Unit 42 researchers show new methods to improve detection of a next-gen line of Kerberos attacks, which allow attackers to modify Kerberos tickets to maintain privileged access.

TL;DR The open-source GitHub App https://github.com/PerimeterX/gitapp_alert_on_public

Pass the eWPT Exam by eLearnSecurity in 2023 using only free resources, on your first attempt. Use the same resources I used to be successful.

Seth Jenkins, Project Zero This blog post details an exploit for CVE-2022-42703 (P0 issue 2351 - Fixed 5 September 2022), a bug Jann Horn ...

Doyensec's Blog :: Doyensec is an independent security research and development company focused on vulnerability discovery and remediation.

Learn about security updates for versions 12.1 (including FIPS and NDcPP) and 13.0 before 13.0-58.32 of Citrix ADC and Citrix Gateway and get fixes for both (security bulletin CTX474995).

Explore cybersecurity white papers, data sheets, webinars, videos, informative blogs, and more with SecurityScorecard.

Let's go over a critical AWS Elastic Container Registry Public (ECR Public) vulnerability that allowed external actors to delete, update, and create ECR Public images, layers, and tags in registries and repositories that belong to other AWS Accounts, by abusing…

73 votes and 4 comments so far on Reddit

apk.sh makes reverse engineering Android apps easier, automating some repetitive tasks like pulling, decoding, rebuilding and patching an APK. - GitHub - ax/apk.sh: apk.sh makes reverse engineering...

so i had to crack my way into public information, controversial topics and statistics on chatgpt. if you haven't noticed, there's a woke filter. while chatgpt claims to be programmatically incapable of political correctness, that is not the case at all. but…

Vulnerabilities found on Arcadyan Routers - Asher Davila L. - Arcadyan Vulnerabilities.md

A python noscript to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods. - GitHub - p0dalirius/Coercer: A python noscript to automatically coerce a Windows...

June 2023 Update — Hardwear.io Conference Talk:

Aqua discusses how Tracee monitors for the Dirty Pipe vulnerability and how in-kernel technology like eBPF monitors writes that result from it

Mitigate the risk of isolation escape with a new framework for modeling and improving tenant isolation in cloud SaaS and PaaS.

A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.html#dirty-vanity-a-new-approach-to-code-injection--edr-bypass...

Tl;dr : This article is analysis of over 50 submissions for a JavaScript integer overflow challenge. Many submissions did not address the root cause. A range check on the input as well as arithmetic output using a right data type can eliminate the vulnerability.…

Talks/WorkshopsThe BSidesSF 2023 CFP is now closed. Check back for updated deadlines for accepted presenters. January 24, 2023 – Notifications on talk/workshop acceptance/rejection start bei...

First time anti-debug techniques are discovered in PyPI malware. Read how these techniques are implemented, including analysis and tips from JFrog Security Research.