GitLab: RCE via github import
https://ift.tt/mafCO9R
Submitted October 10, 2022 at 05:15PM by jeandrew
via reddit https://ift.tt/WEzjuDo
https://ift.tt/mafCO9R
Submitted October 10, 2022 at 05:15PM by jeandrew
via reddit https://ift.tt/WEzjuDo
GitLab
RCE via github import (#371098) · Issues · GitLab.org / GitLab · GitLab
HackerOne report #1672388 by yvvdwf on 2022-08-17, assigned to @nmalcolm:
More about the Google plasma globe exercise of 2012
https://ift.tt/UF2Tjkh
Submitted October 10, 2022 at 07:57PM by nf--
via reddit https://ift.tt/kJLYsqO
https://ift.tt/UF2Tjkh
Submitted October 10, 2022 at 07:57PM by nf--
via reddit https://ift.tt/kJLYsqO
The Google plasma globe affair of 2012
https://ift.tt/OnYyUmA
Submitted October 10, 2022 at 08:56PM by nf--
via reddit https://ift.tt/QlLtINP
https://ift.tt/OnYyUmA
Submitted October 10, 2022 at 08:56PM by nf--
via reddit https://ift.tt/QlLtINP
Persistent PHP payloads in PNGs: How to inject PHP code in an image and keep it there!
https://ift.tt/73e4CAo
Submitted October 10, 2022 at 10:17PM by Gallus
via reddit https://ift.tt/ShfXpJC
https://ift.tt/73e4CAo
Submitted October 10, 2022 at 10:17PM by Gallus
via reddit https://ift.tt/ShfXpJC
Synacktiv
Persistent PHP payloads in PNGs: How to inject PHP code in an image – and keep it there !
During the assessment of a PHP application, we recently came across a file upload vulnerability allowing the interpretation of PHP code inserted into valid PNG files. However, the image processing pe
Your Publicly Accessible Google API Key Could Be Giving Hackers Access to Your Files and Photos! (Performing Google API Research)
https://ift.tt/pRcfsHO
Submitted October 11, 2022 at 04:09PM by jen140
via reddit https://ift.tt/1NBD7Kp
https://ift.tt/pRcfsHO
Submitted October 11, 2022 at 04:09PM by jen140
via reddit https://ift.tt/1NBD7Kp
Uncovering Siemens SIMATIC S7-1200/1500 Hardcoded Cryptographic Keys in PLCs
https://ift.tt/p6rMFfA
Submitted October 11, 2022 at 07:20PM by derp6996
via reddit https://ift.tt/4W0CTVb
https://ift.tt/p6rMFfA
Submitted October 11, 2022 at 07:20PM by derp6996
via reddit https://ift.tt/4W0CTVb
Claroty
Siemens PLC Software: Hardcoded Cryptographic Keys Uncovered
Discover global private cryptographic keys embedded within the Siemens SIMATIC S7-1200/1500 PLC and TIA Portal product lines with Team82 and Claroty.
The Fresh Phish Market: Behind the Scenes of the Caffeine Phishing-as-a-Service Platform
https://ift.tt/JRUjNWv
Submitted October 12, 2022 at 12:43AM by CyberMasterV
via reddit https://ift.tt/vut9flj
https://ift.tt/JRUjNWv
Submitted October 12, 2022 at 12:43AM by CyberMasterV
via reddit https://ift.tt/vut9flj
Mandiant
Caffeine Phishing-as-a-Service Platform | Fresh Phish Market
The Caffeine phishing-as-a-service platform has an intuitive interface, comes at a relatively low cost and provides many features and tools to its criminal clients.
On Bypassing eBPF Security Monitoring
https://ift.tt/i17aJQf
Submitted October 12, 2022 at 02:55AM by nibblesec
via reddit https://ift.tt/4mvYKlh
https://ift.tt/i17aJQf
Submitted October 12, 2022 at 02:55AM by nibblesec
via reddit https://ift.tt/4mvYKlh
Doyensec
On Bypassing eBPF Security Monitoring · Doyensec's Blog
Doyensec's Blog :: Doyensec is an independent security research and development company focused on vulnerability discovery and remediation.
postMessage Braindump - a brief postMessage testing methodology
https://ift.tt/zB9skng
Submitted October 12, 2022 at 09:23AM by Gallus
via reddit https://ift.tt/xrZyUCK
https://ift.tt/zB9skng
Submitted October 12, 2022 at 09:23AM by Gallus
via reddit https://ift.tt/xrZyUCK
rhynorater.github.io
postMessage Braindump
a brief postMessage testing methodology
Userland Execution of Binaries Directly from Python
https://ift.tt/uTWYEVt
Submitted October 12, 2022 at 12:02PM by anvilventures
via reddit https://ift.tt/qkKAtEZ
https://ift.tt/uTWYEVt
Submitted October 12, 2022 at 12:02PM by anvilventures
via reddit https://ift.tt/qkKAtEZ
Anvil Secure
Userland Execution of Binaries Directly from Python - Anvil Secure
On a recent engagement I found myself testing a Kubernetes environment. Through application-level bugs I had gotten remote shell access to some of its containers. For further exploration and analysis…
[CVE-2022-39802] File path traversal vulnerability in SAP Manufacturing Execution
https://ift.tt/rRTlBXj
Submitted October 12, 2022 at 04:34PM by vah_13
via reddit https://ift.tt/DuKpz16
https://ift.tt/rRTlBXj
Submitted October 12, 2022 at 04:34PM by vah_13
via reddit https://ift.tt/DuKpz16
RedRays - Your SAP Security Solution
3242933 - [CVE-2022-39802] File path traversal vulnerability in SAP Manufacturing Execution
With a CVSS rating of 9.9, the vulnerability fixed in SAP Security Note #3242933 affects SAP Manufacturing Execution and is considered significant.
Sharing my OSCP Pre-Preparation Plan which I once made for my own self, for those who are interested in getting OSCP certification soon. Here is the link:
https://ift.tt/rwQkAyR
Submitted October 12, 2022 at 03:52PM by anonymous_intj
via reddit https://ift.tt/Csg0JpG
https://ift.tt/rwQkAyR
Submitted October 12, 2022 at 03:52PM by anonymous_intj
via reddit https://ift.tt/Csg0JpG
GitHub
GitHub - shreyaschavhan/oscp-pre-preparation-plan-and-notes: My OSCP Pre-Preparation Phase. I'm not sure if I'll be able to afford…
My OSCP Pre-Preparation Phase. I'm not sure if I'll be able to afford the exam but what count's trying and learning things. I'm gonna give it a try. [Start Date: 21...
Kubernetes CRD validation with CEL and kubebuilder marker comments
https://ift.tt/FXnbUtV
Submitted October 12, 2022 at 05:19PM by Rewanth_Tammana
via reddit https://ift.tt/slgnY9w
https://ift.tt/FXnbUtV
Submitted October 12, 2022 at 05:19PM by Rewanth_Tammana
via reddit https://ift.tt/slgnY9w
Rewanth Tammana's Blog
Kubernetes CRD validation with CEL and kubebuilder marker comments
Operator require CRDs. In Kubernetes 1.25, CEL validation is in beta! Peek into the process of developing validations for CRDs with & without CEL
A deep dive into CVE-2021–42847 - arbitrary file write and XXE in ManageEngine ADAudit Plus before 7006
https://ift.tt/ik5AWPU
Submitted October 12, 2022 at 07:41PM by kalibabka
via reddit https://ift.tt/TcYB5wR
https://ift.tt/ik5AWPU
Submitted October 12, 2022 at 07:41PM by kalibabka
via reddit https://ift.tt/TcYB5wR
Medium
Pwning ManageEngine — From Endpoint to Exploit
A deep dive into CVE-2021–42847
Cerberus Stress Testing Tool
https://ift.tt/SUNDC6a
Submitted October 12, 2022 at 06:56PM by fficarola
via reddit https://ift.tt/oAM3PRd
https://ift.tt/SUNDC6a
Submitted October 12, 2022 at 06:56PM by fficarola
via reddit https://ift.tt/oAM3PRd
GitHub
GitHub - francesco-ficarola/cerberus: Cerberus is another simple stressing tool simulating DDoS attacks.
Cerberus is another simple stressing tool simulating DDoS attacks. - GitHub - francesco-ficarola/cerberus: Cerberus is another simple stressing tool simulating DDoS attacks.
Subdomain Enumeration Tool Face-off 2022
https://ift.tt/XhcmZxl
Submitted October 12, 2022 at 09:02PM by the-techromancer
via reddit https://ift.tt/yHluz3k
https://ift.tt/XhcmZxl
Submitted October 12, 2022 at 09:02PM by the-techromancer
via reddit https://ift.tt/yHluz3k
Black Lantern Security (BLSOPS)
Subdomain Enumeration Tool Face-off 2022
Comparing the industry's top subdomain enumeration tools
Bringing passkeys to Android & Chrome
https://ift.tt/DnG8LmW
Submitted October 13, 2022 at 07:29AM by Khryse
via reddit https://ift.tt/pWPIM1x
https://ift.tt/DnG8LmW
Submitted October 13, 2022 at 07:29AM by Khryse
via reddit https://ift.tt/pWPIM1x
Android Developers Blog
Bringing passkeys to Android & Chrome
developers can enroll in the Google Play Services beta and use Chrome Canary. Both features will be generally available on stable channels
SafeSetID - a Linux Security Modules (LSM) you should know about
https://ift.tt/ML35gNz
Submitted October 13, 2022 at 12:37PM by boutnaru
via reddit https://ift.tt/FztgwTR
https://ift.tt/ML35gNz
Submitted October 13, 2022 at 12:37PM by boutnaru
via reddit https://ift.tt/FztgwTR
Medium
Linux Security — SafeSetID
After talking about LSMs (“Linux Security Modules”) it is time to continue talking about different technologies which leverage them. I am…
Private npm Packages Disclosed via Timing Attacks
https://ift.tt/U0fIJZ3
Submitted October 13, 2022 at 12:37PM by mkatch
via reddit https://ift.tt/2CaD03U
https://ift.tt/U0fIJZ3
Submitted October 13, 2022 at 12:37PM by mkatch
via reddit https://ift.tt/2CaD03U
Aquasec
Threat Alert: Private npm Packages Disclosed via Timing Attacks
Via timing attacks, threat actors create phony public npm packages masked as private ones to deceive developers into downloading compromised packages
RPC Toolkit - security research oriented resources on MS-RPC (articles, PoCs, vulnerability write-ups, tools, etc.)
https://ift.tt/4bhdraq
Submitted October 13, 2022 at 03:05PM by ophirharpaz
via reddit https://ift.tt/MWV7zmp
https://ift.tt/4bhdraq
Submitted October 13, 2022 at 03:05PM by ophirharpaz
via reddit https://ift.tt/MWV7zmp
GitHub
akamai-security-research/rpc_toolkit at main · akamai/akamai-security-research
This repository includes code and IoCs that are the product of research done in Akamai's various security research teams. - akamai/akamai-security-research
How to Investigate Insider Threats (Forensic Methodology)
https://ift.tt/lY5TESo
Submitted October 13, 2022 at 08:13PM by CyberMasterV
via reddit https://ift.tt/6PLRXAp
https://ift.tt/lY5TESo
Submitted October 13, 2022 at 08:13PM by CyberMasterV
via reddit https://ift.tt/6PLRXAp
Inversecos
How to Investigate Insider Threats (Forensic Methodology)