Scraping Login Credentials With XSS
https://ift.tt/NQZzcbm
Submitted July 28, 2022 at 09:05AM by sanitybit
via reddit https://ift.tt/cXqMxuU
https://ift.tt/NQZzcbm
Submitted July 28, 2022 at 09:05AM by sanitybit
via reddit https://ift.tt/cXqMxuU
TrustedSec
Scraping Login Credentials With XSS - TrustedSec
TrustedSec's blog is an expert source of information on information security trends and best practices for strategic risk management.
Railway cybersecurity in the era of interconnected systems
https://ift.tt/HqJwB5E
Submitted July 28, 2022 at 10:13AM by sanitybit
via reddit https://ift.tt/e0oNpld
https://ift.tt/HqJwB5E
Submitted July 28, 2022 at 10:13AM by sanitybit
via reddit https://ift.tt/e0oNpld
Vulnerable by Design: Azure Red Team Attack and Detect Workshop
https://ift.tt/dc9qAr3
Submitted July 28, 2022 at 10:05AM by sanitybit
via reddit https://ift.tt/fBMlWC7
https://ift.tt/dc9qAr3
Submitted July 28, 2022 at 10:05AM by sanitybit
via reddit https://ift.tt/fBMlWC7
GitHub
GitHub - mandiant/Azure_Workshop
Contribute to mandiant/Azure_Workshop development by creating an account on GitHub.
Abusing Duo Authentication Misconfigurations in Windows and Active Directory Environments
https://ift.tt/Xy79T6q
Submitted July 28, 2022 at 10:04AM by sanitybit
via reddit https://ift.tt/KpdL403
https://ift.tt/Xy79T6q
Submitted July 28, 2022 at 10:04AM by sanitybit
via reddit https://ift.tt/KpdL403
Mandiant
Abusing Duo Authentication Misconfigurations in Windows and Active Directory Environments | Mandiant
Extracting Ghidra Decompiler Output with Python
https://ift.tt/vcW3M1m
Submitted July 28, 2022 at 08:06PM by dinobyt3s
via reddit https://ift.tt/y6fHRUK
https://ift.tt/vcW3M1m
Submitted July 28, 2022 at 08:06PM by dinobyt3s
via reddit https://ift.tt/y6fHRUK
Medium
Extracting Ghidra Decompiler Output with Python
Ghidra’s decompiler, while not perfect, is pretty darn handy. Ghidra’s user interface, however, leaves a lot to be desired. I often find…
Building AppSec Pipeline for Continuous Visibility
https://ift.tt/JgoWdsF
Submitted July 29, 2022 at 01:49AM by nicksthehacker_
via reddit https://ift.tt/7RDvpiL
https://ift.tt/JgoWdsF
Submitted July 29, 2022 at 01:49AM by nicksthehacker_
via reddit https://ift.tt/7RDvpiL
Medium
Building AppSec Pipeline for Continuous Visibility
Most SaaS organizations need high-velocity engineering with multiple releases in a day where security & engineering teams are…
nanopb Protobuf Decompiler - Anvil Secure
https://ift.tt/Q3HES57
Submitted July 29, 2022 at 03:00AM by anvilventures
via reddit https://ift.tt/QlWPr2t
https://ift.tt/Q3HES57
Submitted July 29, 2022 at 03:00AM by anvilventures
via reddit https://ift.tt/QlWPr2t
Anvil Secure
nanopb Protobuf Decompiler - Anvil Secure
Here at Anvil we have increasingly run into embedded systems utilizing the nanopb - Protocol Buffers for Embedded Systems project. Nanopb is a small code size Protocol Buffer implementation targeting memory restricted systems. Nanopb.…
For 12 Hours, Was Part of Apple Engineering’s Network Hijacked by Russia’s Rostelecom?
https://ift.tt/joZz0PM
Submitted July 27, 2022 at 08:59PM by danyork
via reddit https://ift.tt/h6kEJSL
https://ift.tt/joZz0PM
Submitted July 27, 2022 at 08:59PM by danyork
via reddit https://ift.tt/h6kEJSL
MANRS
For 12 Hours, Was Part of Apple Engineering’s Network Hijacked by Russia’s Rostelecom? - MANRS
For a little over 12 hours on 26-27 July, a network operated by Russia’s Rostelecom started announcing routes for part of Apple’s network. The effect was that Internet users in parts of the Internet trying to connect to Apple’s services may have been redirected…
Disclosing information with a side-channel in Django
https://ift.tt/OY5dWZo
Submitted July 29, 2022 at 07:20PM by albinowax
via reddit https://ift.tt/fTxrO2R
https://ift.tt/OY5dWZo
Submitted July 29, 2022 at 07:20PM by albinowax
via reddit https://ift.tt/fTxrO2R
Sonarsource
Disclosing information with a side-channel in Django
We recently found a vulnerability in Django that allows us to disclose sensitive information. Let’s review the root cause, exploiting technique, and patch.
ImHex - A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM
https://ift.tt/fTGgNSZ
Submitted July 29, 2022 at 11:50PM by CyberMasterV
via reddit https://ift.tt/MCBkJED
https://ift.tt/fTGgNSZ
Submitted July 29, 2022 at 11:50PM by CyberMasterV
via reddit https://ift.tt/MCBkJED
GitHub
GitHub - WerWolv/ImHex: 🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3…
🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM. - GitHub - WerWolv/ImHex: 🔍 A Hex Editor for Reverse Engineers, Programmers and people who...
Manipulating Windows Tokens with Go
https://ift.tt/kOoLaxN
Submitted July 29, 2022 at 10:57PM by sciencestudent99
via reddit https://ift.tt/7StkhYO
https://ift.tt/kOoLaxN
Submitted July 29, 2022 at 10:57PM by sciencestudent99
via reddit https://ift.tt/7StkhYO
FourCore
Manipulating Windows Tokens with Go - FourCore
Windows Tokens are used for authentication and assigning privileges to windows programs. Understanding token manipulation is essential to detect malicious behaviours. Security professionals can use the wintoken library for token manipulation.
Critical Vulnerability Affecting Arris / Arris-variant DSL/Fiber Routers
https://ift.tt/bvcsMTS
Submitted July 30, 2022 at 01:10AM by sanitybit
via reddit https://ift.tt/A2WXHQ1
https://ift.tt/bvcsMTS
Submitted July 30, 2022 at 01:10AM by sanitybit
via reddit https://ift.tt/A2WXHQ1
I'm Building a Self-Destructing USB Drive.
https://ift.tt/suvod62
Submitted July 30, 2022 at 02:41AM by Machinehum
via reddit https://ift.tt/0g94T2t
https://ift.tt/suvod62
Submitted July 30, 2022 at 02:41AM by Machinehum
via reddit https://ift.tt/0g94T2t
Medium
I'm Building a Self-Destructing USB Drive.
Because we all know the best way to keep your data safe is by blowing it up, right?
CVE-2022-36123 - Linux kernel <5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This allows Xen PV guest OS users to cause a denial of service, or gain privileges.
https://ift.tt/0pn5J6c
Submitted July 30, 2022 at 07:29AM by docker-osx
via reddit https://ift.tt/ZAr4PEY
https://ift.tt/0pn5J6c
Submitted July 30, 2022 at 07:29AM by docker-osx
via reddit https://ift.tt/ZAr4PEY
Sick Codes - Security Research, Hardware & Software Hacking, Consulting, Linux, IoT, Cloud, Embedded, Arch, Tweaks & Tips!
CVE-2022-36123 - A vulnerability in Linux kernel mainline v5.18-rc1 through v5.19-rc6 does not clear statically allocated variables…
Title A vulnerability in Linux kernel mainline v5.18-rc1 through v5.19-rc6 does not clear statically allocated variables in the block starting symbol (.bss) due to a failed early_xen_iret_patch leading to an asm_exc_page_fault, or arbitrary code execution…
Running Exploit As Protected Process Ligh From Userland
https://ift.tt/lzAgkGs
Submitted July 31, 2022 at 01:48AM by tasty-pepperoni
via reddit https://ift.tt/sUnz0kH
https://ift.tt/lzAgkGs
Submitted July 31, 2022 at 01:48AM by tasty-pepperoni
via reddit https://ift.tt/sUnz0kH
GitHub
GitHub - tastypepperoni/RunAsWinTcb
Contribute to tastypepperoni/RunAsWinTcb development by creating an account on GitHub.
Pokemon-Shellcode-Loader: Tired of looking at hex all day and popping '\x41's? Rather look at Lugia/Charmander? I have the solution for you.
https://ift.tt/wuDRxLJ
Submitted July 31, 2022 at 02:07AM by Techryptic
via reddit https://ift.tt/pF0zEtQ
https://ift.tt/wuDRxLJ
Submitted July 31, 2022 at 02:07AM by Techryptic
via reddit https://ift.tt/pF0zEtQ
GitHub
GitHub - Techryptic/Pokemon-Shellcode-Loader: Tired of looking at hex all day and popping '\x41's? Rather look at Lugia/Charmander?…
Tired of looking at hex all day and popping '\x41's? Rather look at Lugia/Charmander? I have the solution for you. - GitHub - Techryptic/Pokemon-Shellcode-Loader: Tired of looking a...
CQ, a code security scanner
https://ift.tt/jKE84dk
Submitted July 31, 2022 at 01:50PM by 0xdea
via reddit https://ift.tt/yLYq8kt
https://ift.tt/jKE84dk
Submitted July 31, 2022 at 01:50PM by 0xdea
via reddit https://ift.tt/yLYq8kt
GitHub
GitHub - chris-anley/cq: CQ, a code security scanner
CQ, a code security scanner. Contribute to chris-anley/cq development by creating an account on GitHub.
Weekend Wrap-up of Infosec News
https://ift.tt/03U7fyv
Submitted July 31, 2022 at 04:39PM by SuaveHobo
via reddit https://ift.tt/T4QzcpB
https://ift.tt/03U7fyv
Submitted July 31, 2022 at 04:39PM by SuaveHobo
via reddit https://ift.tt/T4QzcpB
Substack
SOC Goulash: Weekend Wrap-Up
31/07/2022
Analysis report on DDoS attack that went on for 20 hours
https://ift.tt/BEJvfSj
Submitted August 01, 2022 at 10:55AM by Glad_Living3908
via reddit https://ift.tt/8pT7oQC
https://ift.tt/BEJvfSj
Submitted August 01, 2022 at 10:55AM by Glad_Living3908
via reddit https://ift.tt/8pT7oQC
CIP Blog
DDoS Attack Case Study: 20 Hours of Unprovoked Aggression
Recently, there was a GET Flooding Attack-type DDoS attack case on a web services company for about 20 hours. Various attack traffics were detected on the login page which caused serious load on the server and ended up paralyzing the entire login function.…
A Detailed Analysis of the RedLine Stealer
https://ift.tt/tjdriyM
Submitted August 01, 2022 at 07:26PM by CyberMasterV
via reddit https://ift.tt/RhJ7wmO
https://ift.tt/tjdriyM
Submitted August 01, 2022 at 07:26PM by CyberMasterV
via reddit https://ift.tt/RhJ7wmO
SecurityScorecard
A Detailed Analysis of the RedLine Stealer
TJnull’s guide to building a Home Lab
https://ift.tt/aYgTmf6
Submitted August 01, 2022 at 09:49PM by McLabraid
via reddit https://ift.tt/tSgVUKx
https://ift.tt/aYgTmf6
Submitted August 01, 2022 at 09:49PM by McLabraid
via reddit https://ift.tt/tSgVUKx
NetSec Focus
TJnull’s guide to building a Home Lab
Table of Contents Introduction A word of advice Why should you build a home lab? Things you need to consider Hardware Hunting for Hardware Network Software Virtualization Software Network Virtual Devices Operating Systems Windows Unix and *Nix Apple Mac OS…