DylibHijackTest: Discover DYLD_INSERT_LIBRARIES hijacks on macOS
https://ift.tt/tf8KTnM
Submitted September 16, 2022 at 01:17PM by sanitybit
via reddit https://ift.tt/VZ1bok6
https://ift.tt/tf8KTnM
Submitted September 16, 2022 at 01:17PM by sanitybit
via reddit https://ift.tt/VZ1bok6
GitHub
GitHub - slyd0g/DylibHijackTest: Discover DYLD_INSERT_LIBRARIES hijacks on macOS
Discover DYLD_INSERT_LIBRARIES hijacks on macOS. Contribute to slyd0g/DylibHijackTest development by creating an account on GitHub.
A Basic Guide to iOS Testing in 2022
https://ift.tt/McRWDpm
Submitted September 16, 2022 at 01:14PM by sanitybit
via reddit https://ift.tt/1a9K3fj
https://ift.tt/McRWDpm
Submitted September 16, 2022 at 01:14PM by sanitybit
via reddit https://ift.tt/1a9K3fj
Bugcrowd
A Basic Guide to iOS Testing in 2022 | Bugcrowd
Get a close look at iOS testing with this guide by researcher Alxhh. Learn about the methods that allow you to test modern apps right away!
Jetty Features for Hacking Web Apps
https://ift.tt/RHcJSaU
Submitted September 16, 2022 at 01:12PM by sanitybit
via reddit https://ift.tt/2ELdFfb
https://ift.tt/RHcJSaU
Submitted September 16, 2022 at 01:12PM by sanitybit
via reddit https://ift.tt/2ELdFfb
PT SWARM
Jetty Features for Hacking Web Apps
To properly assess the security of a web application, it’s important to analyze it with regard to the server it will run on. Many things depend on the server, from processing user requests to the easiest way of achieving RCE. Armed with knowledge about the…
Staged Payloads from Kali Linux | PT Phone Home – DNS
https://ift.tt/xHpDuMr
Submitted September 16, 2022 at 12:57PM by sanitybit
via reddit https://ift.tt/FmMO32f
https://ift.tt/xHpDuMr
Submitted September 16, 2022 at 12:57PM by sanitybit
via reddit https://ift.tt/FmMO32f
OffSec
Staged Payloads from Kali Linux | PT Phone Home – DNS | OffSec
In part one of this post, Tristram teaches you how to use TXT records to stage payloads that can be retrieved through DNS lookups.
cloudvelo: An experimental Velociraptor implementation using cloud infrastructure
https://ift.tt/U3DSreN
Submitted September 17, 2022 at 01:03AM by sanitybit
via reddit https://ift.tt/qavl79s
https://ift.tt/U3DSreN
Submitted September 17, 2022 at 01:03AM by sanitybit
via reddit https://ift.tt/qavl79s
GitHub
GitHub - Velocidex/cloudvelo: An experimental Velociraptor implementation using cloud infrastructure
An experimental Velociraptor implementation using cloud infrastructure - GitHub - Velocidex/cloudvelo: An experimental Velociraptor implementation using cloud infrastructure
Practical Attacks against NTLMv1
https://ift.tt/GVKepHS
Submitted September 18, 2022 at 02:44AM by sanitybit
via reddit https://ift.tt/hoPNDVJ
https://ift.tt/GVKepHS
Submitted September 18, 2022 at 02:44AM by sanitybit
via reddit https://ift.tt/hoPNDVJ
TrustedSec
Practical Attacks against NTLMv1 - TrustedSec
TrustedSec's blog is an expert source of information on information security trends and best practices for strategic risk management.
LLVM Passes for Security: A Brief Introduction (Part 1/4)
https://ift.tt/ghkHdOJ
Submitted September 18, 2022 at 02:40AM by sanitybit
via reddit https://ift.tt/r6FBCZW
https://ift.tt/ghkHdOJ
Submitted September 18, 2022 at 02:40AM by sanitybit
via reddit https://ift.tt/r6FBCZW
Securing the Supply Chain of Nothing
https://ift.tt/C76gA9L
Submitted September 18, 2022 at 02:37AM by sanitybit
via reddit https://ift.tt/l9IdEhM
https://ift.tt/C76gA9L
Submitted September 18, 2022 at 02:37AM by sanitybit
via reddit https://ift.tt/l9IdEhM
Kelly Shortridge
Securing the Supply Chain of Nothing
This post is a rebuttal to the recent guide on “Securing the Software Supply Chain” published by CISA, ODNI, and the NSA.
requests-ip-rotator: A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.
https://ift.tt/mDGNFfj
Submitted September 18, 2022 at 07:26AM by sanitybit
via reddit https://ift.tt/FaPe3g9
https://ift.tt/mDGNFfj
Submitted September 18, 2022 at 07:26AM by sanitybit
via reddit https://ift.tt/FaPe3g9
GitHub
GitHub - Ge0rg3/requests-ip-rotator: A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo…
A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing. - GitHub - Ge0rg3/requests-ip-rotator: A Python li...
Virtual FIDO is a virtual USB device that implements the FIDO2/U2F protocol (like a YubiKey) in order to support 2FA and WebAuthN.
https://ift.tt/iZbLeFW
Submitted September 18, 2022 at 06:51AM by sanitybit
via reddit https://ift.tt/vxd8yPe
https://ift.tt/iZbLeFW
Submitted September 18, 2022 at 06:51AM by sanitybit
via reddit https://ift.tt/vxd8yPe
GitHub
GitHub - bulwarkid/virtual-fido: A Virtual FIDO2 USB Device
A Virtual FIDO2 USB Device. Contribute to bulwarkid/virtual-fido development by creating an account on GitHub.
ldapnomnom: Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)
https://ift.tt/gs0RTMp
Submitted September 19, 2022 at 01:09AM by sanitybit
via reddit https://ift.tt/ciW2skt
https://ift.tt/gs0RTMp
Submitted September 19, 2022 at 01:09AM by sanitybit
via reddit https://ift.tt/ciW2skt
GitHub
GitHub - lkarlslund/ldapnomnom: Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping…
Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP) - GitHub - lkarlslund/ldapnomnom: Anonymously bruteforce Active Directory usernames f...
GTA 6 source code and videos leaked after Rockstar Games hack
https://ift.tt/plGmv9s
Submitted September 19, 2022 at 12:32PM by CyberMasterV
via reddit https://ift.tt/B1ib6ae
https://ift.tt/plGmv9s
Submitted September 19, 2022 at 12:32PM by CyberMasterV
via reddit https://ift.tt/B1ib6ae
BleepingComputer
GTA 6 source code and videos leaked after Rockstar Games hack
Grand Theft Auto 6 gameplay videos and source code have been leaked after a hacker allegedly breached Rockstar Game's Slack server and Confluence wiki.
Vulnerabilities Identified in EZVIZ Smart Cams
https://ift.tt/PcDB7Nj
Submitted September 19, 2022 at 09:11PM by Turbulent-Ant-6813
via reddit https://ift.tt/ySlCIAw
https://ift.tt/PcDB7Nj
Submitted September 19, 2022 at 09:11PM by Turbulent-Ant-6813
via reddit https://ift.tt/ySlCIAw
Bitdefender Labs
Vulnerabilities Identified in EZVIZ Smart Cams
As the creator of the world’s first smart home cybersecurity hub, Bitdefender
regularly audits popular IoT hardware for vulnerabilities that might affect
customers if left unaddressed.
regularly audits popular IoT hardware for vulnerabilities that might affect
customers if left unaddressed.
Open Source Tool to Collect Volatile Data for Incident Response
https://ift.tt/nsqlJTV
Submitted September 20, 2022 at 09:15PM by 0x636f6f6c
via reddit https://ift.tt/eSUnGLZ
https://ift.tt/nsqlJTV
Submitted September 20, 2022 at 09:15PM by 0x636f6f6c
via reddit https://ift.tt/eSUnGLZ
GitHub
GitHub - cado-security/varc: Volatile Artifact Collector
Volatile Artifact Collector. Contribute to cado-security/varc development by creating an account on GitHub.
I'm Building a Self-Destructing USB Drive Part 2
https://ift.tt/fLlVSHn
Submitted September 19, 2022 at 10:18PM by Machinehum
via reddit https://ift.tt/d0ujpGF
https://ift.tt/fLlVSHn
Submitted September 19, 2022 at 10:18PM by Machinehum
via reddit https://ift.tt/d0ujpGF
Interrupt Labs Blog
I'm Building a Self-Destructing USB Drive Part 2
I’m building an open-source USB drive with a hidden self-destruct feature. Say goodbye to your data if you don’t lick your fingers before plugging it
When Athletic Abilities Just Aren't Enough - Scoreboard Hacking Part 1
https://ift.tt/AgCkis2
Submitted September 19, 2022 at 05:42PM by mdulin2
via reddit https://ift.tt/DA1et37
https://ift.tt/AgCkis2
Submitted September 19, 2022 at 05:42PM by mdulin2
via reddit https://ift.tt/DA1et37
Cool Attack -- Bypassing NAT and Firewalls to Shut Down PDUs
https://ift.tt/lBTpUu5
Submitted September 21, 2022 at 01:13AM by derp6996
via reddit https://ift.tt/PkeI2Qb
https://ift.tt/lBTpUu5
Submitted September 21, 2022 at 01:13AM by derp6996
via reddit https://ift.tt/PkeI2Qb
Claroty
Bypassing NAT to Attack Dataprobe iBoot-PDUs
Team82 discloses details on vulnerabilities in Dataprobe iBoot-PDUs that expose power distribution units to remote code execution.
Oracle Cloud vulnerability allows unauthorized access to customer cloud storage volumes
https://ift.tt/T4wVL2x
Submitted September 21, 2022 at 04:03AM by sagitz_
via reddit https://ift.tt/eHNC9Ep
https://ift.tt/T4wVL2x
Submitted September 21, 2022 at 04:03AM by sagitz_
via reddit https://ift.tt/eHNC9Ep
wiz.io
AttachMe: critical OCI vulnerability allows unauthorized access to customer cloud storage volumes | Wiz Blog
Before it was patched, #AttachMe could have allowed attackers to access and modify any other users' OCI storage volumes without authorization, thereby violating cloud isolation. Upon disclosure, the vulnerability was fixed within hours by Oracle. No customer…
BGGP3 has completed! 34 entries, 23 writeups, and 3 CVE's.
https://ift.tt/RYVoek4
Submitted September 21, 2022 at 07:24AM by netsecfriends
via reddit https://ift.tt/xE9rbD2
https://ift.tt/RYVoek4
Submitted September 21, 2022 at 07:24AM by netsecfriends
via reddit https://ift.tt/xE9rbD2
GitHub
BGGP/2022 at main · netspooky/BGGP
Binary Golf Grand Prix. Contribute to netspooky/BGGP development by creating an account on GitHub.
Exploiting a Seagate service to create a SYSTEM shell (CVE-2022-40286)
https://ift.tt/DJF6NQ5
Submitted September 21, 2022 at 12:29PM by sanitybit
via reddit https://ift.tt/DXqUmcn
https://ift.tt/DJF6NQ5
Submitted September 21, 2022 at 12:29PM by sanitybit
via reddit https://ift.tt/DXqUmcn
Practical Attacks against NTLMv1
https://ift.tt/fxK6Mgb
Submitted September 21, 2022 at 12:19PM by 0xdea
via reddit https://ift.tt/2Pn37Co
https://ift.tt/fxK6Mgb
Submitted September 21, 2022 at 12:19PM by 0xdea
via reddit https://ift.tt/2Pn37Co
TrustedSec
Practical Attacks against NTLMv1 - TrustedSec
TrustedSec's blog is an expert source of information on information security trends and best practices for strategic risk management.