135 is the new 445: PsExec over Remote Procedure Calls
https://ift.tt/0q32g6d
Submitted September 14, 2022 at 08:27PM by 0xdea
via reddit https://ift.tt/orDbnCG
https://ift.tt/0q32g6d
Submitted September 14, 2022 at 08:27PM by 0xdea
via reddit https://ift.tt/orDbnCG
Pentera
135 is the new 445 - Pentera
If it was possible to nominate a command-line utility for an award, PsExec would definitively win the most useful category. This tool allows
Caching the Un-cacheables - Abusing URL Parser Confusions (Web Cache Poisoning Technique)
https://ift.tt/x9tXCWg
Submitted September 14, 2022 at 08:27PM by albinowax
via reddit https://ift.tt/XF6fiVO
https://ift.tt/x9tXCWg
Submitted September 14, 2022 at 08:27PM by albinowax
via reddit https://ift.tt/XF6fiVO
Codecepticon - An offensive security obfuscator for C#, VBA, and PowerShell
https://ift.tt/TevYHgN
Submitted September 14, 2022 at 11:52PM by h0wlett
via reddit https://ift.tt/ODcKoPr
https://ift.tt/TevYHgN
Submitted September 14, 2022 at 11:52PM by h0wlett
via reddit https://ift.tt/ODcKoPr
GitHub
GitHub - Accenture/Codecepticon
Contribute to Accenture/Codecepticon development by creating an account on GitHub.
It pays to be Circomspect
https://ift.tt/uPaRmbZ
Submitted September 15, 2022 at 09:31AM by Gallus
via reddit https://ift.tt/h4VcBws
https://ift.tt/uPaRmbZ
Submitted September 15, 2022 at 09:31AM by Gallus
via reddit https://ift.tt/h4VcBws
Trail of Bits Blog
It pays to be Circomspect
By Fredrik Dahlgren, Staff Security Engineer In October 2019, a security researcher found a devastating vulnerability in Tornado.cash, a decentralized, non-custodial mixer on the Ethereum network. …
Traces of Windows remote command execution
https://ift.tt/XZj9FBm
Submitted September 15, 2022 at 10:21AM by jeandrew
via reddit https://ift.tt/Ra82F9T
https://ift.tt/XZj9FBm
Submitted September 15, 2022 at 10:21AM by jeandrew
via reddit https://ift.tt/Ra82F9T
Synacktiv
Traces of Windows remote command execution
A real ninja leaves no traces.
Security Advisory: NETGEAR Routers FunJSQ Vulnerabilities
https://ift.tt/nDg36St
Submitted September 15, 2022 at 02:27PM by g_e_r_h_a_r_d
via reddit https://ift.tt/nRZiApq
https://ift.tt/nDg36St
Submitted September 15, 2022 at 02:27PM by g_e_r_h_a_r_d
via reddit https://ift.tt/nRZiApq
ONEKEY
Several problems in FunJSQ on NETGEAR Routers & Orbi WiFi Systems.
Get more information about the detailed vulnerability analysis - Read latest Advisory!
Buffer overflow in the OpenRazer open-source kernel drivers causing denial of service and privilege escalation.
https://ift.tt/MOl6xrn
Submitted September 15, 2022 at 04:35PM by jat0369
via reddit https://ift.tt/UgD7xT3
https://ift.tt/MOl6xrn
Submitted September 15, 2022 at 04:35PM by jat0369
via reddit https://ift.tt/UgD7xT3
Cyberark
Colorful Vulnerabilities
Our love for gaming alongside finding bugs led us back to the good ol’ question: Is it true that the more RGB colors you have (except for your gaming chair, of course), the more skill...
A Detailed Analysis of the Quantum Ransomware [PDF]
https://ift.tt/v6Zpw57
Submitted September 15, 2022 at 05:34PM by CyberMasterV
via reddit https://ift.tt/KIzAuko
https://ift.tt/v6Zpw57
Submitted September 15, 2022 at 05:34PM by CyberMasterV
via reddit https://ift.tt/KIzAuko
Security Scorecard
A Detailed Analysis Of The Quantum Ransomware
Getting started with gVisor support in Falco
https://ift.tt/UtIdJey
Submitted September 15, 2022 at 08:01PM by vjjmiras
via reddit https://ift.tt/dzm64yk
https://ift.tt/UtIdJey
Submitted September 15, 2022 at 08:01PM by vjjmiras
via reddit https://ift.tt/dzm64yk
Falco
Getting started with gVisor support in Falco
Learn how to integrate gVisor and Falco on Docker
The Blind Spots of BloodHound
https://ift.tt/bYJOIKx
Submitted September 15, 2022 at 08:55PM by 0xfffffg
via reddit https://ift.tt/VkMv6Y9
https://ift.tt/bYJOIKx
Submitted September 15, 2022 at 08:55PM by 0xfffffg
via reddit https://ift.tt/VkMv6Y9
SySS Tech Blog
The Blind Spots of BloodHound
Let’s get one thing straight: This article is not at all a dig on BloodHound.
CVE North Stars: Leverage CVEs to kickstart your next vulnerability hunting adventure
https://ift.tt/ke6XOSa
Submitted September 15, 2022 at 10:26PM by onlinereadme
via reddit https://ift.tt/LC34EhD
https://ift.tt/ke6XOSa
Submitted September 15, 2022 at 10:26PM by onlinereadme
via reddit https://ift.tt/LC34EhD
CVE North Stars
Home
Leveraging CVE, patch diffing, and root cause analysis to kickstart your vulnerability hunting adventure.
NPM Malware Targeting HubSpot’s Bucky Client
https://ift.tt/gdumjNq
Submitted September 15, 2022 at 11:17PM by louis11
via reddit https://ift.tt/12LRlbX
https://ift.tt/gdumjNq
Submitted September 15, 2022 at 11:17PM by louis11
via reddit https://ift.tt/12LRlbX
blog.phylum.io
NPM Malware Targeting HubSpot’s Bucky Client
Our risk analysis platform recently alerted us to a malicious package in the NPM ecosystem targeting Bucky Client, a project owned by HubSpot.
Undermining Microsoft Teams Security by Mining Tokens
https://ift.tt/nd41k6R
Submitted September 16, 2022 at 06:46AM by flexibeast
via reddit https://ift.tt/TuxMgo8
https://ift.tt/nd41k6R
Submitted September 16, 2022 at 06:46AM by flexibeast
via reddit https://ift.tt/TuxMgo8
www.vectra.ai
Undermining Microsoft Teams Security by Mining Tokens
In August 2022, the Vectra Protect team identified an attack path that enables malicious actors with file system access to steal credentials for any Microsoft Teams user who is signed in.
Uber hacked, internal systems breached and vulnerability reports stolen
https://ift.tt/hYuqaIS
Submitted September 16, 2022 at 12:35PM by Fugitif
via reddit https://ift.tt/6ivjTYN
https://ift.tt/hYuqaIS
Submitted September 16, 2022 at 12:35PM by Fugitif
via reddit https://ift.tt/6ivjTYN
BleepingComputer
Uber hacked, internal systems breached and vulnerability reports stolen
Uber suffered a cyberattack Thursday afternoon with a hacker gaining access to vulnerability reports and sharing screenshots of the company's internal systems, email dashboard, and Slack server.
DylibHijackTest: Discover DYLD_INSERT_LIBRARIES hijacks on macOS
https://ift.tt/tf8KTnM
Submitted September 16, 2022 at 01:17PM by sanitybit
via reddit https://ift.tt/VZ1bok6
https://ift.tt/tf8KTnM
Submitted September 16, 2022 at 01:17PM by sanitybit
via reddit https://ift.tt/VZ1bok6
GitHub
GitHub - slyd0g/DylibHijackTest: Discover DYLD_INSERT_LIBRARIES hijacks on macOS
Discover DYLD_INSERT_LIBRARIES hijacks on macOS. Contribute to slyd0g/DylibHijackTest development by creating an account on GitHub.
A Basic Guide to iOS Testing in 2022
https://ift.tt/McRWDpm
Submitted September 16, 2022 at 01:14PM by sanitybit
via reddit https://ift.tt/1a9K3fj
https://ift.tt/McRWDpm
Submitted September 16, 2022 at 01:14PM by sanitybit
via reddit https://ift.tt/1a9K3fj
Bugcrowd
A Basic Guide to iOS Testing in 2022 | Bugcrowd
Get a close look at iOS testing with this guide by researcher Alxhh. Learn about the methods that allow you to test modern apps right away!
Jetty Features for Hacking Web Apps
https://ift.tt/RHcJSaU
Submitted September 16, 2022 at 01:12PM by sanitybit
via reddit https://ift.tt/2ELdFfb
https://ift.tt/RHcJSaU
Submitted September 16, 2022 at 01:12PM by sanitybit
via reddit https://ift.tt/2ELdFfb
PT SWARM
Jetty Features for Hacking Web Apps
To properly assess the security of a web application, it’s important to analyze it with regard to the server it will run on. Many things depend on the server, from processing user requests to the easiest way of achieving RCE. Armed with knowledge about the…
Staged Payloads from Kali Linux | PT Phone Home – DNS
https://ift.tt/xHpDuMr
Submitted September 16, 2022 at 12:57PM by sanitybit
via reddit https://ift.tt/FmMO32f
https://ift.tt/xHpDuMr
Submitted September 16, 2022 at 12:57PM by sanitybit
via reddit https://ift.tt/FmMO32f
OffSec
Staged Payloads from Kali Linux | PT Phone Home – DNS | OffSec
In part one of this post, Tristram teaches you how to use TXT records to stage payloads that can be retrieved through DNS lookups.
cloudvelo: An experimental Velociraptor implementation using cloud infrastructure
https://ift.tt/U3DSreN
Submitted September 17, 2022 at 01:03AM by sanitybit
via reddit https://ift.tt/qavl79s
https://ift.tt/U3DSreN
Submitted September 17, 2022 at 01:03AM by sanitybit
via reddit https://ift.tt/qavl79s
GitHub
GitHub - Velocidex/cloudvelo: An experimental Velociraptor implementation using cloud infrastructure
An experimental Velociraptor implementation using cloud infrastructure - GitHub - Velocidex/cloudvelo: An experimental Velociraptor implementation using cloud infrastructure
Practical Attacks against NTLMv1
https://ift.tt/GVKepHS
Submitted September 18, 2022 at 02:44AM by sanitybit
via reddit https://ift.tt/hoPNDVJ
https://ift.tt/GVKepHS
Submitted September 18, 2022 at 02:44AM by sanitybit
via reddit https://ift.tt/hoPNDVJ
TrustedSec
Practical Attacks against NTLMv1 - TrustedSec
TrustedSec's blog is an expert source of information on information security trends and best practices for strategic risk management.
LLVM Passes for Security: A Brief Introduction (Part 1/4)
https://ift.tt/ghkHdOJ
Submitted September 18, 2022 at 02:40AM by sanitybit
via reddit https://ift.tt/r6FBCZW
https://ift.tt/ghkHdOJ
Submitted September 18, 2022 at 02:40AM by sanitybit
via reddit https://ift.tt/r6FBCZW