Perfect wordlist to discover directories and files on target size with tools like ffuf.
https://ift.tt/3AyR9w4
Submitted January 26, 2022 at 10:03PM by mexhanical
via reddit https://ift.tt/35gkVtW
https://ift.tt/3AyR9w4
Submitted January 26, 2022 at 10:03PM by mexhanical
via reddit https://ift.tt/35gkVtW
GitHub
GitHub - aels/subdirectories-discover: Perfect wordlist for discovering directories and files on target site
Perfect wordlist for discovering directories and files on target site - GitHub - aels/subdirectories-discover: Perfect wordlist for discovering directories and files on target site
Bypassing Little Snitch Firewall with Empty TCP Packets
https://ift.tt/32xWRBN
Submitted January 26, 2022 at 11:05PM by hackers_and_builders
via reddit https://ift.tt/348fRr2
https://ift.tt/32xWRBN
Submitted January 26, 2022 at 11:05PM by hackers_and_builders
via reddit https://ift.tt/348fRr2
Rhino Security Labs
Bypassing Little Snitch Firewall with Empty TCP Packets - Rhino Security Labs
Little Snitch is a host-based firewall for macOS, used for monitoring and restricting egress network traffic.
Reversing ALPHV (aka BlackCat): Rust-Based Ransomware
https://ift.tt/3rVE8Zy
Submitted January 27, 2022 at 03:05AM by rsobers
via reddit https://ift.tt/3fYf2Uf
https://ift.tt/3rVE8Zy
Submitted January 27, 2022 at 03:05AM by rsobers
via reddit https://ift.tt/3fYf2Uf
Varonis
BlackCat Ransomware (ALPHV) | Varonis
Varonis has observed the ALPHV (BlackCat) ransomware, actively recruiting new affiliates and targeting organizations across multiple sectors worldwide.
Pwnkit: How to exploit and check
https://ift.tt/3IAnBRw
Submitted January 27, 2022 at 04:15AM by DevSec23
via reddit https://ift.tt/3G5peVV
https://ift.tt/3IAnBRw
Submitted January 27, 2022 at 04:15AM by DevSec23
via reddit https://ift.tt/3G5peVV
beny23.github.io
Pwnkit: How to exploit and check
Pwnkit is a vulnerability that uses a bug in polkit to elevate permissions to root. This write-up shows how to reproduce it using Ubuntu and what to do to check whether a system is vulnerable.
What went wrong? Quoting from the original researchers:
This…
What went wrong? Quoting from the original researchers:
This…
How to use FaPro to simulate multiple devices in network
https://ift.tt/3r1yLcb
Submitted January 27, 2022 at 06:57AM by ntestoc3
via reddit https://ift.tt/3H9dPWq
https://ift.tt/3r1yLcb
Submitted January 27, 2022 at 06:57AM by ntestoc3
via reddit https://ift.tt/3H9dPWq
Medium
How to use FaPro to simulate multiple devices in network
With FaPro, you can create a virtual network and simulate several different devices in it with a single command.
Webcam Hacking (again) - Safari UXSS
https://ift.tt/3nYa922
Submitted January 26, 2022 at 05:32AM by Straight_Finding_756
via reddit https://ift.tt/3HddZfu
https://ift.tt/3nYa922
Submitted January 26, 2022 at 05:32AM by Straight_Finding_756
via reddit https://ift.tt/3HddZfu
ryan-pickren
Webcam Hacking (again) - Safari UXSS | Ryan Pickren
$100,500 Apple Bug Bounty for hacking the webcam via a Safari Universal Cross-Site Scripting (UXSS) bug. CVE-2021-30861, CVE-2021-30975
Blockchain-based xx messenger protects message content and metadata with unprecedented quantum resistance
https://ift.tt/3KPFCgu
Submitted January 27, 2022 at 11:53AM by eliapinto
via reddit https://ift.tt/33Q0QdQ
https://ift.tt/3KPFCgu
Submitted January 27, 2022 at 11:53AM by eliapinto
via reddit https://ift.tt/33Q0QdQ
[New] Configuring Linux AuditD for Threat Detection
https://ift.tt/3KLLw2h
Submitted January 27, 2022 at 04:42PM by InH4te
via reddit https://ift.tt/3H6UViV
https://ift.tt/3KLLw2h
Submitted January 27, 2022 at 04:42PM by InH4te
via reddit https://ift.tt/3H6UViV
Medium
Configuring Linux auditd for Threat Detection
A few years ago, I was asked to define an auditd configuration which would serve as the primary detection technology for a large…
PwnKit: How to detect privilege escalation using CrowdSec
https://ift.tt/3GaCAQy
Submitted January 27, 2022 at 07:50PM by klausagnoletti
via reddit https://ift.tt/3IYHz91
https://ift.tt/3GaCAQy
Submitted January 27, 2022 at 07:50PM by klausagnoletti
via reddit https://ift.tt/3IYHz91
The open-source & collaborative IPS
PwnKit: detect privilege escalation with CrowdSec - The open-source & collaborative IPS
PwnKit: CVE-2021-4034 avoid privilege escalation. CrowdSec developed a scenario to give you insight on whether you have been compromised by this vulnerability.
OSS PwnKit Detector (CVE-2021-4034)
https://ift.tt/3g08G6Y
Submitted January 27, 2022 at 10:53PM by SRMish3
via reddit https://ift.tt/3u1QNgp
https://ift.tt/3g08G6Y
Submitted January 27, 2022 at 10:53PM by SRMish3
via reddit https://ift.tt/3u1QNgp
GitHub
polkit-tools/pwnkit_detector at main · jfrog/polkit-tools
Contribute to jfrog/polkit-tools development by creating an account on GitHub.
Technical Analysis of CVE-2022-22583: Bypassing macOS System Integrity Protection (SIP)
https://ift.tt/3r6ZLXS
Submitted January 28, 2022 at 12:45AM by shleimeleh
via reddit https://ift.tt/3r47ohF
https://ift.tt/3r6ZLXS
Submitted January 28, 2022 at 12:45AM by shleimeleh
via reddit https://ift.tt/3r47ohF
Perception Point
Technical Analysis of CVE-2022-22583: Bypassing macOS System Integrity Protection (SIP)
Learn about how we discovered CVE-2022-22583, a vulnerability that allows attackers to bypass macOS SIP and take control of the system.
The Cookies Parasite - Bypassing MFA with cookie theft
https://medium.com/@amirshk/the-cookies-parasite-569d50ee36ad
Submitted January 28, 2022 at 01:25PM by amirshk
via reddit https://www.reddit.com/r/netsec/comments/selhxx/the_cookies_parasite_bypassing_mfa_with_cookie/?utm_source=ifttt
https://medium.com/@amirshk/the-cookies-parasite-569d50ee36ad
Submitted January 28, 2022 at 01:25PM by amirshk
via reddit https://www.reddit.com/r/netsec/comments/selhxx/the_cookies_parasite_bypassing_mfa_with_cookie/?utm_source=ifttt
Medium
The Cookies Parasite
The story of a phishing and malware campagin, overcomming MFA and taking over accounts.
"Stratus Red Team": open-source adversary emulation for AWS
https://ift.tt/3Hew6Bx
Submitted January 28, 2022 at 03:11PM by thorn42
via reddit https://ift.tt/32DmD7M
https://ift.tt/3Hew6Bx
Submitted January 28, 2022 at 03:11PM by thorn42
via reddit https://ift.tt/32DmD7M
GitHub
GitHub - DataDog/stratus-red-team: :cloud: Granular, Actionable Adversary Emulation for the Cloud
:cloud: :zap: Granular, Actionable Adversary Emulation for the Cloud - GitHub - DataDog/stratus-red-team: :cloud: Granular, Actionable Adversary Emulation for the Cloud
ROP Chaining: Return Oriented Programming (study notes, tutorial)
https://ift.tt/3IFcu9Y
Submitted January 28, 2022 at 06:30PM by Kondencuotaspienas
via reddit https://ift.tt/3G8COaX
https://ift.tt/3IFcu9Y
Submitted January 28, 2022 at 06:30PM by Kondencuotaspienas
via reddit https://ift.tt/3G8COaX
www.ired.team
ROP Chaining: Return Oriented Programming
Stop Storing Secrets In Environment Variables!
https://ift.tt/3AGsgP1
Submitted January 28, 2022 at 10:35PM by alxjsn
via reddit https://ift.tt/34g7iL0
https://ift.tt/3AGsgP1
Submitted January 28, 2022 at 10:35PM by alxjsn
via reddit https://ift.tt/34g7iL0
Forces Unseen Blog
Stop Storing Secrets In Environment Variables! — Forces Unseen Blog
Did that get your attention? Good. The goal of this short post is to evangelize engineering teams to end the psychosis that is storing se...
Rip Raw - A tool to analyse the memory of compromised Linux systems.
https://ift.tt/3g3k4is
Submitted January 28, 2022 at 11:11PM by 0x636f6f6c
via reddit https://ift.tt/3o75ATk
https://ift.tt/3g3k4is
Submitted January 28, 2022 at 11:11PM by 0x636f6f6c
via reddit https://ift.tt/3o75ATk
GitHub
GitHub - cado-security/rip_raw: Rip Raw is a small tool to analyse the memory of compromised Linux systems.
Rip Raw is a small tool to analyse the memory of compromised Linux systems. - GitHub - cado-security/rip_raw: Rip Raw is a small tool to analyse the memory of compromised Linux systems.
Pivoting with SSH Tunnels and Plink
https://ift.tt/3KUXfMf
Submitted January 29, 2022 at 12:23AM by m_edmondson
via reddit https://ift.tt/3r8NVfJ
https://ift.tt/3KUXfMf
Submitted January 29, 2022 at 12:23AM by m_edmondson
via reddit https://ift.tt/3r8NVfJ
Marcus Edmondson | Threat Hunting | Information Security
Pivoting with SSH Tunnels and Plink
Today I wanted to do a blog post on pivoting with SSH tunnels and using Plink to forward connections to other computers, once you have a foothold in an environment. For this scenario, I used two Vi…
Detecting and mitigating CVE-2021-4034: “Pwnkit” local privilege escalation
https://ift.tt/3rXA4bn
Submitted January 29, 2022 at 04:50AM by MiguelHzBz
via reddit https://ift.tt/3ILlUkj
https://ift.tt/3rXA4bn
Submitted January 29, 2022 at 04:50AM by MiguelHzBz
via reddit https://ift.tt/3ILlUkj
Sysdig
Detecting and mitigating CVE-2021-4034: “Pwnkit” local privilege escalation – Sysdig
Local privilege escalation bug in SUID-set program ‘pkexec’. CVE-2021-4034 and nicknamed “pwnkit” by the vulnerability finders.
Apple iCloud / iMessage has a bug that may leave you vulnerable to a data breach
https://ift.tt/oqmS9yAhM
Submitted January 30, 2022 at 07:46AM by offthegridit
via reddit https://ift.tt/KNf7UAJIE
https://ift.tt/oqmS9yAhM
Submitted January 30, 2022 at 07:46AM by offthegridit
via reddit https://ift.tt/KNf7UAJIE
offthegridit
Messaging Bug
We provide on-site and remote computer repair, IT Consulting, Mac, PC, Linux, and network support. Yes we make WiFi better!
Apple iCloud / iMessage security vulnerability
https://ift.tt/Jdq3Ybu0T
Submitted January 30, 2022 at 07:27AM by offthegridit
via reddit https://ift.tt/lLsrOGKiA
https://ift.tt/Jdq3Ybu0T
Submitted January 30, 2022 at 07:27AM by offthegridit
via reddit https://ift.tt/lLsrOGKiA
CVE-2022-0329 and the problems with automated vulnerability management
https://ift.tt/P0oVW6qRa
Submitted January 30, 2022 at 09:02AM by Most-Loss5834
via reddit https://ift.tt/z09iDORe7
https://ift.tt/P0oVW6qRa
Submitted January 30, 2022 at 09:02AM by Most-Loss5834
via reddit https://ift.tt/z09iDORe7