Good hacking tool ressources and review.
https://ift.tt/tqZiTUa
Submitted April 19, 2022 at 10:25AM by subrealz
via reddit https://ift.tt/dk7a3eV
https://ift.tt/tqZiTUa
Submitted April 19, 2022 at 10:25AM by subrealz
via reddit https://ift.tt/dk7a3eV
Quora
Pentester Club Pvt Ltd
Learn Financial Instuments and Ethicla hacking more techniques
Is this real? How it's done? (programs, methods, etc...)
https://ift.tt/CUdHGiE
Submitted April 19, 2022 at 02:03PM by kali_Error
via reddit https://ift.tt/cVml7J6
https://ift.tt/CUdHGiE
Submitted April 19, 2022 at 02:03PM by kali_Error
via reddit https://ift.tt/cVml7J6
Exploiting, detecting, and correcting IAM security misconfigurations
https://ift.tt/Fq9UOKA
Submitted April 19, 2022 at 04:54PM by MiguelHzBz
via reddit https://ift.tt/4eZyh5I
https://ift.tt/Fq9UOKA
Submitted April 19, 2022 at 04:54PM by MiguelHzBz
via reddit https://ift.tt/4eZyh5I
ADMIN Magazine
IAM Security Misconfigurations » ADMIN Magazine
Teaching Burp a new HTTP Transport Encoding
https://ift.tt/j26c8El
Submitted April 19, 2022 at 07:23PM by 0xdea
via reddit https://ift.tt/H3OLZbp
https://ift.tt/j26c8El
Submitted April 19, 2022 at 07:23PM by 0xdea
via reddit https://ift.tt/H3OLZbp
Pentagrid AG
Teaching Burp a new HTTP Transport Encoding
Shielder - Printing Fake Fiscal Receipts - An Italian Job p.1
https://ift.tt/cFMbtd7
Submitted April 19, 2022 at 11:20PM by smaury
via reddit https://ift.tt/Jbdhn1r
https://ift.tt/cFMbtd7
Submitted April 19, 2022 at 11:20PM by smaury
via reddit https://ift.tt/Jbdhn1r
Shielder
Shielder - Printing Fake Fiscal Receipts - An Italian Job p.1
Reverse engineering and analysis of a fiscal printer device for fun and (real) profit.
US Govt Cloud Security Needs ("SCuBA"): including Technical Reference Architecture and Extensible Visibility Reference Framework (eVRF) Guidebook links
https://ift.tt/NbZtCRg
Submitted April 20, 2022 at 03:11AM by ScottContini
via reddit https://ift.tt/LJPmK4C
https://ift.tt/NbZtCRg
Submitted April 20, 2022 at 03:11AM by ScottContini
via reddit https://ift.tt/LJPmK4C
www.cisa.gov
“SCuBA”? It means better visibility, standards and security practices for government cloud | CISA
In recent years, the federal government has leveraged cloud-based software and platform services as a means for greater capacity and accessibility as well as for good financial stewardship. However, moving to the cloud can introduce new types of risks if…
AWS's Log4Shell HotPatch Vulnerable to Container Escape and Privilige Escalation
https://ift.tt/TyX7mVU
Submitted April 20, 2022 at 04:20AM by YuvalAvra
via reddit https://ift.tt/r83tHId
https://ift.tt/TyX7mVU
Submitted April 20, 2022 at 04:20AM by YuvalAvra
via reddit https://ift.tt/r83tHId
Unit 42
AWS's Log4Shell Hot Patch Vulnerable to Container Escape and Privilege Escalation
We identified severe security issues within AWS Log4Shell hot patch solutions. We provide a root cause analysis and overview of fixes and mitigations.
CVE-2022-21449: Psychic Signatures in Java
https://ift.tt/jyCP5bv
Submitted April 20, 2022 at 07:26AM by Gallus
via reddit https://ift.tt/cwSgo5P
https://ift.tt/jyCP5bv
Submitted April 20, 2022 at 07:26AM by Gallus
via reddit https://ift.tt/cwSgo5P
Neil Madden
CVE-2022-21449: Psychic Signatures in Java
The long-running BBC sci-fi show Doctor Who has a recurring plot device where the Doctor manages to get out of trouble by showing an identity card which is actually completely blank. Of course, thi…
A Detailed Analysis of The SunCrypt Ransomware
https://ift.tt/gD9drIO
Submitted April 20, 2022 at 10:30PM by CyberMasterV
via reddit https://ift.tt/LJjFYib
https://ift.tt/gD9drIO
Submitted April 20, 2022 at 10:30PM by CyberMasterV
via reddit https://ift.tt/LJjFYib
SecurityScorecard
10 Ransomware Examples from Recent High-Impact Attacks
Learn from 10 major ransomware examples that disrupted organizations worldwide. Understand attack methods and strengthen your cyber defenses.
SSRF Attack Examples and Mitigations
https://ift.tt/7SZFTap
Submitted April 20, 2022 at 09:52PM by benarent
via reddit https://ift.tt/a1uEwjN
https://ift.tt/7SZFTap
Submitted April 20, 2022 at 09:52PM by benarent
via reddit https://ift.tt/a1uEwjN
Goteleport
How to prevent ssrf attack
Understanding Server-Side Request Forgery (SSRF), vulnerabilities and mitigations.
Threat Hunting for Phishing Pages
https://ift.tt/UpGf5mI
Submitted April 21, 2022 at 12:41AM by mstfknn
via reddit https://ift.tt/cr47eMZ
https://ift.tt/UpGf5mI
Submitted April 21, 2022 at 12:41AM by mstfknn
via reddit https://ift.tt/cr47eMZ
BRANDEFENSE
Threat Hunting For Phishing Pages - BRANDEFENSE
This article will discuss various techniques for catching phishing pages and the main purposes of bad actors.
CVE-2022-21449 detector - Finds possibly vulnerable JAR/WAR files
https://ift.tt/FyzbcYn
Submitted April 21, 2022 at 12:00AM by SRMish3
via reddit https://ift.tt/iZgSk2L
https://ift.tt/FyzbcYn
Submitted April 21, 2022 at 12:00AM by SRMish3
via reddit https://ift.tt/iZgSk2L
GitHub
GitHub - jfrog/jfrog-CVE-2022-21449
Contribute to jfrog/jfrog-CVE-2022-21449 development by creating an account on GitHub.
CVE-2022-21449 PoC demonstrating TLS MITM
https://ift.tt/QCplYTL
Submitted April 21, 2022 at 01:38PM by kmhn
via reddit https://ift.tt/32j6bNz
https://ift.tt/QCplYTL
Submitted April 21, 2022 at 01:38PM by kmhn
via reddit https://ift.tt/32j6bNz
GitHub
GitHub - notkmhn/CVE-2022-21449-TLS-PoC: CVE-2022-21449 Proof of Concept demonstrating its usage with a client running on a vulnerable…
CVE-2022-21449 Proof of Concept demonstrating its usage with a client running on a vulnerable Java version and a malicious TLS server - notkmhn/CVE-2022-21449-TLS-PoC
Hello all, I have release a new version of SCodeScanner v2.1.0 where it contains advance rules and some additonal features. Features includes removing false positives, send outputfile directly to jira and Slack, more info - https://ift.tt/Ur1mH3Z & https://ift.tt/k0Ttqba.
https://ift.tt/Ur1mH3Z
Submitted April 21, 2022 at 04:34PM by agrawal7
via reddit https://ift.tt/UTogbnj
https://ift.tt/Ur1mH3Z
Submitted April 21, 2022 at 04:34PM by agrawal7
via reddit https://ift.tt/UTogbnj
GitHub
GitHub - agrawalsmart7/scodescanner: SCodeScanner stands for Source Code scanner where the user can scans the source code for finding…
SCodeScanner stands for Source Code scanner where the user can scans the source code for finding the Critical Vulnerabilities. - GitHub - agrawalsmart7/scodescanner: SCodeScanner stands for Source...
JBoss EAP/AS <= 6.* RCE - A little bit beyond \xAC\xED
https://ift.tt/0B9iXcP
Submitted April 21, 2022 at 06:30PM by j_jjjj
via reddit https://ift.tt/m8KRtMW
https://ift.tt/0B9iXcP
Submitted April 21, 2022 at 06:30PM by j_jjjj
via reddit https://ift.tt/m8KRtMW
jspin.re - Keep hacking!
JBoss EAP/AS <= 6.* RCE - A little bit beyond \xAC\xED
Time to "leak" this old (but gold) pre-auth RCE affecting some of the Red Hat products. As stated by @joaomatosf this is an old but gold vulnerability found by himself and shared in two distinct security conference in Brazil, this vulnerability was part of…
Abusing Azure Container Registry Tasks from Specter-Ops
https://ift.tt/SJLPX9B
Submitted April 22, 2022 at 12:16PM by gdraperi
via reddit https://ift.tt/wL405tM
https://ift.tt/SJLPX9B
Submitted April 22, 2022 at 12:16PM by gdraperi
via reddit https://ift.tt/wL405tM
Medium
Abusing Azure Container Registry Tasks
Intro and Prior Work
Null ECDSA Signatures - Proof of concept for bypassing JWT signature checks using CVE-2022-21449
https://ift.tt/42nXDb3
Submitted April 22, 2022 at 11:15AM by thorn42
via reddit https://ift.tt/OQXiw6b
https://ift.tt/42nXDb3
Submitted April 22, 2022 at 11:15AM by thorn42
via reddit https://ift.tt/OQXiw6b
GitHub
security-labs-pocs/proof-of-concept-exploits/jwt-null-signature-vulnerable-app at main · DataDog/security-labs-pocs
Proof of concept code for Datadog Security Labs referenced exploits. - DataDog/security-labs-pocs
Hardware Security Talks Announced! Hardwear.io
https://ift.tt/DySYjOE
Submitted April 22, 2022 at 03:19PM by hardweario
via reddit https://ift.tt/JsN3Ib9
https://ift.tt/DySYjOE
Submitted April 22, 2022 at 03:19PM by hardweario
via reddit https://ift.tt/JsN3Ib9
hardwear.io
Speakers | Hardware Security Talks | hardwear.io USA 2022
Conference: 9th - 10th June | Find out speakers for hardwear.io USA 2022
The Illustrated QUIC Connection
https://ift.tt/kjnEfDd
Submitted April 22, 2022 at 07:37PM by syncsynchalt
via reddit https://ift.tt/CpzR2Ug
https://ift.tt/kjnEfDd
Submitted April 22, 2022 at 07:37PM by syncsynchalt
via reddit https://ift.tt/CpzR2Ug
quic.ulfheim.net
The Illustrated QUIC Connection: Every Byte Explained
Every byte of a QUIC connection explained and reproduced
WSO2 RCE (CVE-2022-29464) exploit and writeup
https://ift.tt/xn043cR
Submitted April 22, 2022 at 07:23PM by 0xdea
via reddit https://ift.tt/8IonKTu
https://ift.tt/xn043cR
Submitted April 22, 2022 at 07:23PM by 0xdea
via reddit https://ift.tt/8IonKTu
GitHub
GitHub - hakivvi/CVE-2022-29464: WSO2 RCE (CVE-2022-29464) exploit and writeup.
WSO2 RCE (CVE-2022-29464) exploit and writeup. Contribute to hakivvi/CVE-2022-29464 development by creating an account on GitHub.
No Hardware, No Problem: Emulation and Exploitation
https://ift.tt/dDYbqC0
Submitted April 22, 2022 at 11:27PM by 0xdea
via reddit https://ift.tt/6CzNmvA
https://ift.tt/dDYbqC0
Submitted April 22, 2022 at 11:27PM by 0xdea
via reddit https://ift.tt/6CzNmvA
Grimm-Co
No Hardware, No Problem: Emulation and Exploitation
Vulnerability Hunting for Sport If you've been following our blog, you might notice some favoritism when it comes to embedded targets... We'...