Overview of SQLi and Access Flaws in Zendesk
https://ift.tt/dZ6LtTG
Submitted November 15, 2022 at 11:27PM by TotallyNotTeaPot
via reddit https://ift.tt/eFLduab
https://ift.tt/dZ6LtTG
Submitted November 15, 2022 at 11:27PM by TotallyNotTeaPot
via reddit https://ift.tt/eFLduab
Varonis
Varonis Threat Labs Discovers SQLi and Access Flaws in Zendesk
Varonis Threat Labs found a SQL injection vulnerability and a logical access flaw in Zendesk Explore, the reporting and analytics service in the popular customer service solution, Zendesk.
Hyperpom: An Apple Silicon Fuzzer for 64-bit ARM Binaries
https://ift.tt/8rF5hgE
Submitted November 15, 2022 at 11:14PM by jeandrew
via reddit https://ift.tt/mq9NwKy
https://ift.tt/8rF5hgE
Submitted November 15, 2022 at 11:14PM by jeandrew
via reddit https://ift.tt/mq9NwKy
Impalabs
Hyperpom: An Apple Silicon Fuzzer for 64-bit ARM Binaries
Impalabs is releasing Hyperpom, a 64-bit ARM binary fuzzer written in Rust and based on the Apple Silicon's hypervisor. It is mutation-based and coverage-guided. This article gives an overview of its internals, presents the different components it consists…
Distributed Identity aka Identity on the Blockchain - What it is and its vulnerable attack surfaces. (Part 1)
https://ift.tt/4vGArsP
Submitted November 16, 2022 at 12:47AM by CyberArkLabs
via reddit https://ift.tt/rKoIRBy
https://ift.tt/4vGArsP
Submitted November 16, 2022 at 12:47AM by CyberArkLabs
via reddit https://ift.tt/rKoIRBy
Cyberark
Decentralized Identity Attack Surface – Part 1
Introduction Who are you? That’s a hard question to answer. Many philosophers have been fascinated with this question for years. Who are you in cyberspace? Your digital identity is comprised of...
"Fangxiao: a Chinese Threat Actor" - by Cyjax researchers @nyxilar and @_nynan
https://ift.tt/GHFYOV5
Submitted November 16, 2022 at 04:00PM by _nynan
via reddit https://ift.tt/dmR829y
https://ift.tt/GHFYOV5
Submitted November 16, 2022 at 04:00PM by _nynan
via reddit https://ift.tt/dmR829y
CYJAX
Fangxiao: a Chinese threat actor
Phishing campaigns continue to increase globally. These operations offer an easy route for cybercriminals to generate revenue, steal...
HZ RAT goes China
https://ift.tt/pvjoyN5
Submitted November 16, 2022 at 08:29PM by OwnPreparation3424
via reddit https://ift.tt/i29gNrU
https://ift.tt/pvjoyN5
Submitted November 16, 2022 at 08:29PM by OwnPreparation3424
via reddit https://ift.tt/i29gNrU
Medium
HZ RAT goes China
Walking down the Royal Road as we did in one of our previous posts, another by-catch of our Yara rule caught our attention. Turns out we…
Root RCE via CSRF (and other vulns) in F5 Big-IP devices [my original research]
https://ift.tt/D5HViEU
Submitted November 17, 2022 at 03:57AM by iagox86
via reddit https://ift.tt/bcMpHQi
https://ift.tt/D5HViEU
Submitted November 17, 2022 at 03:57AM by iagox86
via reddit https://ift.tt/bcMpHQi
Rapid7
CVE-2022-41622 and CVE-2022-41800 (FIXED): F5 BIG-IP and iControl REST Vulnerabilities and Exposures | Rapid7 Blog
Infosys leaked FullAdminAccess AWS keys on PyPi for over a year
https://ift.tt/GAg1l9E
Submitted November 17, 2022 at 05:39AM by Most-Loss5834
via reddit https://ift.tt/bDh8ctv
https://ift.tt/GAg1l9E
Submitted November 17, 2022 at 05:39AM by Most-Loss5834
via reddit https://ift.tt/bDh8ctv
tomforb.es
Infosys leaked FullAdminAccess AWS keys on PyPi for over a year
Infosys has a lot to say about security You can check out their website for a lot of buzwords , but it’s clear from all the stock photos that they take security Very Seriously Indeed ™️.
However, from what I’ve found recently, it seems that InfoSys follow…
However, from what I’ve found recently, it seems that InfoSys follow…
Parsing atop files with python dissect.cstruct
https://ift.tt/dBg9OGj
Submitted November 17, 2022 at 05:16AM by DiabloHorn
via reddit https://ift.tt/TRH8WnC
https://ift.tt/dBg9OGj
Submitted November 17, 2022 at 05:16AM by DiabloHorn
via reddit https://ift.tt/TRH8WnC
DiabloHorn
Parsing atop files with python dissect.cstruct
Like you’ve probably read, Fox-IT released their incident response framework called dissect, but before that they released the cstruct part of their framework. Ever since they released it pub…
Packet Tuesday: New video series about in depth network traffic analysis
https://ift.tt/ZQESdFc
Submitted November 17, 2022 at 06:23AM by dentalfoss
via reddit https://ift.tt/8rsE063
https://ift.tt/ZQESdFc
Submitted November 17, 2022 at 06:23AM by dentalfoss
via reddit https://ift.tt/8rsE063
Is your VMware vSphere environment secure?
https://ift.tt/HoZN9ip
Submitted November 16, 2022 at 02:58PM by karimhabush
via reddit https://ift.tt/PHXZbEx
https://ift.tt/HoZN9ip
Submitted November 16, 2022 at 02:58PM by karimhabush
via reddit https://ift.tt/PHXZbEx
Medium
Is your VMware vSphere environment secure?
Assess your vSphere configuration in less than 10 minutes!
New Tool: Orpheus - Bypasses most Kerberoast Detections
https://ift.tt/SdGhaQT
Submitted November 17, 2022 at 07:47PM by ben0xa
via reddit https://ift.tt/Mnwmp9f
https://ift.tt/SdGhaQT
Submitted November 17, 2022 at 07:47PM by ben0xa
via reddit https://ift.tt/Mnwmp9f
TrustedSec
The Art of Bypassing Kerberoast Detections with Orpheus
[PDF, research paper] Do Users Write More Insecure Code with AI Assistants?
https://ift.tt/v5CkFOh
Submitted November 18, 2022 at 03:40AM by ScottContini
via reddit https://ift.tt/P15TN6M
https://ift.tt/v5CkFOh
Submitted November 18, 2022 at 03:40AM by ScottContini
via reddit https://ift.tt/P15TN6M
Collection of vulnerable code snippets (updated every friday)
https://ift.tt/48EQnpd
Submitted November 18, 2022 at 11:06PM by hisxo
via reddit https://ift.tt/aO6z5eq
https://ift.tt/48EQnpd
Submitted November 18, 2022 at 11:06PM by hisxo
via reddit https://ift.tt/aO6z5eq
GitHub
GitHub - yeswehack/vulnerable-code-snippets: Twitter vulnerable snippets
Twitter vulnerable snippets. Contribute to yeswehack/vulnerable-code-snippets development by creating an account on GitHub.
Explaining AWS Encryption Access: A Deep Dive on KMS Access and KMS Key Grants
https://ift.tt/5Pa7FR4
Submitted November 18, 2022 at 07:05PM by jsonpile
via reddit https://ift.tt/fzlcEKn
https://ift.tt/5Pa7FR4
Submitted November 18, 2022 at 07:05PM by jsonpile
via reddit https://ift.tt/fzlcEKn
CloudQuery
A Deep Dive on AWS KMS Key Access and AWS Key Grants | CloudQuery
A Technical Deep Dive on AWS KMS Key Access and AWS Key Grants.
System misconfiguration is the number one vulnerability, at least for Mastodon
https://ift.tt/fJTrdXQ
Submitted November 21, 2022 at 02:31AM by 0xdea
via reddit https://ift.tt/WZ9Keh8
https://ift.tt/fJTrdXQ
Submitted November 21, 2022 at 02:31AM by 0xdea
via reddit https://ift.tt/WZ9Keh8
Alevsk
System misconfiguration is the number one vulnerability, at least for Mastodon
One time during a security engineering interview someone asked me
What is the number one vulnerability?
That question caught me by surprise. I immediately start thinking about OWASP top 10, RCE, 0days and things like that, then I remembered the security…
What is the number one vulnerability?
That question caught me by surprise. I immediately start thinking about OWASP top 10, RCE, 0days and things like that, then I remembered the security…
A Confused Deputy Vulnerability in AWS AppSync | Datadog Security Labs
https://ift.tt/tUMQOWG
Submitted November 21, 2022 at 09:01PM by RedTermSession
via reddit https://ift.tt/d78ghGX
https://ift.tt/tUMQOWG
Submitted November 21, 2022 at 09:01PM by RedTermSession
via reddit https://ift.tt/d78ghGX
Datadoghq
A confused deputy vulnerability in AWS AppSync
Public disclosure of a cross-account security vulnerability in AWS AppSync.
Email Graffiti: Vandalize old emails. It's like an NFT but better. Tool linked in blog
https://ift.tt/QlLarMZ
Submitted November 21, 2022 at 10:09PM by wifihack
via reddit https://ift.tt/1wH0ZWQ
https://ift.tt/QlLarMZ
Submitted November 21, 2022 at 10:09PM by wifihack
via reddit https://ift.tt/1wH0ZWQ
Trufflesecurity
Email Graffiti: Hacking Old Email ◆ Truffle Security Co.
Not long ago security researchers found they could take over old tweets that linked to links that don’t work anymore. Did you know you can do the same thing with email? To demonstrate this, we “Email Graffitied” an email sent to all YouTube users in 2020.…
Fuzzing the web for mysterious bugs
https://ift.tt/NMDbPpi
Submitted November 21, 2022 at 11:02PM by hisxo
via reddit https://ift.tt/iGyt8g1
https://ift.tt/NMDbPpi
Submitted November 21, 2022 at 11:02PM by hisxo
via reddit https://ift.tt/iGyt8g1
0Xacb
Till REcollapse - 0xacb
Welcome back to my blog. In this post, I’ll explain the REcollapse technique. I’ve been researching it for the last couple of years to discover weirdly simpl...
Tools for seccomp analysis
https://ift.tt/unHjdJB
Submitted November 22, 2022 at 01:08AM by boutnaru
via reddit https://ift.tt/ZmGknHc
https://ift.tt/unHjdJB
Submitted November 22, 2022 at 01:08AM by boutnaru
via reddit https://ift.tt/ZmGknHc
GitHub
GitHub - david942j/seccomp-tools: Provide powerful tools for seccomp analysis
Provide powerful tools for seccomp analysis. Contribute to david942j/seccomp-tools development by creating an account on GitHub.
Burp Suite and Protobuf
https://ift.tt/Y2bzXi6
Submitted November 22, 2022 at 07:06PM by 0xdea
via reddit https://ift.tt/YekICAz
https://ift.tt/Y2bzXi6
Submitted November 22, 2022 at 07:06PM by 0xdea
via reddit https://ift.tt/YekICAz
hn security
Burp Suite and Protobuf - hn security
Hi, Last year (I know, I’m […]
Disrupting an attacker publishing malware to PyPI
https://ift.tt/Ed6Y4hb
Submitted November 23, 2022 at 12:22AM by braincaviar
via reddit https://ift.tt/euwPsJG
https://ift.tt/Ed6Y4hb
Submitted November 23, 2022 at 12:22AM by braincaviar
via reddit https://ift.tt/euwPsJG
Phylum
Disrupting a PyPI Software Supply Chain Threat Actor
Phylum disrupts software supply chain attacker attempting to construct an army of infected developer machines.