You don’t have to use Internet Explorer for its legacy to have left you vulnerable to LogCrusher and OverLog, a pair of Windows vulnerabilities discovered by the Varonis Threat Labs team.

By Andreas Kellas Trail of Bits is publicly disclosing CVE-2022-35737, which affects applications that use the SQLite library API. CVE-2022-35737 was introduced in SQLite version 1.0.12 (released o…

Sysdig TRT uncovered an extensive and sophisticated active cryptomining operation using GitHub, Heroku, Buddy.works, and others. We are going to refer to this as PURPLEURCHIN.

POP chain crafted to demonstrate exploitability

An IDC study reveals that most organizations regard security information and event management (SIEM) as sacred. There appears to be a consensus that SIEM is a crucial part of cybersecurity. However, with the rapidly evolving nature of cyber threats, there…

Join our CEO Oded Hareven and Admiral Michael Rogers of Team8 as they discuss the implications behind the recent Uber breach.

A simple CLI tool to retrieve the N top most used ports - GitHub - cybersecsi/topmostp: A simple CLI tool to retrieve the N top most used ports

The use of the AutodialDLL registry subkey (located in HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters) as a persistence method has been previously documented by @Hexacorn in his series Beyond good ol’ Run key, (Part 24)....

PoC_CVEs. Contribute to tg12/PoC_CVEs development by creating an account on GitHub.

Introduction
During a Red Team engagement, the exploitation of vulnerabilities in web apps usually offers a good chance of

The Arch User Repository (AUR) is a software repository for Arch Linux. It differs from the official Arch Linux repositories in that its packages are provided by its users and not officially supported by Arch Linux.

Quickly fetches files from Wayback Machine. Contribute to riza/wb development by creating an account on GitHub.

Leaders in Information Security

In order to find phishing payloads, one needs to understand how executable filetypes on Windows are handled, finding which ones can be delivered to mail clients, thus users, without being caught by mail defences in between and without requesting multiple…

Doyensec's Blog :: Doyensec is an independent security research and development company focused on vulnerability discovery and remediation.

Run individual configuration, compliance and security controls or full compliance benchmarks for Tailscale.

TargetRecently I have analyzed a RASP solution called Approov. Although there are some novel detection techniques, overall it’s not that interesting. Instead, I will focus on the obfuscation part of

A tool to assess the compliance of a VMware vSphere environment against the CIS Benchmark. - GitHub - karimhabush/cis-vsphere: A tool to assess the compliance of a VMware vSphere environment agains...

Posted in r/netsec by u/gquere • 15 points and 1 comment