Finding an unseen SQL Injection by bypassing escape functions in mysqljs/mysql
https://ift.tt/FnCjsRa
Submitted February 21, 2022 at 09:44PM by toyojuni
via reddit https://ift.tt/4KBavro
https://ift.tt/FnCjsRa
Submitted February 21, 2022 at 09:44PM by toyojuni
via reddit https://ift.tt/4KBavro
Medium
Finding an unseen SQL Injection by bypassing escape functions in mysqljs/mysql
It was found that unexpected behaviors in the query’s escape function could cause a SQL injection in mysqljs/mysql
Find You: Building a stealth AirTag clone
https://ift.tt/CS1jcOE
Submitted February 21, 2022 at 09:24PM by breakingsystems
via reddit https://ift.tt/wJDbEiH
https://ift.tt/CS1jcOE
Submitted February 21, 2022 at 09:24PM by breakingsystems
via reddit https://ift.tt/wJDbEiH
positive.security
Find You: Building a stealth AirTag clone | Positive Security
We built an AirTag clone capable of silently and continuously tracking someone. The device accomplishes this by sending just one beacon per generated public key, thereby staying invisible to tracking notifications for iOS users and Apple’s Tracker Detect…
Wrote a new blog post on injecting fake credentials into lsass memory using New-HoneyHash and alerting with Elastic.
https://ift.tt/5m906bO
Submitted February 21, 2022 at 11:34PM by m_edmondson
via reddit https://ift.tt/1HwuPMi
https://ift.tt/5m906bO
Submitted February 21, 2022 at 11:34PM by m_edmondson
via reddit https://ift.tt/1HwuPMi
Marcus Edmondson | Threat Hunting | Information Security
Dripping a Little Honey in Your Environment
Today I wanted to talk about using the deception technology called New-HoneyHash.ps1. This is a tool that was inspired by Mark Baggett and authored by Matt Graeber, that will inject fake credential…
Command line execution fuzzer and bruteforcer (Equivalent of wfuzz for all command line)
https://ift.tt/3Jx6DVw
Submitted February 22, 2022 at 02:40AM by cryptaureau
via reddit https://ift.tt/EqB0LyG
https://ift.tt/3Jx6DVw
Submitted February 22, 2022 at 02:40AM by cryptaureau
via reddit https://ift.tt/EqB0LyG
GitHub
GitHub - ariary/cfuzz: Command line fuzzer and bruteforcer 🌪 wfuzz for command
Command line fuzzer and bruteforcer 🌪 wfuzz for command - GitHub - ariary/cfuzz: Command line fuzzer and bruteforcer 🌪 wfuzz for command
A Practical Guide To Attacking JWT (JSON Web Tokens) - RedHunt Labs
https://ift.tt/LCpB3jD
Submitted February 22, 2022 at 08:39PM by redhuntlabs
via reddit https://ift.tt/nBpz0Dy
https://ift.tt/LCpB3jD
Submitted February 22, 2022 at 08:39PM by redhuntlabs
via reddit https://ift.tt/nBpz0Dy
RedHunt Labs
Guide To Attacking JWT (JSON Web Tokens) [Free Download] - RedHunt Labs
Download the Practical Guide to Attacking JWT (JSON Web Tokens). Must read for pentesters, developers, security professionals and researchers.
Horde Webmail 5.2.22 - Account Takeover via Email
https://ift.tt/r6bwP8N
Submitted February 22, 2022 at 09:33PM by monoimpact
via reddit https://ift.tt/Yb6RkOH
https://ift.tt/r6bwP8N
Submitted February 22, 2022 at 09:33PM by monoimpact
via reddit https://ift.tt/Yb6RkOH
Sonarsource
Horde Webmail 5.2.22 - Account Takeover via Email
We recently discovered a code vulnerability in Horde Webmail that can be used by attackers to take over email accounts by sending a malicious email.
Challenge-3 Weekly Cloud Security Challenge
https://ift.tt/O59lJ3t
Submitted February 22, 2022 at 11:19PM by 0xdeadbeef0000
via reddit https://ift.tt/REiaIMu
https://ift.tt/O59lJ3t
Submitted February 22, 2022 at 11:19PM by 0xdeadbeef0000
via reddit https://ift.tt/REiaIMu
reddit
Challenge-3 Weekly Cloud Security Challenge
Posted in r/netsec by u/0xdeadbeef0000 • 13 points and 0 comments
Cyrus SASL 2.1.28 has been released with SCRAM improvements and CVE fixes
https://ift.tt/aHW3Jfh
Submitted February 23, 2022 at 05:53AM by Neustradamus
via reddit https://ift.tt/prjcStz
https://ift.tt/aHW3Jfh
Submitted February 23, 2022 at 05:53AM by Neustradamus
via reddit https://ift.tt/prjcStz
reddit
Cyrus SASL 2.1.28 has been released with SCRAM improvements and...
Posted in r/netsec by u/Neustradamus • 3 points and 0 comments
You can still CSRF POST requests under the default browser SameSite cookie policy. How to jump through the required hoops.
https://ift.tt/lmc8TDz
Submitted February 23, 2022 at 06:16AM by MysteriousHotel3017
via reddit https://ift.tt/ZsrzLdD
https://ift.tt/lmc8TDz
Submitted February 23, 2022 at 06:16AM by MysteriousHotel3017
via reddit https://ift.tt/ZsrzLdD
reddit
You can still CSRF POST requests under the default browser...
Posted in r/netsec by u/MysteriousHotel3017 • 1 point and 0 comments
tmp.0ut Volume 2
https://tmpout.sh/2/
Submitted February 23, 2022 at 07:46AM by VVX7
via reddit https://ift.tt/Pm3zJIi
https://tmpout.sh/2/
Submitted February 23, 2022 at 07:46AM by VVX7
via reddit https://ift.tt/Pm3zJIi
reddit
tmp.0ut Volume 2
Posted in r/netsec by u/VVX7 • 1 point and 0 comments
Remote Code Execution in pfSense <= 2.5.2
https://ift.tt/KM4YRoP
Submitted February 23, 2022 at 07:36PM by smaury
via reddit https://ift.tt/Kd6035x
https://ift.tt/KM4YRoP
Submitted February 23, 2022 at 07:36PM by smaury
via reddit https://ift.tt/Kd6035x
Shielder
Shielder - Remote Code Execution in pfSense <= 2.5.2
pfSense <= 2.5.2 allows authenticated users to inject arbitrary sed-specific code, which leads to an Arbitrary File Write, resulting in a Remote Code Execution. The vulnerability is also exploitable through a Cross-Site Request Forgery.
The vulnerability research team @GitLab is introducing an open-source community-driven advisory database for third-party security dependencies
https://ift.tt/XOq5Yrj
Submitted February 23, 2022 at 10:12PM by howie1001
via reddit https://ift.tt/7rI19bk
https://ift.tt/XOq5Yrj
Submitted February 23, 2022 at 10:12PM by howie1001
via reddit https://ift.tt/7rI19bk
GitLab
Introducing a community-driven advisory database for third-party software dependencies
The advisory data can be readily adopted, adapted, and exchanged. Learn more here.
Automating bug bounties
https://ift.tt/7yVEbiH
Submitted February 24, 2022 at 03:52AM by pedro_benteveo
via reddit https://ift.tt/1sUa9L5
https://ift.tt/7yVEbiH
Submitted February 24, 2022 at 03:52AM by pedro_benteveo
via reddit https://ift.tt/1sUa9L5
Benteveo
Automating bug bounties — Benteveo
I have bad news. I first noticed this one day like any other, and once I noticed it, I couldn’t escape the reality. Hacking is boring. This may seem counter-intuitive at first. If you looked at your average hacker, they wouldn’t look bored. More like a mixture…
Logic Flaw Leading to RCE in Dynamicweb 9.5.0 - 9.12.7
https://ift.tt/5fQzcEy
Submitted February 24, 2022 at 06:44AM by Mempodipper
via reddit https://ift.tt/YXnZKk6
https://ift.tt/5fQzcEy
Submitted February 24, 2022 at 06:44AM by Mempodipper
via reddit https://ift.tt/YXnZKk6
Assetnote
Logic Flaw Leading to RCE in Dynamicweb 9.5.0 - 9.12.7
Application security issues found by Assetnote
The Bvp47 - a Top-tier Backdoor of US NSA Equation Group
https://ift.tt/Cnih1MY
Submitted February 24, 2022 at 03:10PM by eberkut
via reddit https://ift.tt/56ycbYN
https://ift.tt/Cnih1MY
Submitted February 24, 2022 at 03:10PM by eberkut
via reddit https://ift.tt/56ycbYN
www.pangulab.cn
The Bvp47 - a Top-tier Backdoor of US NSA Equation Group
Understanding Threat Actor’s by @berkdusunur
https://ift.tt/Pi4SoTR
Submitted February 25, 2022 at 12:15AM by EyeAccomplished5529
via reddit https://ift.tt/LBHgWnp
https://ift.tt/Pi4SoTR
Submitted February 25, 2022 at 12:15AM by EyeAccomplished5529
via reddit https://ift.tt/LBHgWnp
Medium
Understanding Threat Actors
Hello everyone. I am so excited to publish my second article in 2022 which is ‘Understanding Threat Actors’.
A Detailed Analysis of the LockBit Ransomware
https://ift.tt/0ci5NLs
Submitted February 25, 2022 at 01:19AM by CyberMasterV
via reddit https://ift.tt/nfIUe4o
https://ift.tt/0ci5NLs
Submitted February 25, 2022 at 01:19AM by CyberMasterV
via reddit https://ift.tt/nfIUe4o
HermeticWiper: What We Know About New Malware Targeting Ukrainian Infrastructure (Thus Far)
https://ift.tt/N1u7MQS
Submitted February 25, 2022 at 05:05AM by jat0369
via reddit https://ift.tt/WVb0qc8
https://ift.tt/N1u7MQS
Submitted February 25, 2022 at 05:05AM by jat0369
via reddit https://ift.tt/WVb0qc8
Cyberark
HermeticWiper: What We Know About New Malware Targeting Ukrainian Infrastructure (Thus Far)
As geopolitical tensions continue to mount, reports are emerging of a new wiper malware targeting Ukrainian infrastructure, such as government departments. Symantec and ESET research first tweeted...
BGP Security in 2021
https://ift.tt/DYm3JiX
Submitted February 25, 2022 at 08:23PM by danyork
via reddit https://ift.tt/yx4EnQi
https://ift.tt/DYm3JiX
Submitted February 25, 2022 at 08:23PM by danyork
via reddit https://ift.tt/yx4EnQi
reddit
BGP Security in 2021
Posted in r/netsec by u/danyork • 10 points and 0 comments
Catching bugs in VMware: Carbon Black Cloud Workload Appliance and vRealize Operations Manager
https://ift.tt/tnkd5G3
Submitted February 25, 2022 at 07:15PM by scopedsecurity
via reddit https://ift.tt/EMpYqoN
https://ift.tt/tnkd5G3
Submitted February 25, 2022 at 07:15PM by scopedsecurity
via reddit https://ift.tt/EMpYqoN
PT SWARM
Catching bugs in VMware: Carbon Black Cloud Workload Appliance and vRealize Operations Manager
Last year we found a lot of exciting vulnerabilities in VMware products. The vendor was notified and they have since been patched. This is the second part of our research. This article covers an Authentication Bypass in VMware Carbon Black Cloud Workload…
Pentest-tool: Simple and secure web deployment for pentest and redteam with simwigo
https://ift.tt/Vvxc2j9
Submitted February 26, 2022 at 12:10AM by B1che
via reddit https://ift.tt/zPl1JU2
https://ift.tt/Vvxc2j9
Submitted February 26, 2022 at 12:10AM by B1che
via reddit https://ift.tt/zPl1JU2
GitHub
GitHub - 8iche/simwigo: Simwigo is a cross-platform tool, written in Go, to simplify the deployment of a web service.
Simwigo is a cross-platform tool, written in Go, to simplify the deployment of a web service. - GitHub - 8iche/simwigo: Simwigo is a cross-platform tool, written in Go, to simplify the deployment o...