Qiling Sandbox Escape
https://ift.tt/3AyrC6f
Submitted January 24, 2022 at 02:15PM by ly4k_
via reddit https://ift.tt/3FUPgej
https://ift.tt/3AyrC6f
Submitted January 24, 2022 at 02:15PM by ly4k_
via reddit https://ift.tt/3FUPgej
www.kalmarunionen.dk
Qiling Sandbox Escape
Writeup by: Oliver Lyak (ly4k)
Solved by: Zopazz, Oliver Lyak (ly4k)
QLaaS QLaaS (Qiling as a Service) was a Clone-and-Pwn challenge with difficulty Schrödinger …
Solved by: Zopazz, Oliver Lyak (ly4k)
QLaaS QLaaS (Qiling as a Service) was a Clone-and-Pwn challenge with difficulty Schrödinger …
CVE-2022-0185 – What does the newest kernel exploit mean for Kubernetes
https://ift.tt/3FXn2Q5
Submitted January 24, 2022 at 01:59PM by gemyougym
via reddit https://ift.tt/35bFUhr
https://ift.tt/3FXn2Q5
Submitted January 24, 2022 at 01:59PM by gemyougym
via reddit https://ift.tt/35bFUhr
ARMO
What the newest kernel exploit - CVE-2022-0185 - mean for Kubernetes?
In the last few days, Linux maintainers disclosed a broadly available Linux kernel vulnerability - CVE-2022-0185- what does it mean for Kubernetes?
How BRATA is monitoring your bank account | Cleafy Labs
https://ift.tt/3IuiVN9
Submitted January 24, 2022 at 05:22PM by f3d_0x0
via reddit https://ift.tt/345JQja
https://ift.tt/3IuiVN9
Submitted January 24, 2022 at 05:22PM by f3d_0x0
via reddit https://ift.tt/345JQja
Cleafy
How BRATA is monitoring your bank account | Cleafy Labs
The mobile banking malware BRATA keeps evolving. Read here the new Technical Report, which explains in detail how it monitors banks account and how to prevent it.
Cobalt Strike, a Defender’s Guide – Part 2
https://ift.tt/3qTXEGz
Submitted January 24, 2022 at 07:49PM by TheDFIRReport
via reddit https://ift.tt/3nRKS9y
https://ift.tt/3qTXEGz
Submitted January 24, 2022 at 07:49PM by TheDFIRReport
via reddit https://ift.tt/3nRKS9y
The DFIR Report
Cobalt Strike, a Defender’s Guide – Part 2
Our previous report on Cobalt Strike focused on the most frequently used capabilities that we had observed. In this report, we will focus on the network traffic it produced, and provide some easy w…
Paranoids’ Vulnerability Research: PrinterLogic Issues Security Alert
https://ift.tt/3fRJakb
Submitted January 24, 2022 at 11:45PM by jrozner
via reddit https://ift.tt/3IxFb8H
https://ift.tt/3fRJakb
Submitted January 24, 2022 at 11:45PM by jrozner
via reddit https://ift.tt/3IxFb8H
Yahooinc
Paranoids’ Vulnerability Research: PrinterLogic Issues Security Alert | Paranoids Blog | Yahoo Inc.
Using Twitter to notify careless developers — the unorthodox way (Or, how you could use GitHub to compromise 9.5K Twitter accounts without “hacking”)
https://ift.tt/3ArlPze
Submitted January 25, 2022 at 02:52AM by sp00kyphiss
via reddit https://ift.tt/3qVCIPu
https://ift.tt/3ArlPze
Submitted January 25, 2022 at 02:52AM by sp00kyphiss
via reddit https://ift.tt/3qVCIPu
Medium
Using Twitter to notify careless developers — the unorthodox way
Or, how you could use GitHub to compromise 9.5K Twitter accounts without doing any “hacking”
TypeScript scenario-based web application Fuzzing Framework, supports genetic algorithm and running on CI
https://ift.tt/344p7wt
Submitted January 24, 2022 at 03:12PM by hi120ki
via reddit https://ift.tt/3fXagqm
https://ift.tt/344p7wt
Submitted January 24, 2022 at 03:12PM by hi120ki
via reddit https://ift.tt/3fXagqm
GitHub
GitHub - shfz/shfz: TypeScript Scenario-Based Web Application Fuzzing Framework
TypeScript Scenario-Based Web Application Fuzzing Framework - GitHub - shfz/shfz: TypeScript Scenario-Based Web Application Fuzzing Framework
WordPress 5.8.2 Stored XSS Vulnerability
https://ift.tt/3IuJ8em
Submitted January 24, 2022 at 09:03PM by monoimpact
via reddit https://ift.tt/3rUzc7w
https://ift.tt/3IuJ8em
Submitted January 24, 2022 at 09:03PM by monoimpact
via reddit https://ift.tt/3rUzc7w
A new shellcode injection methodology
https://ift.tt/3qYoSMr
Submitted January 24, 2022 at 02:00AM by Idov31
via reddit https://ift.tt/3IEAMB9
https://ift.tt/3qYoSMr
Submitted January 24, 2022 at 02:00AM by Idov31
via reddit https://ift.tt/3IEAMB9
GitHub
GitHub - Idov31/FunctionStomping: A new shellcode injection technique. Given as C++ header or standalone Rust program.
A new shellcode injection technique. Given as C++ header or standalone Rust program. - GitHub - Idov31/FunctionStomping: A new shellcode injection technique. Given as C++ header or standalone Rust ...
Solarwinds Web Help Desk: When the Helpdesk is too Helpful
https://ift.tt/3G0Opsm
Submitted January 25, 2022 at 03:03PM by Mempodipper
via reddit https://ift.tt/3FZMt3i
https://ift.tt/3G0Opsm
Submitted January 25, 2022 at 03:03PM by Mempodipper
via reddit https://ift.tt/3FZMt3i
Assetnote
Solarwinds Web Help Desk: When the Helpdesk is too Helpful
Application security issues found by Assetnote
Recovering redacted information from pixelated videos
https://ift.tt/3IAzneF
Submitted January 25, 2022 at 06:27PM by breakingsystems
via reddit https://ift.tt/33PHXaL
https://ift.tt/3IAzneF
Submitted January 25, 2022 at 06:27PM by breakingsystems
via reddit https://ift.tt/33PHXaL
positive.security
Recovering redacted information from pixelated videos | Positive Security
We explore the history of image unblurring and present a simple yet effective technique to get a high-resolution image from a pixelated video in order to recover redacted information (with no guessing involved).
Finding vulnerabilities in Swiss Post’s future e-voting system - Part 1
https://ift.tt/3qVcEUF
Submitted January 25, 2022 at 08:48PM by 0xdea
via reddit https://ift.tt/3nWxRMf
https://ift.tt/3qVcEUF
Submitted January 25, 2022 at 08:48PM by 0xdea
via reddit https://ift.tt/3nWxRMf
Reversemode
Finding vulnerabilities in Swiss Post’s future e-voting system - Part 1
In September '21, I came across this story "Swiss Post Offers up to €230,000 for Critical Vulnerabilities in e-Voting System" while catchi...
RBCD attack & defense. From Domain User to DA on default domain controllers settings. Including webclient service activation
https://ift.tt/3IHkQhz
Submitted January 25, 2022 at 09:33PM by k3nfr4
via reddit https://ift.tt/3KFw5J5
https://ift.tt/3IHkQhz
Submitted January 25, 2022 at 09:33PM by k3nfr4
via reddit https://ift.tt/3KFw5J5
reddit
RBCD attack & defense. From Domain User to DA on default domain...
Posted in r/netsec by u/k3nfr4 • 0 points and 1 comment
Cracking Randomly Generated Passwords
https://ift.tt/3tWNh6K
Submitted January 25, 2022 at 11:00PM by hyperreality_monero
via reddit https://ift.tt/3H0m4UE
https://ift.tt/3tWNh6K
Submitted January 25, 2022 at 11:00PM by hyperreality_monero
via reddit https://ift.tt/3H0m4UE
TrustedSec
Recovering Randomly Generated Passwords - TrustedSec
TrustedSec's blog is an expert source of information on information security trends and best practices for strategic risk management.
Mind Your Dependencies: Defending against malicious npm packages
https://ift.tt/347p575
Submitted January 26, 2022 at 12:39AM by SRMish3
via reddit https://ift.tt/3KGRP7o
https://ift.tt/347p575
Submitted January 26, 2022 at 12:39AM by SRMish3
via reddit https://ift.tt/3KGRP7o
We purchased a machine from China and it came with malware preinstalled
https://ift.tt/3fS4Blk
Submitted January 26, 2022 at 12:35AM by lormayna
via reddit https://ift.tt/33LgCXo
https://ift.tt/3fS4Blk
Submitted January 26, 2022 at 12:35AM by lormayna
via reddit https://ift.tt/33LgCXo
reddit
We purchased a machine from China and it came with malware...
Posted in r/netsec by u/lormayna • 630 points and 166 comments
pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)
https://ift.tt/3fWIF8M
Submitted January 26, 2022 at 01:55AM by TheSwedishChef24
via reddit https://ift.tt/3IzIZGH
https://ift.tt/3fWIF8M
Submitted January 26, 2022 at 01:55AM by TheSwedishChef24
via reddit https://ift.tt/3IzIZGH
reddit
pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)
Posted in r/netsec by u/TheSwedishChef24 • 1 point and 0 comments
Exploit for CVE-2021-4034 that does not leave syslog entries
https://ift.tt/3H7ssJG
Submitted January 26, 2022 at 03:22PM by hermajordoctor
via reddit https://ift.tt/3tZw6l7
https://ift.tt/3H7ssJG
Submitted January 26, 2022 at 03:22PM by hermajordoctor
via reddit https://ift.tt/3tZw6l7
GitHub
GitHub - Ayrx/CVE-2021-4034: Exploit for CVE-2021-4034
Exploit for CVE-2021-4034. Contribute to Ayrx/CVE-2021-4034 development by creating an account on GitHub.
Self-contained exploit for CVE-2021-4034 (Pkexec 1-day LPE)
https://ift.tt/3G7mVS2
Submitted January 26, 2022 at 07:59PM by ly4k_
via reddit https://ift.tt/3o2AZGq
https://ift.tt/3G7mVS2
Submitted January 26, 2022 at 07:59PM by ly4k_
via reddit https://ift.tt/3o2AZGq
GitHub
GitHub - ly4k/PwnKit: Self-contained exploit for CVE-2021-4034 - Pkexec Local Privilege Escalation
Self-contained exploit for CVE-2021-4034 - Pkexec Local Privilege Escalation - GitHub - ly4k/PwnKit: Self-contained exploit for CVE-2021-4034 - Pkexec Local Privilege Escalation
wholeaked: a file-sharing tool that allows you to find the responsible person in case of a leakage
https://ift.tt/3AAPnL9
Submitted January 26, 2022 at 09:21PM by utku1337
via reddit https://ift.tt/3o1mLFI
https://ift.tt/3AAPnL9
Submitted January 26, 2022 at 09:21PM by utku1337
via reddit https://ift.tt/3o1mLFI
GitHub
GitHub - utkusen/wholeaked: a file-sharing tool that allows you to find the responsible person in case of a leakage
a file-sharing tool that allows you to find the responsible person in case of a leakage - GitHub - utkusen/wholeaked: a file-sharing tool that allows you to find the responsible person in case of a...
AD CS: weaponizing the ESC7 attack - BlackArrow
https://ift.tt/3Axjnr0
Submitted January 26, 2022 at 08:52PM by apanonimo
via reddit https://ift.tt/3G6TyPI
https://ift.tt/3Axjnr0
Submitted January 26, 2022 at 08:52PM by apanonimo
via reddit https://ift.tt/3G6TyPI
Tarlogic Security
AD CS: weaponizing the ESC7 attack
Research and tooling development around the ESC7 attack at Active Directory Certificate Services (AD CS) for Red Team operations