Please sign this open letter asking Intel to open-source their Firmware Support Package (FSP)
https://ift.tt/njy8aSp
Submitted July 01, 2022 at 05:51PM by hardenedvault
via reddit https://ift.tt/LWlvV8B
https://ift.tt/njy8aSp
Submitted July 01, 2022 at 05:51PM by hardenedvault
via reddit https://ift.tt/LWlvV8B
Building a scalable static analysis program at Razorpay
https://ift.tt/DXmCYby
Submitted July 01, 2022 at 07:09PM by jubbaonjeans
via reddit https://ift.tt/SMhxlod
https://ift.tt/DXmCYby
Submitted July 01, 2022 at 07:09PM by jubbaonjeans
via reddit https://ift.tt/SMhxlod
Medium
Building a SAST program at Razorpay’s scale
The inner workings of how we build a Static Application Security Testing program at Razorpay
Bulk Analysis of Cobalt Strike’s Beacon Configurations
https://ift.tt/ylzPbcq
Submitted July 02, 2022 at 08:09AM by DLLCoolJ
via reddit https://ift.tt/51W4QPp
https://ift.tt/ylzPbcq
Submitted July 02, 2022 at 08:09AM by DLLCoolJ
via reddit https://ift.tt/51W4QPp
Archcloudlabs
Bulk Analysis of Cobalt Stirke's Beacon Configurations
About The Project Security researcher Silas Cutler recently tweeted a link to a unique data set of Cobalt Strike Beacon payloads, and their extracted configurations (thanks Silas!). This is a fairly large data set going back to November of 2021, and containing…
Over 900k Kubernetes Clusters Were Found Exposed Online
https://ift.tt/JueKr4C
Submitted July 03, 2022 at 02:22PM by uleadiengwunn
via reddit https://ift.tt/K3bv7VR
https://ift.tt/JueKr4C
Submitted July 03, 2022 at 02:22PM by uleadiengwunn
via reddit https://ift.tt/K3bv7VR
ARMO
Over 900k Kubernetes Clusters Were Found Exposed Online | ARMO
Recent research showed that over 900,000 Kubernetes clusters were found exposed to the internet to potentially malicious scans
Code replay attack on the myGovID Scheme
https://ift.tt/osfFCw4
Submitted July 03, 2022 at 07:16PM by Gallus
via reddit https://ift.tt/PNiCx3S
https://ift.tt/osfFCw4
Submitted July 03, 2022 at 07:16PM by Gallus
via reddit https://ift.tt/PNiCx3S
Bypassing Firefox's HTML Sanitizer API
https://ift.tt/nQ2Eecw
Submitted July 04, 2022 at 12:18AM by digicat
via reddit https://ift.tt/FnsNAW2
https://ift.tt/nQ2Eecw
Submitted July 04, 2022 at 12:18AM by digicat
via reddit https://ift.tt/FnsNAW2
PortSwigger Research
Bypassing Firefox's HTML Sanitizer API
The HTML Sanitizer is a great new API that allows web developers to filter untrusted HTML natively in the browser rather than use a JavaScript library such as DOM Purify. Microsoft created a similar A
nday exploit: netgear orbi unauthenticated command injection (CVE-2020-27861)
https://ift.tt/Mrjodbw
Submitted July 04, 2022 at 01:38AM by 0xdea
via reddit https://ift.tt/JGj0xMc
https://ift.tt/Mrjodbw
Submitted July 04, 2022 at 01:38AM by 0xdea
via reddit https://ift.tt/JGj0xMc
hyprblog
nday exploit: netgear orbi unauthenticated command injection (CVE-2020-27861)
rediscovering and developing a weaponized exploit for a command injection vulnerability in Orbi wifi systems that was reported and patched last year.
From Misconfigured Certificate Template to Windows Domain Admin
https://ift.tt/f4oaYvB
Submitted July 05, 2022 at 02:08AM by Kondencuotaspienas
via reddit https://ift.tt/fEpa2j7
https://ift.tt/f4oaYvB
Submitted July 05, 2022 at 02:08AM by Kondencuotaspienas
via reddit https://ift.tt/fEpa2j7
www.ired.team
From Misconfigured Certificate Template to Domain Admin
From NtObjectManager to PetitPotam
https://ift.tt/a4btFhf
Submitted July 05, 2022 at 07:56PM by onlinereadme
via reddit https://ift.tt/rG4b3Dk
https://ift.tt/a4btFhf
Submitted July 05, 2022 at 07:56PM by onlinereadme
via reddit https://ift.tt/rG4b3Dk
clearbluejar
From NtObjectManager to PetitPotam
Windows RPC enumeration, discovery, and auditing via NtObjectManager. We will audit the vulnerable RPC interfaces that lead to PetitPotam, discover how they have changed over the past year, and overcome some common RPC auditing pitfalls.
Starting a career in Application Security? A real world perspective.
https://ift.tt/oFbjchi
Submitted July 04, 2022 at 11:30PM by theappsecteam
via reddit https://ift.tt/PLvMKWY
https://ift.tt/oFbjchi
Submitted July 04, 2022 at 11:30PM by theappsecteam
via reddit https://ift.tt/PLvMKWY
Abusing functionality to exploit a super SSRF in Jira Server (CVE-2022-26135)
https://ift.tt/91cElgx
Submitted July 06, 2022 at 04:19AM by Mempodipper
via reddit https://ift.tt/PJKpTu4
https://ift.tt/91cElgx
Submitted July 06, 2022 at 04:19AM by Mempodipper
via reddit https://ift.tt/PJKpTu4
Assetnote
Abusing functionality to exploit a super SSRF in Jira Server (CVE-2022-26135)
Application security issues found by Assetnote
Optimizing CI/CD Credential Hygiene – A Comparison of CI/CD Solutions
https://ift.tt/9tNlz5k
Submitted July 06, 2022 at 07:20PM by TupleType1
via reddit https://ift.tt/ypoAZVE
https://ift.tt/9tNlz5k
Submitted July 06, 2022 at 07:20PM by TupleType1
via reddit https://ift.tt/ypoAZVE
Cider Security Site
Optimizing CI/CD Credential Hygiene - A Comparison of CI/CD Solutions - Cider Security Site
Attackers are always on the lookout to gain access to credentials, which are a critical asset to protect and are widespread throughout the organization.
AppSec | Walking away from vendor certificates
https://ift.tt/F8jYeLf
Submitted July 07, 2022 at 01:49AM by theappsecteam
via reddit https://ift.tt/5ybKSJF
https://ift.tt/F8jYeLf
Submitted July 07, 2022 at 01:49AM by theappsecteam
via reddit https://ift.tt/5ybKSJF
The Appsec Team
AppSec | Walking away from vendor certificates
Walking away from vendor certification can actually accelerate your application security program to new levels
Automating binary vulnerability discovery with Ghidra and Semgrep
https://ift.tt/BVgXRTE
Submitted July 07, 2022 at 12:57PM by 0xdea
via reddit https://ift.tt/JLsqbEj
https://ift.tt/BVgXRTE
Submitted July 07, 2022 at 12:57PM by 0xdea
via reddit https://ift.tt/JLsqbEj
hn security
Automating binary vulnerability discovery with Ghidra and Semgrep - hn security
“Some details are more important than […]
Advisory: FESTO: CECC-X-M1 - Command Injection Vulnerabilities
https://ift.tt/v4GeKi0
Submitted July 07, 2022 at 08:35PM by g_e_r_h_a_r_d
via reddit https://ift.tt/1j7vwFC
https://ift.tt/v4GeKi0
Submitted July 07, 2022 at 08:35PM by g_e_r_h_a_r_d
via reddit https://ift.tt/1j7vwFC
ONEKEY
Advisory: FESTO: CECC-X-M1 - Command Injection Vulnerabilities
ONEKEY identified multiple issues affecting these devices leading to unauthenticated remote command execution.
Découvre la vidéo de qazzou19! #TikTok
https://ift.tt/9jt3FVH
Submitted July 08, 2022 at 09:44AM by Due-Professor1984
via reddit https://ift.tt/BOAmDn8
https://ift.tt/9jt3FVH
Submitted July 08, 2022 at 09:44AM by Due-Professor1984
via reddit https://ift.tt/BOAmDn8
TikTok
qazzou19 on TikTok
qazzou19's short video with ♬ A mysterious scene of the near future like Blade Runner(994826)
Scanning 1.7 million Australian domains and finding 1.62 million SPF & DMARC security issues
https://ift.tt/8AsTOzN
Submitted July 08, 2022 at 04:13PM by caniphish_ltd
via reddit https://ift.tt/J6BuXRT
https://ift.tt/8AsTOzN
Submitted July 08, 2022 at 04:13PM by caniphish_ltd
via reddit https://ift.tt/J6BuXRT
Caniphish
Email security issues with SPF & DMARC Adoption | CanIPhish
Scanning 1.7 million Australian domains and finding 1.62 million SPF & DMARC email security issues.
Practical Approach on Securing Web Sessions
https://ift.tt/9HR2GoA
Submitted July 10, 2022 at 04:04PM by quercialab
via reddit https://ift.tt/B3EFkUP
https://ift.tt/9HR2GoA
Submitted July 10, 2022 at 04:04PM by quercialab
via reddit https://ift.tt/B3EFkUP
Quercialabs
Securing Web Sessions
One student sent us an email and asked “why most of websites implements a session id that seems to be a content hashed?”. Well, it’s important to discuss at this time why protecting session id must be done, and how it is evolved.
The obligatory disclaimer:…
The obligatory disclaimer:…
WAF from the scratch
https://ift.tt/mxU9Rb6
Submitted July 11, 2022 at 10:02AM by CoolerVoid
via reddit https://ift.tt/Odz84ov
https://ift.tt/mxU9Rb6
Submitted July 11, 2022 at 10:02AM by CoolerVoid
via reddit https://ift.tt/Odz84ov
antonio-cooler.gitbook.io
Whoami
Little words about me
hijagger: Checks all maintainers of all NPM and Pypi packages for hijackable packages through domain re-registration
https://ift.tt/mjKTHn1
Submitted July 11, 2022 at 05:45PM by FireFart
via reddit https://ift.tt/xU0iSyb
https://ift.tt/mjKTHn1
Submitted July 11, 2022 at 05:45PM by FireFart
via reddit https://ift.tt/xU0iSyb
GitHub
GitHub - firefart/hijagger: Checks all maintainers of all NPM and Pypi packages for hijackable packages through domain re-registration
Checks all maintainers of all NPM and Pypi packages for hijackable packages through domain re-registration - GitHub - firefart/hijagger: Checks all maintainers of all NPM and Pypi packages for hija...
Exploiting Authentication in AWS IAM Authenticator for Kubernetes
https://ift.tt/ZxFlcDJ
Submitted July 12, 2022 at 12:42PM by albinowax
via reddit https://ift.tt/2pCdqPG
https://ift.tt/ZxFlcDJ
Submitted July 12, 2022 at 12:42PM by albinowax
via reddit https://ift.tt/2pCdqPG
blog.lightspin.io
Exploiting Authentication in AWS IAM Authenticator for Kubernetes
This blog post explains three vulnerabilities detected in the AWS IAM Authenticator where all of them were caused by the same code line.