Hello all, I have release a new version of SCodeScanner v2.1.0 where it contains advance rules and some additonal features. Features includes removing false positives, send outputfile directly to jira and Slack, more info - https://ift.tt/Ur1mH3Z & https://ift.tt/k0Ttqba.
https://ift.tt/Ur1mH3Z
Submitted April 21, 2022 at 04:34PM by agrawal7
via reddit https://ift.tt/UTogbnj
https://ift.tt/Ur1mH3Z
Submitted April 21, 2022 at 04:34PM by agrawal7
via reddit https://ift.tt/UTogbnj
GitHub
GitHub - agrawalsmart7/scodescanner: SCodeScanner stands for Source Code scanner where the user can scans the source code for finding…
SCodeScanner stands for Source Code scanner where the user can scans the source code for finding the Critical Vulnerabilities. - GitHub - agrawalsmart7/scodescanner: SCodeScanner stands for Source...
JBoss EAP/AS <= 6.* RCE - A little bit beyond \xAC\xED
https://ift.tt/0B9iXcP
Submitted April 21, 2022 at 06:30PM by j_jjjj
via reddit https://ift.tt/m8KRtMW
https://ift.tt/0B9iXcP
Submitted April 21, 2022 at 06:30PM by j_jjjj
via reddit https://ift.tt/m8KRtMW
jspin.re - Keep hacking!
JBoss EAP/AS <= 6.* RCE - A little bit beyond \xAC\xED
Time to "leak" this old (but gold) pre-auth RCE affecting some of the Red Hat products. As stated by @joaomatosf this is an old but gold vulnerability found by himself and shared in two distinct security conference in Brazil, this vulnerability was part of…
Abusing Azure Container Registry Tasks from Specter-Ops
https://ift.tt/SJLPX9B
Submitted April 22, 2022 at 12:16PM by gdraperi
via reddit https://ift.tt/wL405tM
https://ift.tt/SJLPX9B
Submitted April 22, 2022 at 12:16PM by gdraperi
via reddit https://ift.tt/wL405tM
Medium
Abusing Azure Container Registry Tasks
Intro and Prior Work
Null ECDSA Signatures - Proof of concept for bypassing JWT signature checks using CVE-2022-21449
https://ift.tt/42nXDb3
Submitted April 22, 2022 at 11:15AM by thorn42
via reddit https://ift.tt/OQXiw6b
https://ift.tt/42nXDb3
Submitted April 22, 2022 at 11:15AM by thorn42
via reddit https://ift.tt/OQXiw6b
GitHub
security-labs-pocs/proof-of-concept-exploits/jwt-null-signature-vulnerable-app at main · DataDog/security-labs-pocs
Proof of concept code for Datadog Security Labs referenced exploits. - DataDog/security-labs-pocs
Hardware Security Talks Announced! Hardwear.io
https://ift.tt/DySYjOE
Submitted April 22, 2022 at 03:19PM by hardweario
via reddit https://ift.tt/JsN3Ib9
https://ift.tt/DySYjOE
Submitted April 22, 2022 at 03:19PM by hardweario
via reddit https://ift.tt/JsN3Ib9
hardwear.io
Speakers | Hardware Security Talks | hardwear.io USA 2022
Conference: 9th - 10th June | Find out speakers for hardwear.io USA 2022
The Illustrated QUIC Connection
https://ift.tt/kjnEfDd
Submitted April 22, 2022 at 07:37PM by syncsynchalt
via reddit https://ift.tt/CpzR2Ug
https://ift.tt/kjnEfDd
Submitted April 22, 2022 at 07:37PM by syncsynchalt
via reddit https://ift.tt/CpzR2Ug
quic.ulfheim.net
The Illustrated QUIC Connection: Every Byte Explained
Every byte of a QUIC connection explained and reproduced
WSO2 RCE (CVE-2022-29464) exploit and writeup
https://ift.tt/xn043cR
Submitted April 22, 2022 at 07:23PM by 0xdea
via reddit https://ift.tt/8IonKTu
https://ift.tt/xn043cR
Submitted April 22, 2022 at 07:23PM by 0xdea
via reddit https://ift.tt/8IonKTu
GitHub
GitHub - hakivvi/CVE-2022-29464: WSO2 RCE (CVE-2022-29464) exploit and writeup.
WSO2 RCE (CVE-2022-29464) exploit and writeup. Contribute to hakivvi/CVE-2022-29464 development by creating an account on GitHub.
No Hardware, No Problem: Emulation and Exploitation
https://ift.tt/dDYbqC0
Submitted April 22, 2022 at 11:27PM by 0xdea
via reddit https://ift.tt/6CzNmvA
https://ift.tt/dDYbqC0
Submitted April 22, 2022 at 11:27PM by 0xdea
via reddit https://ift.tt/6CzNmvA
Grimm-Co
No Hardware, No Problem: Emulation and Exploitation
Vulnerability Hunting for Sport If you've been following our blog, you might notice some favoritism when it comes to embedded targets... We'...
Cliam: better cloud agnostic IAM permissions enumerator. Covers AWS and GCP, but more to come!
https://ift.tt/FZb9V7u
Submitted April 23, 2022 at 07:09AM by securisec
via reddit https://ift.tt/YoN2Ht0
https://ift.tt/FZb9V7u
Submitted April 23, 2022 at 07:09AM by securisec
via reddit https://ift.tt/YoN2Ht0
GitHub
GitHub - securisec/cliam: Cloud agnostic IAM permissions enumerator
Cloud agnostic IAM permissions enumerator. Contribute to securisec/cliam development by creating an account on GitHub.
Are vulnerability scores misleading you? Understanding CVSS severity and using them effectively
https://ift.tt/mbB57jJ
Submitted April 23, 2022 at 12:28PM by MiguelHzBz
via reddit https://ift.tt/0mkjDWt
https://ift.tt/mbB57jJ
Submitted April 23, 2022 at 12:28PM by MiguelHzBz
via reddit https://ift.tt/0mkjDWt
Sysdig
Are vulnerability scores misleading you? Understanding CVSS score – Sysdig
Understanding CVSS score is crucial to plan the vulnerability mitigation process using prioritization to reduce noise
Writing a zero findings pentest report
https://ift.tt/beMmocr
Submitted April 23, 2022 at 10:46PM by DiabloHorn
via reddit https://ift.tt/P2Jaiuv
https://ift.tt/beMmocr
Submitted April 23, 2022 at 10:46PM by DiabloHorn
via reddit https://ift.tt/P2Jaiuv
DiabloHorn
Writing a zero findings pentest report
Recently I came across a tweet by @CristiVlad25 asking about what you should write in a pentest report, when there are no findings? I did a quick quote tweet with the first thoughts that came to mi…
FREE ICS related CTF prested by CISA
https://icsjwgctf.com/
Submitted April 24, 2022 at 06:44AM by 1winway
via reddit https://ift.tt/RwW8zJl
https://icsjwgctf.com/
Submitted April 24, 2022 at 06:44AM by 1winway
via reddit https://ift.tt/RwW8zJl
reddit
FREE ICS related CTF prested by CISA
Posted in r/netsec by u/1winway • 86 points and 7 comments
Password peppering and salting
https://ift.tt/LuV1Jgr
Submitted April 25, 2022 at 07:35AM by wpg4665
via reddit https://ift.tt/hqzDEew
https://ift.tt/LuV1Jgr
Submitted April 25, 2022 at 07:35AM by wpg4665
via reddit https://ift.tt/hqzDEew
MUO
What Is Peppering in Password Security and How Does It Work?
You've probably heard about salting passwords, but a further technique, peppering, makes them even more secure. Here's how.
Static unpacker and decoder for Hello Kitty Packer
https://ift.tt/0eLufWm
Submitted April 25, 2022 at 11:27PM by GelosSnake
via reddit https://ift.tt/7nYqcWR
https://ift.tt/0eLufWm
Submitted April 25, 2022 at 11:27PM by GelosSnake
via reddit https://ift.tt/7nYqcWR
Medium
Static unpacker and decoder for Hello Kitty Packer
During a recent incident response engagement, the Profero IR team observed a sample of Hello Kitty ransomware. This version of ransomware…
New CloudGoat scenario: Vulnerable-by-Design Lambda functions
https://ift.tt/s5XRkPA
Submitted April 26, 2022 at 10:15PM by hackers_and_builders
via reddit https://ift.tt/ZSfxUEK
https://ift.tt/s5XRkPA
Submitted April 26, 2022 at 10:15PM by hackers_and_builders
via reddit https://ift.tt/ZSfxUEK
Rhino Security Labs
CloudGoat goes Serverless: A walkthrough of Vulnerable Lambda Functions - Rhino Security Labs
This post walks through exploiting serverless environments and AWS Lambda functions via the CloudGoat vulnerable_lambda scenario.
Thinkstscapes Q1 2022 research round-up
https://ift.tt/aZeyILU
Submitted April 27, 2022 at 01:49AM by ranok
via reddit https://ift.tt/83SyDs2
https://ift.tt/aZeyILU
Submitted April 27, 2022 at 01:49AM by ranok
via reddit https://ift.tt/83SyDs2
KrbRelayUp - local privilege escalation in Windows domain environments where LDAP signing is not enforced
https://ift.tt/zMLa2dP
Submitted April 27, 2022 at 01:56AM by 0xdea
via reddit https://ift.tt/kaLsBFn
https://ift.tt/zMLa2dP
Submitted April 27, 2022 at 01:56AM by 0xdea
via reddit https://ift.tt/kaLsBFn
GitHub
GitHub - Dec0ne/KrbRelayUp: KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP…
KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings). - Dec0ne/KrbRelayUp
Introduction to VirtualBox security research and fuzzing
https://ift.tt/7SW82vV
Submitted April 27, 2022 at 01:53AM by nibblesec
via reddit https://ift.tt/Md5THA9
https://ift.tt/7SW82vV
Submitted April 27, 2022 at 01:53AM by nibblesec
via reddit https://ift.tt/Md5THA9
Doyensec
Introduction to VirtualBox security research · Doyensec's Blog
Doyensec's Blog :: Doyensec is an independent security research and development company focused on vulnerability discovery and remediation.
Kubernetes Security Series - https://ift.tt/mTq6O3Y
https://ift.tt/mTq6O3Y
Submitted April 27, 2022 at 11:40AM by agrawal7
via reddit https://ift.tt/J90KzpU
https://ift.tt/mTq6O3Y
Submitted April 27, 2022 at 11:40AM by agrawal7
via reddit https://ift.tt/J90KzpU
smart7.in
Kubernetes Cluster: Attack and Defense Perspective Part-2 - Security Blogs
Hi all,
CVE-2021-22204 : Exploiting remote code execution within VirusTotal platform in order to gain access to its various scans capabilities
https://ift.tt/UJN8poz
Submitted April 27, 2022 at 09:26AM by Late_Ice_9288
via reddit https://ift.tt/kjDmaU7
https://ift.tt/UJN8poz
Submitted April 27, 2022 at 09:26AM by Late_Ice_9288
via reddit https://ift.tt/kjDmaU7
Reddit
r/netsec on Reddit: CVE-2021-22204 : Exploiting remote code execution within VirusTotal platform in order to gain access to its…
Posted by u/Late_Ice_9288 - 5 votes and 4 comments
Package Planting: Are You [Unknowingly] Maintaining Poisoned Packages?
https://ift.tt/BxUGT65
Submitted April 27, 2022 at 10:36AM by mkatch
via reddit https://ift.tt/xsJBuDQ
https://ift.tt/BxUGT65
Submitted April 27, 2022 at 10:36AM by mkatch
via reddit https://ift.tt/xsJBuDQ
Aquasec
Package Planting: Are You [Unknowingly] Maintaining Poisoned Packages?
Team Nautilus found a flaw in npm that allows attackers to perform package planting and masquerade a malicious package as legitimate to trick developers