SETTLERS OF NETLINK: Exploiting a limited Use After Free in nf_tables (CVE-2022-32250) against the latest Ubuntu (22.04) and Linux kernel 5.15 -
https://ift.tt/uk9fqmt
Submitted September 01, 2022 at 02:38PM by digicat
via reddit https://ift.tt/Uh2gLq3
https://ift.tt/uk9fqmt
Submitted September 01, 2022 at 02:38PM by digicat
via reddit https://ift.tt/Uh2gLq3
NCC Group Research
SETTLERS OF NETLINK: Exploiting a limited UAF in nf_tables (CVE-2022-32250)
Introduction netlink and nf_tables Overview Sets Expressions Set Expressions Stateful Expressions Expressions of Interest nft_lookup nft_dynset nft_connlimit Vulnerability Discovery CVE-2022-32250 …
GitHub - RossGeerlings/tio-ad-sync: Group Syncing between Active Directory and Tenable.io, and Automated Access Control
https://ift.tt/JGjqAp2
Submitted September 01, 2022 at 08:06PM by RossGeerlings
via reddit https://ift.tt/SaVe2FA
https://ift.tt/JGjqAp2
Submitted September 01, 2022 at 08:06PM by RossGeerlings
via reddit https://ift.tt/SaVe2FA
GitHub
GitHub - RossGeerlings/tio-ad-sync: Group Syncing between Active Directory and Tenable.io, and Automated Access Control
Group Syncing between Active Directory and Tenable.io, and Automated Access Control - GitHub - RossGeerlings/tio-ad-sync: Group Syncing between Active Directory and Tenable.io, and Automated Access...
Source Code Management Attack Toolkit - Supports GitHub Enterprise, GitLab Enterprise, & Bitbucket Server
https://ift.tt/xEKpQCV
Submitted September 02, 2022 at 09:50AM by sanitybit
via reddit https://ift.tt/mX85gFN
https://ift.tt/xEKpQCV
Submitted September 02, 2022 at 09:50AM by sanitybit
via reddit https://ift.tt/mX85gFN
GitHub
GitHub - h4wkst3r/SCMKit: Source Code Management Attack Toolkit
Source Code Management Attack Toolkit. Contribute to h4wkst3r/SCMKit development by creating an account on GitHub.
More SRE Lessons for SOC: Release Engineering Ideas
https://ift.tt/TIblBv4
Submitted September 02, 2022 at 09:41AM by sanitybit
via reddit https://ift.tt/tLQy1l8
https://ift.tt/TIblBv4
Submitted September 02, 2022 at 09:41AM by sanitybit
via reddit https://ift.tt/tLQy1l8
Medium
More SRE Lessons for SOC: Release Engineering Ideas
As we discussed in our blogs, “Achieving Autonomic Security Operations: Reducing toil” and “Achieving Autonomic Security Operations…
So You Wanna Pwn The Kernel?
https://ift.tt/ZB92EVI
Submitted September 02, 2022 at 03:42PM by _rs
via reddit https://ift.tt/kdhelPQ
https://ift.tt/ZB92EVI
Submitted September 02, 2022 at 03:42PM by _rs
via reddit https://ift.tt/kdhelPQ
sam4k
So You Wanna Pwn The Kernel?
My aim for this post is to provide some insights for getting into Linux kernel vulnerability research and exploit development
CVE-2021-38406 or CISA KEV Catalog Lacks Accountability
https://ift.tt/tLf8MYD
Submitted September 02, 2022 at 04:22PM by chicksdigthelongrun
via reddit https://ift.tt/mPgEl1w
https://ift.tt/tLf8MYD
Submitted September 02, 2022 at 04:22PM by chicksdigthelongrun
via reddit https://ift.tt/mPgEl1w
AttackerKB
CVE-2021-38406 | AttackerKB
Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in …
GraphQL Batching Attacks: Turbo Intruder
https://ift.tt/xoyhPQi
Submitted September 02, 2022 at 05:15PM by _rs
via reddit https://ift.tt/Ze6jG4U
https://ift.tt/xoyhPQi
Submitted September 02, 2022 at 05:15PM by _rs
via reddit https://ift.tt/Ze6jG4U
White Oak Security
GraphQL Batching Attacks: Turbo Intruder | White Oak Security
Michael Rand, one of White Oak Security’s penetration testing experts, demonstrates how to exploit GraphQL batching attacks using Turbo Intruder. Learn more..
iPhone 11 w/ iBoot & iOS16 emulated on QEMU
https://ift.tt/H8FjmAb
Submitted September 02, 2022 at 10:24PM by sanitybit
via reddit https://ift.tt/MJBEDqA
https://ift.tt/H8FjmAb
Submitted September 02, 2022 at 10:24PM by sanitybit
via reddit https://ift.tt/MJBEDqA
GitHub
GitHub - TrungNguyen1909/qemu-t8030: iPhone 11 emulated on QEMU
iPhone 11 emulated on QEMU. Contribute to TrungNguyen1909/qemu-t8030 development by creating an account on GitHub.
Windows Firmware Attack Surface Reduction (FASR)
https://ift.tt/fsgbvt2
Submitted September 02, 2022 at 11:33PM by sanitybit
via reddit https://ift.tt/k5dtJbH
https://ift.tt/fsgbvt2
Submitted September 02, 2022 at 11:33PM by sanitybit
via reddit https://ift.tt/k5dtJbH
Docs
Firmware Attack Surface Reduction (FASR) - Windows drivers
Provides information about how to achieve Secured-core PC compliance with Firmware Attack Surface Reduction (FASR).
curl’s TLS fingerprint
https://ift.tt/2wVXuST
Submitted September 02, 2022 at 11:16PM by sanitybit
via reddit https://ift.tt/mxPfVQ3
https://ift.tt/2wVXuST
Submitted September 02, 2022 at 11:16PM by sanitybit
via reddit https://ift.tt/mxPfVQ3
There’s Another Hole In Your SoC: Unisoc ROM Vulnerabilities as used in the Motorola Moto E40 / Teclast T40 5G etc. - disclosure timeline is a thing of wonder
https://ift.tt/nNeTR69
Submitted September 03, 2022 at 12:16AM by digicat
via reddit https://ift.tt/htAbNDu
https://ift.tt/nNeTR69
Submitted September 03, 2022 at 12:16AM by digicat
via reddit https://ift.tt/htAbNDu
NCC Group Research
There’s Another Hole In Your SoC: Unisoc ROM Vulnerabilities
UNISOC (formerly Spreadtrum) is a rapidly growing semiconductor company that is nowadays focused on the Android entry-level smartphone market. While still a rare sight in the west, the company has …
Practical guide for Golden SAML
https://ift.tt/YlQLNIt
Submitted September 03, 2022 at 09:49AM by sanitybit
via reddit https://ift.tt/MQ7RSC5
https://ift.tt/YlQLNIt
Submitted September 03, 2022 at 09:49AM by sanitybit
via reddit https://ift.tt/MQ7RSC5
Nodauf
Practical guide for Golden SAML
Practical guide step by step to create golden SAML
Reviewing macOS Unified Logs
https://ift.tt/eEvkIXc
Submitted September 03, 2022 at 09:47AM by sanitybit
via reddit https://ift.tt/QamwhKN
https://ift.tt/eEvkIXc
Submitted September 03, 2022 at 09:47AM by sanitybit
via reddit https://ift.tt/QamwhKN
Mandiant
Reviewing macOS Unified Logs | Mandiant
SimpleX Chat - the first messaging platform that has no user identifiers (not even random numbers) - v3.2 of iOS and Android apps released - with Incognito mode and support for .onion hostnames.
https://ift.tt/ZEs6Pkd
Submitted September 03, 2022 at 09:43PM by epoberezkin
via reddit https://ift.tt/MuV7aN6
https://ift.tt/ZEs6Pkd
Submitted September 03, 2022 at 09:43PM by epoberezkin
via reddit https://ift.tt/MuV7aN6
GitHub
simplex-chat/blog/20220901-simplex-chat-v3.2-incognito-mode.md at stable · simplex-chat/simplex-chat
SimpleX - the first messaging network operating without user identifiers of any kind - 100% private by design! iOS, Android and desktop apps 📱! - simplex-chat/simplex-chat
Arti 1.0.0: Rust Tor implementation is ready for production use
https://ift.tt/tSD5LCF
Submitted September 04, 2022 at 12:07AM by sanitybit
via reddit https://ift.tt/auA9SXn
https://ift.tt/tSD5LCF
Submitted September 04, 2022 at 12:07AM by sanitybit
via reddit https://ift.tt/auA9SXn
blog.torproject.org
Arti 1.0.0 is released: Our Rust Tor implementation is ready for production use. | Tor Project
Arti 1.0.0 is released and ready for download.
Chromeloader browser hijacker
https://ift.tt/qpUSQmz
Submitted September 03, 2022 at 11:16PM by CyberMasterV
via reddit https://ift.tt/NrZ6Ym1
https://ift.tt/qpUSQmz
Submitted September 03, 2022 at 11:16PM by CyberMasterV
via reddit https://ift.tt/NrZ6Ym1
Fun with Windows Containers - Popping Calc
https://ift.tt/IAHvwRE
Submitted September 03, 2022 at 11:58PM by sanitybit
via reddit https://ift.tt/qm6x3JX
https://ift.tt/IAHvwRE
Submitted September 03, 2022 at 11:58PM by sanitybit
via reddit https://ift.tt/qm6x3JX
raesene.github.io
Fun with Windows Containers - Popping Calc
Eight-Year Study Shows the Dark Side of WordPress Plugins
https://ift.tt/tk3aqUu
Submitted September 04, 2022 at 06:42PM by jonas02
via reddit https://ift.tt/3NoCh45
https://ift.tt/tk3aqUu
Submitted September 04, 2022 at 06:42PM by jonas02
via reddit https://ift.tt/3NoCh45
Blocking Kiwifarms
https://ift.tt/uJdnbSX
Submitted September 04, 2022 at 06:53PM by 457655676
via reddit https://ift.tt/4WkduRK
https://ift.tt/uJdnbSX
Submitted September 04, 2022 at 06:53PM by 457655676
via reddit https://ift.tt/4WkduRK
WPHash - Fingerprinting WordPress Plugins, now in public beta and open to feedback and collaboration
https://wpha.sh/
Submitted September 05, 2022 at 12:14AM by _cydave
via reddit https://ift.tt/WRndo4L
https://wpha.sh/
Submitted September 05, 2022 at 12:14AM by _cydave
via reddit https://ift.tt/WRndo4L
wpha.sh
WPHash: WordPress Plugin Fingerprinting
WPHash indexes over 75 million SHA256 hashes for fingerprinting the exact version of WordPress plugins.
CVE-2022-30190, AKA Follina, Uses Macro-less Word Docs to Drop RCE Files
https://ift.tt/4QtJU8f
Submitted September 05, 2022 at 01:43PM by anyore909
via reddit https://ift.tt/bG5jCPx
https://ift.tt/4QtJU8f
Submitted September 05, 2022 at 01:43PM by anyore909
via reddit https://ift.tt/bG5jCPx
Cymulate
CVE-2022-30190, AKA Follina, Uses Macro-less Word Docs to Drop RCE Files
Rated a 7.8 high CVSS 3.x severity base score, CVE-2022-30190 takes advantage of the MSDT, an official tool built-in all versions of Windows.