Unraveling Assets from Android Apps at Scale - An OSINT API allows you to scan over half a million Android apps for subdomains, S3 buckets, URL Params and more.
https://ift.tt/qdHyXOl
Submitted March 17, 2022 at 08:34PM by alt-glitch
via reddit https://ift.tt/fk6VHKw
https://ift.tt/qdHyXOl
Submitted March 17, 2022 at 08:34PM by alt-glitch
via reddit https://ift.tt/fk6VHKw
BeVigil Blog
Unraveling Assets from Android Apps at Scale - BeVigil Blog
Over the years, large-scale scanning of the internet has enabled the security community to identify widespread vulnerabilities and mitigate them before they can be exploited.
Random number generator enhancements for Linux 5.17 and 5.18
https://ift.tt/stYzrpk
Submitted March 18, 2022 at 05:20AM by zx2c4
via reddit https://ift.tt/EwHvh6k
https://ift.tt/stYzrpk
Submitted March 18, 2022 at 05:20AM by zx2c4
via reddit https://ift.tt/EwHvh6k
reddit
Random number generator enhancements for Linux 5.17 and 5.18
Posted in r/netsec by u/zx2c4 • 272 points and 9 comments
Detecting Headless Chrome: Spotlight on Puppeteer-Extra-Plugin-Stealth
https://ift.tt/AmSP8En
Submitted March 17, 2022 at 11:21PM by threat_researcher
via reddit https://ift.tt/W5fB8X7
https://ift.tt/AmSP8En
Submitted March 17, 2022 at 11:21PM by threat_researcher
via reddit https://ift.tt/W5fB8X7
DataDome
Detecting Headless Chrome: Puppeteer-Extra-Plugin-Stealth
Deep dive into puppeteer-extra-plugin-stealth—an instrumentation framework for sophisticated bot developers—and how DataDome detects it.
Post auth RCE based in malicious LUA plugin noscript upload SCADA controllers located in Russia
https://ift.tt/a7bRWIZ
Submitted March 18, 2022 at 01:33AM by bertinjoseb
via reddit https://ift.tt/92MA0yd
https://ift.tt/a7bRWIZ
Submitted March 18, 2022 at 01:33AM by bertinjoseb
via reddit https://ift.tt/92MA0yd
Medium
Post auth RCE based in malicious LUA plugin noscript upload SCADA controllers located in Russia
Hello World
0d1n - Tool for automating customized attacks against web applications. Fully made in C language with pthreads, it has fast performance.
https://ift.tt/oSHXJGr
Submitted March 18, 2022 at 09:01PM by CoolerVoid
via reddit https://ift.tt/ibSPsu6
https://ift.tt/oSHXJGr
Submitted March 18, 2022 at 09:01PM by CoolerVoid
via reddit https://ift.tt/ibSPsu6
GitHub
GitHub - CoolerVoid/0d1n: Tool for automating customized attacks against web applications. Fully made in C language with pthreads…
Tool for automating customized attacks against web applications. Fully made in C language with pthreads, it has fast performance. - GitHub - CoolerVoid/0d1n: Tool for automating customized attacks...
Frelatage: A fuzzing library to find vulnerabilities and bugs in Python applications
https://ift.tt/zGvH5JR
Submitted March 20, 2022 at 02:06AM by FrenchFuzzer
via reddit https://ift.tt/Cc6OlFX
https://ift.tt/zGvH5JR
Submitted March 20, 2022 at 02:06AM by FrenchFuzzer
via reddit https://ift.tt/Cc6OlFX
GitHub
GitHub - Rog3rSm1th/frelatage: A Greybox and Coverage-based library to fuzz Python applications 🐍
A Greybox and Coverage-based library to fuzz Python applications 🐍 - GitHub - Rog3rSm1th/frelatage: A Greybox and Coverage-based library to fuzz Python applications 🐍
How to detect IMSI catchers
https://ift.tt/uEvcxVZ
Submitted March 20, 2022 at 07:16AM by knoy
via reddit https://ift.tt/zbCMXSd
https://ift.tt/uEvcxVZ
Submitted March 20, 2022 at 07:16AM by knoy
via reddit https://ift.tt/zbCMXSd
Armadillophone
How to detect IMSI catchers
Your phone is under constant attack from criminals, corporations and foreign governments.
Xepor: the web routing framework, brings the best of mitmproxy & Flask
https://ift.tt/DR2biPX
Submitted March 20, 2022 at 05:43PM by ttimasdf
via reddit https://ift.tt/Hg9WPQF
https://ift.tt/DR2biPX
Submitted March 20, 2022 at 05:43PM by ttimasdf
via reddit https://ift.tt/Hg9WPQF
GitHub
GitHub - xepor/xepor: Xepor, a web routing framework for reverse engineers and security researchers, brings the best of mitmproxy…
Xepor, a web routing framework for reverse engineers and security researchers, brings the best of mitmproxy & Flask - GitHub - xepor/xepor: Xepor, a web routing framework for reverse engine...
Xepor: the web routing framework, brings the best of mitmproxy & Flask
https://ift.tt/DR2biPX
Submitted March 20, 2022 at 05:43PM by ttimasdf
via reddit https://ift.tt/Hg9WPQF
https://ift.tt/DR2biPX
Submitted March 20, 2022 at 05:43PM by ttimasdf
via reddit https://ift.tt/Hg9WPQF
GitHub
GitHub - xepor/xepor: Xepor, a web routing framework for reverse engineers and security researchers, brings the best of mitmproxy…
Xepor, a web routing framework for reverse engineers and security researchers, brings the best of mitmproxy & Flask - GitHub - xepor/xepor: Xepor, a web routing framework for reverse engine...
Xepor: the web routing framework, brings the best of mitmproxy & Flask
https://ift.tt/DR2biPX
Submitted March 20, 2022 at 05:43PM by ttimasdf
via reddit https://ift.tt/Hg9WPQF
https://ift.tt/DR2biPX
Submitted March 20, 2022 at 05:43PM by ttimasdf
via reddit https://ift.tt/Hg9WPQF
GitHub
GitHub - xepor/xepor: Xepor, a web routing framework for reverse engineers and security researchers, brings the best of mitmproxy…
Xepor, a web routing framework for reverse engineers and security researchers, brings the best of mitmproxy & Flask - GitHub - xepor/xepor: Xepor, a web routing framework for reverse engine...
GitHub - fgsect/FitM: FitM, the Fuzzer in the Middle, can fuzz client and server binaries at the same time using userspace snapshot-fuzzing and network emulation. It's fast and comparably easy to set up.
https://ift.tt/YampMke
Submitted March 20, 2022 at 10:03PM by domenukk
via reddit https://ift.tt/uUhgSio
https://ift.tt/YampMke
Submitted March 20, 2022 at 10:03PM by domenukk
via reddit https://ift.tt/uUhgSio
GitHub
GitHub - fgsect/FitM: FitM, the Fuzzer in the Middle, can fuzz client and server binaries at the same time using userspace snapshot…
FitM, the Fuzzer in the Middle, can fuzz client and server binaries at the same time using userspace snapshot-fuzzing and network emulation. It's fast and comparably easy to set up. - GitHu...
Linux EDR testing: simple to extend but realistic initial access test case and ideas where to focus when testing
https://ift.tt/FfHzcxR
Submitted March 21, 2022 at 01:32AM by 4lreadytekken
via reddit https://ift.tt/BWoevug
https://ift.tt/FfHzcxR
Submitted March 21, 2022 at 01:32AM by 4lreadytekken
via reddit https://ift.tt/BWoevug
Medium
Testing EDRs for Linux — Things I wish I knew before getting started
Thoughts on how to simplify your tests while keeping it real and a realistic, easy to expand initial access case.
CVE-2022-0811 : New Vulnerability in CRI-O Engine Lets Attackers Escape Kubernetes Containers
https://ift.tt/cCVaX8b
Submitted March 21, 2022 at 07:15AM by Late_Ice_9288
via reddit https://ift.tt/8027Zwj
https://ift.tt/cCVaX8b
Submitted March 21, 2022 at 07:15AM by Late_Ice_9288
via reddit https://ift.tt/8027Zwj
GitHub
GitHub is where people build software. More than 83 million people use GitHub to discover, fork, and contribute to over 200 million projects.
Shielder - Reversing embedded device bootloader (U-Boot) - p.2
https://ift.tt/ftHDBTG
Submitted March 21, 2022 at 05:47PM by smaury
via reddit https://ift.tt/a3D7Ne5
https://ift.tt/ftHDBTG
Submitted March 21, 2022 at 05:47PM by smaury
via reddit https://ift.tt/a3D7Ne5
Shielder
Shielder - Reversing embedded device bootloader (U-Boot) - p.2
In the course of these two articles, we will share an analysis of some aspects of reversing a low-level binary.
Unconstrained Delegation
https://ift.tt/lpmiGuq
Submitted March 21, 2022 at 11:53PM by netbiosX
via reddit https://ift.tt/HiEnXze
https://ift.tt/lpmiGuq
Submitted March 21, 2022 at 11:53PM by netbiosX
via reddit https://ift.tt/HiEnXze
Penetration Testing Lab
Unconstrained Delegation
Microsoft to support scenarios where users authenticate via Kerberos to one system and information needs to be updated on another system implemented unconstrained delegation. This was implemented i…
LAPSUS group claims to have hacked Okta
https://ift.tt/2Pq0uRL
Submitted March 22, 2022 at 11:35AM by kanben
via reddit https://ift.tt/iwsvU6P
https://ift.tt/2Pq0uRL
Submitted March 22, 2022 at 11:35AM by kanben
via reddit https://ift.tt/iwsvU6P
Nitter
MG (@_MG_)
Oh man, if this it what it looks (Okta got popped)… Blue Team everywhere is gonna be crazy busy.
RomHack 2022 CFP is Open!
https://ift.tt/fCuTRjF
Submitted March 22, 2022 at 12:04PM by smaury
via reddit https://ift.tt/yLik9bC
https://ift.tt/fCuTRjF
Submitted March 22, 2022 at 12:04PM by smaury
via reddit https://ift.tt/yLik9bC
Multiple Vulnerabilities in GARO Wallbox
https://ift.tt/7yYJhe0
Submitted March 22, 2022 at 06:13PM by eddit__plus
via reddit https://ift.tt/N7EsojS
https://ift.tt/7yYJhe0
Submitted March 22, 2022 at 06:13PM by eddit__plus
via reddit https://ift.tt/N7EsojS
GitHub
advisory/GARO at main · delikely/advisory
Vulnerability Discloses . Contribute to delikely/advisory development by creating an account on GitHub.
A journey into IoT - Unknown Chinese alarm - Part 1 - Discover components and ports
https://ift.tt/PQoR4Dr
Submitted March 22, 2022 at 08:18PM by 0xdea
via reddit https://ift.tt/dvOaTYo
https://ift.tt/PQoR4Dr
Submitted March 22, 2022 at 08:18PM by 0xdea
via reddit https://ift.tt/dvOaTYo
hn security
A journey into IoT - Unknown Chinese alarm - Part 1 - Discover components and ports - hn security
DISCLAIMER: as many other security researchers […]
OpenSSH phishing FIDO token protected keys (PoC)
https://ift.tt/MSYfoRT
Submitted March 22, 2022 at 09:06PM by ssh-mitm
via reddit https://ift.tt/teGLkxU
https://ift.tt/MSYfoRT
Submitted March 22, 2022 at 09:06PM by ssh-mitm
via reddit https://ift.tt/teGLkxU
docs.ssh-mitm.at
SSH-MITM Docs - Trivial Authentication
[CFP] Call for paper/tools/workshop for THREAT CON 2022 is now live
https://ift.tt/RrhOLdE
Submitted March 22, 2022 at 10:13PM by nyoface
via reddit https://ift.tt/8Ov1XDb
https://ift.tt/RrhOLdE
Submitted March 22, 2022 at 10:13PM by nyoface
via reddit https://ift.tt/8Ov1XDb
threatcon.io
Call for Papers (CFP) - THREAT CON 2022
THREAT CON is an initiative that aims to facilitate a gateway to standard practices and create a new development within the field of cybersecurity- for developers, security practitioners, IT administrators or anyone interested.