Chrome Browser Exploitation, Part 1: Introduction to V8 and JavaScript Internals
https://ift.tt/rzlsw8o
Submitted October 23, 2022 at 06:59AM by sanitybit
via reddit https://ift.tt/leNIdQL
https://ift.tt/rzlsw8o
Submitted October 23, 2022 at 06:59AM by sanitybit
via reddit https://ift.tt/leNIdQL
Jack Hacks
Chrome Browser Exploitation, Part 1: Introduction to V8 and JavaScript Internals
Web browsers, our extensive gateway to the internet. Browsers today play a vital role in modern organizations as more and more software applications are delivered to users via a web browser in the form of web applications. Pretty much everything you might…
Bringing Modern Authentication APIs (FIDO2 WebAuthn, Passkeys) to Linux Desktop
https://ift.tt/TN4GlWx
Submitted October 23, 2022 at 02:59PM by sanitybit
via reddit https://ift.tt/qsyo1Zt
https://ift.tt/TN4GlWx
Submitted October 23, 2022 at 02:59PM by sanitybit
via reddit https://ift.tt/qsyo1Zt
GitHub
GitHub - AlfioEmanueleFresta/xdg-credentials-portal: FIDO2 (WebAuthn) and FIDO U2F platform library for Linux written in Rust;…
FIDO2 (WebAuthn) and FIDO U2F platform library for Linux written in Rust; includes a proposal for a new D-Bus Portal interface for FIDO2, accessible from Flatpak apps and Snaps 🔑 - GitHub - AlfioEm...
cypherhound - Python app that contains 190+ neo4j cyphers for BloodHound data
https://ift.tt/hKE537I
Submitted October 23, 2022 at 01:21PM by edreatingmonkey
via reddit https://ift.tt/dUmPKL3
https://ift.tt/hKE537I
Submitted October 23, 2022 at 01:21PM by edreatingmonkey
via reddit https://ift.tt/dUmPKL3
GitHub
GitHub - fin3ss3g0d/cypherhound: Python3 terminal application that contains 260+ Neo4j cyphers for BloodHound data sets
Python3 terminal application that contains 260+ Neo4j cyphers for BloodHound data sets - GitHub - fin3ss3g0d/cypherhound: Python3 terminal application that contains 260+ Neo4j cyphers for BloodHoun...
Legitimate RATs: a comprehensive forensic analysis of the usual suspects
https://ift.tt/nO0yfGa
Submitted October 24, 2022 at 05:15PM by jeandrew
via reddit https://ift.tt/f7Px5yK
https://ift.tt/nO0yfGa
Submitted October 24, 2022 at 05:15PM by jeandrew
via reddit https://ift.tt/f7Px5yK
Synacktiv
Legitimate RATs: a comprehensive forensic analysis of the usual suspects
Legitimate remote access tools are more and more part of threat actors toolbox: in order to gain remote access on targets, keep persistence, deploy malicious payload as well as leveraging trusted conn
VulFi plugin for IDA updated to version 2.0 with new features
https://ift.tt/Lwb73NV
Submitted October 24, 2022 at 06:00PM by Martypx00
via reddit https://ift.tt/QiJgyhq
https://ift.tt/Lwb73NV
Submitted October 24, 2022 at 06:00PM by Martypx00
via reddit https://ift.tt/QiJgyhq
GitHub
VulFi/changelog.md at main · Accenture/VulFi
Contribute to Accenture/VulFi development by creating an account on GitHub.
Talk recordings from DEF CON 30
https://www.youtube.com/playlist?list=PL9fPq3eQfaaAGKQQz-du1udbmRehqUDIL
Submitted October 24, 2022 at 05:57PM by albinowax
via reddit https://ift.tt/Zv1rXlS
https://www.youtube.com/playlist?list=PL9fPq3eQfaaAGKQQz-du1udbmRehqUDIL
Submitted October 24, 2022 at 05:57PM by albinowax
via reddit https://ift.tt/Zv1rXlS
YouTube
DEF CON 30 Main Talks
Share your videos with friends, family, and the world
[CVE-2022-23178] Credential Disclosure in Web Interface of Crestron Device
https://ift.tt/C1rxbIv
Submitted October 24, 2022 at 07:44PM by RedTeamPentesting
via reddit https://ift.tt/5HnLqlQ
https://ift.tt/C1rxbIv
Submitted October 24, 2022 at 07:44PM by RedTeamPentesting
via reddit https://ift.tt/5HnLqlQ
www.redteam-pentesting.de
Credential Disclosure in Web Interface of Crestron Device
When the administrative web interface of the Crestron HDMI switcher is
accessed unauthenticated, user credentials are disclosed which are valid
to authenticate to the web interface.
accessed unauthenticated, user credentials are disclosed which are valid
to authenticate to the web interface.
Exploiting a Flipper Zero
https://ift.tt/67aF5Ty
Submitted October 24, 2022 at 11:40PM by VVX7
via reddit https://ift.tt/13ZXTLQ
https://ift.tt/67aF5Ty
Submitted October 24, 2022 at 11:40PM by VVX7
via reddit https://ift.tt/13ZXTLQ
f33d by Prelude
Crashing a Flipper Zero
Exploring file loader crashes on the Flipper Zero
OSS patcher for CVE-2022-42889 (TextShell) - Finds and closes the vulnerability on deployed JAR files
https://ift.tt/NUx7KYi
Submitted October 24, 2022 at 11:27PM by SRMish3
via reddit https://ift.tt/HeW1NRP
https://ift.tt/NUx7KYi
Submitted October 24, 2022 at 11:27PM by SRMish3
via reddit https://ift.tt/HeW1NRP
GitHub
text4shell-tools/text_4_shell_patch at main · jfrog/text4shell-tools
Contribute to jfrog/text4shell-tools development by creating an account on GitHub.
OSINT analysis of Gulf focused job scams
https://ift.tt/Qd3Az0v
Submitted October 25, 2022 at 02:12AM by jen140
via reddit https://ift.tt/bC9gXVt
https://ift.tt/Qd3Az0v
Submitted October 25, 2022 at 02:12AM by jen140
via reddit https://ift.tt/bC9gXVt
Exploit archaeology: A forensic history of in-the-wild NSO Group exploits
https://ift.tt/CS67UH8
Submitted October 25, 2022 at 03:15AM by DonnchaOC
via reddit https://ift.tt/97ozIf5
https://ift.tt/CS67UH8
Submitted October 25, 2022 at 03:15AM by DonnchaOC
via reddit https://ift.tt/97ozIf5
Racing Cats to the Exit: A Boring Linux Kernel Use-After-Free
https://ift.tt/U5sZAeO
Submitted October 25, 2022 at 04:12AM by 0x414141
via reddit https://ift.tt/DaJUouC
https://ift.tt/U5sZAeO
Submitted October 25, 2022 at 04:12AM by 0x414141
via reddit https://ift.tt/DaJUouC
Chapter 1 — From Gozi to ISFB: The history of a mythical malware family
https://ift.tt/9pQhGq7
Submitted October 25, 2022 at 11:57AM by CyberMasterV
via reddit https://ift.tt/L279zaM
https://ift.tt/9pQhGq7
Submitted October 25, 2022 at 11:57AM by CyberMasterV
via reddit https://ift.tt/L279zaM
Medium
Chapter 1 — From Gozi to ISFB: The history of a mythical malware family.
Illustrating ISFBs journey from the early start over the leak of Gozi 1 to their recent mutation into LDR4 and its relations to other…
Firefox and Chromium | Madaidan's Insecurities
https://ift.tt/Nx3PtCb
Submitted October 25, 2022 at 02:53PM by gquere
via reddit https://ift.tt/5xPkJjd
https://ift.tt/Nx3PtCb
Submitted October 25, 2022 at 02:53PM by gquere
via reddit https://ift.tt/5xPkJjd
The Logging Dead: Two Event Log Vulnerabilities Haunting Windows
https://ift.tt/dU861vF
Submitted October 25, 2022 at 04:16PM by lohacker0
via reddit https://ift.tt/xm2rd9F
https://ift.tt/dU861vF
Submitted October 25, 2022 at 04:16PM by lohacker0
via reddit https://ift.tt/xm2rd9F
Varonis
The Logging Dead: Two Event Log Vulnerabilities Haunting Windows
You don’t have to use Internet Explorer for its legacy to have left you vulnerable to LogCrusher and OverLog, a pair of Windows vulnerabilities discovered by the Varonis Threat Labs team.
Stranger Strings: An exploitable flaw in SQLite
https://ift.tt/4saoR7b
Submitted October 25, 2022 at 05:22PM by jeandrew
via reddit https://ift.tt/oFqmN2i
https://ift.tt/4saoR7b
Submitted October 25, 2022 at 05:22PM by jeandrew
via reddit https://ift.tt/oFqmN2i
Trail of Bits Blog
Stranger Strings: An exploitable flaw in SQLite
By Andreas Kellas Trail of Bits is publicly disclosing CVE-2022-35737, which affects applications that use the SQLite library API. CVE-2022-35737 was introduced in SQLite version 1.0.12 (released o…
GitHub Actions are being abused to run mining operations
https://ift.tt/3x0XbPy
Submitted October 25, 2022 at 09:34PM by MiguelHzBz
via reddit https://ift.tt/uA7bTDO
https://ift.tt/3x0XbPy
Submitted October 25, 2022 at 09:34PM by MiguelHzBz
via reddit https://ift.tt/uA7bTDO
Sysdig
Sysdig TRT uncovers massive cryptomining operation leveraging GitHub Actions – Sysdig
Sysdig TRT uncovered an extensive and sophisticated active cryptomining operation using GitHub, Heroku, Buddy.works, and others. We are going to refer to this as PURPLEURCHIN.
Melis Platform CMS patched for critical RCE flaw (CVE-2022-39297)
https://ift.tt/5SDkjwJ
Submitted October 25, 2022 at 10:58PM by monoimpact
via reddit https://ift.tt/BDtEb9U
https://ift.tt/5SDkjwJ
Submitted October 25, 2022 at 10:58PM by monoimpact
via reddit https://ift.tt/BDtEb9U
The Daily Swig | Cybersecurity news and views
Melis Platform CMS patched for critical RCE flaw
POP chain crafted to demonstrate exploitability
4 Ways Conventional SIEM Advances into NextGen SIEM
https://ift.tt/u0KPsbW
Submitted October 26, 2022 at 12:36AM by Pale-Cobbler-4895
via reddit https://ift.tt/xfQmEHR
https://ift.tt/u0KPsbW
Submitted October 26, 2022 at 12:36AM by Pale-Cobbler-4895
via reddit https://ift.tt/xfQmEHR
Digitalconnectmag
4 Ways Conventional SIEM Advances into NextGen SIEM
An IDC study reveals that most organizations regard security information and event management (SIEM) as sacred. There appears to be a consensus that SIEM is a crucial part of cybersecurity. However, with the rapidly evolving nature of cyber threats, there…
The Secrets Behind Uber's Breach
https://ift.tt/3Db9zYU
Submitted October 26, 2022 at 01:36AM by Nashifa
via reddit https://ift.tt/C3KJm2Q
https://ift.tt/3Db9zYU
Submitted October 26, 2022 at 01:36AM by Nashifa
via reddit https://ift.tt/C3KJm2Q
Akeyless
The Secrets Behind Uber's Breach | Akeyless
Join our CEO Oded Hareven and Admiral Michael Rogers of Team8 as they discuss the implications behind the recent Uber breach.
topmostp: A simple CLI tool to retrieve the N top most used ports
https://ift.tt/1Vk2Yiq
Submitted October 26, 2022 at 01:21PM by deleee
via reddit https://ift.tt/bIyYSxB
https://ift.tt/1Vk2Yiq
Submitted October 26, 2022 at 01:21PM by deleee
via reddit https://ift.tt/bIyYSxB
GitHub
GitHub - cybersecsi/topmostp: A simple CLI tool to retrieve the N top most used ports
A simple CLI tool to retrieve the N top most used ports - GitHub - cybersecsi/topmostp: A simple CLI tool to retrieve the N top most used ports