Writing a zero findings pentest report
https://ift.tt/beMmocr
Submitted April 23, 2022 at 10:46PM by DiabloHorn
via reddit https://ift.tt/P2Jaiuv
https://ift.tt/beMmocr
Submitted April 23, 2022 at 10:46PM by DiabloHorn
via reddit https://ift.tt/P2Jaiuv
DiabloHorn
Writing a zero findings pentest report
Recently I came across a tweet by @CristiVlad25 asking about what you should write in a pentest report, when there are no findings? I did a quick quote tweet with the first thoughts that came to mi…
FREE ICS related CTF prested by CISA
https://icsjwgctf.com/
Submitted April 24, 2022 at 06:44AM by 1winway
via reddit https://ift.tt/RwW8zJl
https://icsjwgctf.com/
Submitted April 24, 2022 at 06:44AM by 1winway
via reddit https://ift.tt/RwW8zJl
reddit
FREE ICS related CTF prested by CISA
Posted in r/netsec by u/1winway • 86 points and 7 comments
Password peppering and salting
https://ift.tt/LuV1Jgr
Submitted April 25, 2022 at 07:35AM by wpg4665
via reddit https://ift.tt/hqzDEew
https://ift.tt/LuV1Jgr
Submitted April 25, 2022 at 07:35AM by wpg4665
via reddit https://ift.tt/hqzDEew
MUO
What Is Peppering in Password Security and How Does It Work?
You've probably heard about salting passwords, but a further technique, peppering, makes them even more secure. Here's how.
Static unpacker and decoder for Hello Kitty Packer
https://ift.tt/0eLufWm
Submitted April 25, 2022 at 11:27PM by GelosSnake
via reddit https://ift.tt/7nYqcWR
https://ift.tt/0eLufWm
Submitted April 25, 2022 at 11:27PM by GelosSnake
via reddit https://ift.tt/7nYqcWR
Medium
Static unpacker and decoder for Hello Kitty Packer
During a recent incident response engagement, the Profero IR team observed a sample of Hello Kitty ransomware. This version of ransomware…
New CloudGoat scenario: Vulnerable-by-Design Lambda functions
https://ift.tt/s5XRkPA
Submitted April 26, 2022 at 10:15PM by hackers_and_builders
via reddit https://ift.tt/ZSfxUEK
https://ift.tt/s5XRkPA
Submitted April 26, 2022 at 10:15PM by hackers_and_builders
via reddit https://ift.tt/ZSfxUEK
Rhino Security Labs
CloudGoat goes Serverless: A walkthrough of Vulnerable Lambda Functions - Rhino Security Labs
This post walks through exploiting serverless environments and AWS Lambda functions via the CloudGoat vulnerable_lambda scenario.
Thinkstscapes Q1 2022 research round-up
https://ift.tt/aZeyILU
Submitted April 27, 2022 at 01:49AM by ranok
via reddit https://ift.tt/83SyDs2
https://ift.tt/aZeyILU
Submitted April 27, 2022 at 01:49AM by ranok
via reddit https://ift.tt/83SyDs2
KrbRelayUp - local privilege escalation in Windows domain environments where LDAP signing is not enforced
https://ift.tt/zMLa2dP
Submitted April 27, 2022 at 01:56AM by 0xdea
via reddit https://ift.tt/kaLsBFn
https://ift.tt/zMLa2dP
Submitted April 27, 2022 at 01:56AM by 0xdea
via reddit https://ift.tt/kaLsBFn
GitHub
GitHub - Dec0ne/KrbRelayUp: KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP…
KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings). - Dec0ne/KrbRelayUp
Introduction to VirtualBox security research and fuzzing
https://ift.tt/7SW82vV
Submitted April 27, 2022 at 01:53AM by nibblesec
via reddit https://ift.tt/Md5THA9
https://ift.tt/7SW82vV
Submitted April 27, 2022 at 01:53AM by nibblesec
via reddit https://ift.tt/Md5THA9
Doyensec
Introduction to VirtualBox security research · Doyensec's Blog
Doyensec's Blog :: Doyensec is an independent security research and development company focused on vulnerability discovery and remediation.
Kubernetes Security Series - https://ift.tt/mTq6O3Y
https://ift.tt/mTq6O3Y
Submitted April 27, 2022 at 11:40AM by agrawal7
via reddit https://ift.tt/J90KzpU
https://ift.tt/mTq6O3Y
Submitted April 27, 2022 at 11:40AM by agrawal7
via reddit https://ift.tt/J90KzpU
smart7.in
Kubernetes Cluster: Attack and Defense Perspective Part-2 - Security Blogs
Hi all,
CVE-2021-22204 : Exploiting remote code execution within VirusTotal platform in order to gain access to its various scans capabilities
https://ift.tt/UJN8poz
Submitted April 27, 2022 at 09:26AM by Late_Ice_9288
via reddit https://ift.tt/kjDmaU7
https://ift.tt/UJN8poz
Submitted April 27, 2022 at 09:26AM by Late_Ice_9288
via reddit https://ift.tt/kjDmaU7
Reddit
r/netsec on Reddit: CVE-2021-22204 : Exploiting remote code execution within VirusTotal platform in order to gain access to its…
Posted by u/Late_Ice_9288 - 5 votes and 4 comments
Package Planting: Are You [Unknowingly] Maintaining Poisoned Packages?
https://ift.tt/BxUGT65
Submitted April 27, 2022 at 10:36AM by mkatch
via reddit https://ift.tt/xsJBuDQ
https://ift.tt/BxUGT65
Submitted April 27, 2022 at 10:36AM by mkatch
via reddit https://ift.tt/xsJBuDQ
Aquasec
Package Planting: Are You [Unknowingly] Maintaining Poisoned Packages?
Team Nautilus found a flaw in npm that allows attackers to perform package planting and masquerade a malicious package as legitimate to trick developers
Encrypting our way to SSRF in VMWare Workspace One UEM/Airwatch (CVE-2021-22054)
https://ift.tt/zVke5N1
Submitted April 27, 2022 at 03:23PM by FireFart
via reddit https://ift.tt/5j2L3zb
https://ift.tt/zVke5N1
Submitted April 27, 2022 at 03:23PM by FireFart
via reddit https://ift.tt/5j2L3zb
Assetnote
Encrypting our way to SSRF in VMWare Workspace One UEM (CVE-2021-22054)
Application security issues found by Assetnote
Hands-on lab for exploiting Psychic Signatures in JWTs
https://ift.tt/aMZ4EN6
Submitted April 27, 2022 at 06:05PM by DebugDucky
via reddit https://ift.tt/0OdDzx1
https://ift.tt/aMZ4EN6
Submitted April 27, 2022 at 06:05PM by DebugDucky
via reddit https://ift.tt/0OdDzx1
Securecodewarrior
Psychic Signatures - what you need to know
Psychic Signature vulnerability lies in the crypto for ECDSA signatures, which protects systems for critical tasks like authentication. Hackers can bypass any signature check with this vulnerability. We will explain what it is and how to mitigate it in this…
Reverse Engineering PsExec for fun and knowledge
https://ift.tt/mYSFT9l
Submitted April 27, 2022 at 08:42PM by CyberMasterV
via reddit https://ift.tt/9B6zidH
https://ift.tt/mYSFT9l
Submitted April 27, 2022 at 08:42PM by CyberMasterV
via reddit https://ift.tt/9B6zidH
A flow-based IDS using Machine Learning in eBPF
https://ift.tt/B2EuhqU
Submitted April 27, 2022 at 10:59PM by paran0ide
via reddit https://ift.tt/stf0Tmg
https://ift.tt/B2EuhqU
Submitted April 27, 2022 at 10:59PM by paran0ide
via reddit https://ift.tt/stf0Tmg
Reddit
[deleted by user] : r/netsec
494K subscribers in the netsec community. /r/netsec is a community-curated aggregator of technical information security content. Our mission is to…
DEGU: userland kit that doesn't use sys_clone/sys_execve call to run
https://ift.tt/9H4OiIJ
Submitted April 28, 2022 at 02:06AM by Background-Degree-50
via reddit https://ift.tt/svRSZrY
https://ift.tt/9H4OiIJ
Submitted April 28, 2022 at 02:06AM by Background-Degree-50
via reddit https://ift.tt/svRSZrY
GitHub
GitHub - io-tl/degu-lib: stealth userland kit that doesn't use sys_clone/sys_execve call
stealth userland kit that doesn't use sys_clone/sys_execve call - GitHub - io-tl/degu-lib: stealth userland kit that doesn't use sys_clone/sys_execve call
Looking For Vulnerable Redis Servers (CVE-2022-0543)
https://ift.tt/c5ULqB9
Submitted April 28, 2022 at 02:40AM by chicksdigthelongrun
via reddit https://ift.tt/uGTWNHm
https://ift.tt/c5ULqB9
Submitted April 28, 2022 at 02:40AM by chicksdigthelongrun
via reddit https://ift.tt/uGTWNHm
AttackerKB
CVE-2022-0543 | AttackerKB
It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could resul…
Commit Level Vulnerability Dataset
https://ift.tt/He7FJCB
Submitted April 28, 2022 at 10:45AM by paran0ide
via reddit https://ift.tt/N3sjh8Q
https://ift.tt/He7FJCB
Submitted April 28, 2022 at 10:45AM by paran0ide
via reddit https://ift.tt/N3sjh8Q
Quarkslab
Commit Level Vulnerability Dataset
Elevation of privilege Linux vulnerability: Nimbuspwn
https://ift.tt/TRLyn5D
Submitted April 28, 2022 at 12:01PM by 0xdea
via reddit https://ift.tt/TI89bmY
https://ift.tt/TRLyn5D
Submitted April 28, 2022 at 12:01PM by 0xdea
via reddit https://ift.tt/TI89bmY
Microsoft News
Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn
Microsoft has discovered several vulnerabilities, collectively referred to as Nimbuspwn, that could be chained together, allowing an attacker to elevate privileges to root on many Linux desktop endpoints. Leveraging Nimbuspwn as a vector for root access could…
FindFunc: An IDA plugin for advanced function matching by assembly template, constants, string/name/byte reference
https://ift.tt/zJmV9ct
Submitted April 28, 2022 at 12:23PM by feberx
via reddit https://ift.tt/8iSKp4V
https://ift.tt/zJmV9ct
Submitted April 28, 2022 at 12:23PM by feberx
via reddit https://ift.tt/8iSKp4V
GitHub
GitHub - FelixBer/FindFunc: FindFunc is an IDA Pro plugin to find code functions that contain a certain assembly or byte pattern…
FindFunc is an IDA Pro plugin to find code functions that contain a certain assembly or byte pattern, reference a certain name or string, or conform to various other constraints. - GitHub - FelixBe...
nimbuspwn detector (CVE-2022-29799 & CVE-2022-29800) - check whether local system is possibly vulnerable
https://ift.tt/KrMCyp0
Submitted April 28, 2022 at 06:13PM by SRMish3
via reddit https://ift.tt/yWIRJiS
https://ift.tt/KrMCyp0
Submitted April 28, 2022 at 06:13PM by SRMish3
via reddit https://ift.tt/yWIRJiS
GitHub
GitHub - jfrog/nimbuspwn-tools
Contribute to jfrog/nimbuspwn-tools development by creating an account on GitHub.