A Journey To The Dawn: Finding & exploiting a use-after-free privilege escalation vulnerability in Linux kernel’s io_uring subsystem (CVE-2022-1786)
https://ift.tt/fCRBd3G
Submitted October 22, 2022 at 04:44AM by 0x414141
via reddit https://ift.tt/KpNm0Qf
https://ift.tt/fCRBd3G
Submitted October 22, 2022 at 04:44AM by 0x414141
via reddit https://ift.tt/KpNm0Qf
kylebot's Blog
[CVE-2022-1786] A Journey To The Dawn
IntroductionBack in April, I found a 0-day vulnerability in the Linux kernel and exploited it on Google’s kCTF platform.I reported the bug to Linux kernel security team and helped them fix the vulnera
OpenSSL: How to Configure Supported TLS Groups to Be Resistant to the DHEat attack
https://ift.tt/wGOEJIU
Submitted October 21, 2022 at 09:55PM by c0r0n3r
via reddit https://ift.tt/Q1FhqdO
https://ift.tt/wGOEJIU
Submitted October 21, 2022 at 09:55PM by c0r0n3r
via reddit https://ift.tt/Q1FhqdO
www.openssl.org
Configuring Supported TLS Groups in OpenSSL - OpenSSL Blog
The configuration of supported groups in TLS servers is important to limit
the resource consumption of the TLS handshakes performed by the server. …
the resource consumption of the TLS handshakes performed by the server. …
SCuBA: M365 Security Baseline Assessment Tool by CISA
https://ift.tt/gUymXxJ
Submitted October 22, 2022 at 08:55AM by sanitybit
via reddit https://ift.tt/Y2EDROo
https://ift.tt/gUymXxJ
Submitted October 22, 2022 at 08:55AM by sanitybit
via reddit https://ift.tt/Y2EDROo
GitHub
GitHub - cisagov/ScubaGear: Automation to assess the state of your M365 tenant against CISA's baselines
Automation to assess the state of your M365 tenant against CISA's baselines - GitHub - cisagov/ScubaGear: Automation to assess the state of your M365 tenant against CISA's baselines
Collect information of internet-connected sandboxes
https://ift.tt/E3XPOHh
Submitted October 22, 2022 at 06:47PM by Snoo_27235
via reddit https://ift.tt/Odu614L
https://ift.tt/E3XPOHh
Submitted October 22, 2022 at 06:47PM by Snoo_27235
via reddit https://ift.tt/Odu614L
GitLab
prisma / SandboxProfiler · GitLab
Collect information of internet-connected sandboxes, no backend needed.
Analysis of thousands of active API tokens leaked via public package repositories
https://ift.tt/8XfvegS
Submitted October 23, 2022 at 01:08AM by SRMish3
via reddit https://ift.tt/27PGShX
https://ift.tt/8XfvegS
Submitted October 23, 2022 at 01:08AM by SRMish3
via reddit https://ift.tt/27PGShX
JFrog
Thousands of publicly exposed API tokens discovered by Xray
JFrog's new Xray Secrets Detection uncovered active access tokens in some of the most common open-source software registries, like Docker and PyPl. Get the findings.
The Curious Case of ManageEngine’s Password Manager Pro's Password Database
https://ift.tt/zF8AUIf
Submitted October 23, 2022 at 07:14AM by Khryse
via reddit https://ift.tt/JonwiaW
https://ift.tt/zF8AUIf
Submitted October 23, 2022 at 07:14AM by Khryse
via reddit https://ift.tt/JonwiaW
TrustedSec
The Curious Case of the Password Database
Chrome Browser Exploitation, Part 1: Introduction to V8 and JavaScript Internals
https://ift.tt/rzlsw8o
Submitted October 23, 2022 at 06:59AM by sanitybit
via reddit https://ift.tt/leNIdQL
https://ift.tt/rzlsw8o
Submitted October 23, 2022 at 06:59AM by sanitybit
via reddit https://ift.tt/leNIdQL
Jack Hacks
Chrome Browser Exploitation, Part 1: Introduction to V8 and JavaScript Internals
Web browsers, our extensive gateway to the internet. Browsers today play a vital role in modern organizations as more and more software applications are delivered to users via a web browser in the form of web applications. Pretty much everything you might…
Bringing Modern Authentication APIs (FIDO2 WebAuthn, Passkeys) to Linux Desktop
https://ift.tt/TN4GlWx
Submitted October 23, 2022 at 02:59PM by sanitybit
via reddit https://ift.tt/qsyo1Zt
https://ift.tt/TN4GlWx
Submitted October 23, 2022 at 02:59PM by sanitybit
via reddit https://ift.tt/qsyo1Zt
GitHub
GitHub - AlfioEmanueleFresta/xdg-credentials-portal: FIDO2 (WebAuthn) and FIDO U2F platform library for Linux written in Rust;…
FIDO2 (WebAuthn) and FIDO U2F platform library for Linux written in Rust; includes a proposal for a new D-Bus Portal interface for FIDO2, accessible from Flatpak apps and Snaps 🔑 - GitHub - AlfioEm...
cypherhound - Python app that contains 190+ neo4j cyphers for BloodHound data
https://ift.tt/hKE537I
Submitted October 23, 2022 at 01:21PM by edreatingmonkey
via reddit https://ift.tt/dUmPKL3
https://ift.tt/hKE537I
Submitted October 23, 2022 at 01:21PM by edreatingmonkey
via reddit https://ift.tt/dUmPKL3
GitHub
GitHub - fin3ss3g0d/cypherhound: Python3 terminal application that contains 260+ Neo4j cyphers for BloodHound data sets
Python3 terminal application that contains 260+ Neo4j cyphers for BloodHound data sets - GitHub - fin3ss3g0d/cypherhound: Python3 terminal application that contains 260+ Neo4j cyphers for BloodHoun...
Legitimate RATs: a comprehensive forensic analysis of the usual suspects
https://ift.tt/nO0yfGa
Submitted October 24, 2022 at 05:15PM by jeandrew
via reddit https://ift.tt/f7Px5yK
https://ift.tt/nO0yfGa
Submitted October 24, 2022 at 05:15PM by jeandrew
via reddit https://ift.tt/f7Px5yK
Synacktiv
Legitimate RATs: a comprehensive forensic analysis of the usual suspects
Legitimate remote access tools are more and more part of threat actors toolbox: in order to gain remote access on targets, keep persistence, deploy malicious payload as well as leveraging trusted conn
VulFi plugin for IDA updated to version 2.0 with new features
https://ift.tt/Lwb73NV
Submitted October 24, 2022 at 06:00PM by Martypx00
via reddit https://ift.tt/QiJgyhq
https://ift.tt/Lwb73NV
Submitted October 24, 2022 at 06:00PM by Martypx00
via reddit https://ift.tt/QiJgyhq
GitHub
VulFi/changelog.md at main · Accenture/VulFi
Contribute to Accenture/VulFi development by creating an account on GitHub.
Talk recordings from DEF CON 30
https://www.youtube.com/playlist?list=PL9fPq3eQfaaAGKQQz-du1udbmRehqUDIL
Submitted October 24, 2022 at 05:57PM by albinowax
via reddit https://ift.tt/Zv1rXlS
https://www.youtube.com/playlist?list=PL9fPq3eQfaaAGKQQz-du1udbmRehqUDIL
Submitted October 24, 2022 at 05:57PM by albinowax
via reddit https://ift.tt/Zv1rXlS
YouTube
DEF CON 30 Main Talks
Share your videos with friends, family, and the world
[CVE-2022-23178] Credential Disclosure in Web Interface of Crestron Device
https://ift.tt/C1rxbIv
Submitted October 24, 2022 at 07:44PM by RedTeamPentesting
via reddit https://ift.tt/5HnLqlQ
https://ift.tt/C1rxbIv
Submitted October 24, 2022 at 07:44PM by RedTeamPentesting
via reddit https://ift.tt/5HnLqlQ
www.redteam-pentesting.de
Credential Disclosure in Web Interface of Crestron Device
When the administrative web interface of the Crestron HDMI switcher is
accessed unauthenticated, user credentials are disclosed which are valid
to authenticate to the web interface.
accessed unauthenticated, user credentials are disclosed which are valid
to authenticate to the web interface.
Exploiting a Flipper Zero
https://ift.tt/67aF5Ty
Submitted October 24, 2022 at 11:40PM by VVX7
via reddit https://ift.tt/13ZXTLQ
https://ift.tt/67aF5Ty
Submitted October 24, 2022 at 11:40PM by VVX7
via reddit https://ift.tt/13ZXTLQ
f33d by Prelude
Crashing a Flipper Zero
Exploring file loader crashes on the Flipper Zero
OSS patcher for CVE-2022-42889 (TextShell) - Finds and closes the vulnerability on deployed JAR files
https://ift.tt/NUx7KYi
Submitted October 24, 2022 at 11:27PM by SRMish3
via reddit https://ift.tt/HeW1NRP
https://ift.tt/NUx7KYi
Submitted October 24, 2022 at 11:27PM by SRMish3
via reddit https://ift.tt/HeW1NRP
GitHub
text4shell-tools/text_4_shell_patch at main · jfrog/text4shell-tools
Contribute to jfrog/text4shell-tools development by creating an account on GitHub.
OSINT analysis of Gulf focused job scams
https://ift.tt/Qd3Az0v
Submitted October 25, 2022 at 02:12AM by jen140
via reddit https://ift.tt/bC9gXVt
https://ift.tt/Qd3Az0v
Submitted October 25, 2022 at 02:12AM by jen140
via reddit https://ift.tt/bC9gXVt
Exploit archaeology: A forensic history of in-the-wild NSO Group exploits
https://ift.tt/CS67UH8
Submitted October 25, 2022 at 03:15AM by DonnchaOC
via reddit https://ift.tt/97ozIf5
https://ift.tt/CS67UH8
Submitted October 25, 2022 at 03:15AM by DonnchaOC
via reddit https://ift.tt/97ozIf5
Racing Cats to the Exit: A Boring Linux Kernel Use-After-Free
https://ift.tt/U5sZAeO
Submitted October 25, 2022 at 04:12AM by 0x414141
via reddit https://ift.tt/DaJUouC
https://ift.tt/U5sZAeO
Submitted October 25, 2022 at 04:12AM by 0x414141
via reddit https://ift.tt/DaJUouC
Chapter 1 — From Gozi to ISFB: The history of a mythical malware family
https://ift.tt/9pQhGq7
Submitted October 25, 2022 at 11:57AM by CyberMasterV
via reddit https://ift.tt/L279zaM
https://ift.tt/9pQhGq7
Submitted October 25, 2022 at 11:57AM by CyberMasterV
via reddit https://ift.tt/L279zaM
Medium
Chapter 1 — From Gozi to ISFB: The history of a mythical malware family.
Illustrating ISFBs journey from the early start over the leak of Gozi 1 to their recent mutation into LDR4 and its relations to other…
Firefox and Chromium | Madaidan's Insecurities
https://ift.tt/Nx3PtCb
Submitted October 25, 2022 at 02:53PM by gquere
via reddit https://ift.tt/5xPkJjd
https://ift.tt/Nx3PtCb
Submitted October 25, 2022 at 02:53PM by gquere
via reddit https://ift.tt/5xPkJjd
The Logging Dead: Two Event Log Vulnerabilities Haunting Windows
https://ift.tt/dU861vF
Submitted October 25, 2022 at 04:16PM by lohacker0
via reddit https://ift.tt/xm2rd9F
https://ift.tt/dU861vF
Submitted October 25, 2022 at 04:16PM by lohacker0
via reddit https://ift.tt/xm2rd9F
Varonis
The Logging Dead: Two Event Log Vulnerabilities Haunting Windows
You don’t have to use Internet Explorer for its legacy to have left you vulnerable to LogCrusher and OverLog, a pair of Windows vulnerabilities discovered by the Varonis Threat Labs team.