Bypassing Firefox's HTML Sanitizer API
https://ift.tt/nQ2Eecw
Submitted July 04, 2022 at 12:18AM by digicat
via reddit https://ift.tt/FnsNAW2
https://ift.tt/nQ2Eecw
Submitted July 04, 2022 at 12:18AM by digicat
via reddit https://ift.tt/FnsNAW2
PortSwigger Research
Bypassing Firefox's HTML Sanitizer API
The HTML Sanitizer is a great new API that allows web developers to filter untrusted HTML natively in the browser rather than use a JavaScript library such as DOM Purify. Microsoft created a similar A
nday exploit: netgear orbi unauthenticated command injection (CVE-2020-27861)
https://ift.tt/Mrjodbw
Submitted July 04, 2022 at 01:38AM by 0xdea
via reddit https://ift.tt/JGj0xMc
https://ift.tt/Mrjodbw
Submitted July 04, 2022 at 01:38AM by 0xdea
via reddit https://ift.tt/JGj0xMc
hyprblog
nday exploit: netgear orbi unauthenticated command injection (CVE-2020-27861)
rediscovering and developing a weaponized exploit for a command injection vulnerability in Orbi wifi systems that was reported and patched last year.
From Misconfigured Certificate Template to Windows Domain Admin
https://ift.tt/f4oaYvB
Submitted July 05, 2022 at 02:08AM by Kondencuotaspienas
via reddit https://ift.tt/fEpa2j7
https://ift.tt/f4oaYvB
Submitted July 05, 2022 at 02:08AM by Kondencuotaspienas
via reddit https://ift.tt/fEpa2j7
www.ired.team
From Misconfigured Certificate Template to Domain Admin
From NtObjectManager to PetitPotam
https://ift.tt/a4btFhf
Submitted July 05, 2022 at 07:56PM by onlinereadme
via reddit https://ift.tt/rG4b3Dk
https://ift.tt/a4btFhf
Submitted July 05, 2022 at 07:56PM by onlinereadme
via reddit https://ift.tt/rG4b3Dk
clearbluejar
From NtObjectManager to PetitPotam
Windows RPC enumeration, discovery, and auditing via NtObjectManager. We will audit the vulnerable RPC interfaces that lead to PetitPotam, discover how they have changed over the past year, and overcome some common RPC auditing pitfalls.
Starting a career in Application Security? A real world perspective.
https://ift.tt/oFbjchi
Submitted July 04, 2022 at 11:30PM by theappsecteam
via reddit https://ift.tt/PLvMKWY
https://ift.tt/oFbjchi
Submitted July 04, 2022 at 11:30PM by theappsecteam
via reddit https://ift.tt/PLvMKWY
Abusing functionality to exploit a super SSRF in Jira Server (CVE-2022-26135)
https://ift.tt/91cElgx
Submitted July 06, 2022 at 04:19AM by Mempodipper
via reddit https://ift.tt/PJKpTu4
https://ift.tt/91cElgx
Submitted July 06, 2022 at 04:19AM by Mempodipper
via reddit https://ift.tt/PJKpTu4
Assetnote
Abusing functionality to exploit a super SSRF in Jira Server (CVE-2022-26135)
Application security issues found by Assetnote
Optimizing CI/CD Credential Hygiene – A Comparison of CI/CD Solutions
https://ift.tt/9tNlz5k
Submitted July 06, 2022 at 07:20PM by TupleType1
via reddit https://ift.tt/ypoAZVE
https://ift.tt/9tNlz5k
Submitted July 06, 2022 at 07:20PM by TupleType1
via reddit https://ift.tt/ypoAZVE
Cider Security Site
Optimizing CI/CD Credential Hygiene - A Comparison of CI/CD Solutions - Cider Security Site
Attackers are always on the lookout to gain access to credentials, which are a critical asset to protect and are widespread throughout the organization.
AppSec | Walking away from vendor certificates
https://ift.tt/F8jYeLf
Submitted July 07, 2022 at 01:49AM by theappsecteam
via reddit https://ift.tt/5ybKSJF
https://ift.tt/F8jYeLf
Submitted July 07, 2022 at 01:49AM by theappsecteam
via reddit https://ift.tt/5ybKSJF
The Appsec Team
AppSec | Walking away from vendor certificates
Walking away from vendor certification can actually accelerate your application security program to new levels
Automating binary vulnerability discovery with Ghidra and Semgrep
https://ift.tt/BVgXRTE
Submitted July 07, 2022 at 12:57PM by 0xdea
via reddit https://ift.tt/JLsqbEj
https://ift.tt/BVgXRTE
Submitted July 07, 2022 at 12:57PM by 0xdea
via reddit https://ift.tt/JLsqbEj
hn security
Automating binary vulnerability discovery with Ghidra and Semgrep - hn security
“Some details are more important than […]
Advisory: FESTO: CECC-X-M1 - Command Injection Vulnerabilities
https://ift.tt/v4GeKi0
Submitted July 07, 2022 at 08:35PM by g_e_r_h_a_r_d
via reddit https://ift.tt/1j7vwFC
https://ift.tt/v4GeKi0
Submitted July 07, 2022 at 08:35PM by g_e_r_h_a_r_d
via reddit https://ift.tt/1j7vwFC
ONEKEY
Advisory: FESTO: CECC-X-M1 - Command Injection Vulnerabilities
ONEKEY identified multiple issues affecting these devices leading to unauthenticated remote command execution.
Découvre la vidéo de qazzou19! #TikTok
https://ift.tt/9jt3FVH
Submitted July 08, 2022 at 09:44AM by Due-Professor1984
via reddit https://ift.tt/BOAmDn8
https://ift.tt/9jt3FVH
Submitted July 08, 2022 at 09:44AM by Due-Professor1984
via reddit https://ift.tt/BOAmDn8
TikTok
qazzou19 on TikTok
qazzou19's short video with ♬ A mysterious scene of the near future like Blade Runner(994826)
Scanning 1.7 million Australian domains and finding 1.62 million SPF & DMARC security issues
https://ift.tt/8AsTOzN
Submitted July 08, 2022 at 04:13PM by caniphish_ltd
via reddit https://ift.tt/J6BuXRT
https://ift.tt/8AsTOzN
Submitted July 08, 2022 at 04:13PM by caniphish_ltd
via reddit https://ift.tt/J6BuXRT
Caniphish
Email security issues with SPF & DMARC Adoption | CanIPhish
Scanning 1.7 million Australian domains and finding 1.62 million SPF & DMARC email security issues.
Practical Approach on Securing Web Sessions
https://ift.tt/9HR2GoA
Submitted July 10, 2022 at 04:04PM by quercialab
via reddit https://ift.tt/B3EFkUP
https://ift.tt/9HR2GoA
Submitted July 10, 2022 at 04:04PM by quercialab
via reddit https://ift.tt/B3EFkUP
Quercialabs
Securing Web Sessions
One student sent us an email and asked “why most of websites implements a session id that seems to be a content hashed?”. Well, it’s important to discuss at this time why protecting session id must be done, and how it is evolved.
The obligatory disclaimer:…
The obligatory disclaimer:…
WAF from the scratch
https://ift.tt/mxU9Rb6
Submitted July 11, 2022 at 10:02AM by CoolerVoid
via reddit https://ift.tt/Odz84ov
https://ift.tt/mxU9Rb6
Submitted July 11, 2022 at 10:02AM by CoolerVoid
via reddit https://ift.tt/Odz84ov
antonio-cooler.gitbook.io
Whoami
Little words about me
hijagger: Checks all maintainers of all NPM and Pypi packages for hijackable packages through domain re-registration
https://ift.tt/mjKTHn1
Submitted July 11, 2022 at 05:45PM by FireFart
via reddit https://ift.tt/xU0iSyb
https://ift.tt/mjKTHn1
Submitted July 11, 2022 at 05:45PM by FireFart
via reddit https://ift.tt/xU0iSyb
GitHub
GitHub - firefart/hijagger: Checks all maintainers of all NPM and Pypi packages for hijackable packages through domain re-registration
Checks all maintainers of all NPM and Pypi packages for hijackable packages through domain re-registration - GitHub - firefart/hijagger: Checks all maintainers of all NPM and Pypi packages for hija...
Exploiting Authentication in AWS IAM Authenticator for Kubernetes
https://ift.tt/ZxFlcDJ
Submitted July 12, 2022 at 12:42PM by albinowax
via reddit https://ift.tt/2pCdqPG
https://ift.tt/ZxFlcDJ
Submitted July 12, 2022 at 12:42PM by albinowax
via reddit https://ift.tt/2pCdqPG
blog.lightspin.io
Exploiting Authentication in AWS IAM Authenticator for Kubernetes
This blog post explains three vulnerabilities detected in the AWS IAM Authenticator where all of them were caused by the same code line.
Misconfiguration on Digital Guardian Endpoint DLP
https://ift.tt/1RgluKD
Submitted July 11, 2022 at 12:20PM by i014n
via reddit https://ift.tt/ztHqvpy
https://ift.tt/1RgluKD
Submitted July 11, 2022 at 12:20PM by i014n
via reddit https://ift.tt/ztHqvpy
Medium
Misconfiguration on Digital Guardian Endpoint DLP
CVE-2022–35412
Exploratory analysis of CVEs - Some interesting viz
https://ift.tt/4ibkgjR
Submitted July 12, 2022 at 06:27PM by 10xpdev
via reddit https://ift.tt/5FPQ0n8
https://ift.tt/4ibkgjR
Submitted July 12, 2022 at 06:27PM by 10xpdev
via reddit https://ift.tt/5FPQ0n8
Kaggle
CVE: Exploratory Analysis
Explore and run machine learning code with Kaggle Notebooks | Using data from CVE (Common Vulnerabilities and Exposures)
From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud
https://ift.tt/kcuahYd
Submitted July 12, 2022 at 09:35PM by SCI_Rusher
via reddit https://ift.tt/26iHRQr
https://ift.tt/kcuahYd
Submitted July 12, 2022 at 09:35PM by SCI_Rusher
via reddit https://ift.tt/26iHRQr
Microsoft Security Blog
From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud - Microsoft Security Blog
A large-scale phishing campaign that attempted to target over 10,000 organizations since September 2021 used adversary-in-the-middle (AiTM) phishing sites to steal passwords, hijack a user’s sign-in session, and skip the authentication process, even if the…
Microsoft Azure Site Recovery DLL Hijacking ($10,000 Bug Bounty)
https://ift.tt/UiGlj5W
Submitted July 12, 2022 at 10:32PM by dinobyt3s
via reddit https://ift.tt/abGVYte
https://ift.tt/UiGlj5W
Submitted July 12, 2022 at 10:32PM by dinobyt3s
via reddit https://ift.tt/abGVYte
Medium
Microsoft Azure Site Recovery DLL Hijacking
Azure Site Recovery is a suite of tools aimed at providing disaster recovery services for cloud resources. It provides utilities for…
How to secure Kubernetes deployment with signature verification – Cosign and Connaisseur
https://ift.tt/AUea6Fi
Submitted July 12, 2022 at 11:56PM by MiguelHzBz
via reddit https://ift.tt/mtqof6i
https://ift.tt/AUea6Fi
Submitted July 12, 2022 at 11:56PM by MiguelHzBz
via reddit https://ift.tt/mtqof6i
Sysdig
How to secure Kubernetes deployment with signature verification – Sysdig
Cosign and Connaisseur allow us to secure the Kubernetes deployment with signature verification, ensures that our images do not change.