Oh SSH-it, what's my fingerprint? A Large-Scale Analysis of SSH Host Key Fingerprint Verification Records in the DNS
https://ift.tt/ZsNSF4M
Submitted August 19, 2022 at 09:07AM by sanitybit
via reddit https://ift.tt/ZLj8QPU
https://ift.tt/ZsNSF4M
Submitted August 19, 2022 at 09:07AM by sanitybit
via reddit https://ift.tt/ZLj8QPU
A Lightweight Approach To Implement Secure Software Development LifeCycle (Secure SDLC)
https://ift.tt/teT906Y
Submitted August 19, 2022 at 11:53AM by sanitybit
via reddit https://ift.tt/2cJKUTj
https://ift.tt/teT906Y
Submitted August 19, 2022 at 11:53AM by sanitybit
via reddit https://ift.tt/2cJKUTj
GraphQL Security Testing Without a Schema
https://ift.tt/Jdcjy9T
Submitted August 19, 2022 at 11:44PM by alxjsn
via reddit https://ift.tt/RDP2YMT
https://ift.tt/Jdcjy9T
Submitted August 19, 2022 at 11:44PM by alxjsn
via reddit https://ift.tt/RDP2YMT
Forces Unseen Blog
GraphQL Security Testing Without a Schema — Forces Unseen Blog
One of the main obstacles of a black box GraphQL security review is getting good coverage of the exposed functionality. Anyone who has re...
Pitraix Botnet - Modern P2P Self-Modifying Botnet Cross-Platform Over TOR
https://ift.tt/qYmeH3C
Submitted August 19, 2022 at 11:13PM by United-General-2000
via reddit https://ift.tt/tSqVJWg
https://ift.tt/qYmeH3C
Submitted August 19, 2022 at 11:13PM by United-General-2000
via reddit https://ift.tt/tSqVJWg
GitHub
GitHub - ThrillQuks/Pitraix: Modern Cross-Platform Peer-to-Peer Botnet over TOR
Modern Cross-Platform Peer-to-Peer Botnet over TOR - GitHub - ThrillQuks/Pitraix: Modern Cross-Platform Peer-to-Peer Botnet over TOR
Bighuge BLS OSINT Tool - BBOT
https://ift.tt/AFQXqWd
Submitted August 20, 2022 at 12:45AM by aconite33
via reddit https://ift.tt/wlV3Knz
https://ift.tt/AFQXqWd
Submitted August 20, 2022 at 12:45AM by aconite33
via reddit https://ift.tt/wlV3Knz
GitHub
GitHub - blacklanternsecurity/bbot: OSINT automation for hackers.
OSINT automation for hackers. Contribute to blacklanternsecurity/bbot development by creating an account on GitHub.
iOS Privacy: TikTok monitoring all keyboard inputs and taps
https://ift.tt/2U05QgK
Submitted August 19, 2022 at 02:16PM by CyberMasterV
via reddit https://ift.tt/nc1JGfM
https://ift.tt/2U05QgK
Submitted August 19, 2022 at 02:16PM by CyberMasterV
via reddit https://ift.tt/nc1JGfM
900+ SQL Injection variations from one attacker log
https://ift.tt/Em2dlDu
Submitted August 21, 2022 at 12:00AM by nykzhang
via reddit https://ift.tt/0sOyaEp
https://ift.tt/Em2dlDu
Submitted August 21, 2022 at 12:00AM by nykzhang
via reddit https://ift.tt/0sOyaEp
Trunc Logging
SQL Injection Attack Log
Trunc provides a list of SQLi attacks in the wild. Honeypots records over 900 SQL injection attempts.
Detection Engineering with MITRE Top Techniques & Atomic Red Team
https://ift.tt/kgyYON5
Submitted August 21, 2022 at 01:02AM by sciencestudent99
via reddit https://ift.tt/lvE8z7U
https://ift.tt/kgyYON5
Submitted August 21, 2022 at 01:02AM by sciencestudent99
via reddit https://ift.tt/lvE8z7U
FourCore
Detection Engineering with MITRE Top Techniques & Atomic Red Team - FourCore
Detection Engineering is the process of optimizing security controls to get the most value out of them. Therefore, it is essential to prioritize your efforts according to your organization's needs and requirements. Here we cover the methodology of Detection…
FreeBSD 11.0-13.0 LPE via aio_aqueue Kernel Refcount Bug
https://ift.tt/t2TP7iy
Submitted August 21, 2022 at 02:57PM by rwgd406
via reddit https://ift.tt/Movp9zd
https://ift.tt/t2TP7iy
Submitted August 21, 2022 at 02:57PM by rwgd406
via reddit https://ift.tt/Movp9zd
Replicant: Reproducing a Fault Injection Attack on the Trezor One
https://ift.tt/d4UuQTA
Submitted August 21, 2022 at 08:54PM by wrongbaud
via reddit https://ift.tt/bV7i9C5
https://ift.tt/d4UuQTA
Submitted August 21, 2022 at 08:54PM by wrongbaud
via reddit https://ift.tt/bV7i9C5
Voidstar Security Research Blog
Replicant: Reproducing a Fault Injection Attack on the Trezor One
Introduction to Fault Injection Attacks
Backdoor specially made for hardened networks which leverages NTP
https://ift.tt/hmcYFf4
Submitted August 21, 2022 at 04:53PM by Idov31
via reddit https://ift.tt/qPn1B7V
https://ift.tt/hmcYFf4
Submitted August 21, 2022 at 04:53PM by Idov31
via reddit https://ift.tt/qPn1B7V
GitHub
GitHub - Idov31/Sandman: Sandman is a NTP based backdoor for red team engagements in hardened networks.
Sandman is a NTP based backdoor for red team engagements in hardened networks. - GitHub - Idov31/Sandman: Sandman is a NTP based backdoor for red team engagements in hardened networks.
Trivy: Enhanced with AWS scan integration
https://ift.tt/VP6ivzd
Submitted August 22, 2022 at 12:39PM by Rewanth_Tammana
via reddit https://ift.tt/JeSz5oZ
https://ift.tt/VP6ivzd
Submitted August 22, 2022 at 12:39PM by Rewanth_Tammana
via reddit https://ift.tt/JeSz5oZ
Rewanth Tammana's Blog
Trivy: Enhanced with AWS scan integration
Trivy now supports scanning AWS resources for security misconfigurations
GitHub Cache Poisoning
https://ift.tt/BEr0vHD
Submitted August 22, 2022 at 12:24PM by BarakScribe
via reddit https://ift.tt/gYaxhzL
https://ift.tt/BEr0vHD
Submitted August 22, 2022 at 12:24PM by BarakScribe
via reddit https://ift.tt/gYaxhzL
Scribe Security
GitHub Cache Poisoning - Scribe Blog
Without a deep understanding of what happens under the hood of your CI, you might be vulnerable to innovative supply chain attacks
STRIDE Threat Modelling vs DREAD Threat Modelling
https://ift.tt/KaLmO1J
Submitted August 22, 2022 at 01:25PM by InformationSecurity
via reddit https://ift.tt/BlYk0nF
https://ift.tt/KaLmO1J
Submitted August 22, 2022 at 01:25PM by InformationSecurity
via reddit https://ift.tt/BlYk0nF
Haider's Infosec Blog
STRIDE Threat Modelling vs DREAD Threat Modelling - Haider
Stride Threat modelling, Dread Threat modelling, Threat modelling assessment, STRIDE methodology, DREAD methodology
Ridiculous vulnerability disclosure process with CrowdStrike Falcon Sensor
https://ift.tt/Q9KGwhY
Submitted August 22, 2022 at 02:23PM by Ex1v0r
via reddit https://ift.tt/8WIrLCb
https://ift.tt/Q9KGwhY
Submitted August 22, 2022 at 02:23PM by Ex1v0r
via reddit https://ift.tt/8WIrLCb
Modzero
Ridiculous vulnerability disclosure process with CrowdStrike Falcon Sensor | mod%log
We found a security related issue in most recent CrowdStrike Falcon Sensor. The bug itself is not worth a blogpost, as the severity is pretty low. However, we'd like to shed some light on a vulnerability submission and disclosure process with CrowdStrike:…
“Useless” path traversals in Zyxel admin interface (CVE-2022-2030)
https://ift.tt/w8he7PK
Submitted August 22, 2022 at 05:46PM by 0xdea
via reddit https://ift.tt/8DRIQCw
https://ift.tt/w8he7PK
Submitted August 22, 2022 at 05:46PM by 0xdea
via reddit https://ift.tt/8DRIQCw
hn security
Useless path traversals in Zyxel admin interface (CVE-2022-2030) - hn security
During our analysis of Zyxel’s device […]
Vulnerability in the enforcement of group permissions in Linux containers (Docker, Kubernetes, etc.)
https://ift.tt/EXcnlIM
Submitted August 22, 2022 at 07:59PM by sjmurdoch
via reddit https://ift.tt/FiQNsAJ
https://ift.tt/EXcnlIM
Submitted August 22, 2022 at 07:59PM by sjmurdoch
via reddit https://ift.tt/FiQNsAJ
Bentham’s Gaze
Vulnerability in Linux containers – investigation and mitigation
Operating system access controls, that constrain which programs can open which files, have existed for almost as long as computers themselves. Access controls are still widely used and are more flexible and efficient when compared to cryptographically protecting…
Patch bypass for [CVE-2020-6369] Hard-coded Credentials in CA Introscope Enterprise Manager
https://ift.tt/NGwEguV
Submitted August 22, 2022 at 09:00PM by vah_13
via reddit https://ift.tt/No9IfS3
https://ift.tt/NGwEguV
Submitted August 22, 2022 at 09:00PM by vah_13
via reddit https://ift.tt/No9IfS3
RedRays
Patch bypass for [CVE-2020-6369] Hard-coded Credentials in CA Introscope Enterprise Manager
kyber-py: A pure python implementation of CRYSTALS-Kyber
https://ift.tt/f8CeJ0B
Submitted August 22, 2022 at 11:59PM by sanitybit
via reddit https://ift.tt/9Za30IU
https://ift.tt/f8CeJ0B
Submitted August 22, 2022 at 11:59PM by sanitybit
via reddit https://ift.tt/9Za30IU
GitHub
GitHub - jack4818/kyber-py: A pure python implementation of CRYSTALS-Kyber
A pure python implementation of CRYSTALS-Kyber. Contribute to jack4818/kyber-py development by creating an account on GitHub.
Information Security Checklist for Small to Medium Organizations
https://ift.tt/TdShIe8
Submitted August 23, 2022 at 04:31AM by InformationSecurity
via reddit https://ift.tt/0WScVGo
https://ift.tt/TdShIe8
Submitted August 23, 2022 at 04:31AM by InformationSecurity
via reddit https://ift.tt/0WScVGo
Haider's Infosec Blog
Information Security Checklist for Small to Medium Organizations
Information Security Checklist to protect small and medium sized organizations from emerging information security threats
CVE-2022-22715 PoC: Windows Dirty Pipe
https://ift.tt/eofE1ga
Submitted August 23, 2022 at 11:02AM by sanitybit
via reddit https://ift.tt/5qCbFpA
https://ift.tt/eofE1ga
Submitted August 23, 2022 at 11:02AM by sanitybit
via reddit https://ift.tt/5qCbFpA