STRIDE Threat Modelling vs DREAD Threat Modelling
https://ift.tt/KaLmO1J
Submitted August 22, 2022 at 01:25PM by InformationSecurity
via reddit https://ift.tt/BlYk0nF
https://ift.tt/KaLmO1J
Submitted August 22, 2022 at 01:25PM by InformationSecurity
via reddit https://ift.tt/BlYk0nF
Haider's Infosec Blog
STRIDE Threat Modelling vs DREAD Threat Modelling - Haider
Stride Threat modelling, Dread Threat modelling, Threat modelling assessment, STRIDE methodology, DREAD methodology
Ridiculous vulnerability disclosure process with CrowdStrike Falcon Sensor
https://ift.tt/Q9KGwhY
Submitted August 22, 2022 at 02:23PM by Ex1v0r
via reddit https://ift.tt/8WIrLCb
https://ift.tt/Q9KGwhY
Submitted August 22, 2022 at 02:23PM by Ex1v0r
via reddit https://ift.tt/8WIrLCb
Modzero
Ridiculous vulnerability disclosure process with CrowdStrike Falcon Sensor | mod%log
We found a security related issue in most recent CrowdStrike Falcon Sensor. The bug itself is not worth a blogpost, as the severity is pretty low. However, we'd like to shed some light on a vulnerability submission and disclosure process with CrowdStrike:…
“Useless” path traversals in Zyxel admin interface (CVE-2022-2030)
https://ift.tt/w8he7PK
Submitted August 22, 2022 at 05:46PM by 0xdea
via reddit https://ift.tt/8DRIQCw
https://ift.tt/w8he7PK
Submitted August 22, 2022 at 05:46PM by 0xdea
via reddit https://ift.tt/8DRIQCw
hn security
Useless path traversals in Zyxel admin interface (CVE-2022-2030) - hn security
During our analysis of Zyxel’s device […]
Vulnerability in the enforcement of group permissions in Linux containers (Docker, Kubernetes, etc.)
https://ift.tt/EXcnlIM
Submitted August 22, 2022 at 07:59PM by sjmurdoch
via reddit https://ift.tt/FiQNsAJ
https://ift.tt/EXcnlIM
Submitted August 22, 2022 at 07:59PM by sjmurdoch
via reddit https://ift.tt/FiQNsAJ
Bentham’s Gaze
Vulnerability in Linux containers – investigation and mitigation
Operating system access controls, that constrain which programs can open which files, have existed for almost as long as computers themselves. Access controls are still widely used and are more flexible and efficient when compared to cryptographically protecting…
Patch bypass for [CVE-2020-6369] Hard-coded Credentials in CA Introscope Enterprise Manager
https://ift.tt/NGwEguV
Submitted August 22, 2022 at 09:00PM by vah_13
via reddit https://ift.tt/No9IfS3
https://ift.tt/NGwEguV
Submitted August 22, 2022 at 09:00PM by vah_13
via reddit https://ift.tt/No9IfS3
RedRays
Patch bypass for [CVE-2020-6369] Hard-coded Credentials in CA Introscope Enterprise Manager
kyber-py: A pure python implementation of CRYSTALS-Kyber
https://ift.tt/f8CeJ0B
Submitted August 22, 2022 at 11:59PM by sanitybit
via reddit https://ift.tt/9Za30IU
https://ift.tt/f8CeJ0B
Submitted August 22, 2022 at 11:59PM by sanitybit
via reddit https://ift.tt/9Za30IU
GitHub
GitHub - jack4818/kyber-py: A pure python implementation of CRYSTALS-Kyber
A pure python implementation of CRYSTALS-Kyber. Contribute to jack4818/kyber-py development by creating an account on GitHub.
Information Security Checklist for Small to Medium Organizations
https://ift.tt/TdShIe8
Submitted August 23, 2022 at 04:31AM by InformationSecurity
via reddit https://ift.tt/0WScVGo
https://ift.tt/TdShIe8
Submitted August 23, 2022 at 04:31AM by InformationSecurity
via reddit https://ift.tt/0WScVGo
Haider's Infosec Blog
Information Security Checklist for Small to Medium Organizations
Information Security Checklist to protect small and medium sized organizations from emerging information security threats
CVE-2022-22715 PoC: Windows Dirty Pipe
https://ift.tt/eofE1ga
Submitted August 23, 2022 at 11:02AM by sanitybit
via reddit https://ift.tt/5qCbFpA
https://ift.tt/eofE1ga
Submitted August 23, 2022 at 11:02AM by sanitybit
via reddit https://ift.tt/5qCbFpA
Masky is a python library providing an alternative way to remotely dump domain users’ credentials
https://ift.tt/SpyJL06
Submitted August 23, 2022 at 10:59AM by sanitybit
via reddit https://ift.tt/UzamvdB
https://ift.tt/SpyJL06
Submitted August 23, 2022 at 10:59AM by sanitybit
via reddit https://ift.tt/UzamvdB
Zak’s blog
Masky release (v0.0.3)
Masky is a python library providing an alternative way to remotely dump domain users’ credentials thanks to an ADCS. A command line tool has been built on top of this library in order to easily harvest PFX, NT hashes and TGT on a larger scope.
HTTP header Blind SQL injection Example
https://ift.tt/Io7DFE8
Submitted August 23, 2022 at 12:17PM by InformationSecurity
via reddit https://ift.tt/ESRlqsB
https://ift.tt/Io7DFE8
Submitted August 23, 2022 at 12:17PM by InformationSecurity
via reddit https://ift.tt/ESRlqsB
Haider's Infosec Blog
HTTP header Blind SQL injection Example
HTTP header Blind SQL injection Example is explained in this article to show how to exploit SQL injection in HTTP headers.
[CVE-2020-2733] Technical overview and PoC of bypassing admin authentication of JD Edwards EnterpriseOne
https://ift.tt/9hmEGdc
Submitted August 23, 2022 at 05:40PM by vah_13
via reddit https://ift.tt/5qUj1O0
https://ift.tt/9hmEGdc
Submitted August 23, 2022 at 05:40PM by vah_13
via reddit https://ift.tt/5qUj1O0
RedRays
[CVE-2020-2733] JD Edwards EnterpriseOne Tools admin password not adequately protected
JD Edwards EnterpriseOne Tools 9.2 or lower versions allow unauthenticated attackers to bypass the authentication and get Administrator rights on the system.
Argument Injection in Visual Studio Code < 1.67.1 (CVE-2022-30129)
https://ift.tt/rzMN6OQ
Submitted August 23, 2022 at 07:09PM by monoimpact
via reddit https://ift.tt/DI9jVuM
https://ift.tt/rzMN6OQ
Submitted August 23, 2022 at 07:09PM by monoimpact
via reddit https://ift.tt/DI9jVuM
Sonarsource
Securing Developer Tools: Argument Injection in Visual Studio Code
In the third part of our Securing Developer Tools series, we look at a critical vulnerability that affects one of the most popular code editors: Visual Studio Code.
SBOM 101 - All the questions you were afraid to ask Software Bill of Materials
https://ift.tt/4cGzIha
Submitted August 23, 2022 at 08:36PM by MiguelHzBz
via reddit https://ift.tt/fatcrnR
https://ift.tt/4cGzIha
Submitted August 23, 2022 at 08:36PM by MiguelHzBz
via reddit https://ift.tt/fatcrnR
Sysdig
SBOM 101
SBOM is a key piece in securing the software supply chain and fundamental for vulnerability matching and management.
Chainsaw 2.0: Allows users to rapidly search through Windows event logs and hunt for threats using Sigma detection rules.
https://ift.tt/maRhUns
Submitted August 23, 2022 at 09:19PM by sanitybit
via reddit https://ift.tt/OVeaFps
https://ift.tt/maRhUns
Submitted August 23, 2022 at 09:19PM by sanitybit
via reddit https://ift.tt/OVeaFps
GitHub
GitHub - WithSecureLabs/chainsaw: Rapidly Search and Hunt through Windows Forensic Artefacts
Rapidly Search and Hunt through Windows Forensic Artefacts - GitHub - WithSecureLabs/chainsaw: Rapidly Search and Hunt through Windows Forensic Artefacts
But You Told Me You Were Safe: Attacking the Mozilla Firefox Renderer (Part 2)
https://ift.tt/k9J2x6Z
Submitted August 24, 2022 at 02:21AM by sanitybit
via reddit https://ift.tt/b8s3JP4
https://ift.tt/k9J2x6Z
Submitted August 24, 2022 at 02:21AM by sanitybit
via reddit https://ift.tt/b8s3JP4
Zero Day Initiative
Zero Day Initiative — But You Told Me You Were Safe: Attacking the Mozilla Firefox Sandbox (Part 2)
In the first part of this series , we reviewed how Pwn2Own contestant Manfred Paul was able to compromise the Mozilla Firefox renderer process via a prototype pollution vulnerability in the await implementation. In modern browser architecture design, compromising…
bomber - a vulnerability scanner for SBOMs
https://ift.tt/i5QOJWk
Submitted August 24, 2022 at 02:07AM by sanitybit
via reddit https://ift.tt/IWOSxil
https://ift.tt/i5QOJWk
Submitted August 24, 2022 at 02:07AM by sanitybit
via reddit https://ift.tt/IWOSxil
GitHub
GitHub - devops-kung-fu/bomber: Scans Software Bill of Materials (SBOMs) for security vulnerabilities
Scans Software Bill of Materials (SBOMs) for security vulnerabilities - GitHub - devops-kung-fu/bomber: Scans Software Bill of Materials (SBOMs) for security vulnerabilities
Misconfigured Resource-Based Policies - Hacking The Cloud
https://ift.tt/POozQgw
Submitted August 24, 2022 at 08:04PM by RedTermSession
via reddit https://ift.tt/zDqOvQG
https://ift.tt/POozQgw
Submitted August 24, 2022 at 08:04PM by RedTermSession
via reddit https://ift.tt/zDqOvQG
Twitter Whistleblower Document Archive
https://ift.tt/8cbunMI
Submitted August 24, 2022 at 11:11PM by sanitybit
via reddit https://ift.tt/G2hzcZ4
https://ift.tt/8cbunMI
Submitted August 24, 2022 at 11:11PM by sanitybit
via reddit https://ift.tt/G2hzcZ4
How I was able to delete 13k+ Microsoft Translator Projects
https://ift.tt/U8XbrTd
Submitted August 25, 2022 at 12:40AM by InformationSecurity
via reddit https://ift.tt/9J0f1sr
https://ift.tt/U8XbrTd
Submitted August 25, 2022 at 12:40AM by InformationSecurity
via reddit https://ift.tt/9J0f1sr
Haider's Infosec Blog
How I was able to delete 13k+ Microsoft Translator Projects
Critical vulnerability found in Microsoft Translator Hub where all of its 13000 projects could be deleted using indirect object reference vulnerability
Exploitation in the era of formal verification - a peek at a new frontier
https://ift.tt/bdzMmfC
Submitted August 25, 2022 at 12:53AM by lojump1
via reddit https://ift.tt/9japBWK
https://ift.tt/bdzMmfC
Submitted August 25, 2022 at 12:53AM by lojump1
via reddit https://ift.tt/9japBWK
Attack surface of browser extension pages
https://ift.tt/n0eQqDS
Submitted August 25, 2022 at 03:12AM by sanitybit
via reddit https://ift.tt/gdGCQAj
https://ift.tt/n0eQqDS
Submitted August 25, 2022 at 03:12AM by sanitybit
via reddit https://ift.tt/gdGCQAj
Almost Secure
Attack surface of extension pages
Remote Code Execution in extension pages is actually hard to achieve. We’ll produce a vulnerable extension nevertheless and look into how it can be exploited.