An automated setup for fuzzing Apache httpd w/ AFL++
https://ift.tt/GCX7taM
Submitted March 13, 2022 at 06:16PM by pwntheplanet
via reddit https://ift.tt/0bftKTX
https://ift.tt/GCX7taM
Submitted March 13, 2022 at 06:16PM by pwntheplanet
via reddit https://ift.tt/0bftKTX
GitHub
GitHub - 0xbigshaq/apache-afl: An automated setup for compiling & fuzzing Apache httpd server
An automated setup for compiling & fuzzing Apache httpd server - 0xbigshaq/apache-afl
Reverse Engineering a Netgear NDay
https://ift.tt/9qMXJxN
Submitted March 14, 2022 at 02:11AM by lightgrains
via reddit https://ift.tt/TYINBwd
https://ift.tt/9qMXJxN
Submitted March 14, 2022 at 02:11AM by lightgrains
via reddit https://ift.tt/TYINBwd
StarkeBlog
Reverse Engineering a Netgear Nday
CVE-ID: CVE-2021-34979 ZDI Identifier: ZDI-CAN-13512
FirmWire is a full-system baseband firmware emulation platform
https://ift.tt/FrdmqGs
Submitted March 14, 2022 at 12:57PM by domenukk
via reddit https://ift.tt/SaBt73e
https://ift.tt/FrdmqGs
Submitted March 14, 2022 at 12:57PM by domenukk
via reddit https://ift.tt/SaBt73e
GitHub
GitHub - FirmWire/FirmWire: FirmWire is a full-system baseband firmware emulation platform for fuzzing, debugging, and root-cause…
FirmWire is a full-system baseband firmware emulation platform for fuzzing, debugging, and root-cause analysis of smartphone baseband firmwares - GitHub - FirmWire/FirmWire: FirmWire is a full-syst...
Making Sense Of The Dirty Pipe Vulnerability (CVE-2022-0847) - RedHunt Labs
https://ift.tt/CTuKrQ4
Submitted March 14, 2022 at 02:47PM by redhuntlabs
via reddit https://ift.tt/vwQnqC3
https://ift.tt/CTuKrQ4
Submitted March 14, 2022 at 02:47PM by redhuntlabs
via reddit https://ift.tt/vwQnqC3
RedHunt Labs
Making Sense Of The Dirty Pipe Vulnerability (CVE-2022-0847) - RedHunt Labs
CVE-2022-0847 or "Dirty Pipe", is a Linux kernel flaw that allows attackers to escalate privileges. We analyze the vulnerability in-depth in this blog.
Shodan: Introducing the InternetDB API
https://ift.tt/dfR31qF
Submitted March 14, 2022 at 10:03PM by D4r1
via reddit https://ift.tt/U7OmTHV
https://ift.tt/dfR31qF
Submitted March 14, 2022 at 10:03PM by D4r1
via reddit https://ift.tt/U7OmTHV
reddit
Shodan: Introducing the InternetDB API
Posted in r/netsec by u/D4r1 • 208 points and 7 comments
AWS/GitLab Self-Hosted CTF
https://ift.tt/rIhnEmF
Submitted March 15, 2022 at 12:27AM by RedTermSession
via reddit https://ift.tt/JNHZFAo
https://ift.tt/rIhnEmF
Submitted March 15, 2022 at 12:27AM by RedTermSession
via reddit https://ift.tt/JNHZFAo
hackingthe.cloud
CI/CDon't - Hacking The Cloud
An AWS/GitLab CICD themed CTF.
NSA, CISA Release Updated Kubernetes Hardening Guidance
https://ift.tt/ye17utx
Submitted March 15, 2022 at 11:05PM by sanitybit
via reddit https://ift.tt/BML9ukP
https://ift.tt/ye17utx
Submitted March 15, 2022 at 11:05PM by sanitybit
via reddit https://ift.tt/BML9ukP
National Security Agency/Central Security Service
NSA, CISA release Kubernetes Hardening Guidance
The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) released a Cybersecurity Technical Report, “Kubernetes Hardening Guidance,” today. This report
OpenSSL CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates
https://ift.tt/xEvSNMi
Submitted March 15, 2022 at 11:14PM by yawkat
via reddit https://ift.tt/nO2Bprt
https://ift.tt/xEvSNMi
Submitted March 15, 2022 at 11:14PM by yawkat
via reddit https://ift.tt/nO2Bprt
reddit
OpenSSL CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable...
Posted in r/netsec by u/yawkat • 0 points and 0 comments
CVE-2022-25636 : New Linux Bug in Netfilter Firewall Module Lets Attackers Gain Root Access
https://ift.tt/KRPbcSu
Submitted March 16, 2022 at 07:45AM by Late_Ice_9288
via reddit https://ift.tt/GtkhMUz
https://ift.tt/KRPbcSu
Submitted March 16, 2022 at 07:45AM by Late_Ice_9288
via reddit https://ift.tt/GtkhMUz
reddit
CVE-2022-25636 : New Linux Bug in Netfilter Firewall Module Lets...
Posted in r/netsec by u/Late_Ice_9288 • 63 points and 3 comments
7 RCE and DoS vulnerabilities Found in ClickHouse DBMS
https://ift.tt/YHOlbTh
Submitted March 16, 2022 at 12:48PM by SRMish3
via reddit https://ift.tt/1Yas2XR
https://ift.tt/YHOlbTh
Submitted March 16, 2022 at 12:48PM by SRMish3
via reddit https://ift.tt/1Yas2XR
JFrog
Security Vulnerabilities Found in ClickHouse Open-Source Software
JFrog’s Security Research team discovered 7 vulnerabilities in the ClickHouse database management software. Learn about the issues and how to mitigate the risks.
Technical Advisory – Apple macOS XAR – Arbitrary File Write (CVE-2022-22582) - Whilst analysing the patch for CVE-2021-30833, an additional vulnerability was identified which could allow for arbitrary file-write when unpacking a malicious XAR archive using the xar utility.
https://ift.tt/VY1CUbD
Submitted March 16, 2022 at 02:26PM by digicat
via reddit https://ift.tt/n80RukT
https://ift.tt/VY1CUbD
Submitted March 16, 2022 at 02:26PM by digicat
via reddit https://ift.tt/n80RukT
NCC Group Research
Technical Advisory – Apple macOS XAR – Arbitrary File Write (CVE-2022-22582)
In October 2021, Apple released a fix for CVE-2021-30833. This was an arbitrary file-write vulnerability in the xar utility and was due to improper handling of path separation (forward-slash) characters when processing files contained within directory symlinks.…
cd considered harmful: exploiting Git integrations in shell prompts and IDEs
https://ift.tt/DFGi5Jd
Submitted March 16, 2022 at 03:19PM by monoimpact
via reddit https://ift.tt/he86nxl
https://ift.tt/DFGi5Jd
Submitted March 16, 2022 at 03:19PM by monoimpact
via reddit https://ift.tt/he86nxl
Sonarsource
Securing Developer Tools: Git Integrations
With this series, we present the results of our research on the security of popular developer tools with the goal of making this ecosystem safer: today’s article revisits Git integrations.
HermeticWiper Technical Analysis Report
https://ift.tt/1Lq9R8M
Submitted March 16, 2022 at 06:04PM by mstfknn
via reddit https://ift.tt/86vKN54
https://ift.tt/1Lq9R8M
Submitted March 16, 2022 at 06:04PM by mstfknn
via reddit https://ift.tt/86vKN54
cr8escape: New Vulnerability in CRI-O allows for container brekout
https://ift.tt/3fSLn5v
Submitted March 16, 2022 at 08:15PM by raesene2
via reddit https://ift.tt/c4o2Wp0
https://ift.tt/3fSLn5v
Submitted March 16, 2022 at 08:15PM by raesene2
via reddit https://ift.tt/c4o2Wp0
CrowdStrike.com
cr8escape: New Vulnerability in CRI-O Container Engine (CVE-2022-0811)
Learn how CrowdStrike discovered a new vulnerability in the CRI-O Container Engine (CVE-2022-0811), and what organizations can do to remediate this vulnerability.
Top 10 CI/CD Security Risks
https://ift.tt/2RgjxHo
Submitted March 16, 2022 at 08:04PM by Hefty_Knowledge_7449
via reddit https://ift.tt/zksK0W3
https://ift.tt/2RgjxHo
Submitted March 16, 2022 at 08:04PM by Hefty_Knowledge_7449
via reddit https://ift.tt/zksK0W3
Cider Security Site
Top 10 CICD Security Risks - Cider Security Site
Arya - new tool to generate pseudo malware samples based on YARA rules
https://ift.tt/19VXDa4
Submitted March 16, 2022 at 10:12PM by n0llbyte
via reddit https://ift.tt/nKyvl9t
https://ift.tt/19VXDa4
Submitted March 16, 2022 at 10:12PM by n0llbyte
via reddit https://ift.tt/nKyvl9t
Claroty
Arya: The New Tailor-Made EICAR Using Yara
Call for participants in Rizin/Cutter's Google Summer of Code 2022
https://ift.tt/AaOS0gU
Submitted March 16, 2022 at 11:01PM by XVilka
via reddit https://ift.tt/r59bqnh
https://ift.tt/AaOS0gU
Submitted March 16, 2022 at 11:01PM by XVilka
via reddit https://ift.tt/r59bqnh
Rizin
GSoC 2022
TL;DR Jump to the Ideas list.
Introduction This year is the second time we participate as a fork - Rizin, effectively continuing the tradition since the year 2015 (as the radare2 project).
Mentors Members of the Rizin and Cutter core teams have volunteered…
Introduction This year is the second time we participate as a fork - Rizin, effectively continuing the tradition since the year 2015 (as the radare2 project).
Mentors Members of the Rizin and Cutter core teams have volunteered…
Cool Open Source Security Tools & Programs list
https://ift.tt/kqysade
Submitted March 17, 2022 at 03:27AM by Khaotic_Kernel
via reddit https://ift.tt/iklIE2w
https://ift.tt/kqysade
Submitted March 17, 2022 at 03:27AM by Khaotic_Kernel
via reddit https://ift.tt/iklIE2w
GitHub
GitHub - mikeroyal/Open-Source-Security-Guide: Open Source Security Guide. Learn all about Security Standards, Frameworks, Threat…
Open Source Security Guide. Learn all about Security Standards, Frameworks, Threat Models, Encryption, and Benchmarks. - GitHub - mikeroyal/Open-Source-Security-Guide: Open Source Security Guide. ...
Git honours embedded bare repos - justinsteven
https://ift.tt/5nyPtmT
Submitted March 17, 2022 at 03:11AM by Gallus
via reddit https://ift.tt/fK1wSkm
https://ift.tt/5nyPtmT
Submitted March 17, 2022 at 03:11AM by Gallus
via reddit https://ift.tt/fK1wSkm
GitHub
advisories/2022_git_buried_bare_repos_and_fsmonitor_various_abuses.md at main · justinsteven/advisories
Contribute to justinsteven/advisories development by creating an account on GitHub.
NPM supply chain attack: node-ipc and peacenotwar sabotaged as an act of protest by the maintainer
https://ift.tt/DtTl91n
Submitted March 17, 2022 at 04:36AM by tubularobot
via reddit https://ift.tt/SAwFURa
https://ift.tt/DtTl91n
Submitted March 17, 2022 at 04:36AM by tubularobot
via reddit https://ift.tt/SAwFURa
Snyk
Alert: peacenotwar module sabotages npm developers in the node-ipc package to protest the invasion of Ukraine | Snyk
Vue.js users using the dependency “node-ipc” are experiencing a supply chain attack protesting the invasion of Ukraine, from a package named “peacenotwar”.
TOOL: ntlmrelayx2proxychains combining/automating ntlmrelayx, crackmapexec, and proxychains!
https://ift.tt/Xmdh4nT
Submitted March 17, 2022 at 05:14AM by BugbearB
via reddit https://ift.tt/ON8aERl
https://ift.tt/Xmdh4nT
Submitted March 17, 2022 at 05:14AM by BugbearB
via reddit https://ift.tt/ON8aERl
GitHub
GitHub - He-No/ntlmrelayx2proxychains
Contribute to He-No/ntlmrelayx2proxychains development by creating an account on GitHub.