[LOG4J2-3230] Certain strings can cause infinite recursion - ASF JIRA
https://ift.tt/3e0aTOJ
Submitted December 17, 2021 at 02:56PM by itprofessional23
via reddit https://ift.tt/3E21Mrh
https://ift.tt/3e0aTOJ
Submitted December 17, 2021 at 02:56PM by itprofessional23
via reddit https://ift.tt/3E21Mrh
reddit
[LOG4J2-3230] Certain strings can cause infinite recursion - ASF JIRA
Posted in r/netsec by u/itprofessional23 • 1 point and 0 comments
A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution
https://ift.tt/3yqDOVG
Submitted December 15, 2021 at 11:32PM by ansible
via reddit https://ift.tt/32902iP
https://ift.tt/3yqDOVG
Submitted December 15, 2021 at 11:32PM by ansible
via reddit https://ift.tt/32902iP
Blogspot
A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution
Posted by Ian Beer & Samuel Groß of Google Project Zero We want to thank Citizen Lab for sharing a sample of the FORCEDENTRY exploit w...
Fail2ban / Regexp rule against LOG4J vuln
https://ift.tt/3sd4Kah
Submitted December 17, 2021 at 07:07PM by AGS42
via reddit https://ift.tt/3dYIFUL
https://ift.tt/3sd4Kah
Submitted December 17, 2021 at 07:07PM by AGS42
via reddit https://ift.tt/3dYIFUL
Gist
fail2ban filter rule for the log4j CVE-2021-44228 exploit
fail2ban filter rule for the log4j CVE-2021-44228 exploit - log4j-jndi.conf
So many updates in the Open-Source firmware scanner EMBA right before christmas. We have created a new teaser video to give you some insights ... Check it out https://ift.tt/3mYcCY2
https://ift.tt/3mYcCY2
Submitted December 17, 2021 at 08:19PM by _m-1-k-3_
via reddit https://ift.tt/324LVeM
https://ift.tt/3mYcCY2
Submitted December 17, 2021 at 08:19PM by _m-1-k-3_
via reddit https://ift.tt/324LVeM
GitHub
GitHub - e-m-b-a/emba: EMBA - The firmware security analyzer
EMBA - The firmware security analyzer. Contribute to e-m-b-a/emba development by creating an account on GitHub.
If You're Not Doing Continuous Asset Management You're Not Doing Security
https://ift.tt/2JuqJA1
Submitted December 18, 2021 at 03:32AM by danielrm26
via reddit https://ift.tt/3sgkGZe
https://ift.tt/2JuqJA1
Submitted December 18, 2021 at 03:32AM by danielrm26
via reddit https://ift.tt/3sgkGZe
Daniel Miessler
If You're Not Doing Continuous Asset Management You're Not Doing Security
A clear explanation for why asset management is so critical to a company's security posture, and why it should always be step zero.
log4j 2.17.0 Released to Fix CVSS 7.5 Denial of Service (CVE-2021-45105)
https://ift.tt/3365DXB
Submitted December 18, 2021 at 12:39PM by sanitybit
via reddit https://ift.tt/3mhD0NT
https://ift.tt/3365DXB
Submitted December 18, 2021 at 12:39PM by sanitybit
via reddit https://ift.tt/3mhD0NT
reddit
log4j 2.17.0 Released to Fix CVSS 7.5 Denial of Service...
A community for technical news and discussion of information security and closely related topics.
Log4j version 2.17.0 fixes a new problem CVE-2021-45105 DoS vuln (CVSS score of 7.5)
https://ift.tt/3365DXB
Submitted December 18, 2021 at 04:24PM by ScottContini
via reddit https://ift.tt/3GXwDqO
https://ift.tt/3365DXB
Submitted December 18, 2021 at 04:24PM by ScottContini
via reddit https://ift.tt/3GXwDqO
reddit
Log4j version 2.17.0 fixes a new problem CVE-2021-45105 DoS vuln...
Posted in r/netsec by u/ScottContini • 1 point and 0 comments
lurch1317: A new pidgin plugin with strong crypto for deniablity (WIP)
https://ift.tt/34Jfdxq
Submitted December 18, 2021 at 05:10PM by hardenedvault
via reddit https://ift.tt/3FfQjpO
https://ift.tt/34Jfdxq
Submitted December 18, 2021 at 05:10PM by hardenedvault
via reddit https://ift.tt/3FfQjpO
Synk release free Log4Shell vulnerabilities jar scanner via Snyk CLI
https://ift.tt/3IWCX41
Submitted December 18, 2021 at 08:42PM by GelosSnake
via reddit https://ift.tt/3p545pu
https://ift.tt/3IWCX41
Submitted December 18, 2021 at 08:42PM by GelosSnake
via reddit https://ift.tt/3p545pu
HUB Security Docker Digital Twin authenticates and verifies incoming Docker traffic
https://ift.tt/3q1a4Lf
Submitted December 19, 2021 at 09:29PM by OldBay_Trader
via reddit https://ift.tt/3J2I3vv
https://ift.tt/3q1a4Lf
Submitted December 19, 2021 at 09:29PM by OldBay_Trader
via reddit https://ift.tt/3J2I3vv
Help Net Security
HUB Security Docker Digital Twin authenticates and verifies incoming Docker traffic - Help Net Security
HUB Security announced its Docker Digital Twin product to protect, authenticate, and verify traffic created by Docker.
log4j — Getting to 2.16 and 2.17 is Only Critical If You Have Non-Default Logging Enabled
https://ift.tt/3pgW9Sh
Submitted December 19, 2021 at 11:24PM by danielrm26
via reddit https://ift.tt/3IYOy2x
https://ift.tt/3pgW9Sh
Submitted December 19, 2021 at 11:24PM by danielrm26
via reddit https://ift.tt/3IYOy2x
Daniel Miessler
The Subsequent Waves of log4j Vulnerabilities Aren't as Bad as People Think
If you're reading this you're underslept and over-caffeinated due to log4j. Thank you for your service. I have some good news. I know a super-smart guy
Log4j Vulnerability CVE-2021-45105: What You Need to Know (and how it differs from CVE-2021-45046)
https://ift.tt/3qd68qU
Submitted December 20, 2021 at 01:02PM by ScottContini
via reddit https://ift.tt/3yQBh7u
https://ift.tt/3qd68qU
Submitted December 20, 2021 at 01:02PM by ScottContini
via reddit https://ift.tt/3yQBh7u
letme.go - A minimalistic Meterpreter stager written in Go
https://ift.tt/3miTF3E
Submitted December 20, 2021 at 02:00PM by 0xdea
via reddit https://ift.tt/3yIbWfE
https://ift.tt/3miTF3E
Submitted December 20, 2021 at 02:00PM by 0xdea
via reddit https://ift.tt/3yIbWfE
HN Security
letme.go - A minimalistic Meterpreter stager written in Go - HN Security
Introducing a minimalistic Meterpreter stager written in Go (letme.go), useful in red teaming engagements.
Alan c2 post-exploitation framework v5.0 - All you can in-memory edition
https://ift.tt/3e7zHoc
Submitted December 19, 2021 at 09:51AM by aparata_s4tan
via reddit https://ift.tt/3Eb4JpO
https://ift.tt/3e7zHoc
Submitted December 19, 2021 at 09:51AM by aparata_s4tan
via reddit https://ift.tt/3Eb4JpO
Blogspot
Alan c2 Framework v5.0 - All you can in-memory edition
Twitter: @s4tan Download: https://github.com/enkomio/AlanFramework Documentation: https://github.com/enkomio/AlanFramework/tree/mai...
Inside a PBX - Discovering a Firmware Backdoor
https://ift.tt/3pcy5j9
Submitted December 20, 2021 at 06:29PM by RedTeamPentesting
via reddit https://ift.tt/3smuocS
https://ift.tt/3pcy5j9
Submitted December 20, 2021 at 06:29PM by RedTeamPentesting
via reddit https://ift.tt/3smuocS
OSS Getting Hammered for BigCorp Failures
https://ift.tt/3eaRTx8
Submitted December 20, 2021 at 10:50PM by GelosSnake
via reddit https://ift.tt/3qd6WMj
https://ift.tt/3eaRTx8
Submitted December 20, 2021 at 10:50PM by GelosSnake
via reddit https://ift.tt/3qd6WMj
Medium
OSS Getting Hammered for BigCorp Failures
Everyone heard of log4j by now
Intruding 5G SA core networks from outside and inside
https://ift.tt/3yIHWR7
Submitted December 21, 2021 at 03:37AM by sebazzen
via reddit https://ift.tt/3ed4kZb
https://ift.tt/3yIHWR7
Submitted December 21, 2021 at 03:37AM by sebazzen
via reddit https://ift.tt/3ed4kZb
Penthertz
Intruding 5G core networks from outside and inside | PentHertz Blog
Wireless and hardware security, firmware, mobile, pentest, trainings, development, hacking
RCE in Visual Studio Code's Remote WSL for Fun and Negative Profit
https://ift.tt/3pcjEM7
Submitted December 21, 2021 at 10:46AM by parsiya2
via reddit https://ift.tt/3pbz3fE
https://ift.tt/3pcjEM7
Submitted December 21, 2021 at 10:46AM by parsiya2
via reddit https://ift.tt/3pbz3fE
parsiya.net
RCE in Visual Studio Code's Remote WSL for Fun and Negative Profit
The Visual Studio Code server in Windows Subsystem for Linux uses a local
WebSocket WebSocket connection to communicate with the Remote WSL extension.
JavaScript in websites can connect to this server and execute arbitrary commands
on the target system. Assigned…
WebSocket WebSocket connection to communicate with the Remote WSL extension.
JavaScript in websites can connect to this server and execute arbitrary commands
on the target system. Assigned…
Android application testing using windows 11 and windows subsystem for android
https://ift.tt/3q8tIoJ
Submitted December 21, 2021 at 12:34PM by 0xdea
via reddit https://ift.tt/3ph5ZUa
https://ift.tt/3q8tIoJ
Submitted December 21, 2021 at 12:34PM by 0xdea
via reddit https://ift.tt/3ph5ZUa
Sensepost
SensePost | Android application testing using windows 11 and windows subsystem for android
Leaders in Information Security
Definitely Maybe with Bloom Filters
https://ift.tt/3edtLdi
Submitted December 21, 2021 at 01:51PM by selbekk
via reddit https://ift.tt/3ehcQX2
https://ift.tt/3edtLdi
Submitted December 21, 2021 at 01:51PM by selbekk
via reddit https://ift.tt/3ehcQX2
Common security issues when configuring HTTPs connections in Android
https://ift.tt/3JbApPl
Submitted December 21, 2021 at 06:36PM by Masrepus
via reddit https://ift.tt/3H2Ghsp
https://ift.tt/3JbApPl
Submitted December 21, 2021 at 06:36PM by Masrepus
via reddit https://ift.tt/3H2Ghsp