Dropping Files on a Domain Controller Using CVE-2021-43893
https://ift.tt/6FJIvRp
Submitted February 14, 2022 at 09:15PM by chicksdigthelongrun
via reddit https://ift.tt/GTNOtf1
https://ift.tt/6FJIvRp
Submitted February 14, 2022 at 09:15PM by chicksdigthelongrun
via reddit https://ift.tt/GTNOtf1
Rapid7
Dropping Files on a Domain Controller Using CVE-2021-43893 | Rapid7 Blog
Multiple vulnerabilities in Concrete CMS part2 (Privesc/SSRF/etc.)
https://ift.tt/MJbhjqN
Submitted February 14, 2022 at 11:02PM by adrian_rt
via reddit https://ift.tt/fiHnrlm
https://ift.tt/MJbhjqN
Submitted February 14, 2022 at 11:02PM by adrian_rt
via reddit https://ift.tt/fiHnrlm
Cyber Security Services - London
Multiple vulnerabilities in Concrete CMS - part2 (PrivEsc/SSRF/etc)
multiple vulnerabilities in concrete cms part2. Privilege escalation, SSRF, password reset poisoning. Concrete CMS pentest
Eliminating Dangling Elastic IP Takeovers with Ghostbuster
https://ift.tt/74rWauG
Submitted February 15, 2022 at 01:44AM by Mempodipper
via reddit https://ift.tt/zt6TAWw
https://ift.tt/74rWauG
Submitted February 15, 2022 at 01:44AM by Mempodipper
via reddit https://ift.tt/zt6TAWw
Persistence – Notepad++ Plugins
https://ift.tt/4iFkwuy
Submitted February 15, 2022 at 12:59AM by netbiosX
via reddit https://ift.tt/KlIt3cb
https://ift.tt/4iFkwuy
Submitted February 15, 2022 at 12:59AM by netbiosX
via reddit https://ift.tt/KlIt3cb
Penetration Testing Lab
Persistence – Notepad++ Plugins
It is not uncommon a windows environment especially dedicated servers which are managed by developers or IT staff to have installed the Notepad++ text editor. Except of the storage of noscripts and a…
PrivateLoader to new Anubis Loader
https://ift.tt/TX1YGtW
Submitted February 15, 2022 at 03:41AM by sysopfb
via reddit https://ift.tt/qQK1pvc
https://ift.tt/TX1YGtW
Submitted February 15, 2022 at 03:41AM by sysopfb
via reddit https://ift.tt/qQK1pvc
Medium
PrivateLoader to Anubis Loader
By: Jason Reaves and Joshua Platt
Advisory: Western Digital My Cloud Pro Series PR4100 RCE
https://ift.tt/xY06KWE
Submitted February 15, 2022 at 04:47PM by g_e_r_h_a_r_d
via reddit https://ift.tt/XP71Skz
https://ift.tt/xY06KWE
Submitted February 15, 2022 at 04:47PM by g_e_r_h_a_r_d
via reddit https://ift.tt/XP71Skz
IoT Inspector
Advisory: Western Digital My Cloud Pro Series PR4100 RCE
The IoT Inspector Research Lab uncovered a command injection vulnerability on Western Digital My Cloud Pro Series PR4100.
merOS-virt - Build and Interact with a Set of Virtual Machines.
https://ift.tt/zIiVRDh
Submitted February 15, 2022 at 04:58PM by AranAilbhe
via reddit https://ift.tt/KaX9Yix
https://ift.tt/zIiVRDh
Submitted February 15, 2022 at 04:58PM by AranAilbhe
via reddit https://ift.tt/KaX9Yix
GitHub
GitHub - AranAilbhe/merOS-virt: Build and Interact with a Set of Virtual Machines
Build and Interact with a Set of Virtual Machines. Contribute to AranAilbhe/merOS-virt development by creating an account on GitHub.
CVE-2021-44521 – Exploiting Apache Cassandra User-Defined Functions for Remote Code Execution
https://ift.tt/opN8hIr
Submitted February 15, 2022 at 10:47PM by SRMish3
via reddit https://ift.tt/uoVKHBU
https://ift.tt/opN8hIr
Submitted February 15, 2022 at 10:47PM by SRMish3
via reddit https://ift.tt/uoVKHBU
JFrog
CVE-2021-44521: Exploiting Apache Cassandra User-Defined Functions for Remote Code Execution
JFrog’s Security Research team recently disclosed an RCE (remote code execution) issue in Apache Cassandra, which has been assigned to CVE-2021-44521 (CVSS 8.4). This Apache security vulnerability is easy to exploit and has the potential to wreak havoc on…
A CLI SAST (Static application security testing) tool which was built with the intent of finding vulnerable Clojure code via rules that use a simple pattern language.
https://ift.tt/oM30tUH
Submitted February 15, 2022 at 10:45PM by mthbernardes
via reddit https://ift.tt/ZiSQXEJ
https://ift.tt/oM30tUH
Submitted February 15, 2022 at 10:45PM by mthbernardes
via reddit https://ift.tt/ZiSQXEJ
GitHub
GitHub - clj-holmes/clj-holmes: A CLI SAST (Static application security testing) tool which was built with the intent of finding…
A CLI SAST (Static application security testing) tool which was built with the intent of finding vulnerable Clojure code via rules that use a simple pattern language. - GitHub - clj-holmes/clj-holm...
Dependabot alternative for Clojure
https://ift.tt/Hz2TOL9
Submitted February 16, 2022 at 12:50AM by mthbernardes
via reddit https://ift.tt/z0aYiSl
https://ift.tt/Hz2TOL9
Submitted February 16, 2022 at 12:50AM by mthbernardes
via reddit https://ift.tt/z0aYiSl
GitHub
GitHub - clj-holmes/clj-watson: clojure deps SCA
clojure deps SCA. Contribute to clj-holmes/clj-watson development by creating an account on GitHub.
GoIP-1 GSM gateway could be harnessed for phone fraud by hackers
https://ift.tt/7W0YQ8r
Submitted February 16, 2022 at 01:13AM by ValtteriLe
via reddit https://ift.tt/xhUS9Pc
https://ift.tt/7W0YQ8r
Submitted February 16, 2022 at 01:13AM by ValtteriLe
via reddit https://ift.tt/xhUS9Pc
Shufflingbytes
GoIP-1 GSM gateway could be harnessed for phone fraud by hackers
GoIP-1 GSM gateway contains vulnerabilities that allow hackers to send SMS messages and make calls for free
A technique to semi-automatically discover new vulnerabilities in WordPress plugins
https://ift.tt/qC1kh60
Submitted February 16, 2022 at 02:59AM by kazetkazet
via reddit https://ift.tt/Bo5JRr6
https://ift.tt/qC1kh60
Submitted February 16, 2022 at 02:59AM by kazetkazet
via reddit https://ift.tt/Bo5JRr6
Reddit
From the netsec community on Reddit: A technique to semi-automatically discover new vulnerabilities in WordPress plugins
Explore this post and more from the netsec community
Advisory: Cisco RV340 Dual WAN Gigabit VPN Router (RCE over LAN)
https://ift.tt/VteFK92
Submitted February 17, 2022 at 01:35PM by g_e_r_h_a_r_d
via reddit https://ift.tt/xlVdM1m
https://ift.tt/VteFK92
Submitted February 17, 2022 at 01:35PM by g_e_r_h_a_r_d
via reddit https://ift.tt/xlVdM1m
CVE-2022-23131 - Zabbix SAML Authentication Bypass
https://ift.tt/HNa8iM5
Submitted February 17, 2022 at 02:44PM by monoimpact
via reddit https://ift.tt/eMHARVz
https://ift.tt/HNa8iM5
Submitted February 17, 2022 at 02:44PM by monoimpact
via reddit https://ift.tt/eMHARVz
Sonarsource
Zabbix - A Case Study of Unsafe Session Storage
In this article we discuss the security of client-side session storages and analyze a vulnerable implementation in the IT monitoring solution Zabbix.
Tutorial: Kubernetes Vulnerability Scanning & Testing KubiScan & KubeSploit
https://ift.tt/hg3GXuQ
Submitted February 17, 2022 at 07:14PM by jat0369
via reddit https://ift.tt/35N9T1d
https://ift.tt/hg3GXuQ
Submitted February 17, 2022 at 07:14PM by jat0369
via reddit https://ift.tt/35N9T1d
Conjur
Tutorial: Kubernetes Vulnerability Scanning & Testing With Open Source
Explore our CyberArk open-source tools, Kubesploit and KubiScan, that will help Kubernetes users maximize their security.
Exploiting Jenkins build authorization
https://ift.tt/OKRsGlg
Submitted February 17, 2022 at 09:03PM by Alternative_Tour9985
via reddit https://ift.tt/ntFUpk6
https://ift.tt/OKRsGlg
Submitted February 17, 2022 at 09:03PM by Alternative_Tour9985
via reddit https://ift.tt/ntFUpk6
Medium
Exploiting Jenkins build authorization
Are you aware of the risks lurking in your default Jenkins configuration?
Learning secrets management in the modern world using OWASP WrongSecrets Project : Hands-on Labs, CTF style challenges
https://ift.tt/Y8M3uUl
Submitted February 17, 2022 at 11:54PM by madhuakula
via reddit https://ift.tt/lzgHyp4
https://ift.tt/Y8M3uUl
Submitted February 17, 2022 at 11:54PM by madhuakula
via reddit https://ift.tt/lzgHyp4
GitHub
GitHub - commjoen/wrongsecrets: Examples with how to not use secrets
Examples with how to not use secrets. Contribute to commjoen/wrongsecrets development by creating an account on GitHub.
Extensis Portfolio - Remote Code Execution Vulnerability Disclosure
https://ift.tt/XkqBOAy
Submitted February 18, 2022 at 05:38AM by hashput1n
via reddit https://ift.tt/nFK8EBU
https://ift.tt/XkqBOAy
Submitted February 18, 2022 at 05:38AM by hashput1n
via reddit https://ift.tt/nFK8EBU
White Oak Security
Extensis Portfolio Vulnerability Disclosure | White Oak Security
This disclosure is of the Extensis Portfolio software which was deployed publicly on the internet with default administrative credentials found by White Oak Sec
Analyzing a PJL directory traversal vulnerability – exploiting the Lexmark MC3224i printer (part 2)
https://ift.tt/ObA0xQu
Submitted February 18, 2022 at 04:10PM by digicat
via reddit https://ift.tt/Qnkudi4
https://ift.tt/ObA0xQu
Submitted February 18, 2022 at 04:10PM by digicat
via reddit https://ift.tt/Qnkudi4
NCC Group Research
Analyzing a PJL directory traversal vulnerability – exploiting the Lexmark MC3224i printer (part 2)
This post describes a vulnerability found and exploited in October 2021 by Alex Plaskett, Cedric Halbronn, and Aaron Adams working at the Exploit Development Group (EDG) of NCC Group. We successful…
AWS GuardDuty Exfiltration Bypass with VPC Endpoints
https://ift.tt/1536LMR
Submitted February 18, 2022 at 05:49PM by d_o_d_o_
via reddit https://ift.tt/Eof5e2N
https://ift.tt/1536LMR
Submitted February 18, 2022 at 05:49PM by d_o_d_o_
via reddit https://ift.tt/Eof5e2N
Medium
AWS GuardDuty Exfiltration Bypass with VPC Endpoints
In January 20, 2022 Amazon AWS has introduced a new threat detection in GuardDuty to block credential exfiltrations. Can be bypassed?
Oh Snap! More Lemmings (Local Privilege Escalation in snap-confine)
https://ift.tt/TWIoRpl
Submitted February 18, 2022 at 06:49PM by 0xdea
via reddit https://ift.tt/Hl9id2r
https://ift.tt/TWIoRpl
Submitted February 18, 2022 at 06:49PM by 0xdea
via reddit https://ift.tt/Hl9id2r