Exploring the SameSite cookie attribute for preventing CSRF!
https://ift.tt/dtAYMf6
Submitted August 05, 2022 at 03:28AM by macropng
via reddit https://ift.tt/h9ba7Hw
https://ift.tt/dtAYMf6
Submitted August 05, 2022 at 03:28AM by macropng
via reddit https://ift.tt/h9ba7Hw
simonwillison.net
Exploring the SameSite cookie attribute for preventing CSRF
In reading Yan Zhu’s excellent write-up of the JSON CSRF vulnerability she found in OkCupid one thing puzzled me: I was under the impression that browsers these days default to …
How To Implement JSON Web Token (JWT) in Java Spring Boot
https://ift.tt/MHdKo9v
Submitted August 05, 2022 at 03:08AM by sanitybit
via reddit https://ift.tt/iXcP27t
https://ift.tt/MHdKo9v
Submitted August 05, 2022 at 03:08AM by sanitybit
via reddit https://ift.tt/iXcP27t
Medium
How To Implement JSON Web Token (JWT) in Java Spring Boot
A brief guide to this helpful feature
Azure Threat Research Matrix
https://ift.tt/HaOvGLX
Submitted August 05, 2022 at 04:29AM by sanitybit
via reddit https://ift.tt/aEcZu9U
https://ift.tt/HaOvGLX
Submitted August 05, 2022 at 04:29AM by sanitybit
via reddit https://ift.tt/aEcZu9U
HyperDbg: Reinventing Hardware-Assisted Debugging
https://hyperdbg.org/
Submitted August 05, 2022 at 04:01AM by sanitybit
via reddit https://ift.tt/zpFNMq9
https://hyperdbg.org/
Submitted August 05, 2022 at 04:01AM by sanitybit
via reddit https://ift.tt/zpFNMq9
reddit
HyperDbg: Reinventing Hardware-Assisted Debugging
Posted in r/netsec by u/sanitybit • 3 points and 1 comment
Sharpening Your Tools: Updating bulk_extractor for the 2020s
https://ift.tt/E2hKBVj
Submitted August 05, 2022 at 03:56AM by sanitybit
via reddit https://ift.tt/GIz3Wfe
https://ift.tt/E2hKBVj
Submitted August 05, 2022 at 03:56AM by sanitybit
via reddit https://ift.tt/GIz3Wfe
Elastic Open Sources Their Endpoint Security Protection YARA Ruleset
https://ift.tt/WdhB43m
Submitted August 05, 2022 at 04:53AM by sanitybit
via reddit https://ift.tt/RzWf0AL
https://ift.tt/WdhB43m
Submitted August 05, 2022 at 04:53AM by sanitybit
via reddit https://ift.tt/RzWf0AL
Elastic Blog
Continued leadership in open and transparent security
Elastic Security has long had open source roots. Learn how we're continuing to build on that foundation today by opening a new public repo, protection-artifacts.
PentesterLab - Bootcamp: Everything you need to get started in infosec
https://pentesterlab.com/bootcamp
Submitted August 05, 2022 at 10:24AM by Gallus
via reddit https://www.reddit.com/r/netsec/comments/wgmcsr/pentesterlab_bootcamp_everything_you_need_to_get/?utm_source=ifttt
https://pentesterlab.com/bootcamp
Submitted August 05, 2022 at 10:24AM by Gallus
via reddit https://www.reddit.com/r/netsec/comments/wgmcsr/pentesterlab_bootcamp_everything_you_need_to_get/?utm_source=ifttt
reddit
PentesterLab - Bootcamp: Everything you need to get started in infosec
Posted in r/netsec by u/Gallus • 0 points and 0 comments
fwd:cloudsec 2022 Conference Talk Recordings
https://youtube.com/playlist?list=PLCPCP1pNWD7N2SPaz4cmuS27xutaf32jy
Submitted August 05, 2022 at 11:28AM by sanitybit
via reddit https://ift.tt/yF6teEq
https://youtube.com/playlist?list=PLCPCP1pNWD7N2SPaz4cmuS27xutaf32jy
Submitted August 05, 2022 at 11:28AM by sanitybit
via reddit https://ift.tt/yF6teEq
YouTube
fwd:cloudsec 2022 - YouTube
Abusing container mount points and symlinks on MikroTik's RouterOS to gain code execution
https://ift.tt/oHBUYyG
Submitted August 05, 2022 at 02:20PM by crower
via reddit https://ift.tt/OTyh5Px
https://ift.tt/oHBUYyG
Submitted August 05, 2022 at 02:20PM by crower
via reddit https://ift.tt/OTyh5Px
nns.ee
Symlinks as mount portals: Abusing container mount points on MikroTik's RouterOS to gain code execution
RouterOS release 7.4beta4 introduced containers for MikroTik devices. From the changelog: container - added support for running Docker (TM) containers on AR...
A journey into IoT - Unknown Chinese alarm - Part 3 - Radio communications
https://ift.tt/9Sord3I
Submitted August 05, 2022 at 03:41PM by 0xdea
via reddit https://ift.tt/kHJbiNV
https://ift.tt/9Sord3I
Submitted August 05, 2022 at 03:41PM by 0xdea
via reddit https://ift.tt/kHJbiNV
hn security
A journey into IoT - Unknown Chinese alarm - Part 3 - Radio communications - hn security
Disclaimer: as many other security researchers […]
Tenable Engineer - Arlington VA, Hybrid
https://ift.tt/HVB8Mp9
Submitted August 05, 2022 at 08:16PM by Melodic_Society6217
via reddit https://ift.tt/64CWBwt
https://ift.tt/HVB8Mp9
Submitted August 05, 2022 at 08:16PM by Melodic_Society6217
via reddit https://ift.tt/64CWBwt
Exploiting a Linux kernel Use-After-Free in io_uring
https://ift.tt/iUEL6uO
Submitted August 05, 2022 at 10:40PM by awarau888
via reddit https://ift.tt/xHkfR4j
https://ift.tt/iUEL6uO
Submitted August 05, 2022 at 10:40PM by awarau888
via reddit https://ift.tt/xHkfR4j
Computer security and related topics
CVE-2022-29582
This post covers an interesting vulnerability we (Jayden and David) found in the io_uring subsystem of the Linux kernel.
New Era of Phishing Payloads After The Deprecation of Macros
https://ift.tt/mblGc9N
Submitted August 05, 2022 at 11:42PM by sciencestudent99
via reddit https://ift.tt/LQkUeGK
https://ift.tt/mblGc9N
Submitted August 05, 2022 at 11:42PM by sciencestudent99
via reddit https://ift.tt/LQkUeGK
FourCore
New Era of Phishing Payloads - FourCore
Post the Office macros deprecation, a new malware delivery method is on the rise. Container file formats like ISOs/RARs/ZIPs and LNKs/DLLs can bypass Mark-of-the-Web, Microsoft’s prime defence.
Reverse Engineering Windows Printer Drivers (Part 1)
https://ift.tt/9rTzA7y
Submitted August 05, 2022 at 11:26PM by sanitybit
via reddit https://ift.tt/fNo3umJ
https://ift.tt/9rTzA7y
Submitted August 05, 2022 at 11:26PM by sanitybit
via reddit https://ift.tt/fNo3umJ
Include Security Research Blog
Reverse Engineering Windows Printer Drivers (Part 1) - Include Security Research Blog
Note: This is Part 1 in a series of posts discussing security analysis of printer drivers extracted and installed from public resources. This part explains how we located publicly available drivers distributed by WeWork and conducted initial analysis. Part…
How Passwordless Works
https://ift.tt/19CQfTG
Submitted August 06, 2022 at 01:10AM by Blakebvhjjdd
via reddit https://ift.tt/01FDYwZ
https://ift.tt/19CQfTG
Submitted August 06, 2022 at 01:10AM by Blakebvhjjdd
via reddit https://ift.tt/01FDYwZ
Goteleport
How Passwordless Works
Learn how passwordless authentication works and how it's built using WebAuthn.
Repository of Adversarial Tactics That is Updated Daily
https://ift.tt/4oKjweC
Submitted August 06, 2022 at 01:04AM by entropydaemon8
via reddit https://ift.tt/rjsaHbt
https://ift.tt/4oKjweC
Submitted August 06, 2022 at 01:04AM by entropydaemon8
via reddit https://ift.tt/rjsaHbt
GitHub
GitHub - RoseSecurity/Red-Teaming-TTPs: Useful Techniques, Tactics, and Procedures for red teamers and defenders, alike!
Useful Techniques, Tactics, and Procedures for red teamers and defenders, alike! - GitHub - RoseSecurity/Red-Teaming-TTPs: Useful Techniques, Tactics, and Procedures for red teamers and defenders, ...
nday exploit: libinput format string bug, canary leak exploit (cve-2022-1215)
https://ift.tt/X7f1CS3
Submitted August 06, 2022 at 10:36AM by Gallus
via reddit https://ift.tt/xGEekZ6
https://ift.tt/X7f1CS3
Submitted August 06, 2022 at 10:36AM by Gallus
via reddit https://ift.tt/xGEekZ6
hyprblog
nday exploit: libinput format string bug, canary leak exploit (cve-2022-1215)
a quick post on a format string bug in libinput I found last year but never got around to debugging, plus some exploit code to leak the stack canary on a default Xubuntu 20.04.4 system.
Kanye West's Stem Player - An engineering disaster
https://ift.tt/rx3IXtj
Submitted August 06, 2022 at 09:43PM by krystalgamer
via reddit https://ift.tt/4SYqelw
https://ift.tt/rx3IXtj
Submitted August 06, 2022 at 09:43PM by krystalgamer
via reddit https://ift.tt/4SYqelw
krystalgamer.github.io
Kanye West's Stem Player - An engineering disaster
This post covers the history of the Stem Player, the development of the emulator, how badly the product was handled and some behind-the-scenes interactions with the creators
Weekly quiz covering 10 interesting infosec stories or events from the past week
https://ift.tt/eGO183B
Submitted August 06, 2022 at 11:23PM by jaco_za
via reddit https://ift.tt/ro1J5xU
https://ift.tt/eGO183B
Submitted August 06, 2022 at 11:23PM by jaco_za
via reddit https://ift.tt/ro1J5xU
SocVel.com - Don't Delay, SocVel Today!
Quiz - SocVel.com
The SocVel Cybersecurity Quiz [w26] Play this week's quiz, jam-packed with 10 of the most interesting #infosec stories from the past week. Play now!
Technical analysis of syzkaller based fuzzers: It's not about VaultFuzzer!
https://ift.tt/wfFJjYz
Submitted August 07, 2022 at 04:25PM by hardenedvault
via reddit https://ift.tt/CeqAj9y
https://ift.tt/wfFJjYz
Submitted August 07, 2022 at 04:25PM by hardenedvault
via reddit https://ift.tt/CeqAj9y
hardenedvault.net
Technical analysis of syzkaller based fuzzers: It's not about VaultFuzzer!
0. VaultFuzzer S0rry, VaultFuzzer is not the main player today. We’re going have little ride with Harbian-QA and GREBE today.
Amazon’s One-Stop Shop for Identity Thieves
https://ift.tt/G6A0n2F
Submitted August 07, 2022 at 08:42PM by moxofoxo
via reddit https://ift.tt/drCapm1
https://ift.tt/G6A0n2F
Submitted August 07, 2022 at 08:42PM by moxofoxo
via reddit https://ift.tt/drCapm1
The Intercept
Amazon’s One-Stop Shop for Identity Thieves
Public Amazon registries could reveal enough information to steal the identity of someone who hasn’t been born yet.