Release EMBA firmware analyzer v1.1.2 - Knight Rider Edt.
https://ift.tt/TYQtq8x
Submitted October 06, 2022 at 06:06PM by _m-1-k-3_
via reddit https://ift.tt/yEc83pA
https://ift.tt/TYQtq8x
Submitted October 06, 2022 at 06:06PM by _m-1-k-3_
via reddit https://ift.tt/yEc83pA
GitHub
Release EMBA v1.1.2 - Knight Rider Edt. · e-m-b-a/emba
Highlights:
Bonnie: I have a new feature integrated into K.I.T.T.
Michael: Give me more details
K.I.T.T.: With my new friend EMBA I am able to find the weak spot in every firmware.
40 years later ....
Bonnie: I have a new feature integrated into K.I.T.T.
Michael: Give me more details
K.I.T.T.: With my new friend EMBA I am able to find the weak spot in every firmware.
40 years later ....
CVE-2022–36635 — A SQL Injection in ZKSecurityBio to RCE
https://ift.tt/6FvtD0b
Submitted October 06, 2022 at 07:16PM by sp1d3rr
via reddit https://ift.tt/aGSJrUh
https://ift.tt/6FvtD0b
Submitted October 06, 2022 at 07:16PM by sp1d3rr
via reddit https://ift.tt/aGSJrUh
Medium
CVE-2022–36635 — A SQL Injection in ZKSecurityBio to RCE
Researched and written by: Caio Burgardt and Silton Santos
Fully loaded: testing vulnerable PyYAML versions
https://ift.tt/qDcWKVm
Submitted October 06, 2022 at 11:41PM by iterablewords
via reddit https://ift.tt/JC9xQOb
https://ift.tt/qDcWKVm
Submitted October 06, 2022 at 11:41PM by iterablewords
via reddit https://ift.tt/JC9xQOb
Fully loaded: testing vulnerable PyYAML versions
Understanding which PyYAML API versions are vulnerable with a testing matrix
Uncovering a Fake Recruiter Scam with OSINT techniques
https://ift.tt/xZmhEzR
Submitted October 07, 2022 at 01:13AM by smicallef
via reddit https://ift.tt/90Rha4W
https://ift.tt/xZmhEzR
Submitted October 07, 2022 at 01:13AM by smicallef
via reddit https://ift.tt/90Rha4W
Unpatched vulnerability on Zimbra (again!) - symlink abuse in cpio
https://ift.tt/7PgbZ0G
Submitted October 07, 2022 at 02:31AM by iagox86
via reddit https://ift.tt/UMZbJ3B
https://ift.tt/7PgbZ0G
Submitted October 07, 2022 at 02:31AM by iagox86
via reddit https://ift.tt/UMZbJ3B
AttackerKB
CVE-2022-41352 | AttackerKB
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole (extraction to …
Securely Implementing IdP-initiated SAML2 Login
https://ift.tt/d6qWzsg
Submitted October 07, 2022 at 02:59AM by benarent
via reddit https://ift.tt/db9AKyl
https://ift.tt/d6qWzsg
Submitted October 07, 2022 at 02:59AM by benarent
via reddit https://ift.tt/db9AKyl
Goteleport
Securely Implementing IdP-initiated SAML2 Login
In this blog post, we'll deep-dive into the SAML2 protocol, how IdP-initiated login works and how to implement it securely.
Disclosure time for Zoneminder findings
https://ift.tt/OqvrgUM
Submitted October 07, 2022 at 08:31PM by trenchesofit
via reddit https://ift.tt/COszbEJ
https://ift.tt/OqvrgUM
Submitted October 07, 2022 at 08:31PM by trenchesofit
via reddit https://ift.tt/COszbEJ
What can we learn from leaked Insyde's BIOS for Intel Alder Lake
https://ift.tt/XTNnBbi
Submitted October 08, 2022 at 08:30PM by hardenedvault
via reddit https://ift.tt/gofB4cL
https://ift.tt/XTNnBbi
Submitted October 08, 2022 at 08:30PM by hardenedvault
via reddit https://ift.tt/gofB4cL
hardenedvault.net
What can we learn from leaked Insyde's BIOS for Intel Alder Lake
Leaked story timeline According to the timestamp of the github repository, an unidentified user uploaded the Insyde’s partial firmware solution (4.
Getting served a malicious update - interesting techniques, my slip up, and lessons learned: a short blog post
https://ift.tt/ZR82bOi
Submitted October 09, 2022 at 08:25PM by CuckooExe
via reddit https://ift.tt/Seqj7z4
https://ift.tt/ZR82bOi
Submitted October 09, 2022 at 08:25PM by CuckooExe
via reddit https://ift.tt/Seqj7z4
Axel’s Blog
UltimateUpdate
What do wedding venues and malware have in common? I got to spend my weekend investigating them. A short post about interesting malware, and lessons learned.
A simple shell noscript (almost) POSIX for mail security checks
https://ift.tt/WsBCwU8
Submitted October 10, 2022 at 01:37PM by ljulolsen
via reddit https://ift.tt/Ohy8PzH
https://ift.tt/WsBCwU8
Submitted October 10, 2022 at 01:37PM by ljulolsen
via reddit https://ift.tt/Ohy8PzH
GitHub
GitHub - jeffbencteux/mailsecchk: POSIX noscript for mail security checks of domain names
POSIX noscript for mail security checks of domain names - GitHub - jeffbencteux/mailsecchk: POSIX noscript for mail security checks of domain names
CandyShop for DevSecOps
https://ift.tt/IaTBgr7
Submitted October 10, 2022 at 12:54PM by Suphikoira
via reddit https://ift.tt/XcOSLJ7
https://ift.tt/IaTBgr7
Submitted October 10, 2022 at 12:54PM by Suphikoira
via reddit https://ift.tt/XcOSLJ7
AppSec Santa
CandyShop for DevSecOps
CandyShop is a devsecops project for cybersecurity professionals to access scan results of most popular vulnerability scanning tools.
GitLab: RCE via github import
https://ift.tt/mafCO9R
Submitted October 10, 2022 at 05:15PM by jeandrew
via reddit https://ift.tt/WEzjuDo
https://ift.tt/mafCO9R
Submitted October 10, 2022 at 05:15PM by jeandrew
via reddit https://ift.tt/WEzjuDo
GitLab
RCE via github import (#371098) · Issues · GitLab.org / GitLab · GitLab
HackerOne report #1672388 by yvvdwf on 2022-08-17, assigned to @nmalcolm:
More about the Google plasma globe exercise of 2012
https://ift.tt/UF2Tjkh
Submitted October 10, 2022 at 07:57PM by nf--
via reddit https://ift.tt/kJLYsqO
https://ift.tt/UF2Tjkh
Submitted October 10, 2022 at 07:57PM by nf--
via reddit https://ift.tt/kJLYsqO
The Google plasma globe affair of 2012
https://ift.tt/OnYyUmA
Submitted October 10, 2022 at 08:56PM by nf--
via reddit https://ift.tt/QlLtINP
https://ift.tt/OnYyUmA
Submitted October 10, 2022 at 08:56PM by nf--
via reddit https://ift.tt/QlLtINP
Persistent PHP payloads in PNGs: How to inject PHP code in an image and keep it there!
https://ift.tt/73e4CAo
Submitted October 10, 2022 at 10:17PM by Gallus
via reddit https://ift.tt/ShfXpJC
https://ift.tt/73e4CAo
Submitted October 10, 2022 at 10:17PM by Gallus
via reddit https://ift.tt/ShfXpJC
Synacktiv
Persistent PHP payloads in PNGs: How to inject PHP code in an image – and keep it there !
During the assessment of a PHP application, we recently came across a file upload vulnerability allowing the interpretation of PHP code inserted into valid PNG files. However, the image processing pe
Your Publicly Accessible Google API Key Could Be Giving Hackers Access to Your Files and Photos! (Performing Google API Research)
https://ift.tt/pRcfsHO
Submitted October 11, 2022 at 04:09PM by jen140
via reddit https://ift.tt/1NBD7Kp
https://ift.tt/pRcfsHO
Submitted October 11, 2022 at 04:09PM by jen140
via reddit https://ift.tt/1NBD7Kp
Uncovering Siemens SIMATIC S7-1200/1500 Hardcoded Cryptographic Keys in PLCs
https://ift.tt/p6rMFfA
Submitted October 11, 2022 at 07:20PM by derp6996
via reddit https://ift.tt/4W0CTVb
https://ift.tt/p6rMFfA
Submitted October 11, 2022 at 07:20PM by derp6996
via reddit https://ift.tt/4W0CTVb
Claroty
Siemens PLC Software: Hardcoded Cryptographic Keys Uncovered
Discover global private cryptographic keys embedded within the Siemens SIMATIC S7-1200/1500 PLC and TIA Portal product lines with Team82 and Claroty.
The Fresh Phish Market: Behind the Scenes of the Caffeine Phishing-as-a-Service Platform
https://ift.tt/JRUjNWv
Submitted October 12, 2022 at 12:43AM by CyberMasterV
via reddit https://ift.tt/vut9flj
https://ift.tt/JRUjNWv
Submitted October 12, 2022 at 12:43AM by CyberMasterV
via reddit https://ift.tt/vut9flj
Mandiant
Caffeine Phishing-as-a-Service Platform | Fresh Phish Market
The Caffeine phishing-as-a-service platform has an intuitive interface, comes at a relatively low cost and provides many features and tools to its criminal clients.
On Bypassing eBPF Security Monitoring
https://ift.tt/i17aJQf
Submitted October 12, 2022 at 02:55AM by nibblesec
via reddit https://ift.tt/4mvYKlh
https://ift.tt/i17aJQf
Submitted October 12, 2022 at 02:55AM by nibblesec
via reddit https://ift.tt/4mvYKlh
Doyensec
On Bypassing eBPF Security Monitoring · Doyensec's Blog
Doyensec's Blog :: Doyensec is an independent security research and development company focused on vulnerability discovery and remediation.
postMessage Braindump - a brief postMessage testing methodology
https://ift.tt/zB9skng
Submitted October 12, 2022 at 09:23AM by Gallus
via reddit https://ift.tt/xrZyUCK
https://ift.tt/zB9skng
Submitted October 12, 2022 at 09:23AM by Gallus
via reddit https://ift.tt/xrZyUCK
rhynorater.github.io
postMessage Braindump
a brief postMessage testing methodology
Userland Execution of Binaries Directly from Python
https://ift.tt/uTWYEVt
Submitted October 12, 2022 at 12:02PM by anvilventures
via reddit https://ift.tt/qkKAtEZ
https://ift.tt/uTWYEVt
Submitted October 12, 2022 at 12:02PM by anvilventures
via reddit https://ift.tt/qkKAtEZ
Anvil Secure
Userland Execution of Binaries Directly from Python - Anvil Secure
On a recent engagement I found myself testing a Kubernetes environment. Through application-level bugs I had gotten remote shell access to some of its containers. For further exploration and analysis…