Intro to the Office VSTO format, a capability that provides rich capabilities for attackers to phish users and gain code execution

Title CVE-2022-28345 – Signal client for iOS version 5.33.2 and below are vulnerable to RTLO Injection URI Spoofing using malicious URLs such as gepj.net/selif#/moc.elpmaxe which would appear as example.com/#files/ten.jpeg CVE ID CVE-2022-28345 CVSS Score…

Application security issues found by Assetnote

A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to bypass authentication controls and log in to the device through the management interface
This vulnerability…

Team82 discovered a means by which it could blind the popular Snort intrusion detection and prevention system to malicious packets. Learn more with Claroty.

Reporting on a security issue on ABC's iView.

Contribute to DODC/turncoat development by creating an account on GitHub.

Stunner is a tool to test and exploit STUN, TURN and TURN over TCP servers. - GitHub - firefart/stunner: Stunner is a tool to test and exploit STUN, TURN and TURN over TCP servers.

Some time ago I stumbled across a [HackerOne report](https://hackerone.com/reports/333419) about abusing Slacks TURN server for proxy functionality inside their internal network. I found this interesting and decided to take a look at our videoconferencing…

A failed cyberattack on Ukraine's electricity grid could indicate Russia's growing willingness to attack critical infrastructure.

On April 12, GitHub Security began an investigation that uncovered evidence that an attacker abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including npm. Read…

Background:

Spock is a shared library that hooks OpenSSL to detect, block and log attacks like buffer overflow, path traversal, XXE and SQL injection. - GitHub - CoolerVoid/spock_slaf: Spock is a shared librar...

Contribute to netspooky/protocols development by creating an account on GitHub.

Semgrep rules for smart contracts based on DeFi exploits - GitHub - Decurity/semgrep-smart-contracts: Semgrep rules for smart contracts based on DeFi exploits

I participated in THCon 2k22 CTF and amongst the incredible “web” challenges - my favorite was “Local Card Maker” (made by jrjgjk). In this post I’ll describe the challenge and my step-by-step solution.

Background:

Posted in r/netsec by u/Late_Ice_9288 • 4 points and 0 comments

Learn Financial Instuments and Ethicla hacking more techniques