Background:

A REAL DoS exploit for CVE-2022-21907. Contribute to polakow/CVE-2022-21907 development by creating an account on GitHub.

Posted in r/netsec by u/mstromich • 276 points and 34 comments

Research into potential credential leaks within github metadata

An AV exclusion enumeration tool written in Python. - GitHub - tid4l/TallGrass: An AV exclusion enumeration tool written in Python.

<p>Multiple vulnerabilities have been discovered in Citrix SD-WAN. Citrix SD-WAN is a software defined Wide Area Network (WAN) which can allow for easier management of multiple networks. The most severe of these vulnerabilities contains hard-coded credentials.…

Microsoft Detection and Response Team (DART) researchers have uncovered malware that creates “hidden” scheduled tasks as a defense evasion technique. In this post, we will demonstrate how threat actors create scheduled tasks, how they cover their tracks,…

Providing security research and red team techniques

Microsoft’s April 2022 Patch Tuesday introduced patches to more than a hundred new vulnerabilities in various components. Three critical vulnerabilities were found and patched in Windows RPC (Remote Procedure Call) runtime:
CVE-2022-24492 and CVE-2022-24528…

Explore advanced cybersecurity solutions, providing proactive defense against emerging threats. Learn more about our tailored intelligence, and cybercrime investigation solutions.

Intro to the Office VSTO format, a capability that provides rich capabilities for attackers to phish users and gain code execution

Title CVE-2022-28345 – Signal client for iOS version 5.33.2 and below are vulnerable to RTLO Injection URI Spoofing using malicious URLs such as gepj.net/selif#/moc.elpmaxe which would appear as example.com/#files/ten.jpeg CVE ID CVE-2022-28345 CVSS Score…

Application security issues found by Assetnote

A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to bypass authentication controls and log in to the device through the management interface
This vulnerability…

Team82 discovered a means by which it could blind the popular Snort intrusion detection and prevention system to malicious packets. Learn more with Claroty.

Reporting on a security issue on ABC's iView.

Contribute to DODC/turncoat development by creating an account on GitHub.

Stunner is a tool to test and exploit STUN, TURN and TURN over TCP servers. - GitHub - firefart/stunner: Stunner is a tool to test and exploit STUN, TURN and TURN over TCP servers.

Some time ago I stumbled across a [HackerOne report](https://hackerone.com/reports/333419) about abusing Slacks TURN server for proxy functionality inside their internal network. I found this interesting and decided to take a look at our videoconferencing…

A failed cyberattack on Ukraine's electricity grid could indicate Russia's growing willingness to attack critical infrastructure.