oss-security - Re: zlib memory corruption on deflate (i.e. compress)
https://ift.tt/3hB7L4n
Submitted March 27, 2022 at 04:36AM by Gallus
via reddit https://ift.tt/Nt6S8Pq
https://ift.tt/3hB7L4n
Submitted March 27, 2022 at 04:36AM by Gallus
via reddit https://ift.tt/Nt6S8Pq
reddit
oss-security - Re: zlib memory corruption on deflate (i.e. compress)
Posted in r/netsec by u/Gallus • 72 points and 9 comments
Introduction to CSRF: How can a cookie get you hacked
https://ift.tt/bOrJ2Ng
Submitted March 27, 2022 at 02:33PM by gooldopt
via reddit https://ift.tt/dnYlawe
https://ift.tt/bOrJ2Ng
Submitted March 27, 2022 at 02:33PM by gooldopt
via reddit https://ift.tt/dnYlawe
Medium
Introduction to CSRF: How can a cookie get you hacked? (1/2)
“We use cookies to enhance your browsing experience, by clicking ACCEPT ALL you consent to our use of cookies”
Google Issues Urgent Chrome Update to Patch Actively Exploited Zero-Day Vulnerability. CVE-2022-1096 is the second zero-day vulnerability addressed by Google in Chrome since the start of the year.
https://ift.tt/mrg1vSC
Submitted March 28, 2022 at 07:34AM by Late_Ice_9288
via reddit https://ift.tt/kxUyc4d
https://ift.tt/mrg1vSC
Submitted March 28, 2022 at 07:34AM by Late_Ice_9288
via reddit https://ift.tt/kxUyc4d
cwe.mitre.org
CWE -
CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') (4.6)
CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') (4.6)
Common Weakness Enumeration (CWE) is a list of software weaknesses.
OPNSense Firewall Bypass with Carp
https://ift.tt/bGie7Ym
Submitted March 28, 2022 at 01:34PM by oherrala
via reddit https://ift.tt/hGReDC5
https://ift.tt/bGie7Ym
Submitted March 28, 2022 at 01:34PM by oherrala
via reddit https://ift.tt/hGReDC5
Medium
Firewall bypass with CARP in Packet Filter
One of our isolated network test environments is using the well known OPNSense firewall. It’s a widely used FreeBSD based open source…
New Suncrypt ransomware discovered with added capabilities
https://ift.tt/X4LvOie
Submitted March 28, 2022 at 06:47PM by woja111
via reddit https://ift.tt/Tmnpr2t
https://ift.tt/X4LvOie
Submitted March 28, 2022 at 06:47PM by woja111
via reddit https://ift.tt/Tmnpr2t
LDAP relays for initial foothold in dire situations
https://ift.tt/vBcINyP
Submitted March 28, 2022 at 07:33PM by AlmondOffSec
via reddit https://ift.tt/C0NpuDW
https://ift.tt/vBcINyP
Submitted March 28, 2022 at 07:33PM by AlmondOffSec
via reddit https://ift.tt/C0NpuDW
reddit
LDAP relays for initial foothold in dire situations
Posted in r/netsec by u/AlmondOffSec • 56 points and 1 comment
CVE-2022-0995 exploit - heap out-of-bounds write in the watch_queue Linux kernel component
https://ift.tt/roOFULE
Submitted March 29, 2022 at 01:07AM by 0xdea
via reddit https://ift.tt/18EHeML
https://ift.tt/roOFULE
Submitted March 29, 2022 at 01:07AM by 0xdea
via reddit https://ift.tt/18EHeML
GitHub
GitHub - Bonfee/CVE-2022-0995: CVE-2022-0995 exploit
CVE-2022-0995 exploit. Contribute to Bonfee/CVE-2022-0995 development by creating an account on GitHub.
CVE-2022-27666: Exploit esp6 modules in Linux kernel
https://ift.tt/hEJZWlg
Submitted March 29, 2022 at 01:03AM by 0xdea
via reddit https://ift.tt/WmaTbKJ
https://ift.tt/hEJZWlg
Submitted March 29, 2022 at 01:03AM by 0xdea
via reddit https://ift.tt/WmaTbKJ
ETenal
CVE-2022-27666: Exploit esp6 modules in Linux kernel - ETenal
This post discloses the exploit of CVE-2022-27666, which achieves local privilege escalation on the latest Ubuntu Desktop 21.10.
Ruby Deserialization - New Gadget Chain for Ruby on Rails
https://ift.tt/puwk1me
Submitted March 29, 2022 at 06:27AM by Gallus
via reddit https://ift.tt/qufVMRd
https://ift.tt/puwk1me
Submitted March 29, 2022 at 06:27AM by Gallus
via reddit https://ift.tt/qufVMRd
GitHub
writeups/Ruby-deserialization-gadget-on-rails.md at main · httpvoid/writeups
Contribute to httpvoid/writeups development by creating an account on GitHub.
Busyloop in curl
https://ift.tt/xWXCE3v
Submitted March 29, 2022 at 08:45AM by RegularHumanoid
via reddit https://ift.tt/UGpQkAW
https://ift.tt/xWXCE3v
Submitted March 29, 2022 at 08:45AM by RegularHumanoid
via reddit https://ift.tt/UGpQkAW
Nygetin Paikka | The Place of the Nygetti
My first fuzzy finding: Busyloop in curl
I tend to find ways of occupying myself with new exciting things. It might be a new language I try to learn to speak (not much success there), a new instrument I try to learn to play (I have no mus…
Linux kernel CVE-2022-1015,CVE-2022-1016 in nf_tables cause privilege escalation
https://ift.tt/FxwYkR1
Submitted March 29, 2022 at 09:05AM by Gallus
via reddit https://ift.tt/Prg3KX4
https://ift.tt/FxwYkR1
Submitted March 29, 2022 at 09:05AM by Gallus
via reddit https://ift.tt/Prg3KX4
reddit
Linux kernel CVE-2022-1015,CVE-2022-1016 in nf_tables cause...
Posted in r/netsec by u/Gallus • 1 point and 0 comments
Use of Russian technology products and services following the invasion of Ukraine
https://ift.tt/KUl2aIg
Submitted March 29, 2022 at 06:50PM by joelgsamuel
via reddit https://ift.tt/fcOZQVu
https://ift.tt/KUl2aIg
Submitted March 29, 2022 at 06:50PM by joelgsamuel
via reddit https://ift.tt/fcOZQVu
www.ncsc.gov.uk
Use of Russian technology products and services following the invasion of Ukraine
Cyber security – even in a time of global unrest – remains a balance of different risks. Ian Levy, the NCSC's Technical Director, explains why.
Digital Forensics Basics: A Practical Guide for Kubernetes DFIR
https://ift.tt/y8LJSuB
Submitted March 29, 2022 at 09:19PM by MiguelHzBz
via reddit https://ift.tt/WfHBOwg
https://ift.tt/y8LJSuB
Submitted March 29, 2022 at 09:19PM by MiguelHzBz
via reddit https://ift.tt/WfHBOwg
Sysdig
Digital Forensics Basics: A Practical Guide for DFIR Kubernetes – Sysdig
We covered the basic best practices to perform DFIR Kubernetes. We also simulated how to inspect and respond to a breach.
Read about what it takes to hire good talent with PlexTrac's Cup O' Joe and my blog post on Hiring Top Talent: Conquering the Talent Shortage Series
https://ift.tt/p9sVzw1
Submitted March 30, 2022 at 01:47AM by jpierini
via reddit https://ift.tt/zlB2tFy
https://ift.tt/p9sVzw1
Submitted March 30, 2022 at 01:47AM by jpierini
via reddit https://ift.tt/zlB2tFy
PlexTrac
Hiring Top Cybersecurity Talent - PlexTrac
Through my experiences and in my research, I found the following job attributes were the most important to cybersecurity professionals.
Spring Cloud Gateway Actuator API SpEL Code Injection (CVE-2022-22947)
https://ift.tt/rJhgcZA
Submitted March 30, 2022 at 12:48PM by Gallus
via reddit https://ift.tt/A2kmG7J
https://ift.tt/rJhgcZA
Submitted March 30, 2022 at 12:48PM by Gallus
via reddit https://ift.tt/A2kmG7J
GitHub
vulhub/spring/CVE-2022-22947 at master · vulhub/vulhub
Pre-Built Vulnerable Environments Based on Docker-Compose - vulhub/vulhub
Spring Cloud Function SPEL Expression Injection Vulnerability Alert
https://ift.tt/vAFPQnr
Submitted March 30, 2022 at 12:07PM by Gallus
via reddit https://ift.tt/QRhKx9I
https://ift.tt/vAFPQnr
Submitted March 30, 2022 at 12:07PM by Gallus
via reddit https://ift.tt/QRhKx9I
NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.
Spring Cloud Function SPEL Expression Injection Vulnerability Alert - NSFOCUS, Inc., a global network and cyber security leader…
Overview Recently, NSFOCUS CERT detected that Spring Cloud officially fixed a SPEL expression injection vulnerability in Spring Cloud Function, because the parameter “spring.cloud.function.routing-expression” in the request header is processed as a Spel expression…
Cisco Nexus Dashboard Fabric Controller unauth web-to-root shell
https://ift.tt/U3r54ZT
Submitted March 30, 2022 at 01:41PM by ChoiceGrapefruit0
via reddit https://ift.tt/e9XBipg
https://ift.tt/U3r54ZT
Submitted March 30, 2022 at 01:41PM by ChoiceGrapefruit0
via reddit https://ift.tt/e9XBipg
GitHub
PoC/DCNMPwn.md at master · pedrib/PoC
Advisories, proof of concept files and exploits that have been made public by @pedrib. - PoC/DCNMPwn.md at master · pedrib/PoC
Decrypting your own HTTPS traffic with Wireshark
https://ift.tt/U4BYoZL
Submitted March 30, 2022 at 01:59PM by Quantum_Rage
via reddit https://ift.tt/sy5lKbx
https://ift.tt/U4BYoZL
Submitted March 30, 2022 at 01:59PM by Quantum_Rage
via reddit https://ift.tt/sy5lKbx
www.trickster.dev
Decrypting your own HTTPS traffic with Wireshark – Trickster Dev
Code level discussion of web scraping, gray hat automation, growth hacking and bounty hunting
A few vulnerabilities discovered in Wyze Cam (CVE-2019-9564, CVE-2019-12266)
https://ift.tt/fY5g92M
Submitted March 30, 2022 at 05:19PM by jaymzu
via reddit https://ift.tt/M9XO1iS
https://ift.tt/fY5g92M
Submitted March 30, 2022 at 05:19PM by jaymzu
via reddit https://ift.tt/M9XO1iS
Threat Alert: First Python Ransomware Attack Targeting Jupyter Notebooks
https://ift.tt/QMARra4
Submitted March 30, 2022 at 06:02PM by esdaniel-
via reddit https://ift.tt/C1ozenl
https://ift.tt/QMARra4
Submitted March 30, 2022 at 06:02PM by esdaniel-
via reddit https://ift.tt/C1ozenl
Aquasec
Threat Alert: First Python Ransomware Attack Targeting Jupyter Notebooks
Team Nautilus uncovered and analyzed the first Python-based ransomware attack that targets misconfigured Jupyter Notebooks in the wild and encrypts files
[OC] Data Exfiltration using RedDrop - A Python Webserver for file and data exfiltration which automatically detects, decodes, decrypts, and transforms data.
https://ift.tt/xtYbVsP
Submitted March 30, 2022 at 07:06PM by cyberbutler
via reddit https://ift.tt/mDPSAdF
https://ift.tt/xtYbVsP
Submitted March 30, 2022 at 07:06PM by cyberbutler
via reddit https://ift.tt/mDPSAdF
Medium
Data Exfiltration using RedDrop
Introducing RedDrop — a quick and easy web server for capturing and processing encoded and encrypted payloads and tar archives.