So many updates in the Open-Source firmware scanner EMBA right before christmas. We have created a new teaser video to give you some insights ... Check it out https://ift.tt/3mYcCY2
https://ift.tt/3mYcCY2
Submitted December 17, 2021 at 08:19PM by _m-1-k-3_
via reddit https://ift.tt/324LVeM
https://ift.tt/3mYcCY2
Submitted December 17, 2021 at 08:19PM by _m-1-k-3_
via reddit https://ift.tt/324LVeM
GitHub
GitHub - e-m-b-a/emba: EMBA - The firmware security analyzer
EMBA - The firmware security analyzer. Contribute to e-m-b-a/emba development by creating an account on GitHub.
If You're Not Doing Continuous Asset Management You're Not Doing Security
https://ift.tt/2JuqJA1
Submitted December 18, 2021 at 03:32AM by danielrm26
via reddit https://ift.tt/3sgkGZe
https://ift.tt/2JuqJA1
Submitted December 18, 2021 at 03:32AM by danielrm26
via reddit https://ift.tt/3sgkGZe
Daniel Miessler
If You're Not Doing Continuous Asset Management You're Not Doing Security
A clear explanation for why asset management is so critical to a company's security posture, and why it should always be step zero.
log4j 2.17.0 Released to Fix CVSS 7.5 Denial of Service (CVE-2021-45105)
https://ift.tt/3365DXB
Submitted December 18, 2021 at 12:39PM by sanitybit
via reddit https://ift.tt/3mhD0NT
https://ift.tt/3365DXB
Submitted December 18, 2021 at 12:39PM by sanitybit
via reddit https://ift.tt/3mhD0NT
reddit
log4j 2.17.0 Released to Fix CVSS 7.5 Denial of Service...
A community for technical news and discussion of information security and closely related topics.
Log4j version 2.17.0 fixes a new problem CVE-2021-45105 DoS vuln (CVSS score of 7.5)
https://ift.tt/3365DXB
Submitted December 18, 2021 at 04:24PM by ScottContini
via reddit https://ift.tt/3GXwDqO
https://ift.tt/3365DXB
Submitted December 18, 2021 at 04:24PM by ScottContini
via reddit https://ift.tt/3GXwDqO
reddit
Log4j version 2.17.0 fixes a new problem CVE-2021-45105 DoS vuln...
Posted in r/netsec by u/ScottContini • 1 point and 0 comments
lurch1317: A new pidgin plugin with strong crypto for deniablity (WIP)
https://ift.tt/34Jfdxq
Submitted December 18, 2021 at 05:10PM by hardenedvault
via reddit https://ift.tt/3FfQjpO
https://ift.tt/34Jfdxq
Submitted December 18, 2021 at 05:10PM by hardenedvault
via reddit https://ift.tt/3FfQjpO
Synk release free Log4Shell vulnerabilities jar scanner via Snyk CLI
https://ift.tt/3IWCX41
Submitted December 18, 2021 at 08:42PM by GelosSnake
via reddit https://ift.tt/3p545pu
https://ift.tt/3IWCX41
Submitted December 18, 2021 at 08:42PM by GelosSnake
via reddit https://ift.tt/3p545pu
HUB Security Docker Digital Twin authenticates and verifies incoming Docker traffic
https://ift.tt/3q1a4Lf
Submitted December 19, 2021 at 09:29PM by OldBay_Trader
via reddit https://ift.tt/3J2I3vv
https://ift.tt/3q1a4Lf
Submitted December 19, 2021 at 09:29PM by OldBay_Trader
via reddit https://ift.tt/3J2I3vv
Help Net Security
HUB Security Docker Digital Twin authenticates and verifies incoming Docker traffic - Help Net Security
HUB Security announced its Docker Digital Twin product to protect, authenticate, and verify traffic created by Docker.
log4j — Getting to 2.16 and 2.17 is Only Critical If You Have Non-Default Logging Enabled
https://ift.tt/3pgW9Sh
Submitted December 19, 2021 at 11:24PM by danielrm26
via reddit https://ift.tt/3IYOy2x
https://ift.tt/3pgW9Sh
Submitted December 19, 2021 at 11:24PM by danielrm26
via reddit https://ift.tt/3IYOy2x
Daniel Miessler
The Subsequent Waves of log4j Vulnerabilities Aren't as Bad as People Think
If you're reading this you're underslept and over-caffeinated due to log4j. Thank you for your service. I have some good news. I know a super-smart guy
Log4j Vulnerability CVE-2021-45105: What You Need to Know (and how it differs from CVE-2021-45046)
https://ift.tt/3qd68qU
Submitted December 20, 2021 at 01:02PM by ScottContini
via reddit https://ift.tt/3yQBh7u
https://ift.tt/3qd68qU
Submitted December 20, 2021 at 01:02PM by ScottContini
via reddit https://ift.tt/3yQBh7u
letme.go - A minimalistic Meterpreter stager written in Go
https://ift.tt/3miTF3E
Submitted December 20, 2021 at 02:00PM by 0xdea
via reddit https://ift.tt/3yIbWfE
https://ift.tt/3miTF3E
Submitted December 20, 2021 at 02:00PM by 0xdea
via reddit https://ift.tt/3yIbWfE
HN Security
letme.go - A minimalistic Meterpreter stager written in Go - HN Security
Introducing a minimalistic Meterpreter stager written in Go (letme.go), useful in red teaming engagements.
Alan c2 post-exploitation framework v5.0 - All you can in-memory edition
https://ift.tt/3e7zHoc
Submitted December 19, 2021 at 09:51AM by aparata_s4tan
via reddit https://ift.tt/3Eb4JpO
https://ift.tt/3e7zHoc
Submitted December 19, 2021 at 09:51AM by aparata_s4tan
via reddit https://ift.tt/3Eb4JpO
Blogspot
Alan c2 Framework v5.0 - All you can in-memory edition
Twitter: @s4tan Download: https://github.com/enkomio/AlanFramework Documentation: https://github.com/enkomio/AlanFramework/tree/mai...
Inside a PBX - Discovering a Firmware Backdoor
https://ift.tt/3pcy5j9
Submitted December 20, 2021 at 06:29PM by RedTeamPentesting
via reddit https://ift.tt/3smuocS
https://ift.tt/3pcy5j9
Submitted December 20, 2021 at 06:29PM by RedTeamPentesting
via reddit https://ift.tt/3smuocS
OSS Getting Hammered for BigCorp Failures
https://ift.tt/3eaRTx8
Submitted December 20, 2021 at 10:50PM by GelosSnake
via reddit https://ift.tt/3qd6WMj
https://ift.tt/3eaRTx8
Submitted December 20, 2021 at 10:50PM by GelosSnake
via reddit https://ift.tt/3qd6WMj
Medium
OSS Getting Hammered for BigCorp Failures
Everyone heard of log4j by now
Intruding 5G SA core networks from outside and inside
https://ift.tt/3yIHWR7
Submitted December 21, 2021 at 03:37AM by sebazzen
via reddit https://ift.tt/3ed4kZb
https://ift.tt/3yIHWR7
Submitted December 21, 2021 at 03:37AM by sebazzen
via reddit https://ift.tt/3ed4kZb
Penthertz
Intruding 5G core networks from outside and inside | PentHertz Blog
Wireless and hardware security, firmware, mobile, pentest, trainings, development, hacking
RCE in Visual Studio Code's Remote WSL for Fun and Negative Profit
https://ift.tt/3pcjEM7
Submitted December 21, 2021 at 10:46AM by parsiya2
via reddit https://ift.tt/3pbz3fE
https://ift.tt/3pcjEM7
Submitted December 21, 2021 at 10:46AM by parsiya2
via reddit https://ift.tt/3pbz3fE
parsiya.net
RCE in Visual Studio Code's Remote WSL for Fun and Negative Profit
The Visual Studio Code server in Windows Subsystem for Linux uses a local
WebSocket WebSocket connection to communicate with the Remote WSL extension.
JavaScript in websites can connect to this server and execute arbitrary commands
on the target system. Assigned…
WebSocket WebSocket connection to communicate with the Remote WSL extension.
JavaScript in websites can connect to this server and execute arbitrary commands
on the target system. Assigned…
Android application testing using windows 11 and windows subsystem for android
https://ift.tt/3q8tIoJ
Submitted December 21, 2021 at 12:34PM by 0xdea
via reddit https://ift.tt/3ph5ZUa
https://ift.tt/3q8tIoJ
Submitted December 21, 2021 at 12:34PM by 0xdea
via reddit https://ift.tt/3ph5ZUa
Sensepost
SensePost | Android application testing using windows 11 and windows subsystem for android
Leaders in Information Security
Definitely Maybe with Bloom Filters
https://ift.tt/3edtLdi
Submitted December 21, 2021 at 01:51PM by selbekk
via reddit https://ift.tt/3ehcQX2
https://ift.tt/3edtLdi
Submitted December 21, 2021 at 01:51PM by selbekk
via reddit https://ift.tt/3ehcQX2
Common security issues when configuring HTTPs connections in Android
https://ift.tt/3JbApPl
Submitted December 21, 2021 at 06:36PM by Masrepus
via reddit https://ift.tt/3H2Ghsp
https://ift.tt/3JbApPl
Submitted December 21, 2021 at 06:36PM by Masrepus
via reddit https://ift.tt/3H2Ghsp
Hook Heaps and Live Free
https://ift.tt/3Ech0Kp
Submitted December 21, 2021 at 08:24PM by jat0369
via reddit https://ift.tt/3sp2aOH
https://ift.tt/3Ech0Kp
Submitted December 21, 2021 at 08:24PM by jat0369
via reddit https://ift.tt/3sp2aOH
Cyberark
Hook Heaps and Live Free
I wanted to write this blog post to talk a bit about Cobalt Strike, function hooking and the Windows heap. We will be targeting BeaconEye (https://github.com/CCob/BeaconEye) as our detection tool...
I made a tool to cover your tracks post-exploitation on Linux machines for Red Teamers
https://ift.tt/3yHk3cn
Submitted December 21, 2021 at 11:58PM by mufeedvh
via reddit https://ift.tt/3FpShUE
https://ift.tt/3yHk3cn
Submitted December 21, 2021 at 11:58PM by mufeedvh
via reddit https://ift.tt/3FpShUE
GitHub
GitHub - mufeedvh/moonwalk: Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.
Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps. - GitHub - mufeedvh/moonwalk: Cover your tracks during Linux Exploitation by leaving zer...
Why it's hard to fix the Java ecosystem
https://ift.tt/3sfHVCT
Submitted December 22, 2021 at 06:56AM by Jazzlike-Vegetable69
via reddit https://ift.tt/3JcdNhV
https://ift.tt/3sfHVCT
Submitted December 22, 2021 at 06:56AM by Jazzlike-Vegetable69
via reddit https://ift.tt/3JcdNhV
Google Online Security Blog
Understanding the Impact of Apache Log4j Vulnerability
Posted by James Wetter and Nicky Ringland, Open Source Insights Team Editors Note: The below numbers were calculated based on both log4j-co...