Skidaddle Skideldi - I just pwnd your PKI
https://ift.tt/l2qtNAL
Submitted September 27, 2022 at 05:43PM by 0xdea
via reddit https://ift.tt/hZPsJnz
https://ift.tt/l2qtNAL
Submitted September 27, 2022 at 05:43PM by 0xdea
via reddit https://ift.tt/hZPsJnz
luemmelsec.github.io
Skidaddle Skideldi - I just pwnd your PKI
My dear Bagginses and Boffins, Tooks and Brandybucks, Grubbs, Chubbs, Hornblowers, Bolgers, Bracegirdles and Proudfoots - it is time for some new shit.
We are going to explore the wonderful world of Active Directory Certificate Services, aka ADCS.
If you…
We are going to explore the wonderful world of Active Directory Certificate Services, aka ADCS.
If you…
A technical analysis of Pegasus for Android – Part 2
https://ift.tt/SNVgGdw
Submitted September 27, 2022 at 06:32PM by CyberMasterV
via reddit https://ift.tt/AES9XaO
https://ift.tt/SNVgGdw
Submitted September 27, 2022 at 06:32PM by CyberMasterV
via reddit https://ift.tt/AES9XaO
Diving Into Electron Web API Permissions
https://ift.tt/r9xApBZ
Submitted September 27, 2022 at 08:26PM by nibblesec
via reddit https://ift.tt/A2ukEVF
https://ift.tt/r9xApBZ
Submitted September 27, 2022 at 08:26PM by nibblesec
via reddit https://ift.tt/A2ukEVF
Doyensec
Diving Into Electron Web API Permissions · Doyensec's Blog
Doyensec's Blog :: Doyensec is an independent security research and development company focused on vulnerability discovery and remediation.
Detecting and Mitigating the GateKeeper User Override on macOS in an Enterprise Environment
https://ift.tt/9ZfuGL2
Submitted September 28, 2022 at 01:46AM by sanitybit
via reddit https://ift.tt/vsMEUTS
https://ift.tt/9ZfuGL2
Submitted September 28, 2022 at 01:46AM by sanitybit
via reddit https://ift.tt/vsMEUTS
Medium
Jumping Over the Gate
Detecting and Mitigating the GateKeeper User Override on macOS in an Enterprise Environment
Audit your DNS config, you'd be shocked at how bad it can get
https://ift.tt/Taeqszm
Submitted September 28, 2022 at 01:16AM by punksecurity_simon
via reddit https://ift.tt/vXkzVOp
https://ift.tt/Taeqszm
Submitted September 28, 2022 at 01:16AM by punksecurity_simon
via reddit https://ift.tt/vXkzVOp
GitHub
GitHub - punk-security/dnsReaper: dnsReaper - subdomain takeover tool for attackers, bug bounty hunters and the blue team!
dnsReaper - subdomain takeover tool for attackers, bug bounty hunters and the blue team! - GitHub - punk-security/dnsReaper: dnsReaper - subdomain takeover tool for attackers, bug bounty hunters an...
The difference between signature-based and behavioural detections
https://ift.tt/B25nLxl
Submitted September 28, 2022 at 02:23AM by S3cur3Th1sSh1t
via reddit https://ift.tt/jr5dziq
https://ift.tt/B25nLxl
Submitted September 28, 2022 at 02:23AM by S3cur3Th1sSh1t
via reddit https://ift.tt/jr5dziq
s3cur3th1ssh1t.github.io
The difference between signature-based and behavioural detections | S3cur3Th1sSh1t
In this blog post, the main difference between signature-based and behavior-based Detections are explained. In addition, examples are shown with respective D...
Ken Thompson Really Did Launch His "Trusting Trust" Trojan Attack in Real Life
https://ift.tt/a0Xf9B2
Submitted September 28, 2022 at 01:54AM by nic0nicon1
via reddit https://ift.tt/QE041Ou
https://ift.tt/a0Xf9B2
Submitted September 28, 2022 at 01:54AM by nic0nicon1
via reddit https://ift.tt/QE041Ou
niconiconi.neocities.org
Ken Thompson Really Did Launch His "Trusting Trust" Trojan Attack in Real Life
Ken Thompson's "Trusting Trust" compiler Trojan attack was not just a thought experiment. In fact, Usenet poster Jay Ashworth stated that, from personal communications, Thompson really did launch this attack in real life and successfully compromised the Unix…
Enhance your malware detection with WAF + YARA (WAFARAY)
https://ift.tt/B3SaJT7
Submitted September 28, 2022 at 10:33AM by alt3kx
via reddit https://ift.tt/DTxVKYj
https://ift.tt/B3SaJT7
Submitted September 28, 2022 at 10:33AM by alt3kx
via reddit https://ift.tt/DTxVKYj
GitHub
GitHub - alt3kx/wafaray: Enhance your malware detection with WAF + YARA (WAFARAY)
Enhance your malware detection with WAF + YARA (WAFARAY) - GitHub - alt3kx/wafaray: Enhance your malware detection with WAF + YARA (WAFARAY)
When Hypervisor Met Snapshot Fuzzing
https://ift.tt/ErWmcLd
Submitted September 28, 2022 at 11:08AM by jeandrew
via reddit https://ift.tt/x6TYcOm
https://ift.tt/ErWmcLd
Submitted September 28, 2022 at 11:08AM by jeandrew
via reddit https://ift.tt/x6TYcOm
安全代码
When Hypervisor Met Snapshot Fuzzing
source: https://null2root.github.io/blog/2022/07/21/When-Hypervisor-Met-Snapshot-Fuzzing.html 1. IntroductionHypervisor was known as hard target to fuzz over several years. Even though, lots of prior
Another Tale of IBM i (AS/400) Hacking
https://ift.tt/h8kDaQg
Submitted September 28, 2022 at 07:42PM by buherator
via reddit https://ift.tt/unEFvz3
https://ift.tt/h8kDaQg
Submitted September 28, 2022 at 07:42PM by buherator
via reddit https://ift.tt/unEFvz3
A Deep Dive Into the APT28’s stealer called CredoMap
https://ift.tt/hSnRA4m
Submitted September 28, 2022 at 07:30PM by CyberMasterV
via reddit https://ift.tt/NDVtgS7
https://ift.tt/hSnRA4m
Submitted September 28, 2022 at 07:30PM by CyberMasterV
via reddit https://ift.tt/NDVtgS7
SecurityScorecard
A Deep Dive Into the APT28’s stealer called CredoMap
Initially discovered by Google and CERT-UA, CredoMap is a stealer developed by the Russian APT28/Sofacy/Fancy Bear that was used to target users in Ukraine in the context of the ongoing war between Russia and Ukraine. Learn more about this malware and how…
GitHub - jafarlihi/connmap: connmap is an X11 desktop widget that shows location of your current network peers on a world map (tested only with i3wm). Made with C and libcairo.
https://ift.tt/jW1RQDs
Submitted September 28, 2022 at 09:01PM by jafarlihi
via reddit https://ift.tt/DbpOBPH
https://ift.tt/jW1RQDs
Submitted September 28, 2022 at 09:01PM by jafarlihi
via reddit https://ift.tt/DbpOBPH
GitHub
GitHub - jafarlihi/connmap: connmap is an X11 desktop widget that shows location of your current network peers on a world map
connmap is an X11 desktop widget that shows location of your current network peers on a world map - GitHub - jafarlihi/connmap: connmap is an X11 desktop widget that shows location of your current ...
LuaJIT hacking: Crafting Shellcodes
https://ift.tt/QzjCv3p
Submitted September 29, 2022 at 01:50AM by pwntheplanet
via reddit https://ift.tt/QWxrBEs
https://ift.tt/QzjCv3p
Submitted September 29, 2022 at 01:50AM by pwntheplanet
via reddit https://ift.tt/QWxrBEs
GitHub
GitHub - 0xbigshaq/luajit-pwn: Vuln-dev environment for LuaJIT
Vuln-dev environment for LuaJIT. Contribute to 0xbigshaq/luajit-pwn development by creating an account on GitHub.
Kerberos: New Attack Paths? AS Requested Service Tickets
https://ift.tt/xrX82bV
Submitted September 29, 2022 at 02:35AM by sanitybit
via reddit https://ift.tt/jBeQzE3
https://ift.tt/xrX82bV
Submitted September 29, 2022 at 02:35AM by sanitybit
via reddit https://ift.tt/jBeQzE3
Semperis
New Attack Paths? AS Requested Service Tickets - Semperis
Could AS Requested Service Tickets open new attack paths? Read "New Attack Paths? AS Requested Service Tickets" to learn more.
Talking Trojan: Analyzing an Industry-Wide Disclosure
https://ift.tt/I6enrJ2
Submitted September 29, 2022 at 02:33AM by sanitybit
via reddit https://ift.tt/7tsqLRl
https://ift.tt/I6enrJ2
Submitted September 29, 2022 at 02:33AM by sanitybit
via reddit https://ift.tt/7tsqLRl
The Confusing Lifetimes of AWS IAM Identity Center Access Tokens
https://ift.tt/j5uQS3z
Submitted September 29, 2022 at 03:28AM by csanders_
via reddit https://ift.tt/eHoRi43
https://ift.tt/j5uQS3z
Submitted September 29, 2022 at 03:28AM by csanders_
via reddit https://ift.tt/eHoRi43
Medium
The Confusing Lifetimes of AWS IAM Identity Center Access Tokens
Every week, almost without fail, I come across one thing that confuses, entertains, or most commonly infuriates me. I’ve decided to keep a…
GitHub - swanandx/lemmeknow: The fastest way to identify anything! Blazingly Fast alternative to PyWhat made with Rust.
https://ift.tt/IUE46G2
Submitted September 29, 2022 at 12:39PM by swanandx
via reddit https://ift.tt/bo8GP79
https://ift.tt/IUE46G2
Submitted September 29, 2022 at 12:39PM by swanandx
via reddit https://ift.tt/bo8GP79
GitHub
GitHub - swanandx/lemmeknow: The fastest way to identify anything!
The fastest way to identify anything! Contribute to swanandx/lemmeknow development by creating an account on GitHub.
New attack campaign utilized a new 0-day RCE vulnerability on Microsoft Exchange Server
https://ift.tt/k6CZvfz
Submitted September 30, 2022 at 01:19AM by CyberMasterV
via reddit https://ift.tt/5QnovCM
https://ift.tt/k6CZvfz
Submitted September 30, 2022 at 01:19AM by CyberMasterV
via reddit https://ift.tt/5QnovCM
Detecting Mimikatz with Busylight
https://ift.tt/Ego5Vbi
Submitted September 30, 2022 at 01:48PM by digicat
via reddit https://ift.tt/3ZEzGbm
https://ift.tt/Ego5Vbi
Submitted September 30, 2022 at 01:48PM by digicat
via reddit https://ift.tt/3ZEzGbm
NCC Group Research Blog
Detecting Mimikatz with Busylight
In 2015 Raphael Mudge released an article [1] that detailed that versions of mimikatz released after 8th of October, 2015 had a new module that was utilising certain types of external USB devices t…
Arbitrary cache poisoning on all Akamai websites via 'Connection: Content-Length'
https://ift.tt/lpUtn2r
Submitted September 30, 2022 at 01:37PM by albinowax
via reddit https://ift.tt/PqjQCDb
https://ift.tt/lpUtn2r
Submitted September 30, 2022 at 01:37PM by albinowax
via reddit https://ift.tt/PqjQCDb
Medium
Worldwide Server-side Cache Poisoning on All Akamai Edge Nodes ($50K+ Bounty Earned)
Introduction And Context
What I learnt from reading 220 IDOR bug reports.
https://ift.tt/8AGlkvj
Submitted September 30, 2022 at 06:08PM by _nynan
via reddit https://ift.tt/FlI6uBk
https://ift.tt/8AGlkvj
Submitted September 30, 2022 at 06:08PM by _nynan
via reddit https://ift.tt/FlI6uBk
Medium
What I learnt from reading 220* IDOR bug reports.
IDOR — Insecure Direct Object Reference, abuse of the lack of authentication at every stage.