The Far Point of a Static Encounter
https://ift.tt/tr1Yxei
Submitted June 24, 2022 at 09:44AM by amirshk
via reddit https://ift.tt/Zd0SWlD
https://ift.tt/tr1Yxei
Submitted June 24, 2022 at 09:44AM by amirshk
via reddit https://ift.tt/Zd0SWlD
Medium
The Far Point of a Static Encounter
A breakdown of the Anti-VM skimmer and its variants from the earliest incarnation to the latest iteration served from staticounter.]net.
CookieMonsteRCE: Stored XSS to RCE in Zena
https://ift.tt/uoWMpdV
Submitted June 24, 2022 at 09:47AM by jibblz
via reddit https://ift.tt/8bKNPce
https://ift.tt/uoWMpdV
Submitted June 24, 2022 at 09:47AM by jibblz
via reddit https://ift.tt/8bKNPce
Playing Docker? Bad Containers and What They Teach Us
https://ift.tt/4e2Toxt
Submitted June 24, 2022 at 04:38PM by Illustrious_Yard_576
via reddit https://ift.tt/n9hoKwB
https://ift.tt/4e2Toxt
Submitted June 24, 2022 at 04:38PM by Illustrious_Yard_576
via reddit https://ift.tt/n9hoKwB
Medium
Playing Docker? Bad Containers and What They Teach Us
Ci/CD gets better, faster, and stronger with containers, but the security dilemma is still on the table. See what breaches can teach us.
Use SQL to query Have I Been Pwned breaches, pastes & passwords (new open source tool!)
https://ift.tt/cBHKPVe
Submitted June 24, 2022 at 06:28PM by bobtbot
via reddit https://ift.tt/wZmjr7F
https://ift.tt/cBHKPVe
Submitted June 24, 2022 at 06:28PM by bobtbot
via reddit https://ift.tt/wZmjr7F
Steampipe Hub
Have I Been Pwned Plugin for Steampipe
Query HIBP data with SQL! Open source CLI. No DB required.
The curious tale of a fake Carrier.app
https://ift.tt/AghiRGl
Submitted June 24, 2022 at 03:04PM by lormayna
via reddit https://ift.tt/hE2kGWj
https://ift.tt/AghiRGl
Submitted June 24, 2022 at 03:04PM by lormayna
via reddit https://ift.tt/hE2kGWj
Blogspot
The curious tale of a fake Carrier.app
Posted by Ian Beer, Google Project Zero NOTE: This issue was CVE-2021-30983 was fixed in iOS 15.2 in December 2021. Towards the ...
Hagana - A novel approach to runtime protection for NodeJS to prevent supply chain attacks
https://ift.tt/n7TAKGu
Submitted June 24, 2022 at 06:58PM by beckerman_jacob
via reddit https://ift.tt/TQSf1Mt
https://ift.tt/n7TAKGu
Submitted June 24, 2022 at 06:58PM by beckerman_jacob
via reddit https://ift.tt/TQSf1Mt
GitHub
GitHub - yaakov123/hagana: NodeJS runtime protection for supply chain attacks
NodeJS runtime protection for supply chain attacks - GitHub - yaakov123/hagana: NodeJS runtime protection for supply chain attacks
Netsec Goggle for Brave Search
https://ift.tt/CEjdMVn
Submitted June 24, 2022 at 11:42PM by alxjsn
via reddit https://ift.tt/Jzmx2Cy
https://ift.tt/CEjdMVn
Submitted June 24, 2022 at 11:42PM by alxjsn
via reddit https://ift.tt/Jzmx2Cy
GitHub
GitHub - forcesunseen/netsec-goggle: High signal information security sources Goggle.
High signal information security sources Goggle. Contribute to forcesunseen/netsec-goggle development by creating an account on GitHub.
Basic WebAssembly buffer overflow exploitation
https://ift.tt/zZLto4q
Submitted June 26, 2022 at 01:33AM by chaplja
via reddit https://ift.tt/PjcMAzm
https://ift.tt/zZLto4q
Submitted June 26, 2022 at 01:33AM by chaplja
via reddit https://ift.tt/PjcMAzm
Protekkt
Basic WebAssembly buffer overflow exploitation | protekkt blog
Grav is an easy to use, yet powerful, open source flat-file CMS
linx - Reveals invisible links within JavaScript files
https://ift.tt/zkMZfFH
Submitted June 27, 2022 at 04:10AM by rjz4
via reddit https://ift.tt/84mA0d7
https://ift.tt/zkMZfFH
Submitted June 27, 2022 at 04:10AM by rjz4
via reddit https://ift.tt/84mA0d7
GitHub
GitHub - riza/linx: Reveals invisible links within JavaScript files
Reveals invisible links within JavaScript files. Contribute to riza/linx development by creating an account on GitHub.
Notes on OpenSSL remote memory corruption
https://ift.tt/d1mJinU
Submitted June 27, 2022 at 11:32AM by Gallus
via reddit https://ift.tt/AO5HID3
https://ift.tt/d1mJinU
Submitted June 27, 2022 at 11:32AM by Gallus
via reddit https://ift.tt/AO5HID3
Guido Vranken
Notes on OpenSSL remote memory corruption
OpenSSL version 3.0.4, released on June 21th 2022, is susceptible to remote memory corruption which can be triggered trivially by an attacker. BoringSSL, LibreSSL and the OpenSSL 1.1.1 branch are n…
VaultBoot: remote attestation
https://ift.tt/T84Nhwc
Submitted June 27, 2022 at 04:59PM by hardenedvault
via reddit https://ift.tt/ZHuBvro
https://ift.tt/T84Nhwc
Submitted June 27, 2022 at 04:59PM by hardenedvault
via reddit https://ift.tt/ZHuBvro
GitHub
GitHub - hardenedvault/vaultboot
Contribute to hardenedvault/vaultboot development by creating an account on GitHub.
Revive: from spyware to Android banking trojan | Cleafy Labs
https://ift.tt/iY4KW0c
Submitted June 27, 2022 at 07:19PM by f3d_0x0
via reddit https://ift.tt/DapCOl9
https://ift.tt/iY4KW0c
Submitted June 27, 2022 at 07:19PM by f3d_0x0
via reddit https://ift.tt/DapCOl9
Cleafy
Revive: from spyware to android banking trojan | Cleafy Labs
A new banking trojan targeting Europe has been discovered by Cleafy's Threat Intelligence Team. We dubbed it Revive and it is an evolution of simple spyware into a banking trojan, with the key capability of conducting Account Takeover attacks: here's the…
Intune hacking: when is a "wipe" not a wipe
https://ift.tt/RKern59
Submitted June 28, 2022 at 01:30PM by nopslider
via reddit https://ift.tt/Uc7nIVg
https://ift.tt/RKern59
Submitted June 28, 2022 at 01:30PM by nopslider
via reddit https://ift.tt/Uc7nIVg
Cyberis Limited
Intune hacking: when is a "wipe" not a wipe
In this blog post we explore privilege escalation to SYSTEM with Intune managed devices, and how an Intune "Wipe" is not really a wipe at all.
Hive Ransomware Decrypter Tool - KISA
https://ift.tt/YudXyOl
Submitted June 28, 2022 at 11:25PM by CyberMasterV
via reddit https://ift.tt/UPqjiCI
https://ift.tt/YudXyOl
Submitted June 28, 2022 at 11:25PM by CyberMasterV
via reddit https://ift.tt/UPqjiCI
CVE-2022-30522 - Apache httpd "mod_sed" DoS vulnerability
https://ift.tt/jYKB8L0
Submitted June 28, 2022 at 10:57PM by SRMish3
via reddit https://ift.tt/iLr9Ceq
https://ift.tt/jYKB8L0
Submitted June 28, 2022 at 10:57PM by SRMish3
via reddit https://ift.tt/iLr9Ceq
JFrog
CVE-2022-30522 - Apache httpd Denial of Service (DoS) vulnerability
CVE-2022-30522 is an Apache httpd vulnerability found by JFrog Security Research when analyzing the impact of a recent vulnerability patch. Read our analysis and guidance >
Zimbra unauthenticated RCE via unrar path traversal (CVE-2022-30333)
https://ift.tt/bZCo13y
Submitted June 29, 2022 at 02:49AM by monoimpact
via reddit https://ift.tt/o1SGwKR
https://ift.tt/bZCo13y
Submitted June 29, 2022 at 02:49AM by monoimpact
via reddit https://ift.tt/o1SGwKR
Sonarsource
Unrar Path Traversal Vulnerability affects Zimbra Mail
We discovered a vulnerability in Zimbra Enterprise Email that allows an unauthenticated, remote attacker fully take over Zimbra instances via a flaw in unrar.
Abusing Cloudflare Workers
https://ift.tt/mQf2XF3
Submitted June 29, 2022 at 04:07AM by thorn42
via reddit https://ift.tt/uXtEyP8
https://ift.tt/mQf2XF3
Submitted June 29, 2022 at 04:07AM by thorn42
via reddit https://ift.tt/uXtEyP8
Christophe Tafani-Dereeper
Abusing Cloudflare Workers - Christophe Tafani-Dereeper
An attacker compromising a Cloudflare account can abuse Workers to establish persistence and exfiltrate sensitive data.
How to Evade Windows Defender and Commercial AV with Msfvenom Payloads
https://ift.tt/sfyq7S5
Submitted June 29, 2022 at 08:11AM by entropydaemon6
via reddit https://ift.tt/3FEW6uX
https://ift.tt/sfyq7S5
Submitted June 29, 2022 at 08:11AM by entropydaemon6
via reddit https://ift.tt/3FEW6uX
GitHub
GitHub - RoseSecurity/Anti-Virus-Evading-Payloads: During the exploitation phase of a pen test or ethical hacking engagement, you…
During the exploitation phase of a pen test or ethical hacking engagement, you will ultimately need to try to cause code to run on target system computers. Whether accomplished by phishing emails, ...
CVE-2022-28219: Unauthenticated XXE to RCE and Domain Compromise in ManageEngine ADAudit Plus
https://www.horizon3.ai/red-team-blog-cve-2022-28219/
Submitted June 29, 2022 at 06:57PM by scopedsecurity
via reddit https://ift.tt/Ycge10u
https://www.horizon3.ai/red-team-blog-cve-2022-28219/
Submitted June 29, 2022 at 06:57PM by scopedsecurity
via reddit https://ift.tt/Ycge10u
Horizon3.ai
CVE-2022-28219: Unauthenticated XXE to RCE and Domain Compromise in ManageEngine ADAudit Plus
CVE-2022-28219 is an unauthenticated remote code execution vulnerability affecting Zoho ManageEngine ADAudit Plus, a compliance tool used by enterprises to monitor changes to Active Directory.
Exploiting Intel Graphics Kernel Extensions on macOS to Escape the Safari Sandbox
https://ift.tt/lIspQDL
Submitted June 29, 2022 at 09:17PM by gaasedelen
via reddit https://ift.tt/Zhgei2G
https://ift.tt/lIspQDL
Submitted June 29, 2022 at 09:17PM by gaasedelen
via reddit https://ift.tt/Zhgei2G
RET2 Systems Blog
Exploiting Intel Graphics Kernel Extensions on macOS
To escape the Safari sandbox for our Pwn2Own 2021 submission, we exploited a vulnerability in the Intel graphics acceleration kernel extensions (drivers) on ...
CloudGoat detection_evasion Scenario: Avoiding AWS Security Detection and Response
https://ift.tt/mF7pdsy
Submitted June 29, 2022 at 08:58PM by hackers_and_builders
via reddit https://ift.tt/Qbamf8Y
https://ift.tt/mF7pdsy
Submitted June 29, 2022 at 08:58PM by hackers_and_builders
via reddit https://ift.tt/Qbamf8Y
Rhino Security Labs
CloudGoat Scenario: Avoiding AWS Security Detection and Response
This will walk through the CloudGoat AWS detection_evasion scenario, detailing how to avoid AWS security detection and response services, such as in Lambda