A CLI SAST (Static application security testing) tool which was built with the intent of finding vulnerable Clojure code via rules that use a simple pattern language.
https://ift.tt/oM30tUH
Submitted February 15, 2022 at 10:45PM by mthbernardes
via reddit https://ift.tt/ZiSQXEJ
https://ift.tt/oM30tUH
Submitted February 15, 2022 at 10:45PM by mthbernardes
via reddit https://ift.tt/ZiSQXEJ
GitHub
GitHub - clj-holmes/clj-holmes: A CLI SAST (Static application security testing) tool which was built with the intent of finding…
A CLI SAST (Static application security testing) tool which was built with the intent of finding vulnerable Clojure code via rules that use a simple pattern language. - GitHub - clj-holmes/clj-holm...
Dependabot alternative for Clojure
https://ift.tt/Hz2TOL9
Submitted February 16, 2022 at 12:50AM by mthbernardes
via reddit https://ift.tt/z0aYiSl
https://ift.tt/Hz2TOL9
Submitted February 16, 2022 at 12:50AM by mthbernardes
via reddit https://ift.tt/z0aYiSl
GitHub
GitHub - clj-holmes/clj-watson: clojure deps SCA
clojure deps SCA. Contribute to clj-holmes/clj-watson development by creating an account on GitHub.
GoIP-1 GSM gateway could be harnessed for phone fraud by hackers
https://ift.tt/7W0YQ8r
Submitted February 16, 2022 at 01:13AM by ValtteriLe
via reddit https://ift.tt/xhUS9Pc
https://ift.tt/7W0YQ8r
Submitted February 16, 2022 at 01:13AM by ValtteriLe
via reddit https://ift.tt/xhUS9Pc
Shufflingbytes
GoIP-1 GSM gateway could be harnessed for phone fraud by hackers
GoIP-1 GSM gateway contains vulnerabilities that allow hackers to send SMS messages and make calls for free
A technique to semi-automatically discover new vulnerabilities in WordPress plugins
https://ift.tt/qC1kh60
Submitted February 16, 2022 at 02:59AM by kazetkazet
via reddit https://ift.tt/Bo5JRr6
https://ift.tt/qC1kh60
Submitted February 16, 2022 at 02:59AM by kazetkazet
via reddit https://ift.tt/Bo5JRr6
Reddit
From the netsec community on Reddit: A technique to semi-automatically discover new vulnerabilities in WordPress plugins
Explore this post and more from the netsec community
Advisory: Cisco RV340 Dual WAN Gigabit VPN Router (RCE over LAN)
https://ift.tt/VteFK92
Submitted February 17, 2022 at 01:35PM by g_e_r_h_a_r_d
via reddit https://ift.tt/xlVdM1m
https://ift.tt/VteFK92
Submitted February 17, 2022 at 01:35PM by g_e_r_h_a_r_d
via reddit https://ift.tt/xlVdM1m
CVE-2022-23131 - Zabbix SAML Authentication Bypass
https://ift.tt/HNa8iM5
Submitted February 17, 2022 at 02:44PM by monoimpact
via reddit https://ift.tt/eMHARVz
https://ift.tt/HNa8iM5
Submitted February 17, 2022 at 02:44PM by monoimpact
via reddit https://ift.tt/eMHARVz
Sonarsource
Zabbix - A Case Study of Unsafe Session Storage
In this article we discuss the security of client-side session storages and analyze a vulnerable implementation in the IT monitoring solution Zabbix.
Tutorial: Kubernetes Vulnerability Scanning & Testing KubiScan & KubeSploit
https://ift.tt/hg3GXuQ
Submitted February 17, 2022 at 07:14PM by jat0369
via reddit https://ift.tt/35N9T1d
https://ift.tt/hg3GXuQ
Submitted February 17, 2022 at 07:14PM by jat0369
via reddit https://ift.tt/35N9T1d
Conjur
Tutorial: Kubernetes Vulnerability Scanning & Testing With Open Source
Explore our CyberArk open-source tools, Kubesploit and KubiScan, that will help Kubernetes users maximize their security.
Exploiting Jenkins build authorization
https://ift.tt/OKRsGlg
Submitted February 17, 2022 at 09:03PM by Alternative_Tour9985
via reddit https://ift.tt/ntFUpk6
https://ift.tt/OKRsGlg
Submitted February 17, 2022 at 09:03PM by Alternative_Tour9985
via reddit https://ift.tt/ntFUpk6
Medium
Exploiting Jenkins build authorization
Are you aware of the risks lurking in your default Jenkins configuration?
Learning secrets management in the modern world using OWASP WrongSecrets Project : Hands-on Labs, CTF style challenges
https://ift.tt/Y8M3uUl
Submitted February 17, 2022 at 11:54PM by madhuakula
via reddit https://ift.tt/lzgHyp4
https://ift.tt/Y8M3uUl
Submitted February 17, 2022 at 11:54PM by madhuakula
via reddit https://ift.tt/lzgHyp4
GitHub
GitHub - commjoen/wrongsecrets: Examples with how to not use secrets
Examples with how to not use secrets. Contribute to commjoen/wrongsecrets development by creating an account on GitHub.
Extensis Portfolio - Remote Code Execution Vulnerability Disclosure
https://ift.tt/XkqBOAy
Submitted February 18, 2022 at 05:38AM by hashput1n
via reddit https://ift.tt/nFK8EBU
https://ift.tt/XkqBOAy
Submitted February 18, 2022 at 05:38AM by hashput1n
via reddit https://ift.tt/nFK8EBU
White Oak Security
Extensis Portfolio Vulnerability Disclosure | White Oak Security
This disclosure is of the Extensis Portfolio software which was deployed publicly on the internet with default administrative credentials found by White Oak Sec
Analyzing a PJL directory traversal vulnerability – exploiting the Lexmark MC3224i printer (part 2)
https://ift.tt/ObA0xQu
Submitted February 18, 2022 at 04:10PM by digicat
via reddit https://ift.tt/Qnkudi4
https://ift.tt/ObA0xQu
Submitted February 18, 2022 at 04:10PM by digicat
via reddit https://ift.tt/Qnkudi4
NCC Group Research
Analyzing a PJL directory traversal vulnerability – exploiting the Lexmark MC3224i printer (part 2)
This post describes a vulnerability found and exploited in October 2021 by Alex Plaskett, Cedric Halbronn, and Aaron Adams working at the Exploit Development Group (EDG) of NCC Group. We successful…
AWS GuardDuty Exfiltration Bypass with VPC Endpoints
https://ift.tt/1536LMR
Submitted February 18, 2022 at 05:49PM by d_o_d_o_
via reddit https://ift.tt/Eof5e2N
https://ift.tt/1536LMR
Submitted February 18, 2022 at 05:49PM by d_o_d_o_
via reddit https://ift.tt/Eof5e2N
Medium
AWS GuardDuty Exfiltration Bypass with VPC Endpoints
In January 20, 2022 Amazon AWS has introduced a new threat detection in GuardDuty to block credential exfiltrations. Can be bypassed?
Oh Snap! More Lemmings (Local Privilege Escalation in snap-confine)
https://ift.tt/TWIoRpl
Submitted February 18, 2022 at 06:49PM by 0xdea
via reddit https://ift.tt/Hl9id2r
https://ift.tt/TWIoRpl
Submitted February 18, 2022 at 06:49PM by 0xdea
via reddit https://ift.tt/Hl9id2r
Microsoft Brings eBPF to Windows unlocking security and networking use cases
https://ift.tt/qtsfDVi
Submitted February 19, 2022 at 04:21AM by markcartertm
via reddit https://ift.tt/hDsbjtJ
https://ift.tt/qtsfDVi
Submitted February 19, 2022 at 04:21AM by markcartertm
via reddit https://ift.tt/hDsbjtJ
The New Stack
Microsoft Brings eBPF to Windows
If you want to run code to provide observability, security or network functionality, running it in the kernel of your operating system gives you a lot of power because that kernel can see and control everything on the system. That’s powerful, but potentially…
Personnel Security, Separation of Duties, Least Privilege, Need to Know, Vendor, Consultant and Contractor Controls, Security Governance, Risk Management
https://ift.tt/EiyGJwV
Submitted February 19, 2022 at 04:13AM by Tradition_Wonderful
via reddit https://ift.tt/E8O0YKd
https://ift.tt/EiyGJwV
Submitted February 19, 2022 at 04:13AM by Tradition_Wonderful
via reddit https://ift.tt/E8O0YKd
Anchor
Anchor - The easiest way to make a podcast
Create, distribute, host, and monetize your podcast, 100% free.
Certipy 2.0: BloodHound, New Domain Privilege Escalation Techniques, Shadow Credentials, Golden Certificates, and more!
https://ift.tt/6w3r4og
Submitted February 19, 2022 at 06:48PM by ly4k_
via reddit https://ift.tt/5aJpyfU
https://ift.tt/6w3r4og
Submitted February 19, 2022 at 06:48PM by ly4k_
via reddit https://ift.tt/5aJpyfU
Medium
Certipy 2.0: BloodHound, New Escalations, Shadow Credentials, Golden Certificates, and more!
As the noscript states, the latest release of Certipy contains many new features, techniques and improvements. This blog post dives into the…
rconn - Consume services behind NAT or firewall without opening ports or port-forwarding
https://ift.tt/KSAwjMX
Submitted February 20, 2022 at 06:56PM by jafarlihi
via reddit https://ift.tt/5GMzB3K
https://ift.tt/KSAwjMX
Submitted February 20, 2022 at 06:56PM by jafarlihi
via reddit https://ift.tt/5GMzB3K
GitHub
GitHub - jafarlihi/rconn: rconn is a multiplatform program for creating generic reverse connections. Lets you consume services…
rconn is a multiplatform program for creating generic reverse connections. Lets you consume services that are behind firewall or NAT without opening ports or port-forwarding. - GitHub - jafarlihi/r...
Analysis of CVE-2021-36260: Exploited in the Wild Hikvision Camera Vulnerability
https://ift.tt/hHw3VlW
Submitted February 21, 2022 at 03:22AM by chicksdigthelongrun
via reddit https://ift.tt/AbLxXtu
https://ift.tt/hHw3VlW
Submitted February 21, 2022 at 03:22AM by chicksdigthelongrun
via reddit https://ift.tt/AbLxXtu
AttackerKB
CVE-2021-36260 | AttackerKB
A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability…
Linux kernel NFC Use-After-Free (CVE-2021-23134) PoC
https://ift.tt/mScgaFO
Submitted February 21, 2022 at 11:53AM by awarau888
via reddit https://ift.tt/x7VnaX4
https://ift.tt/mScgaFO
Submitted February 21, 2022 at 11:53AM by awarau888
via reddit https://ift.tt/x7VnaX4
ruia-ruia.github.io
Linux kernel Use-After-Free (CVE-2021-23134) PoC.
Warning to the reader
This is my first time doing kernel exploit development - so the following probably contains some errors which I apologise in advance for.
This is my first time doing kernel exploit development - so the following probably contains some errors which I apologise in advance for.
nrich: a new tool to quickly find open ports and vulnerabilities via Shodan
https://ift.tt/4ZuMvDg
Submitted February 21, 2022 at 02:48PM by 0xdea
via reddit https://ift.tt/VfNEkLi
https://ift.tt/4ZuMvDg
Submitted February 21, 2022 at 02:48PM by 0xdea
via reddit https://ift.tt/VfNEkLi
GitLab
shodan-public / nrich
A command-line tool to quickly analyze all IPs in a file and see which ones have open ports/ vulnerabilities. Can also be fed data from stdin to be...
Plone Scanner Version 0.01
https://ift.tt/IxEAiqf
Submitted February 21, 2022 at 04:58PM by halencarjunior
via reddit https://ift.tt/KAviyj4
https://ift.tt/IxEAiqf
Submitted February 21, 2022 at 04:58PM by halencarjunior
via reddit https://ift.tt/KAviyj4
GitHub
GitHub - halencarjunior/plsc4n
Contribute to halencarjunior/plsc4n development by creating an account on GitHub.