The hidden side of Seclogon part 2: Abusing leaked handles to dump LSASS memory
https://ift.tt/3rZi4PF
Submitted December 07, 2021 at 08:09PM by splinter_code
via reddit https://ift.tt/3ItYWik
https://ift.tt/3rZi4PF
Submitted December 07, 2021 at 08:09PM by splinter_code
via reddit https://ift.tt/3ItYWik
Detailed Report on Local Privilege Escalation Vulnerability in Ubuntu Desktop (Pwn2Own 2021)
https://ift.tt/31HD1nb
Submitted December 08, 2021 at 08:33PM by toyojuni
via reddit https://ift.tt/3IwHMAv
https://ift.tt/31HD1nb
Submitted December 08, 2021 at 08:33PM by toyojuni
via reddit https://ift.tt/3IwHMAv
flatt.tech
Ubuntu Desktop Exploit | Pwn2Own Local Escalation of Privilege Category | GMO Flatt Security
This whitepaper describes the vulnerability used for PWN2OWN 2021 of Local Escalation of Privilege Category. This exploit and vulnerability were tested against the latest release of Ubuntu Desktop 20.10 at the time of writing.
Process Ghosting - EDR Evasion
https://ift.tt/3DBe9dR
Submitted December 09, 2021 at 12:36AM by netbiosX
via reddit https://ift.tt/305Il2Y
https://ift.tt/3DBe9dR
Submitted December 09, 2021 at 12:36AM by netbiosX
via reddit https://ift.tt/305Il2Y
Pentest Laboratories
Process Ghosting
Understanding how endpoint products work to identify malicious actions can lead to the discovery of security gaps which can be used for evasion during red team operations. The technique Process Her…
PhD thesis on satellite security incl prev incidents and finding a lot sent clear text
https://ift.tt/3Giplhg
Submitted December 09, 2021 at 01:31AM by pangolinportent
via reddit https://ift.tt/3rTDCNz
https://ift.tt/3Giplhg
Submitted December 09, 2021 at 01:31AM by pangolinportent
via reddit https://ift.tt/3rTDCNz
tool that monitors/alerts if a vulnerability is found in any 3rd party library/code/tool/etc we use in our system... I can not find any...
https://ift.tt/3DBsI0U
Submitted December 09, 2021 at 01:29AM by Ques-tion-Everything
via reddit https://ift.tt/3dEbbul
https://ift.tt/3DBsI0U
Submitted December 09, 2021 at 01:29AM by Ques-tion-Everything
via reddit https://ift.tt/3dEbbul
Malicious npm Packages Are After Your Discord Tokens
https://ift.tt/3m8zDJl
Submitted December 09, 2021 at 03:16AM by SRMish3
via reddit https://ift.tt/3IA89FI
https://ift.tt/3m8zDJl
Submitted December 09, 2021 at 03:16AM by SRMish3
via reddit https://ift.tt/3IA89FI
Microsoft and GitHub OAuth Implementation Vulnerabilities Lead to Redirection Attacks | Proofpoint US
https://ift.tt/31AoolQ
Submitted December 09, 2021 at 03:58AM by Environmental-Art446
via reddit https://ift.tt/3pCgQqB
https://ift.tt/31AoolQ
Submitted December 09, 2021 at 03:58AM by Environmental-Art446
via reddit https://ift.tt/3pCgQqB
Lição 1
https://ift.tt/3DEusGX
Submitted December 09, 2021 at 09:54AM by Forward-Guest4804
via reddit https://ift.tt/3EGnnqr
https://ift.tt/3DEusGX
Submitted December 09, 2021 at 09:54AM by Forward-Guest4804
via reddit https://ift.tt/3EGnnqr
Facebook
Log in or sign up to view
See posts, photos and more on Facebook.
CSPM, CIEM, CWPP, and CNAPP: Guess who in the cloud security landscape
https://ift.tt/3Iwmkf7
Submitted December 09, 2021 at 02:06PM by MiguelHzBz
via reddit https://ift.tt/3rPXtNt
https://ift.tt/3Iwmkf7
Submitted December 09, 2021 at 02:06PM by MiguelHzBz
via reddit https://ift.tt/3rPXtNt
A new StrongPity variant hides behind Notepad++ installation
https://ift.tt/31HOW4y
Submitted December 09, 2021 at 07:33PM by minerva-labs
via reddit https://ift.tt/3DyzBQE
https://ift.tt/31HOW4y
Submitted December 09, 2021 at 07:33PM by minerva-labs
via reddit https://ift.tt/3DyzBQE
Minerva-Labs
A new StrongPity variant hides behind Notepad++ installation
A new Strongpity variant hides its three-stage attack behind a Notepad++ installation
Microsoft Vancouver leaking website credentials via overlooked DS_STORE file
https://ift.tt/3dz28ec
Submitted December 08, 2021 at 08:59PM by eckagalvis
via reddit https://ift.tt/3yaBXEi
https://ift.tt/3dz28ec
Submitted December 08, 2021 at 08:59PM by eckagalvis
via reddit https://ift.tt/3yaBXEi
A simple walkthrough of x86_64 stack-based buffer overflow exploitation with gdb
https://ift.tt/3rRwfWS
Submitted December 09, 2021 at 09:30PM by oxagast
via reddit https://ift.tt/3pZPw5Z
https://ift.tt/3rRwfWS
Submitted December 09, 2021 at 09:30PM by oxagast
via reddit https://ift.tt/3pZPw5Z
oxasploits
A simple x86_64 stack based buffer overflow exploitation with gdb
Background
Checkpoint researchers say not only is Emotet volume already 50% it's old peak but now it directly drops Cobalt Strike
https://ift.tt/33iCQiP
Submitted December 10, 2021 at 08:20AM by AnIrregularRegular
via reddit https://ift.tt/3IzBwYR
https://ift.tt/33iCQiP
Submitted December 10, 2021 at 08:20AM by AnIrregularRegular
via reddit https://ift.tt/3IzBwYR
Check Point Research
When old friends meet again: why Emotet chose Trickbot for rebirth - Check Point Research
Research by: Raman Ladutska, Aliaksandr Trafimchuk, David Driker, Yali Magiel Overview Trickbot and Emotet are considered some of the largest botnets in history. They both share a similar story: they were taken down and made a comeback. Check Point Research…
RCE 0-day exploit found in log4j, a popular Java logging package
https://ift.tt/3pLLJbZ
Submitted December 10, 2021 at 07:11AM by freeqaz
via reddit https://ift.tt/3DIWyAy
https://ift.tt/3pLLJbZ
Submitted December 10, 2021 at 07:11AM by freeqaz
via reddit https://ift.tt/3DIWyAy
www.lunasec.io
Log4Shell: RCE 0-day exploit found in log4j, a popular Java logging package | LunaTrace
Given how ubiquitous log4j is, the impact of this vulnerability is quite severe. Learn how to fix Log4Shell, why it's bad, and what a working exploit requires in this post.
Denial of Service in the protection service provided by Avast Security Premium.
https://ift.tt/3DCxdIN
Submitted December 10, 2021 at 05:12PM by sp1d3rr
via reddit https://ift.tt/3rSlHql
https://ift.tt/3DCxdIN
Submitted December 10, 2021 at 05:12PM by sp1d3rr
via reddit https://ift.tt/3rSlHql
Hunting for Low-Hanging Fruit in applications at AWS environments
https://ift.tt/3pDe2JO
Submitted December 10, 2021 at 05:11PM by sp1d3rr
via reddit https://ift.tt/3yf2WhX
https://ift.tt/3pDe2JO
Submitted December 10, 2021 at 05:11PM by sp1d3rr
via reddit https://ift.tt/3yf2WhX
Medium
Hunting for Low-Hanging Fruit in applications at AWS environments
Hello everyone, it’s nothing new that Cloud environments have been dominating the market today, and among service providers, AWS is on the…
Critical vulnerability in log4j, a widely used logging library
https://ift.tt/31EuNfT
Submitted December 10, 2021 at 11:46PM by MiguelHzBz
via reddit https://ift.tt/3ELHhk2
https://ift.tt/31EuNfT
Submitted December 10, 2021 at 11:46PM by MiguelHzBz
via reddit https://ift.tt/3ELHhk2
Ghidra 10.1 Released
https://ift.tt/3oJjICH
Submitted December 11, 2021 at 04:58AM by mumbel
via reddit https://ift.tt/3yfQZbL
https://ift.tt/3oJjICH
Submitted December 11, 2021 at 04:58AM by mumbel
via reddit https://ift.tt/3yfQZbL
GitHub
Release Ghidra 10.1 · NationalSecurityAgency/ghidra
Includes log4j 2.15.0 which addresses CVE-2021-44228
What's New
Change History
Installation Guide
SHA-256: 99139c4a63a81135b3b63fe9997a012a6394a766c2c7f2ac5115ab53912d2a6c
What's New
Change History
Installation Guide
SHA-256: 99139c4a63a81135b3b63fe9997a012a6394a766c2c7f2ac5115ab53912d2a6c
Security researchers visit Nullcon Berlin
https://ift.tt/3s0ph1F
Submitted December 11, 2021 at 08:24AM by sparsh990
via reddit https://ift.tt/3EMS8u2
https://ift.tt/3s0ph1F
Submitted December 11, 2021 at 08:24AM by sparsh990
via reddit https://ift.tt/3EMS8u2
nullcon.net
Call for Papers | Nullcon Berlin 2022
Nullcon is an annual security conference which takes place in Goa, India. The focus of the conference is to showcase the next generation of offensive and defensive security research. Submit CFP for Nullcon 1st Berlin edition in 2022.
Hacking a Harley's Tuner - Part 3
https://ift.tt/3dJP1qF
Submitted December 11, 2021 at 08:44PM by _kawhl
via reddit https://ift.tt/3DLJL0t
https://ift.tt/3dJP1qF
Submitted December 11, 2021 at 08:44PM by _kawhl
via reddit https://ift.tt/3DLJL0t
therealunicornsecurity.github.io
Hacking a Harley's Tuner - Part 3
Completion of the primary objective
Log4shell - using the vulnerability to patch the vulnerability - very clever
https://ift.tt/3yhSbeS
Submitted December 11, 2021 at 10:44PM by lkn240
via reddit https://ift.tt/3lSW0lS
https://ift.tt/3yhSbeS
Submitted December 11, 2021 at 10:44PM by lkn240
via reddit https://ift.tt/3lSW0lS