Securely Implementing IdP-initiated SAML2 Login
https://ift.tt/d6qWzsg
Submitted October 07, 2022 at 02:59AM by benarent
via reddit https://ift.tt/db9AKyl
https://ift.tt/d6qWzsg
Submitted October 07, 2022 at 02:59AM by benarent
via reddit https://ift.tt/db9AKyl
Goteleport
Securely Implementing IdP-initiated SAML2 Login
In this blog post, we'll deep-dive into the SAML2 protocol, how IdP-initiated login works and how to implement it securely.
Disclosure time for Zoneminder findings
https://ift.tt/OqvrgUM
Submitted October 07, 2022 at 08:31PM by trenchesofit
via reddit https://ift.tt/COszbEJ
https://ift.tt/OqvrgUM
Submitted October 07, 2022 at 08:31PM by trenchesofit
via reddit https://ift.tt/COszbEJ
What can we learn from leaked Insyde's BIOS for Intel Alder Lake
https://ift.tt/XTNnBbi
Submitted October 08, 2022 at 08:30PM by hardenedvault
via reddit https://ift.tt/gofB4cL
https://ift.tt/XTNnBbi
Submitted October 08, 2022 at 08:30PM by hardenedvault
via reddit https://ift.tt/gofB4cL
hardenedvault.net
What can we learn from leaked Insyde's BIOS for Intel Alder Lake
Leaked story timeline According to the timestamp of the github repository, an unidentified user uploaded the Insyde’s partial firmware solution (4.
Getting served a malicious update - interesting techniques, my slip up, and lessons learned: a short blog post
https://ift.tt/ZR82bOi
Submitted October 09, 2022 at 08:25PM by CuckooExe
via reddit https://ift.tt/Seqj7z4
https://ift.tt/ZR82bOi
Submitted October 09, 2022 at 08:25PM by CuckooExe
via reddit https://ift.tt/Seqj7z4
Axel’s Blog
UltimateUpdate
What do wedding venues and malware have in common? I got to spend my weekend investigating them. A short post about interesting malware, and lessons learned.
A simple shell noscript (almost) POSIX for mail security checks
https://ift.tt/WsBCwU8
Submitted October 10, 2022 at 01:37PM by ljulolsen
via reddit https://ift.tt/Ohy8PzH
https://ift.tt/WsBCwU8
Submitted October 10, 2022 at 01:37PM by ljulolsen
via reddit https://ift.tt/Ohy8PzH
GitHub
GitHub - jeffbencteux/mailsecchk: POSIX noscript for mail security checks of domain names
POSIX noscript for mail security checks of domain names - GitHub - jeffbencteux/mailsecchk: POSIX noscript for mail security checks of domain names
CandyShop for DevSecOps
https://ift.tt/IaTBgr7
Submitted October 10, 2022 at 12:54PM by Suphikoira
via reddit https://ift.tt/XcOSLJ7
https://ift.tt/IaTBgr7
Submitted October 10, 2022 at 12:54PM by Suphikoira
via reddit https://ift.tt/XcOSLJ7
AppSec Santa
CandyShop for DevSecOps
CandyShop is a devsecops project for cybersecurity professionals to access scan results of most popular vulnerability scanning tools.
GitLab: RCE via github import
https://ift.tt/mafCO9R
Submitted October 10, 2022 at 05:15PM by jeandrew
via reddit https://ift.tt/WEzjuDo
https://ift.tt/mafCO9R
Submitted October 10, 2022 at 05:15PM by jeandrew
via reddit https://ift.tt/WEzjuDo
GitLab
RCE via github import (#371098) · Issues · GitLab.org / GitLab · GitLab
HackerOne report #1672388 by yvvdwf on 2022-08-17, assigned to @nmalcolm:
More about the Google plasma globe exercise of 2012
https://ift.tt/UF2Tjkh
Submitted October 10, 2022 at 07:57PM by nf--
via reddit https://ift.tt/kJLYsqO
https://ift.tt/UF2Tjkh
Submitted October 10, 2022 at 07:57PM by nf--
via reddit https://ift.tt/kJLYsqO
The Google plasma globe affair of 2012
https://ift.tt/OnYyUmA
Submitted October 10, 2022 at 08:56PM by nf--
via reddit https://ift.tt/QlLtINP
https://ift.tt/OnYyUmA
Submitted October 10, 2022 at 08:56PM by nf--
via reddit https://ift.tt/QlLtINP
Persistent PHP payloads in PNGs: How to inject PHP code in an image and keep it there!
https://ift.tt/73e4CAo
Submitted October 10, 2022 at 10:17PM by Gallus
via reddit https://ift.tt/ShfXpJC
https://ift.tt/73e4CAo
Submitted October 10, 2022 at 10:17PM by Gallus
via reddit https://ift.tt/ShfXpJC
Synacktiv
Persistent PHP payloads in PNGs: How to inject PHP code in an image – and keep it there !
During the assessment of a PHP application, we recently came across a file upload vulnerability allowing the interpretation of PHP code inserted into valid PNG files. However, the image processing pe
Your Publicly Accessible Google API Key Could Be Giving Hackers Access to Your Files and Photos! (Performing Google API Research)
https://ift.tt/pRcfsHO
Submitted October 11, 2022 at 04:09PM by jen140
via reddit https://ift.tt/1NBD7Kp
https://ift.tt/pRcfsHO
Submitted October 11, 2022 at 04:09PM by jen140
via reddit https://ift.tt/1NBD7Kp
Uncovering Siemens SIMATIC S7-1200/1500 Hardcoded Cryptographic Keys in PLCs
https://ift.tt/p6rMFfA
Submitted October 11, 2022 at 07:20PM by derp6996
via reddit https://ift.tt/4W0CTVb
https://ift.tt/p6rMFfA
Submitted October 11, 2022 at 07:20PM by derp6996
via reddit https://ift.tt/4W0CTVb
Claroty
Siemens PLC Software: Hardcoded Cryptographic Keys Uncovered
Discover global private cryptographic keys embedded within the Siemens SIMATIC S7-1200/1500 PLC and TIA Portal product lines with Team82 and Claroty.
The Fresh Phish Market: Behind the Scenes of the Caffeine Phishing-as-a-Service Platform
https://ift.tt/JRUjNWv
Submitted October 12, 2022 at 12:43AM by CyberMasterV
via reddit https://ift.tt/vut9flj
https://ift.tt/JRUjNWv
Submitted October 12, 2022 at 12:43AM by CyberMasterV
via reddit https://ift.tt/vut9flj
Mandiant
Caffeine Phishing-as-a-Service Platform | Fresh Phish Market
The Caffeine phishing-as-a-service platform has an intuitive interface, comes at a relatively low cost and provides many features and tools to its criminal clients.
On Bypassing eBPF Security Monitoring
https://ift.tt/i17aJQf
Submitted October 12, 2022 at 02:55AM by nibblesec
via reddit https://ift.tt/4mvYKlh
https://ift.tt/i17aJQf
Submitted October 12, 2022 at 02:55AM by nibblesec
via reddit https://ift.tt/4mvYKlh
Doyensec
On Bypassing eBPF Security Monitoring · Doyensec's Blog
Doyensec's Blog :: Doyensec is an independent security research and development company focused on vulnerability discovery and remediation.
postMessage Braindump - a brief postMessage testing methodology
https://ift.tt/zB9skng
Submitted October 12, 2022 at 09:23AM by Gallus
via reddit https://ift.tt/xrZyUCK
https://ift.tt/zB9skng
Submitted October 12, 2022 at 09:23AM by Gallus
via reddit https://ift.tt/xrZyUCK
rhynorater.github.io
postMessage Braindump
a brief postMessage testing methodology
Userland Execution of Binaries Directly from Python
https://ift.tt/uTWYEVt
Submitted October 12, 2022 at 12:02PM by anvilventures
via reddit https://ift.tt/qkKAtEZ
https://ift.tt/uTWYEVt
Submitted October 12, 2022 at 12:02PM by anvilventures
via reddit https://ift.tt/qkKAtEZ
Anvil Secure
Userland Execution of Binaries Directly from Python - Anvil Secure
On a recent engagement I found myself testing a Kubernetes environment. Through application-level bugs I had gotten remote shell access to some of its containers. For further exploration and analysis…
[CVE-2022-39802] File path traversal vulnerability in SAP Manufacturing Execution
https://ift.tt/rRTlBXj
Submitted October 12, 2022 at 04:34PM by vah_13
via reddit https://ift.tt/DuKpz16
https://ift.tt/rRTlBXj
Submitted October 12, 2022 at 04:34PM by vah_13
via reddit https://ift.tt/DuKpz16
RedRays - Your SAP Security Solution
3242933 - [CVE-2022-39802] File path traversal vulnerability in SAP Manufacturing Execution
With a CVSS rating of 9.9, the vulnerability fixed in SAP Security Note #3242933 affects SAP Manufacturing Execution and is considered significant.
Sharing my OSCP Pre-Preparation Plan which I once made for my own self, for those who are interested in getting OSCP certification soon. Here is the link:
https://ift.tt/rwQkAyR
Submitted October 12, 2022 at 03:52PM by anonymous_intj
via reddit https://ift.tt/Csg0JpG
https://ift.tt/rwQkAyR
Submitted October 12, 2022 at 03:52PM by anonymous_intj
via reddit https://ift.tt/Csg0JpG
GitHub
GitHub - shreyaschavhan/oscp-pre-preparation-plan-and-notes: My OSCP Pre-Preparation Phase. I'm not sure if I'll be able to afford…
My OSCP Pre-Preparation Phase. I'm not sure if I'll be able to afford the exam but what count's trying and learning things. I'm gonna give it a try. [Start Date: 21...
Kubernetes CRD validation with CEL and kubebuilder marker comments
https://ift.tt/FXnbUtV
Submitted October 12, 2022 at 05:19PM by Rewanth_Tammana
via reddit https://ift.tt/slgnY9w
https://ift.tt/FXnbUtV
Submitted October 12, 2022 at 05:19PM by Rewanth_Tammana
via reddit https://ift.tt/slgnY9w
Rewanth Tammana's Blog
Kubernetes CRD validation with CEL and kubebuilder marker comments
Operator require CRDs. In Kubernetes 1.25, CEL validation is in beta! Peek into the process of developing validations for CRDs with & without CEL
A deep dive into CVE-2021–42847 - arbitrary file write and XXE in ManageEngine ADAudit Plus before 7006
https://ift.tt/ik5AWPU
Submitted October 12, 2022 at 07:41PM by kalibabka
via reddit https://ift.tt/TcYB5wR
https://ift.tt/ik5AWPU
Submitted October 12, 2022 at 07:41PM by kalibabka
via reddit https://ift.tt/TcYB5wR
Medium
Pwning ManageEngine — From Endpoint to Exploit
A deep dive into CVE-2021–42847
Cerberus Stress Testing Tool
https://ift.tt/SUNDC6a
Submitted October 12, 2022 at 06:56PM by fficarola
via reddit https://ift.tt/oAM3PRd
https://ift.tt/SUNDC6a
Submitted October 12, 2022 at 06:56PM by fficarola
via reddit https://ift.tt/oAM3PRd
GitHub
GitHub - francesco-ficarola/cerberus: Cerberus is another simple stressing tool simulating DDoS attacks.
Cerberus is another simple stressing tool simulating DDoS attacks. - GitHub - francesco-ficarola/cerberus: Cerberus is another simple stressing tool simulating DDoS attacks.