/3p6ba7Z
https://ift.tt/3nPj5XK
Submitted November 25, 2021 at 09:38PM by _vavkamil_
via reddit https://ift.tt/3p6ba7Z
Kamil Vavra @vavkamil
WordPress Plugin Confusion: How an update can get you pwned
tl;dr: Like the novel “Dependency Confusion” supply chain attack, it is possible to take over internally developed WordPress plugins unclaimed on the wordpress.org registry. Updating the plugin might result in the RCE or installing a PHP backdoor. You can…
Data Exfiltration via CSS + SVG Font
https://ift.tt/3cSjdQd
Submitted November 29, 2021 at 06:37AM by Gallus
via reddit https://ift.tt/319rvAS
https://ift.tt/3cSjdQd
Submitted November 29, 2021 at 06:37AM by Gallus
via reddit https://ift.tt/319rvAS
mksben.l0.cm
Data Exfiltration via CSS + SVG Font
This post will show that the SVG fonts and CSS can be used for reading the page's text contents. There are several known ways to read the pa...
How not to write an infosec report: Tardigrade - The Water Bear Malware that Wasn’t
https://ift.tt/3FS2s40
Submitted November 29, 2021 at 03:27PM by ifmush12xx
via reddit https://ift.tt/3FXhgOY
https://ift.tt/3FS2s40
Submitted November 29, 2021 at 03:27PM by ifmush12xx
via reddit https://ift.tt/3FXhgOY
Medium
The Water Bear that Wasn’t: Tardigrade
In mid November 2021 the world’s tech commentators including Wired, The Washington Post, Bleeping Computer and Tripwire lit up with news of…
CONTInuing the Bazar Ransomware Story
https://ift.tt/3FPzDVM
Submitted November 29, 2021 at 06:16PM by TheDFIRReport
via reddit https://ift.tt/3rfAoUd
https://ift.tt/3FPzDVM
Submitted November 29, 2021 at 06:16PM by TheDFIRReport
via reddit https://ift.tt/3rfAoUd
The DFIR Report
CONTInuing the Bazar Ransomware Story
In this report we will discuss a case from early August where we witnessed threat actors utilizing BazarLoader and Cobalt Strike to accomplish their mission of encrypting systems with Conti ransomw…
Unpatched Exchange servers distribute phishing links (squirrelwaffle)
https://ift.tt/3d2pxo6
Submitted November 29, 2021 at 09:28PM by ma-ni
via reddit https://ift.tt/314Smy7
https://ift.tt/3d2pxo6
Submitted November 29, 2021 at 09:28PM by ma-ni
via reddit https://ift.tt/314Smy7
reddit
Unpatched Exchange servers distribute phishing links (squirrelwaffle)
Posted in r/netsec by u/ma-ni • 90 points and 7 comments
Abusing Opera mini turbo servers for fraudulent VAS activation
https://ift.tt/3rj3jXv
Submitted November 30, 2021 at 04:04PM by esc0rp_
via reddit https://ift.tt/31anbRw
https://ift.tt/3rj3jXv
Submitted November 30, 2021 at 04:04PM by esc0rp_
via reddit https://ift.tt/31anbRw
www.inputzero.io
Play the Opera Please
CVE-201819825 - Opera Browser
Compromising the email supply chain of 190 Australian organisations through a single IT Managed Service Provider
https://ift.tt/3lp5Xah
Submitted December 01, 2021 at 01:26AM by Jumpy_Resolution3089
via reddit https://ift.tt/3lmKMWx
https://ift.tt/3lp5Xah
Submitted December 01, 2021 at 01:26AM by Jumpy_Resolution3089
via reddit https://ift.tt/3lmKMWx
Caniphish
Compromising Email Supply Chains | CanIPhish
Compromising the email supply chain of 190 Australian organisations through a single IT Managed Service Provider.
Discovering Full Read SSRF in Jamf (CVE-2021-39303 & CVE-2021-40809)
https://ift.tt/3d7LL8u
Submitted December 01, 2021 at 03:39AM by Mempodipper
via reddit https://ift.tt/3rp7Tn8
https://ift.tt/3d7LL8u
Submitted December 01, 2021 at 03:39AM by Mempodipper
via reddit https://ift.tt/3rp7Tn8
Assetnote
Discovering Full Read SSRF in Jamf (CVE-2021-39303 & CVE-2021-40809)
Application security issues found by Assetnote
How Data Breaches happen and why Secure by Default software is the future
https://ift.tt/3Ea5dNr
Submitted December 01, 2021 at 05:19AM by breadchris
via reddit https://ift.tt/3EcgtJg
https://ift.tt/3Ea5dNr
Submitted December 01, 2021 at 05:19AM by breadchris
via reddit https://ift.tt/3EcgtJg
www.lunasec.io
How Data Breaches happen and why Secure by Default software is the future | LunaSec
Your software delivery model is broken, but it's not your fault. Delivering on time while also protecting yourself from data breaches is a herculean task. It doesn't have to be though, and we'll show you why!
An Illustrated Guide to Elliptic Curve Cryptography Validation
https://ift.tt/3wXjLgT
Submitted December 01, 2021 at 12:28PM by Gallus
via reddit https://ift.tt/3rocEx7
https://ift.tt/3wXjLgT
Submitted December 01, 2021 at 12:28PM by Gallus
via reddit https://ift.tt/3rocEx7
NCC Group Research Blog
An Illustrated Guide to Elliptic Curve Cryptography Validation
Elliptic Curve Cryptography (ECC) has become the de facto standard for protecting modern communications. ECC is widely used to perform asymmetric cryptography operations, such as to establish share…