Exploiting a Flipper Zero
https://ift.tt/67aF5Ty
Submitted October 24, 2022 at 11:40PM by VVX7
via reddit https://ift.tt/13ZXTLQ
https://ift.tt/67aF5Ty
Submitted October 24, 2022 at 11:40PM by VVX7
via reddit https://ift.tt/13ZXTLQ
f33d by Prelude
Crashing a Flipper Zero
Exploring file loader crashes on the Flipper Zero
OSS patcher for CVE-2022-42889 (TextShell) - Finds and closes the vulnerability on deployed JAR files
https://ift.tt/NUx7KYi
Submitted October 24, 2022 at 11:27PM by SRMish3
via reddit https://ift.tt/HeW1NRP
https://ift.tt/NUx7KYi
Submitted October 24, 2022 at 11:27PM by SRMish3
via reddit https://ift.tt/HeW1NRP
GitHub
text4shell-tools/text_4_shell_patch at main · jfrog/text4shell-tools
Contribute to jfrog/text4shell-tools development by creating an account on GitHub.
OSINT analysis of Gulf focused job scams
https://ift.tt/Qd3Az0v
Submitted October 25, 2022 at 02:12AM by jen140
via reddit https://ift.tt/bC9gXVt
https://ift.tt/Qd3Az0v
Submitted October 25, 2022 at 02:12AM by jen140
via reddit https://ift.tt/bC9gXVt
Exploit archaeology: A forensic history of in-the-wild NSO Group exploits
https://ift.tt/CS67UH8
Submitted October 25, 2022 at 03:15AM by DonnchaOC
via reddit https://ift.tt/97ozIf5
https://ift.tt/CS67UH8
Submitted October 25, 2022 at 03:15AM by DonnchaOC
via reddit https://ift.tt/97ozIf5
Racing Cats to the Exit: A Boring Linux Kernel Use-After-Free
https://ift.tt/U5sZAeO
Submitted October 25, 2022 at 04:12AM by 0x414141
via reddit https://ift.tt/DaJUouC
https://ift.tt/U5sZAeO
Submitted October 25, 2022 at 04:12AM by 0x414141
via reddit https://ift.tt/DaJUouC
Chapter 1 — From Gozi to ISFB: The history of a mythical malware family
https://ift.tt/9pQhGq7
Submitted October 25, 2022 at 11:57AM by CyberMasterV
via reddit https://ift.tt/L279zaM
https://ift.tt/9pQhGq7
Submitted October 25, 2022 at 11:57AM by CyberMasterV
via reddit https://ift.tt/L279zaM
Medium
Chapter 1 — From Gozi to ISFB: The history of a mythical malware family.
Illustrating ISFBs journey from the early start over the leak of Gozi 1 to their recent mutation into LDR4 and its relations to other…
Firefox and Chromium | Madaidan's Insecurities
https://ift.tt/Nx3PtCb
Submitted October 25, 2022 at 02:53PM by gquere
via reddit https://ift.tt/5xPkJjd
https://ift.tt/Nx3PtCb
Submitted October 25, 2022 at 02:53PM by gquere
via reddit https://ift.tt/5xPkJjd
The Logging Dead: Two Event Log Vulnerabilities Haunting Windows
https://ift.tt/dU861vF
Submitted October 25, 2022 at 04:16PM by lohacker0
via reddit https://ift.tt/xm2rd9F
https://ift.tt/dU861vF
Submitted October 25, 2022 at 04:16PM by lohacker0
via reddit https://ift.tt/xm2rd9F
Varonis
The Logging Dead: Two Event Log Vulnerabilities Haunting Windows
You don’t have to use Internet Explorer for its legacy to have left you vulnerable to LogCrusher and OverLog, a pair of Windows vulnerabilities discovered by the Varonis Threat Labs team.
Stranger Strings: An exploitable flaw in SQLite
https://ift.tt/4saoR7b
Submitted October 25, 2022 at 05:22PM by jeandrew
via reddit https://ift.tt/oFqmN2i
https://ift.tt/4saoR7b
Submitted October 25, 2022 at 05:22PM by jeandrew
via reddit https://ift.tt/oFqmN2i
Trail of Bits Blog
Stranger Strings: An exploitable flaw in SQLite
By Andreas Kellas Trail of Bits is publicly disclosing CVE-2022-35737, which affects applications that use the SQLite library API. CVE-2022-35737 was introduced in SQLite version 1.0.12 (released o…
GitHub Actions are being abused to run mining operations
https://ift.tt/3x0XbPy
Submitted October 25, 2022 at 09:34PM by MiguelHzBz
via reddit https://ift.tt/uA7bTDO
https://ift.tt/3x0XbPy
Submitted October 25, 2022 at 09:34PM by MiguelHzBz
via reddit https://ift.tt/uA7bTDO
Sysdig
Sysdig TRT uncovers massive cryptomining operation leveraging GitHub Actions – Sysdig
Sysdig TRT uncovered an extensive and sophisticated active cryptomining operation using GitHub, Heroku, Buddy.works, and others. We are going to refer to this as PURPLEURCHIN.
Melis Platform CMS patched for critical RCE flaw (CVE-2022-39297)
https://ift.tt/5SDkjwJ
Submitted October 25, 2022 at 10:58PM by monoimpact
via reddit https://ift.tt/BDtEb9U
https://ift.tt/5SDkjwJ
Submitted October 25, 2022 at 10:58PM by monoimpact
via reddit https://ift.tt/BDtEb9U
The Daily Swig | Cybersecurity news and views
Melis Platform CMS patched for critical RCE flaw
POP chain crafted to demonstrate exploitability
4 Ways Conventional SIEM Advances into NextGen SIEM
https://ift.tt/u0KPsbW
Submitted October 26, 2022 at 12:36AM by Pale-Cobbler-4895
via reddit https://ift.tt/xfQmEHR
https://ift.tt/u0KPsbW
Submitted October 26, 2022 at 12:36AM by Pale-Cobbler-4895
via reddit https://ift.tt/xfQmEHR
Digitalconnectmag
4 Ways Conventional SIEM Advances into NextGen SIEM
An IDC study reveals that most organizations regard security information and event management (SIEM) as sacred. There appears to be a consensus that SIEM is a crucial part of cybersecurity. However, with the rapidly evolving nature of cyber threats, there…
The Secrets Behind Uber's Breach
https://ift.tt/3Db9zYU
Submitted October 26, 2022 at 01:36AM by Nashifa
via reddit https://ift.tt/C3KJm2Q
https://ift.tt/3Db9zYU
Submitted October 26, 2022 at 01:36AM by Nashifa
via reddit https://ift.tt/C3KJm2Q
Akeyless
The Secrets Behind Uber's Breach | Akeyless
Join our CEO Oded Hareven and Admiral Michael Rogers of Team8 as they discuss the implications behind the recent Uber breach.
topmostp: A simple CLI tool to retrieve the N top most used ports
https://ift.tt/1Vk2Yiq
Submitted October 26, 2022 at 01:21PM by deleee
via reddit https://ift.tt/bIyYSxB
https://ift.tt/1Vk2Yiq
Submitted October 26, 2022 at 01:21PM by deleee
via reddit https://ift.tt/bIyYSxB
GitHub
GitHub - cybersecsi/topmostp: A simple CLI tool to retrieve the N top most used ports
A simple CLI tool to retrieve the N top most used ports - GitHub - cybersecsi/topmostp: A simple CLI tool to retrieve the N top most used ports
Lateral Movement via AutodialDLL registry key abuse
https://ift.tt/fZ7rc02
Submitted October 26, 2022 at 04:08PM by gid0rah
via reddit https://ift.tt/et4Gr5P
https://ift.tt/fZ7rc02
Submitted October 26, 2022 at 04:08PM by gid0rah
via reddit https://ift.tt/et4Gr5P
MDSec
Autodial(DLL)ing Your Way - MDSec
The use of the AutodialDLL registry subkey (located in HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters) as a persistence method has been previously documented by @Hexacorn in his series Beyond good ol’ Run key, (Part 24)....
I took a look at the most active Github users who publish the most CVE's
https://ift.tt/9RWKr8V
Submitted October 26, 2022 at 03:52PM by DevOpsMuffin39
via reddit https://ift.tt/BCMF3gx
https://ift.tt/9RWKr8V
Submitted October 26, 2022 at 03:52PM by DevOpsMuffin39
via reddit https://ift.tt/BCMF3gx
GitHub
PoC_CVEs/cve_links_by_github_username.txt at main · tg12/PoC_CVEs
PoC_CVEs. Contribute to tg12/PoC_CVEs development by creating an account on GitHub.
Token handles abuse: One shell to HANDLE them all
https://ift.tt/I1YgpH8
Submitted October 26, 2022 at 04:58PM by gid0rah
via reddit https://ift.tt/5Z2DmpB
https://ift.tt/I1YgpH8
Submitted October 26, 2022 at 04:58PM by gid0rah
via reddit https://ift.tt/5Z2DmpB
Tarlogic Security
One shell to HANDLE them all
Introduction
During a Red Team engagement, the exploitation of vulnerabilities in web apps usually offers a good chance of
During a Red Team engagement, the exploitation of vulnerabilities in web apps usually offers a good chance of
Ring0VBA - Getting Ring0 Using a Goddamn Word Document
https://ift.tt/YvJUWOg
Submitted October 26, 2022 at 07:35PM by CyberMasterV
via reddit https://ift.tt/gEwqvpA
https://ift.tt/YvJUWOg
Submitted October 26, 2022 at 07:35PM by CyberMasterV
via reddit https://ift.tt/gEwqvpA
Hijacking AUR Packages by Searching for Expired Domains
https://ift.tt/GRx70lu
Submitted October 26, 2022 at 10:54PM by whisperingmime
via reddit https://ift.tt/kEbGq9f
https://ift.tt/GRx70lu
Submitted October 26, 2022 at 10:54PM by whisperingmime
via reddit https://ift.tt/kEbGq9f
Blog by Joren Vrancken
Hijacking AUR Packages by Searching for Expired Domains
The Arch User Repository (AUR) is a software repository for Arch Linux. It differs from the official Arch Linux repositories in that its packages are provided by its users and not officially supported by Arch Linux.
Ethernet ghosting & NAC bypass - A practical overview
https://ift.tt/Ry8za7q
Submitted October 27, 2022 at 09:18AM by Gallus
via reddit https://ift.tt/USqp4nc
https://ift.tt/Ry8za7q
Submitted October 27, 2022 at 09:18AM by Gallus
via reddit https://ift.tt/USqp4nc
🪄 wb - A wizard that brings old files from Wayback Machine.
https://ift.tt/cNrGa9K
Submitted October 27, 2022 at 12:38PM by rjz4
via reddit https://ift.tt/S1Rdu0z
https://ift.tt/cNrGa9K
Submitted October 27, 2022 at 12:38PM by rjz4
via reddit https://ift.tt/S1Rdu0z
GitHub
GitHub - riza/wb: Quickly fetches files from Wayback Machine.
Quickly fetches files from Wayback Machine. Contribute to riza/wb development by creating an account on GitHub.