Packets Remystified: Broadcast Brujería
https://ift.tt/Px0HoX1
Submitted April 17, 2022 at 11:58AM by 0xdea
via reddit https://ift.tt/8wDUOPZ
https://ift.tt/Px0HoX1
Submitted April 17, 2022 at 11:58AM by 0xdea
via reddit https://ift.tt/8wDUOPZ
GitHub
protocols/broadcast_brujeria at main · netspooky/protocols
Contribute to netspooky/protocols development by creating an account on GitHub.
Semgrep rules for smart contracts based on DeFi exploits
https://ift.tt/1Gnh48T
Submitted April 18, 2022 at 12:58AM by iterablewords
via reddit https://ift.tt/5IluJPX
https://ift.tt/1Gnh48T
Submitted April 18, 2022 at 12:58AM by iterablewords
via reddit https://ift.tt/5IluJPX
GitHub
GitHub - Decurity/semgrep-smart-contracts: Semgrep rules for smart contracts based on DeFi exploits
Semgrep rules for smart contracts based on DeFi exploits - GitHub - Decurity/semgrep-smart-contracts: Semgrep rules for smart contracts based on DeFi exploits
THCon CTF Writeup - SHA-1 exploitation, PHP LFI and RCE
https://ift.tt/xHgdm0v
Submitted April 18, 2022 at 02:35AM by GuyLewin
via reddit https://ift.tt/ciPzyYh
https://ift.tt/xHgdm0v
Submitted April 18, 2022 at 02:35AM by GuyLewin
via reddit https://ift.tt/ciPzyYh
Guy Lewin’s Blog
THCon 2k22 CTF - “Local Card Maker” Writeup
I participated in THCon 2k22 CTF and amongst the incredible “web” challenges - my favorite was “Local Card Maker” (made by jrjgjk). In this post I’ll describe the challenge and my step-by-step solution.
Was this Russian Malware Actually a Ukrainian Inside Job? You decide
https://ift.tt/6rNzR5Y
Submitted April 19, 2022 at 02:02AM by entropydaemon5
via reddit https://ift.tt/8CT3Sfk
https://ift.tt/6rNzR5Y
Submitted April 19, 2022 at 02:02AM by entropydaemon5
via reddit https://ift.tt/8CT3Sfk
Medium
Industroyer2: The Worst Sequel
Background:
MITRE Engenuity ATT&CK results are out
https://ift.tt/XNLQcY9
Submitted April 19, 2022 at 04:45AM by DanielWalker12
via reddit https://ift.tt/gETJZjK
https://ift.tt/XNLQcY9
Submitted April 19, 2022 at 04:45AM by DanielWalker12
via reddit https://ift.tt/gETJZjK
CVE-2022-26809 : Remote Procedure Call Runtime Vulnerability
https://ift.tt/v4enwsW
Submitted April 19, 2022 at 07:23AM by Late_Ice_9288
via reddit https://ift.tt/a4VSqMR
https://ift.tt/v4enwsW
Submitted April 19, 2022 at 07:23AM by Late_Ice_9288
via reddit https://ift.tt/a4VSqMR
reddit
CVE-2022-26809 : Remote Procedure Call Runtime Vulnerability
Posted in r/netsec by u/Late_Ice_9288 • 4 points and 0 comments
Good hacking tool ressources and review.
https://ift.tt/tqZiTUa
Submitted April 19, 2022 at 10:25AM by subrealz
via reddit https://ift.tt/dk7a3eV
https://ift.tt/tqZiTUa
Submitted April 19, 2022 at 10:25AM by subrealz
via reddit https://ift.tt/dk7a3eV
Quora
Pentester Club Pvt Ltd
Learn Financial Instuments and Ethicla hacking more techniques
Is this real? How it's done? (programs, methods, etc...)
https://ift.tt/CUdHGiE
Submitted April 19, 2022 at 02:03PM by kali_Error
via reddit https://ift.tt/cVml7J6
https://ift.tt/CUdHGiE
Submitted April 19, 2022 at 02:03PM by kali_Error
via reddit https://ift.tt/cVml7J6
Exploiting, detecting, and correcting IAM security misconfigurations
https://ift.tt/Fq9UOKA
Submitted April 19, 2022 at 04:54PM by MiguelHzBz
via reddit https://ift.tt/4eZyh5I
https://ift.tt/Fq9UOKA
Submitted April 19, 2022 at 04:54PM by MiguelHzBz
via reddit https://ift.tt/4eZyh5I
ADMIN Magazine
IAM Security Misconfigurations » ADMIN Magazine
Teaching Burp a new HTTP Transport Encoding
https://ift.tt/j26c8El
Submitted April 19, 2022 at 07:23PM by 0xdea
via reddit https://ift.tt/H3OLZbp
https://ift.tt/j26c8El
Submitted April 19, 2022 at 07:23PM by 0xdea
via reddit https://ift.tt/H3OLZbp
Pentagrid AG
Teaching Burp a new HTTP Transport Encoding
Shielder - Printing Fake Fiscal Receipts - An Italian Job p.1
https://ift.tt/cFMbtd7
Submitted April 19, 2022 at 11:20PM by smaury
via reddit https://ift.tt/Jbdhn1r
https://ift.tt/cFMbtd7
Submitted April 19, 2022 at 11:20PM by smaury
via reddit https://ift.tt/Jbdhn1r
Shielder
Shielder - Printing Fake Fiscal Receipts - An Italian Job p.1
Reverse engineering and analysis of a fiscal printer device for fun and (real) profit.
US Govt Cloud Security Needs ("SCuBA"): including Technical Reference Architecture and Extensible Visibility Reference Framework (eVRF) Guidebook links
https://ift.tt/NbZtCRg
Submitted April 20, 2022 at 03:11AM by ScottContini
via reddit https://ift.tt/LJPmK4C
https://ift.tt/NbZtCRg
Submitted April 20, 2022 at 03:11AM by ScottContini
via reddit https://ift.tt/LJPmK4C
www.cisa.gov
“SCuBA”? It means better visibility, standards and security practices for government cloud | CISA
In recent years, the federal government has leveraged cloud-based software and platform services as a means for greater capacity and accessibility as well as for good financial stewardship. However, moving to the cloud can introduce new types of risks if…
AWS's Log4Shell HotPatch Vulnerable to Container Escape and Privilige Escalation
https://ift.tt/TyX7mVU
Submitted April 20, 2022 at 04:20AM by YuvalAvra
via reddit https://ift.tt/r83tHId
https://ift.tt/TyX7mVU
Submitted April 20, 2022 at 04:20AM by YuvalAvra
via reddit https://ift.tt/r83tHId
Unit 42
AWS's Log4Shell Hot Patch Vulnerable to Container Escape and Privilege Escalation
We identified severe security issues within AWS Log4Shell hot patch solutions. We provide a root cause analysis and overview of fixes and mitigations.
CVE-2022-21449: Psychic Signatures in Java
https://ift.tt/jyCP5bv
Submitted April 20, 2022 at 07:26AM by Gallus
via reddit https://ift.tt/cwSgo5P
https://ift.tt/jyCP5bv
Submitted April 20, 2022 at 07:26AM by Gallus
via reddit https://ift.tt/cwSgo5P
Neil Madden
CVE-2022-21449: Psychic Signatures in Java
The long-running BBC sci-fi show Doctor Who has a recurring plot device where the Doctor manages to get out of trouble by showing an identity card which is actually completely blank. Of course, thi…
A Detailed Analysis of The SunCrypt Ransomware
https://ift.tt/gD9drIO
Submitted April 20, 2022 at 10:30PM by CyberMasterV
via reddit https://ift.tt/LJjFYib
https://ift.tt/gD9drIO
Submitted April 20, 2022 at 10:30PM by CyberMasterV
via reddit https://ift.tt/LJjFYib
SecurityScorecard
10 Ransomware Examples from Recent High-Impact Attacks
Learn from 10 major ransomware examples that disrupted organizations worldwide. Understand attack methods and strengthen your cyber defenses.
SSRF Attack Examples and Mitigations
https://ift.tt/7SZFTap
Submitted April 20, 2022 at 09:52PM by benarent
via reddit https://ift.tt/a1uEwjN
https://ift.tt/7SZFTap
Submitted April 20, 2022 at 09:52PM by benarent
via reddit https://ift.tt/a1uEwjN
Goteleport
How to prevent ssrf attack
Understanding Server-Side Request Forgery (SSRF), vulnerabilities and mitigations.
Threat Hunting for Phishing Pages
https://ift.tt/UpGf5mI
Submitted April 21, 2022 at 12:41AM by mstfknn
via reddit https://ift.tt/cr47eMZ
https://ift.tt/UpGf5mI
Submitted April 21, 2022 at 12:41AM by mstfknn
via reddit https://ift.tt/cr47eMZ
BRANDEFENSE
Threat Hunting For Phishing Pages - BRANDEFENSE
This article will discuss various techniques for catching phishing pages and the main purposes of bad actors.
CVE-2022-21449 detector - Finds possibly vulnerable JAR/WAR files
https://ift.tt/FyzbcYn
Submitted April 21, 2022 at 12:00AM by SRMish3
via reddit https://ift.tt/iZgSk2L
https://ift.tt/FyzbcYn
Submitted April 21, 2022 at 12:00AM by SRMish3
via reddit https://ift.tt/iZgSk2L
GitHub
GitHub - jfrog/jfrog-CVE-2022-21449
Contribute to jfrog/jfrog-CVE-2022-21449 development by creating an account on GitHub.
CVE-2022-21449 PoC demonstrating TLS MITM
https://ift.tt/QCplYTL
Submitted April 21, 2022 at 01:38PM by kmhn
via reddit https://ift.tt/32j6bNz
https://ift.tt/QCplYTL
Submitted April 21, 2022 at 01:38PM by kmhn
via reddit https://ift.tt/32j6bNz
GitHub
GitHub - notkmhn/CVE-2022-21449-TLS-PoC: CVE-2022-21449 Proof of Concept demonstrating its usage with a client running on a vulnerable…
CVE-2022-21449 Proof of Concept demonstrating its usage with a client running on a vulnerable Java version and a malicious TLS server - notkmhn/CVE-2022-21449-TLS-PoC
Hello all, I have release a new version of SCodeScanner v2.1.0 where it contains advance rules and some additonal features. Features includes removing false positives, send outputfile directly to jira and Slack, more info - https://ift.tt/Ur1mH3Z & https://ift.tt/k0Ttqba.
https://ift.tt/Ur1mH3Z
Submitted April 21, 2022 at 04:34PM by agrawal7
via reddit https://ift.tt/UTogbnj
https://ift.tt/Ur1mH3Z
Submitted April 21, 2022 at 04:34PM by agrawal7
via reddit https://ift.tt/UTogbnj
GitHub
GitHub - agrawalsmart7/scodescanner: SCodeScanner stands for Source Code scanner where the user can scans the source code for finding…
SCodeScanner stands for Source Code scanner where the user can scans the source code for finding the Critical Vulnerabilities. - GitHub - agrawalsmart7/scodescanner: SCodeScanner stands for Source...
JBoss EAP/AS <= 6.* RCE - A little bit beyond \xAC\xED
https://ift.tt/0B9iXcP
Submitted April 21, 2022 at 06:30PM by j_jjjj
via reddit https://ift.tt/m8KRtMW
https://ift.tt/0B9iXcP
Submitted April 21, 2022 at 06:30PM by j_jjjj
via reddit https://ift.tt/m8KRtMW
jspin.re - Keep hacking!
JBoss EAP/AS <= 6.* RCE - A little bit beyond \xAC\xED
Time to "leak" this old (but gold) pre-auth RCE affecting some of the Red Hat products. As stated by @joaomatosf this is an old but gold vulnerability found by himself and shared in two distinct security conference in Brazil, this vulnerability was part of…