A deep dive into CVE-2021–42847 - arbitrary file write and XXE in ManageEngine ADAudit Plus before 7006
https://ift.tt/ik5AWPU
Submitted October 12, 2022 at 07:41PM by kalibabka
via reddit https://ift.tt/TcYB5wR
https://ift.tt/ik5AWPU
Submitted October 12, 2022 at 07:41PM by kalibabka
via reddit https://ift.tt/TcYB5wR
Medium
Pwning ManageEngine — From Endpoint to Exploit
A deep dive into CVE-2021–42847
Cerberus Stress Testing Tool
https://ift.tt/SUNDC6a
Submitted October 12, 2022 at 06:56PM by fficarola
via reddit https://ift.tt/oAM3PRd
https://ift.tt/SUNDC6a
Submitted October 12, 2022 at 06:56PM by fficarola
via reddit https://ift.tt/oAM3PRd
GitHub
GitHub - francesco-ficarola/cerberus: Cerberus is another simple stressing tool simulating DDoS attacks.
Cerberus is another simple stressing tool simulating DDoS attacks. - GitHub - francesco-ficarola/cerberus: Cerberus is another simple stressing tool simulating DDoS attacks.
Subdomain Enumeration Tool Face-off 2022
https://ift.tt/XhcmZxl
Submitted October 12, 2022 at 09:02PM by the-techromancer
via reddit https://ift.tt/yHluz3k
https://ift.tt/XhcmZxl
Submitted October 12, 2022 at 09:02PM by the-techromancer
via reddit https://ift.tt/yHluz3k
Black Lantern Security (BLSOPS)
Subdomain Enumeration Tool Face-off 2022
Comparing the industry's top subdomain enumeration tools
Bringing passkeys to Android & Chrome
https://ift.tt/DnG8LmW
Submitted October 13, 2022 at 07:29AM by Khryse
via reddit https://ift.tt/pWPIM1x
https://ift.tt/DnG8LmW
Submitted October 13, 2022 at 07:29AM by Khryse
via reddit https://ift.tt/pWPIM1x
Android Developers Blog
Bringing passkeys to Android & Chrome
developers can enroll in the Google Play Services beta and use Chrome Canary. Both features will be generally available on stable channels
SafeSetID - a Linux Security Modules (LSM) you should know about
https://ift.tt/ML35gNz
Submitted October 13, 2022 at 12:37PM by boutnaru
via reddit https://ift.tt/FztgwTR
https://ift.tt/ML35gNz
Submitted October 13, 2022 at 12:37PM by boutnaru
via reddit https://ift.tt/FztgwTR
Medium
Linux Security — SafeSetID
After talking about LSMs (“Linux Security Modules”) it is time to continue talking about different technologies which leverage them. I am…
Private npm Packages Disclosed via Timing Attacks
https://ift.tt/U0fIJZ3
Submitted October 13, 2022 at 12:37PM by mkatch
via reddit https://ift.tt/2CaD03U
https://ift.tt/U0fIJZ3
Submitted October 13, 2022 at 12:37PM by mkatch
via reddit https://ift.tt/2CaD03U
Aquasec
Threat Alert: Private npm Packages Disclosed via Timing Attacks
Via timing attacks, threat actors create phony public npm packages masked as private ones to deceive developers into downloading compromised packages
RPC Toolkit - security research oriented resources on MS-RPC (articles, PoCs, vulnerability write-ups, tools, etc.)
https://ift.tt/4bhdraq
Submitted October 13, 2022 at 03:05PM by ophirharpaz
via reddit https://ift.tt/MWV7zmp
https://ift.tt/4bhdraq
Submitted October 13, 2022 at 03:05PM by ophirharpaz
via reddit https://ift.tt/MWV7zmp
GitHub
akamai-security-research/rpc_toolkit at main · akamai/akamai-security-research
This repository includes code and IoCs that are the product of research done in Akamai's various security research teams. - akamai/akamai-security-research
How to Investigate Insider Threats (Forensic Methodology)
https://ift.tt/lY5TESo
Submitted October 13, 2022 at 08:13PM by CyberMasterV
via reddit https://ift.tt/6PLRXAp
https://ift.tt/lY5TESo
Submitted October 13, 2022 at 08:13PM by CyberMasterV
via reddit https://ift.tt/6PLRXAp
Inversecos
How to Investigate Insider Threats (Forensic Methodology)
PiRogue Tool Suite Mobile forensic & network analysis on a Raspberry Pie
https://ift.tt/486Cyr9
Submitted October 14, 2022 at 12:29AM by ResponsibleCat
via reddit https://ift.tt/kdIn5UW
https://ift.tt/486Cyr9
Submitted October 14, 2022 at 12:29AM by ResponsibleCat
via reddit https://ift.tt/kdIn5UW
PiRogue tool suite
Mobile forensic & network analysis
PiRogue tool suite (PTS) is an open-source tool suite that provides a comprehensive mobile forensic and network traffic analysis platform targeting mobile devices both Android and iOS, internet of things devices (devices that are connected to the user mobile…
Adobe Reader - XFA - ANSI-Unicode Confusion Information Leak
https://ift.tt/6V29Iky
Submitted October 14, 2022 at 12:20PM by hacksysteam
via reddit https://ift.tt/l5r3Wvn
https://ift.tt/6V29Iky
Submitted October 14, 2022 at 12:20PM by hacksysteam
via reddit https://ift.tt/l5r3Wvn
Linux Security — Sticky Bit
https://ift.tt/OYx3uUS
Submitted October 14, 2022 at 01:05PM by boutnaru
via reddit https://ift.tt/njGEliN
https://ift.tt/OYx3uUS
Submitted October 14, 2022 at 01:05PM by boutnaru
via reddit https://ift.tt/njGEliN
Medium
Linux Security — Sticky Bit
Beside the ordinary permissions that a file/directory can have in Linux (read, write & execute) we can also assign specific permissions…
Fortinet devices possibly vulnerable to CVE-2022-40684 on Netlas.io:
https://ift.tt/rxhtvNF
Submitted October 14, 2022 at 02:24PM by netlas_io
via reddit https://ift.tt/BJm1PN3
https://ift.tt/rxhtvNF
Submitted October 14, 2022 at 02:24PM by netlas_io
via reddit https://ift.tt/BJm1PN3
Exploiting predictable UUID/GUID values
https://ift.tt/SDWn18j
Submitted October 14, 2022 at 02:09PM by dcthatch
via reddit https://ift.tt/1PLtWUa
https://ift.tt/SDWn18j
Submitted October 14, 2022 at 02:09PM by dcthatch
via reddit https://ift.tt/1PLtWUa
www.intruder.io
In GUID We Trust
GUIDs (often called UUIDs) are widely used in modern web applications. However, seemingly very few penetration testers and bug bounty hunters are aware of the different versions of GUIDs and the security issues associated with using the wrong one.
Microsoft Office 365 Message Encryption Insecure Mode of Operation
https://ift.tt/W5dhiVX
Submitted October 14, 2022 at 03:39PM by kekw32
via reddit https://ift.tt/0WZ7r2E
https://ift.tt/W5dhiVX
Submitted October 14, 2022 at 03:39PM by kekw32
via reddit https://ift.tt/0WZ7r2E
Withsecure
Microsoft Office 365 Message Encryption Insecure Mode of Operation
Microsoft Office 365 Message Encryption (OME) utilitises Electronic Codebook (ECB) mode of operation. This mode is insecure and leaks information about the structure of the messages sent and can lead to partial or full message disclosure.
[PDF] Security Deep-Dive Into The Internals Of NetBackup - AirbusSecLab@Hexacon
https://ift.tt/MaBhW8y
Submitted October 14, 2022 at 11:10PM by alain_proviste
via reddit https://ift.tt/wcPojsi
https://ift.tt/MaBhW8y
Submitted October 14, 2022 at 11:10PM by alain_proviste
via reddit https://ift.tt/wcPojsi
Regulator: A unique method of subdomain enumeration
https://ift.tt/30yp9og
Submitted October 16, 2022 at 11:11PM by Quick-Ingenuity-7024
via reddit https://ift.tt/c1YRigm
https://ift.tt/30yp9og
Submitted October 16, 2022 at 11:11PM by Quick-Ingenuity-7024
via reddit https://ift.tt/c1YRigm
Toner Deaf – Printing your next persistence (Hexacon 2022)
https://ift.tt/UV0DhG3
Submitted October 17, 2022 at 02:57PM by digicat
via reddit https://ift.tt/LtYwkX3
https://ift.tt/UV0DhG3
Submitted October 17, 2022 at 02:57PM by digicat
via reddit https://ift.tt/LtYwkX3
NCC Group Research Blog
Toner Deaf – Printing your next persistence (Hexacon 2022)
On Friday 14th of October 2022 Alex Plaskett (@alexjplaskett) and Cedric Halbronn (@saidelike) presented Toner Deaf – Printing your next persistence at Hexacon 2022. This talk demonstrated re…
A journey of fuzzing Nvidia graphic driver leading to LPE exploitation
https://ift.tt/eLOIvQk
Submitted October 17, 2022 at 07:08PM by jeandrew
via reddit https://ift.tt/aPeJSqz
https://ift.tt/eLOIvQk
Submitted October 17, 2022 at 07:08PM by jeandrew
via reddit https://ift.tt/aPeJSqz
9.8 Critical issue in Apache Commons Text
https://ift.tt/sAxQemn
Submitted October 17, 2022 at 11:09PM by NexusOne99
via reddit https://ift.tt/3ouvTqS
https://ift.tt/sAxQemn
Submitted October 17, 2022 at 11:09PM by NexusOne99
via reddit https://ift.tt/3ouvTqS
A Detailed Analysis of the Gafgyt Malware Targeting IoT Devices [PDF]
https://ift.tt/zMq2Fjv
Submitted October 18, 2022 at 07:54PM by CyberMasterV
via reddit https://ift.tt/GD68T4W
https://ift.tt/zMq2Fjv
Submitted October 18, 2022 at 07:54PM by CyberMasterV
via reddit https://ift.tt/GD68T4W
Security Scorecard
A Detailed Analysis Of The Gafgyt Malware Targeting IoT Devices
Recovering Web Tokens From Office
https://ift.tt/tYhXiCI
Submitted October 18, 2022 at 12:49PM by gid0rah
via reddit https://ift.tt/Q8RaZuh
https://ift.tt/tYhXiCI
Submitted October 18, 2022 at 12:49PM by gid0rah
via reddit https://ift.tt/Q8RaZuh
XPN InfoSec Blog
@_xpn_ - WAM BAM - Recovering Web Tokens From Office
This post looks at the recent trend of pulling Azure tokens from Office process memory and tries to identify just how these tokens were loaded, how Office handles a Microsoft Account (MSA), and how we can recover cached credentials from the Token Broker Cache.