The CI/CD Goat just got wilder! - A new challenge to the deliberately vulnerable CI/CD environment
https://ift.tt/ju5vBda
Submitted December 01, 2022 at 08:11PM by TupleType
via reddit https://ift.tt/iAhkH4a
https://ift.tt/ju5vBda
Submitted December 01, 2022 at 08:11PM by TupleType
via reddit https://ift.tt/iAhkH4a
Cider Security Site
CI/CD Goat now supports GitLab in a brand new challenge - Cider Security Site
Exciting news – we’ve released a new version of our CI/CD Goat CTF platform, a deliberately vulnerable CI/CD environment. We decided to release a new version with a shiny new challenge, after our previous 10 challenges were enthusiastically received and widely…
Unauthenticated Command Injection in Asus M25 NAS
https://ift.tt/FMuoh1L
Submitted December 01, 2022 at 08:08PM by g_e_r_h_a_r_d
via reddit https://ift.tt/mA7ZaGS
https://ift.tt/FMuoh1L
Submitted December 01, 2022 at 08:08PM by g_e_r_h_a_r_d
via reddit https://ift.tt/mA7ZaGS
ONEKEY
Read Security Advisory here 👆
ONEKEY identifies a command injection bug in the M25 NAS from Asus. Read the latest Security Advisory here
Huawei Security Hypervisor Vulnerability
https://ift.tt/WNfjZI4
Submitted December 01, 2022 at 09:51PM by jeandrew
via reddit https://ift.tt/BU9keyK
https://ift.tt/WNfjZI4
Submitted December 01, 2022 at 09:51PM by jeandrew
via reddit https://ift.tt/BU9keyK
Impalabs
Huawei Security Hypervisor Vulnerability
This advisory contains information about the following vulnerabilities:
- OOB Accesses Using the Logging System
- OOB Accesses Using the Logging System
Windows Exploitation Challenge - Blue Frost Security 2022 - VoidSec
https://ift.tt/KOwMNlT
Submitted December 01, 2022 at 10:31PM by Void_Sec
via reddit https://ift.tt/uvcSElJ
https://ift.tt/KOwMNlT
Submitted December 01, 2022 at 10:31PM by Void_Sec
via reddit https://ift.tt/uvcSElJ
VoidSec
Windows Exploitation Challenge - Blue Frost Security 2022 (Ekoparty) - VoidSec
Last month, during Ekoparty, Blue Frost Security published a Windows challenge. Since having a Windows exploitation challenge, is one of a kind in CTFs, and since I’ve found the challenge interesting and very clever, I’ve decided to post about my reverse…
UART Essential for Pentester
https://ift.tt/3VYWkAd
Submitted December 02, 2022 at 03:41AM by Void_Sec
via reddit https://ift.tt/U7exFDV
https://ift.tt/3VYWkAd
Submitted December 02, 2022 at 03:41AM by Void_Sec
via reddit https://ift.tt/U7exFDV
Marco Negro's Blog
UART Essential for Pentester
Platform certificates used to sign Android malware
https://ift.tt/X1x5EnH
Submitted December 02, 2022 at 05:14AM by ScottContini
via reddit https://ift.tt/oObAUqW
https://ift.tt/X1x5EnH
Submitted December 02, 2022 at 05:14AM by ScottContini
via reddit https://ift.tt/oObAUqW
Visual Studio Code: Remote Code Execution
https://ift.tt/hIPTUbt
Submitted December 02, 2022 at 05:42AM by Zemnmez
via reddit https://ift.tt/FR0YmhM
https://ift.tt/hIPTUbt
Submitted December 02, 2022 at 05:42AM by Zemnmez
via reddit https://ift.tt/FR0YmhM
GitHub
Visual Studio Code: Remote Code Execution
### Summary
An attacker could, through a link or website, take over the computer of a Visual Studio Code user and any computers they were connected to via the [Visual Studio Code Remote Developmen...
An attacker could, through a link or website, take over the computer of a Visual Studio Code user and any computers they were connected to via the [Visual Studio Code Remote Developmen...
XSS on account.leagueoflegends.com via easyXDM [2016]
https://ift.tt/XMLlirf
Submitted December 02, 2022 at 11:15AM by bored-engineer
via reddit https://ift.tt/uN27yMt
https://ift.tt/XMLlirf
Submitted December 02, 2022 at 11:15AM by bored-engineer
via reddit https://ift.tt/uN27yMt
Medium
XSS on account.leagueoflegends.com via easyXDM [2016]
This post contains a chain of vulnerabilities I responsibly disclosed to Riot Games in November of 2016. I’m publicly disclosing it now as…
VLC : Integer overflow in vnc module - CVE-2022-41325
https://ift.tt/1uEjqSZ
Submitted December 02, 2022 at 02:59PM by jeandrew
via reddit https://ift.tt/iaUHogr
https://ift.tt/1uEjqSZ
Submitted December 02, 2022 at 02:59PM by jeandrew
via reddit https://ift.tt/iaUHogr
Certpotato : using adcs to privesc from service accounts to local system
https://ift.tt/SKijFkC
Submitted December 02, 2022 at 04:47PM by qwerty0x41
via reddit https://ift.tt/u3wbYWE
https://ift.tt/SKijFkC
Submitted December 02, 2022 at 04:47PM by qwerty0x41
via reddit https://ift.tt/u3wbYWE
Sensepost
SensePost | Certpotato – using adcs to privesc from virtual and network service accounts to local system
Leaders in Information Security
Redigo — New Redis Backdoor Malware
https://ift.tt/zYlObdV
Submitted December 02, 2022 at 04:55PM by gfdgfbal
via reddit https://ift.tt/n9QFkDL
https://ift.tt/zYlObdV
Submitted December 02, 2022 at 04:55PM by gfdgfbal
via reddit https://ift.tt/n9QFkDL
Aquasec
Aqua Nautilus Discovers Redigo — New Redis Backdoor Malware
Aqua Nautilus discovers Redigo, new previously undetected Go-based malware that targets Redis servers to gain domination on the compromised machine
NVIDIA Fixes 25 GPU Display Driver Vulnerabilities
https://ift.tt/eLSbE2n
Submitted December 02, 2022 at 06:52PM by EsbenD_Lansweeper
via reddit https://ift.tt/SmOhWMr
https://ift.tt/eLSbE2n
Submitted December 02, 2022 at 06:52PM by EsbenD_Lansweeper
via reddit https://ift.tt/SmOhWMr
Lansweeper IT Asset Management
NVIDIA Fixes 25 GPU Display Driver Vulnerabilities
NVIDIA released a security update fixing 25 GPU display driver vulnerabilities that could lead to code execution, denial of service, and more.
kitabisa/teler release v2.0.0-dev
https://ift.tt/ioFxGsL
Submitted December 03, 2022 at 01:43PM by dwisiswant0
via reddit https://ift.tt/itDPMjF
https://ift.tt/ioFxGsL
Submitted December 03, 2022 at 01:43PM by dwisiswant0
via reddit https://ift.tt/itDPMjF
GitHub
GitHub - kitabisa/teler: Real-time HTTP Intrusion Detection
Real-time HTTP Intrusion Detection. Contribute to kitabisa/teler development by creating an account on GitHub.
Pre-Auth RCE with CodeQL in Under 20 Minutes
https://ift.tt/FoGYOzv
Submitted December 03, 2022 at 06:19PM by Gallus
via reddit https://ift.tt/gj1CAKU
https://ift.tt/FoGYOzv
Submitted December 03, 2022 at 06:19PM by Gallus
via reddit https://ift.tt/gj1CAKU
Frycos Security Diary
Pre-Auth RCE with CodeQL in Under 20 Minutes
This write-up won’t be an intense discussion on security code review techniques this time. We’ll simply let do all the hard work by a third party: CodeQL.
[KIS-2022-06] Drupal H5P Module <= 2.0.0 (isValidPackage) Zip Slip Vulnerability
https://ift.tt/vbXEA8L
Submitted December 03, 2022 at 08:12PM by eg1x
via reddit https://ift.tt/uoPx2Gp
https://ift.tt/vbXEA8L
Submitted December 03, 2022 at 08:12PM by eg1x
via reddit https://ift.tt/uoPx2Gp
GitHub Actions - Artifact Poisoning Vulnerability
https://ift.tt/JGHP6lW
Submitted December 04, 2022 at 09:39PM by dotanoam
via reddit https://ift.tt/8O3nhNa
https://ift.tt/JGHP6lW
Submitted December 04, 2022 at 09:39PM by dotanoam
via reddit https://ift.tt/8O3nhNa
Legitsecurity
Novel Pipeline Vulnerability Discovered; Rust Found Vulnerable
New software supply chain vulnerabilities use artifact poisoning and attack the software development pipelines on projects using GitHub Actions.
OWASP Top 10 CI/CD Security Risks project released
https://ift.tt/oliaeAh
Submitted December 05, 2022 at 01:56AM by Hefty_Knowledge_7449
via reddit https://ift.tt/KeLNiyp
https://ift.tt/oliaeAh
Submitted December 05, 2022 at 01:56AM by Hefty_Knowledge_7449
via reddit https://ift.tt/KeLNiyp
owasp.org
OWASP Top 10 CI/CD Security Risks | OWASP Foundation
OWASP Top 10 CI/CD Security Risks on the main website for The OWASP Foundation. OWASP is a nonprofit foundation that works to improve the security of software.
“In startups, your junior dev is more of a threat to security than North Korea.” Appreciate a security expert who knows startups shouldn't waste resources overdoing security when they still don't have product-market fit.
https://ift.tt/NXIF5ku
Submitted December 05, 2022 at 06:24AM by maddening_conversati
via reddit https://ift.tt/gVZhw5j
https://ift.tt/NXIF5ku
Submitted December 05, 2022 at 06:24AM by maddening_conversati
via reddit https://ift.tt/gVZhw5j
Dev Interrupted
Why Startups Suck at Security w/ Vanta's Head of Engineering, Matt Spitz
When your startup is struggling to find its product-market fit, security is the last thing on your mind - and according to security expert Matt Spitz, that’s perfectly fine! Matt is Vanta's Head of Engineering and he joins this week's episode of Dev Interrupted…
Slides: Demystifying Practical DoS Attacks
https://ift.tt/FYV3MSe
Submitted December 05, 2022 at 12:18PM by mazen160
via reddit https://ift.tt/1H5ET7y
https://ift.tt/FYV3MSe
Submitted December 05, 2022 at 12:18PM by mazen160
via reddit https://ift.tt/1H5ET7y
Mazin Ahmed
DoS Attacks are Dead: Demystifying Practical DoS Attacks
DoS Attacks are Dead: Demystifying Practical DoS Attacks.
Release of EMBA firmware analyzer in version 1.2.0 - aka London Calling
https://ift.tt/RgaUdDv
Submitted December 05, 2022 at 06:57PM by _m-1-k-3_
via reddit https://ift.tt/VwDRepW
https://ift.tt/RgaUdDv
Submitted December 05, 2022 at 06:57PM by _m-1-k-3_
via reddit https://ift.tt/VwDRepW
GitHub
Release EMBA v1.2.0 - London Calling · e-m-b-a/emba
Beside bug fixes this release introduces many new features. You are invited to celebrate the new EMBA version with us.
Spread the word and secure the Internet of Things with EMBA!
Since versio...
Spread the word and secure the Internet of Things with EMBA!
Since versio...
A Detailed Analysis of The Last Version of REvil Ransomware [PDF]
https://ift.tt/aBqiN7P
Submitted December 05, 2022 at 08:30PM by CyberMasterV
via reddit https://ift.tt/YgfD59K
https://ift.tt/aBqiN7P
Submitted December 05, 2022 at 08:30PM by CyberMasterV
via reddit https://ift.tt/YgfD59K
Security Scorecard
A Detailed Analysis Of The Last Version Of R Evil Ransomware