TOOL: ntlmrelayx2proxychains combining/automating ntlmrelayx, crackmapexec, and proxychains!
https://ift.tt/Xmdh4nT
Submitted March 17, 2022 at 05:14AM by BugbearB
via reddit https://ift.tt/ON8aERl
https://ift.tt/Xmdh4nT
Submitted March 17, 2022 at 05:14AM by BugbearB
via reddit https://ift.tt/ON8aERl
GitHub
GitHub - He-No/ntlmrelayx2proxychains
Contribute to He-No/ntlmrelayx2proxychains development by creating an account on GitHub.
From XSS to RCE (dompdf 0day)
https://ift.tt/OMyku3U
Submitted March 16, 2022 at 04:16PM by mckirk_
via reddit https://ift.tt/oPQvhYH
https://ift.tt/OMyku3U
Submitted March 16, 2022 at 04:16PM by mckirk_
via reddit https://ift.tt/oPQvhYH
positive.security
From XSS to RCE (dompdf 0day) | Positive Security
Using a still unpatched vulnerability in the PHP library dompdf (used for rendering PDFs from HTML), we achieved RCE on a web server with merely a reflected XSS vulnerability as entry point.
ThreatMapper 1.3.0 update - +runtime SBOM, +secret scanning, +attack path
https://ift.tt/lchCnHa
Submitted March 16, 2022 at 05:11PM by foobarbazwibble
via reddit https://ift.tt/S3yWzMd
https://ift.tt/lchCnHa
Submitted March 16, 2022 at 05:11PM by foobarbazwibble
via reddit https://ift.tt/S3yWzMd
GitHub
Release v1.3.0 · deepfence/ThreatMapper
ThreatMapper 1.3.0 Release
ThreatMapper 1.3.0 is a feature release, with a number of enhancements and fixes:
New Features
Secret Scanning: Scan containers and host filesystems, looking for possibl...
ThreatMapper 1.3.0 is a feature release, with a number of enhancements and fixes:
New Features
Secret Scanning: Scan containers and host filesystems, looking for possibl...
Mitigating CVE-2022-0811: Arbitrary code execution affecting CRI-O
https://ift.tt/e7x85Ol
Submitted March 17, 2022 at 05:21PM by MiguelHzBz
via reddit https://ift.tt/TLsjHrh
https://ift.tt/e7x85Ol
Submitted March 17, 2022 at 05:21PM by MiguelHzBz
via reddit https://ift.tt/TLsjHrh
Sysdig
Mitigating CVE-2022-0811: Arbitrary code execution affecting CRI-O – Sysdig
Learn how CVE-2022-0811, cr8escape, in CRI-O can lead to arbitrary code execution in Kubernetes and Openshift. Also how to detect & mitigate.
Unraveling Assets from Android Apps at Scale - An OSINT API allows you to scan over half a million Android apps for subdomains, S3 buckets, URL Params and more.
https://ift.tt/qdHyXOl
Submitted March 17, 2022 at 08:34PM by alt-glitch
via reddit https://ift.tt/fk6VHKw
https://ift.tt/qdHyXOl
Submitted March 17, 2022 at 08:34PM by alt-glitch
via reddit https://ift.tt/fk6VHKw
BeVigil Blog
Unraveling Assets from Android Apps at Scale - BeVigil Blog
Over the years, large-scale scanning of the internet has enabled the security community to identify widespread vulnerabilities and mitigate them before they can be exploited.
Random number generator enhancements for Linux 5.17 and 5.18
https://ift.tt/stYzrpk
Submitted March 18, 2022 at 05:20AM by zx2c4
via reddit https://ift.tt/EwHvh6k
https://ift.tt/stYzrpk
Submitted March 18, 2022 at 05:20AM by zx2c4
via reddit https://ift.tt/EwHvh6k
reddit
Random number generator enhancements for Linux 5.17 and 5.18
Posted in r/netsec by u/zx2c4 • 272 points and 9 comments
Detecting Headless Chrome: Spotlight on Puppeteer-Extra-Plugin-Stealth
https://ift.tt/AmSP8En
Submitted March 17, 2022 at 11:21PM by threat_researcher
via reddit https://ift.tt/W5fB8X7
https://ift.tt/AmSP8En
Submitted March 17, 2022 at 11:21PM by threat_researcher
via reddit https://ift.tt/W5fB8X7
DataDome
Detecting Headless Chrome: Puppeteer-Extra-Plugin-Stealth
Deep dive into puppeteer-extra-plugin-stealth—an instrumentation framework for sophisticated bot developers—and how DataDome detects it.
Post auth RCE based in malicious LUA plugin noscript upload SCADA controllers located in Russia
https://ift.tt/a7bRWIZ
Submitted March 18, 2022 at 01:33AM by bertinjoseb
via reddit https://ift.tt/92MA0yd
https://ift.tt/a7bRWIZ
Submitted March 18, 2022 at 01:33AM by bertinjoseb
via reddit https://ift.tt/92MA0yd
Medium
Post auth RCE based in malicious LUA plugin noscript upload SCADA controllers located in Russia
Hello World
0d1n - Tool for automating customized attacks against web applications. Fully made in C language with pthreads, it has fast performance.
https://ift.tt/oSHXJGr
Submitted March 18, 2022 at 09:01PM by CoolerVoid
via reddit https://ift.tt/ibSPsu6
https://ift.tt/oSHXJGr
Submitted March 18, 2022 at 09:01PM by CoolerVoid
via reddit https://ift.tt/ibSPsu6
GitHub
GitHub - CoolerVoid/0d1n: Tool for automating customized attacks against web applications. Fully made in C language with pthreads…
Tool for automating customized attacks against web applications. Fully made in C language with pthreads, it has fast performance. - GitHub - CoolerVoid/0d1n: Tool for automating customized attacks...
Frelatage: A fuzzing library to find vulnerabilities and bugs in Python applications
https://ift.tt/zGvH5JR
Submitted March 20, 2022 at 02:06AM by FrenchFuzzer
via reddit https://ift.tt/Cc6OlFX
https://ift.tt/zGvH5JR
Submitted March 20, 2022 at 02:06AM by FrenchFuzzer
via reddit https://ift.tt/Cc6OlFX
GitHub
GitHub - Rog3rSm1th/frelatage: A Greybox and Coverage-based library to fuzz Python applications 🐍
A Greybox and Coverage-based library to fuzz Python applications 🐍 - GitHub - Rog3rSm1th/frelatage: A Greybox and Coverage-based library to fuzz Python applications 🐍
How to detect IMSI catchers
https://ift.tt/uEvcxVZ
Submitted March 20, 2022 at 07:16AM by knoy
via reddit https://ift.tt/zbCMXSd
https://ift.tt/uEvcxVZ
Submitted March 20, 2022 at 07:16AM by knoy
via reddit https://ift.tt/zbCMXSd
Armadillophone
How to detect IMSI catchers
Your phone is under constant attack from criminals, corporations and foreign governments.
Xepor: the web routing framework, brings the best of mitmproxy & Flask
https://ift.tt/DR2biPX
Submitted March 20, 2022 at 05:43PM by ttimasdf
via reddit https://ift.tt/Hg9WPQF
https://ift.tt/DR2biPX
Submitted March 20, 2022 at 05:43PM by ttimasdf
via reddit https://ift.tt/Hg9WPQF
GitHub
GitHub - xepor/xepor: Xepor, a web routing framework for reverse engineers and security researchers, brings the best of mitmproxy…
Xepor, a web routing framework for reverse engineers and security researchers, brings the best of mitmproxy & Flask - GitHub - xepor/xepor: Xepor, a web routing framework for reverse engine...
Xepor: the web routing framework, brings the best of mitmproxy & Flask
https://ift.tt/DR2biPX
Submitted March 20, 2022 at 05:43PM by ttimasdf
via reddit https://ift.tt/Hg9WPQF
https://ift.tt/DR2biPX
Submitted March 20, 2022 at 05:43PM by ttimasdf
via reddit https://ift.tt/Hg9WPQF
GitHub
GitHub - xepor/xepor: Xepor, a web routing framework for reverse engineers and security researchers, brings the best of mitmproxy…
Xepor, a web routing framework for reverse engineers and security researchers, brings the best of mitmproxy & Flask - GitHub - xepor/xepor: Xepor, a web routing framework for reverse engine...
Xepor: the web routing framework, brings the best of mitmproxy & Flask
https://ift.tt/DR2biPX
Submitted March 20, 2022 at 05:43PM by ttimasdf
via reddit https://ift.tt/Hg9WPQF
https://ift.tt/DR2biPX
Submitted March 20, 2022 at 05:43PM by ttimasdf
via reddit https://ift.tt/Hg9WPQF
GitHub
GitHub - xepor/xepor: Xepor, a web routing framework for reverse engineers and security researchers, brings the best of mitmproxy…
Xepor, a web routing framework for reverse engineers and security researchers, brings the best of mitmproxy & Flask - GitHub - xepor/xepor: Xepor, a web routing framework for reverse engine...
GitHub - fgsect/FitM: FitM, the Fuzzer in the Middle, can fuzz client and server binaries at the same time using userspace snapshot-fuzzing and network emulation. It's fast and comparably easy to set up.
https://ift.tt/YampMke
Submitted March 20, 2022 at 10:03PM by domenukk
via reddit https://ift.tt/uUhgSio
https://ift.tt/YampMke
Submitted March 20, 2022 at 10:03PM by domenukk
via reddit https://ift.tt/uUhgSio
GitHub
GitHub - fgsect/FitM: FitM, the Fuzzer in the Middle, can fuzz client and server binaries at the same time using userspace snapshot…
FitM, the Fuzzer in the Middle, can fuzz client and server binaries at the same time using userspace snapshot-fuzzing and network emulation. It's fast and comparably easy to set up. - GitHu...
Linux EDR testing: simple to extend but realistic initial access test case and ideas where to focus when testing
https://ift.tt/FfHzcxR
Submitted March 21, 2022 at 01:32AM by 4lreadytekken
via reddit https://ift.tt/BWoevug
https://ift.tt/FfHzcxR
Submitted March 21, 2022 at 01:32AM by 4lreadytekken
via reddit https://ift.tt/BWoevug
Medium
Testing EDRs for Linux — Things I wish I knew before getting started
Thoughts on how to simplify your tests while keeping it real and a realistic, easy to expand initial access case.
CVE-2022-0811 : New Vulnerability in CRI-O Engine Lets Attackers Escape Kubernetes Containers
https://ift.tt/cCVaX8b
Submitted March 21, 2022 at 07:15AM by Late_Ice_9288
via reddit https://ift.tt/8027Zwj
https://ift.tt/cCVaX8b
Submitted March 21, 2022 at 07:15AM by Late_Ice_9288
via reddit https://ift.tt/8027Zwj
GitHub
GitHub is where people build software. More than 83 million people use GitHub to discover, fork, and contribute to over 200 million projects.
Shielder - Reversing embedded device bootloader (U-Boot) - p.2
https://ift.tt/ftHDBTG
Submitted March 21, 2022 at 05:47PM by smaury
via reddit https://ift.tt/a3D7Ne5
https://ift.tt/ftHDBTG
Submitted March 21, 2022 at 05:47PM by smaury
via reddit https://ift.tt/a3D7Ne5
Shielder
Shielder - Reversing embedded device bootloader (U-Boot) - p.2
In the course of these two articles, we will share an analysis of some aspects of reversing a low-level binary.
Unconstrained Delegation
https://ift.tt/lpmiGuq
Submitted March 21, 2022 at 11:53PM by netbiosX
via reddit https://ift.tt/HiEnXze
https://ift.tt/lpmiGuq
Submitted March 21, 2022 at 11:53PM by netbiosX
via reddit https://ift.tt/HiEnXze
Penetration Testing Lab
Unconstrained Delegation
Microsoft to support scenarios where users authenticate via Kerberos to one system and information needs to be updated on another system implemented unconstrained delegation. This was implemented i…
LAPSUS group claims to have hacked Okta
https://ift.tt/2Pq0uRL
Submitted March 22, 2022 at 11:35AM by kanben
via reddit https://ift.tt/iwsvU6P
https://ift.tt/2Pq0uRL
Submitted March 22, 2022 at 11:35AM by kanben
via reddit https://ift.tt/iwsvU6P
Nitter
MG (@_MG_)
Oh man, if this it what it looks (Okta got popped)… Blue Team everywhere is gonna be crazy busy.
RomHack 2022 CFP is Open!
https://ift.tt/fCuTRjF
Submitted March 22, 2022 at 12:04PM by smaury
via reddit https://ift.tt/yLik9bC
https://ift.tt/fCuTRjF
Submitted March 22, 2022 at 12:04PM by smaury
via reddit https://ift.tt/yLik9bC