Is your VMware vSphere environment secure?
https://ift.tt/HoZN9ip
Submitted November 16, 2022 at 02:58PM by karimhabush
via reddit https://ift.tt/PHXZbEx
https://ift.tt/HoZN9ip
Submitted November 16, 2022 at 02:58PM by karimhabush
via reddit https://ift.tt/PHXZbEx
Medium
Is your VMware vSphere environment secure?
Assess your vSphere configuration in less than 10 minutes!
New Tool: Orpheus - Bypasses most Kerberoast Detections
https://ift.tt/SdGhaQT
Submitted November 17, 2022 at 07:47PM by ben0xa
via reddit https://ift.tt/Mnwmp9f
https://ift.tt/SdGhaQT
Submitted November 17, 2022 at 07:47PM by ben0xa
via reddit https://ift.tt/Mnwmp9f
TrustedSec
The Art of Bypassing Kerberoast Detections with Orpheus
[PDF, research paper] Do Users Write More Insecure Code with AI Assistants?
https://ift.tt/v5CkFOh
Submitted November 18, 2022 at 03:40AM by ScottContini
via reddit https://ift.tt/P15TN6M
https://ift.tt/v5CkFOh
Submitted November 18, 2022 at 03:40AM by ScottContini
via reddit https://ift.tt/P15TN6M
Collection of vulnerable code snippets (updated every friday)
https://ift.tt/48EQnpd
Submitted November 18, 2022 at 11:06PM by hisxo
via reddit https://ift.tt/aO6z5eq
https://ift.tt/48EQnpd
Submitted November 18, 2022 at 11:06PM by hisxo
via reddit https://ift.tt/aO6z5eq
GitHub
GitHub - yeswehack/vulnerable-code-snippets: Twitter vulnerable snippets
Twitter vulnerable snippets. Contribute to yeswehack/vulnerable-code-snippets development by creating an account on GitHub.
Explaining AWS Encryption Access: A Deep Dive on KMS Access and KMS Key Grants
https://ift.tt/5Pa7FR4
Submitted November 18, 2022 at 07:05PM by jsonpile
via reddit https://ift.tt/fzlcEKn
https://ift.tt/5Pa7FR4
Submitted November 18, 2022 at 07:05PM by jsonpile
via reddit https://ift.tt/fzlcEKn
CloudQuery
A Deep Dive on AWS KMS Key Access and AWS Key Grants | CloudQuery
A Technical Deep Dive on AWS KMS Key Access and AWS Key Grants.
System misconfiguration is the number one vulnerability, at least for Mastodon
https://ift.tt/fJTrdXQ
Submitted November 21, 2022 at 02:31AM by 0xdea
via reddit https://ift.tt/WZ9Keh8
https://ift.tt/fJTrdXQ
Submitted November 21, 2022 at 02:31AM by 0xdea
via reddit https://ift.tt/WZ9Keh8
Alevsk
System misconfiguration is the number one vulnerability, at least for Mastodon
One time during a security engineering interview someone asked me
What is the number one vulnerability?
That question caught me by surprise. I immediately start thinking about OWASP top 10, RCE, 0days and things like that, then I remembered the security…
What is the number one vulnerability?
That question caught me by surprise. I immediately start thinking about OWASP top 10, RCE, 0days and things like that, then I remembered the security…
A Confused Deputy Vulnerability in AWS AppSync | Datadog Security Labs
https://ift.tt/tUMQOWG
Submitted November 21, 2022 at 09:01PM by RedTermSession
via reddit https://ift.tt/d78ghGX
https://ift.tt/tUMQOWG
Submitted November 21, 2022 at 09:01PM by RedTermSession
via reddit https://ift.tt/d78ghGX
Datadoghq
A confused deputy vulnerability in AWS AppSync
Public disclosure of a cross-account security vulnerability in AWS AppSync.
Email Graffiti: Vandalize old emails. It's like an NFT but better. Tool linked in blog
https://ift.tt/QlLarMZ
Submitted November 21, 2022 at 10:09PM by wifihack
via reddit https://ift.tt/1wH0ZWQ
https://ift.tt/QlLarMZ
Submitted November 21, 2022 at 10:09PM by wifihack
via reddit https://ift.tt/1wH0ZWQ
Trufflesecurity
Email Graffiti: Hacking Old Email ◆ Truffle Security Co.
Not long ago security researchers found they could take over old tweets that linked to links that don’t work anymore. Did you know you can do the same thing with email? To demonstrate this, we “Email Graffitied” an email sent to all YouTube users in 2020.…
Fuzzing the web for mysterious bugs
https://ift.tt/NMDbPpi
Submitted November 21, 2022 at 11:02PM by hisxo
via reddit https://ift.tt/iGyt8g1
https://ift.tt/NMDbPpi
Submitted November 21, 2022 at 11:02PM by hisxo
via reddit https://ift.tt/iGyt8g1
0Xacb
Till REcollapse - 0xacb
Welcome back to my blog. In this post, I’ll explain the REcollapse technique. I’ve been researching it for the last couple of years to discover weirdly simpl...
Tools for seccomp analysis
https://ift.tt/unHjdJB
Submitted November 22, 2022 at 01:08AM by boutnaru
via reddit https://ift.tt/ZmGknHc
https://ift.tt/unHjdJB
Submitted November 22, 2022 at 01:08AM by boutnaru
via reddit https://ift.tt/ZmGknHc
GitHub
GitHub - david942j/seccomp-tools: Provide powerful tools for seccomp analysis
Provide powerful tools for seccomp analysis. Contribute to david942j/seccomp-tools development by creating an account on GitHub.
Burp Suite and Protobuf
https://ift.tt/Y2bzXi6
Submitted November 22, 2022 at 07:06PM by 0xdea
via reddit https://ift.tt/YekICAz
https://ift.tt/Y2bzXi6
Submitted November 22, 2022 at 07:06PM by 0xdea
via reddit https://ift.tt/YekICAz
hn security
Burp Suite and Protobuf - hn security
Hi, Last year (I know, I’m […]
Disrupting an attacker publishing malware to PyPI
https://ift.tt/Ed6Y4hb
Submitted November 23, 2022 at 12:22AM by braincaviar
via reddit https://ift.tt/euwPsJG
https://ift.tt/Ed6Y4hb
Submitted November 23, 2022 at 12:22AM by braincaviar
via reddit https://ift.tt/euwPsJG
Phylum
Disrupting a PyPI Software Supply Chain Threat Actor
Phylum disrupts software supply chain attacker attempting to construct an army of infected developer machines.
Bringing PAC to x86 with custom microcode
https://ift.tt/Y4Q3ilt
Submitted November 23, 2022 at 11:46AM by Gallus
via reddit https://ift.tt/kJ9Ge1A
https://ift.tt/Y4Q3ilt
Submitted November 23, 2022 at 11:46AM by Gallus
via reddit https://ift.tt/kJ9Ge1A
GitHub
x86 PAC · pietroborrello/CustomProcessingUnit@936a684
The first dynamic analysis framework for CPU microcode - x86 PAC · pietroborrello/CustomProcessingUnit@936a684
Nighthawk: An Up-and-Coming Pentest Tool Likely to Gain Threat Actor Notice
https://ift.tt/37jwrSN
Submitted November 23, 2022 at 02:25PM by CyberMasterV
via reddit https://ift.tt/M5KDrRA
https://ift.tt/37jwrSN
Submitted November 23, 2022 at 02:25PM by CyberMasterV
via reddit https://ift.tt/M5KDrRA
Proofpoint
What Is a Threat Actor? - Definition, Types & More | Proofpoint US
A threat actor is a term used to describe individuals whose purpose is to engage in cyber-related offenses. Learn the definition, types, motivations, and more.
A dive into Microsoft Defender for Identity
https://ift.tt/nEkV8Tx
Submitted November 23, 2022 at 09:16PM by jeandrew
via reddit https://ift.tt/ebHJq70
https://ift.tt/nEkV8Tx
Submitted November 23, 2022 at 09:16PM by jeandrew
via reddit https://ift.tt/ebHJq70
Synacktiv
A dive into Microsoft Defender for Identity
Investigating a backdoored PyPi package targeting FastAPI applications
https://ift.tt/ZcizOCg
Submitted November 24, 2022 at 02:18AM by thorn42
via reddit https://ift.tt/AU1kvqG
https://ift.tt/ZcizOCg
Submitted November 24, 2022 at 02:18AM by thorn42
via reddit https://ift.tt/AU1kvqG
Datadoghq
Investigating a backdoored PyPi package targeting FastAPI applications
In this post, we analyze a malicious PyPI package attempting to backdoor FastAPI applications.
2022 InfoSec Black Friday Deals
https://ift.tt/jMeAgR2
Submitted November 24, 2022 at 01:31PM by Fugitif
via reddit https://ift.tt/2WfXqp0
https://ift.tt/jMeAgR2
Submitted November 24, 2022 at 01:31PM by Fugitif
via reddit https://ift.tt/2WfXqp0
GitHub
GitHub - 0x90n/InfoSec-Black-Friday: All the deals for InfoSec related software/tools this Black Friday
All the deals for InfoSec related software/tools this Black Friday - GitHub - 0x90n/InfoSec-Black-Friday: All the deals for InfoSec related software/tools this Black Friday
Sigstore The Easy Way
https://ift.tt/2xOFRqN
Submitted November 24, 2022 at 04:58PM by Rewanth_Tammana
via reddit https://ift.tt/2i8VaS0
https://ift.tt/2xOFRqN
Submitted November 24, 2022 at 04:58PM by Rewanth_Tammana
via reddit https://ift.tt/2i8VaS0
Rewanthtammana
Sigstore The Easy Way
Software signing just got easier. Sigstore The Easy Way guide is the most straightforward way to geting started with software signing & securing software supply chains.
Containers: Rootful, Rootless, Privileged and Super Privileged
https://ift.tt/K61PaUt
Submitted November 25, 2022 at 09:12PM by fcano1
via reddit https://ift.tt/zTpGZwL
https://ift.tt/K61PaUt
Submitted November 25, 2022 at 09:12PM by fcano1
via reddit https://ift.tt/zTpGZwL
Exploiting CORS Misconfigurations
https://ift.tt/DdZtKfn
Submitted November 26, 2022 at 02:09PM by 6W99ocQnb8Zy17
via reddit https://ift.tt/NQL5XFR
https://ift.tt/DdZtKfn
Submitted November 26, 2022 at 02:09PM by 6W99ocQnb8Zy17
via reddit https://ift.tt/NQL5XFR
attack ships on fire
Exploiting CORS Misconfigurations
TL;DR If you can find an unrestricted CORS endpoint, that also responds to the HTTP override headers, then potentially you can use it to access endpoints that aren’t enabled for CORS, bypass CSRF protections, and also deliver an XST (which will give you access…
So, you want to get into bug bounties?
https://ift.tt/1FgJcEo
Submitted November 26, 2022 at 03:01PM by Mempodipper
via reddit https://ift.tt/JUi4Rem
https://ift.tt/1FgJcEo
Submitted November 26, 2022 at 03:01PM by Mempodipper
via reddit https://ift.tt/JUi4Rem
Shubham Shah
So, you want to get into bug bounties?
I've been doing bug bounties for over 10 years now and over time, I have grown fonder of the life changing effects it has had for me. From job prospects, to being able to financially support those around me and myself. I believe that if you're passionate…