Cisco BroadWorks CommPilot Application Software Unauthenticated Server-Side Request Forgery (CVE-2022-20951)
https://ift.tt/OAzwT6u
Submitted December 21, 2022 at 04:40PM by smaury
via reddit https://ift.tt/L59OyzW
https://ift.tt/OAzwT6u
Submitted December 21, 2022 at 04:40PM by smaury
via reddit https://ift.tt/L59OyzW
Shielder
Shielder - Cisco BroadWorks CommPilot Application Software Unauthenticated Server-Side Request Forgery (CVE-2022-20951)
CVE-2022-20951: Cisco BroadWorks CommPilot Application exposes a servlet that allows the application to be used as an HTTP proxy server. The lack of validation of the the target URL and the lack of authentication protection allows an unauthenticated attacker…
DirtyCred Remastered: UAF to LPE (CVE-2022-2602)
https://ift.tt/YbP6cLo
Submitted December 21, 2022 at 07:45PM by Void_Sec
via reddit https://ift.tt/dtVc6i1
https://ift.tt/YbP6cLo
Submitted December 21, 2022 at 07:45PM by Void_Sec
via reddit https://ift.tt/dtVc6i1
LukeGix
DirtyCred Remastered
DirtyCred Remastered: how to turn an UAF into Privilege Escalation
A journey into IoT - Unknown Chinese alarm - Part 4 - Internal communications
https://ift.tt/ot28baN
Submitted December 21, 2022 at 08:32PM by 0xdea
via reddit https://ift.tt/mGDvXC2
https://ift.tt/ot28baN
Submitted December 21, 2022 at 08:32PM by 0xdea
via reddit https://ift.tt/mGDvXC2
hn security
A journey into IoT - Unknown Chinese alarm - Part 4 - Internal communications - hn security
Disclaimer: as many other security researchers […]
Deconstructing and Exploiting CVE-2020-6418
https://ift.tt/zvYZpHL
Submitted December 21, 2022 at 07:56PM by surrealisticpillow12
via reddit https://ift.tt/I0Ri9OG
https://ift.tt/zvYZpHL
Submitted December 21, 2022 at 07:56PM by surrealisticpillow12
via reddit https://ift.tt/I0Ri9OG
STAR Labs
Deconstructing and Exploiting CVE-2020-6418
As part of my internship at STAR Labs, I conducted n-day analysis of CVE-2020-6418. This vulnerability lies in the V8 engine of Google Chrome, namely its optimizing compiler Turbofan. Specifically, the vulnerable version is in Google Chrome’s V8 prior to…
Puckungfu: A NETGEAR WAN Command Injection
https://ift.tt/8pYDvB4
Submitted December 22, 2022 at 05:02PM by ArbitraryWrite
via reddit https://ift.tt/paMGtRe
https://ift.tt/8pYDvB4
Submitted December 22, 2022 at 05:02PM by ArbitraryWrite
via reddit https://ift.tt/paMGtRe
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
GLPI Exploitation Timeline
https://ift.tt/gNnY2aJ
Submitted December 22, 2022 at 07:15PM by chicksdigthelongrun
via reddit https://ift.tt/L7S3jqX
https://ift.tt/gNnY2aJ
Submitted December 22, 2022 at 07:15PM by chicksdigthelongrun
via reddit https://ift.tt/L7S3jqX
GLPI Exploitation Timeline - Blog - VulnCheck
Taking a look at the timeline leading up to exploitation of CVE-2022-35914 and the current state of attacks in the wild.
Cross-tenant network bypass in Azure Cognitive Search
https://ift.tt/IYmxw2V
Submitted December 22, 2022 at 08:20PM by FrankTr3nd
via reddit https://ift.tt/GLKhmgf
https://ift.tt/IYmxw2V
Submitted December 22, 2022 at 08:20PM by FrankTr3nd
via reddit https://ift.tt/GLKhmgf
Mnemonic
ACSESSED: Cross-tenant network bypass in Azure Cognitive Search
How enabling a single vulnerable feature removed the entire network and identity perimeter around internet-isolated Azure Cognitive Search instances.
[x-post from blueteamsec] I started a newsletter that aggregates Detection Engineering news and techniques. Here’s the latest Issue. Let me know what you think!
https://ift.tt/73JQdeI
Submitted December 22, 2022 at 10:44PM by dudeimawizard
via reddit https://ift.tt/n7mVWIz
https://ift.tt/73JQdeI
Submitted December 22, 2022 at 10:44PM by dudeimawizard
via reddit https://ift.tt/n7mVWIz
Detection Engineering
Detection Engineering Weekly - Issue 4
Last week's news and how-tos in the art and science of Detection Engineering
Attack of the clones - Stealthy Kubernetes persistence with eathar, tòcan and teisteanas
https://ift.tt/fHaLeou
Submitted December 23, 2022 at 01:12AM by raesene2
via reddit https://ift.tt/bBV4RvO
https://ift.tt/fHaLeou
Submitted December 23, 2022 at 01:12AM by raesene2
via reddit https://ift.tt/bBV4RvO
raesene.github.io
Attack of the clones - Stealthy Kubernetes persistence with eathar, tòcan and teisteanas
Lastpass Security Incident - December 22 update
https://ift.tt/4U5Ku1y
Submitted December 23, 2022 at 02:04AM by tkokilroy
via reddit https://ift.tt/gvWwfaU
https://ift.tt/4U5Ku1y
Submitted December 23, 2022 at 02:04AM by tkokilroy
via reddit https://ift.tt/gvWwfaU
The LastPass Blog
Notice of Recent Security Incident - The LastPass Blog
We are working diligently to understand the scope of the incident and identify what specific information has been accessed.
[Hiring] InfoSec Assurance Roles in USA and Europe
https://ift.tt/6Oxy8zY
Submitted December 23, 2022 at 04:01AM by RecruitingAdmin
via reddit https://ift.tt/402rYbd
https://ift.tt/6Oxy8zY
Submitted December 23, 2022 at 04:01AM by RecruitingAdmin
via reddit https://ift.tt/402rYbd
boards.greenhouse.io
Laika
Laika helps companies manage compliance, obtain security certifications, and build trust with enterprise customers.
Introducing the Columbus Project
https://ift.tt/X0lBYgv
Submitted December 23, 2022 at 01:08PM by g0rbe
via reddit https://ift.tt/oDn712q
https://ift.tt/X0lBYgv
Submitted December 23, 2022 at 01:08PM by g0rbe
via reddit https://ift.tt/oDn712q
Elmasy Blog
Introducing the Columbus Project
An open source append only database of known subdomains to discover, store and serve subdomains as fast as possible.
PyRDP 1.2.0 released – Can perform Net-NTLM hash capture before the certificate error on RDP
https://ift.tt/T2P9WAn
Submitted December 23, 2022 at 11:36PM by obilodeau
via reddit https://ift.tt/UimejZM
https://ift.tt/T2P9WAn
Submitted December 23, 2022 at 11:36PM by obilodeau
via reddit https://ift.tt/UimejZM
GoSecure
A New PyRDP Release: The Rudolph Desktop Protocol! - GoSecure
Isn’t there a better moment than the Holiday season to release a major update of our RDP Attack and Eavesdropping tool PyRDP? That’s right, pour yourself a little glass of eggnog, sit in a comfortable chair, put on some Christmas music and read about the…
Linux kernel module generator for Hidden firewall that follows the rules in the external YAML file.
https://ift.tt/DU1J6XY
Submitted December 24, 2022 at 11:46AM by CoolerVoid
via reddit https://ift.tt/Lhk1BFO
https://ift.tt/DU1J6XY
Submitted December 24, 2022 at 11:46AM by CoolerVoid
via reddit https://ift.tt/Lhk1BFO
Overview of Glibc Heap Exploitation Techniques (currently up to v2.34)
https://ift.tt/dnPVLZc
Submitted December 25, 2022 at 10:17AM by himeko98
via reddit https://ift.tt/YqBW6Sz
https://ift.tt/dnPVLZc
Submitted December 25, 2022 at 10:17AM by himeko98
via reddit https://ift.tt/YqBW6Sz
Low-level adventures
Overview of GLIBC heap exploitation techniques
Overview of current GLIBC heap exploitation techniques up to GLIBC 2.34, including their ideas and introduced mitigations along the way
Pass-the-Challenge: Defeating Windows Defender Credential Guard
https://ift.tt/uvYgfJw
Submitted December 27, 2022 at 02:16AM by ly4k_
via reddit https://ift.tt/A3MntOD
https://ift.tt/uvYgfJw
Submitted December 27, 2022 at 02:16AM by ly4k_
via reddit https://ift.tt/A3MntOD
Medium
Pass-the-Challenge: Defeating Windows Defender Credential Guard
In this blog post, we present new techniques for recovering the NTLM hash from an encrypted credential protected by Windows Defender…
Netcomm NF20MESH Cloud Mesh router - Unauthenticated Remote Code Execution
https://ift.tt/cgkmQ5R
Submitted December 27, 2022 at 11:47AM by Gallus
via reddit https://ift.tt/QgnITcd
https://ift.tt/cgkmQ5R
Submitted December 27, 2022 at 11:47AM by Gallus
via reddit https://ift.tt/QgnITcd
GitHub
advisories/2022_netcomm_nf20mesh_unauth_rce.md at main · scarvell/advisories
Contribute to scarvell/advisories development by creating an account on GitHub.
Scaling Continuous Security Testing on the Cheap
https://ift.tt/GkPhWUB
Submitted December 27, 2022 at 10:13PM by DH_Prelude
via reddit https://ift.tt/uNOvC6d
https://ift.tt/GkPhWUB
Submitted December 27, 2022 at 10:13PM by DH_Prelude
via reddit https://ift.tt/uNOvC6d
Preludesecurity
A Practical Guide for Scaling Continuous Security Testing | Prelude
An abbreviated guide to scaling automated security testing using tooling from the Prelude ecosystem.
Spice up your persistence: loading PHP extensions from memory
https://ift.tt/EoF3gDj
Submitted December 28, 2022 at 03:25AM by gid0rah
via reddit https://ift.tt/gA8Zb91
https://ift.tt/EoF3gDj
Submitted December 28, 2022 at 03:25AM by gid0rah
via reddit https://ift.tt/gA8Zb91
Spice up your persistence: loading PHP extensions from memory |
Spice up your persistence: loading PHP extensions from memory | AdeptsOf0xCC
Load shared object (PHP extension) from memory
New AMSI Bypass Using CLR Hooking
https://ift.tt/FyPlmOA
Submitted December 28, 2022 at 04:44AM by pracsec
via reddit https://ift.tt/pcHKbWq
https://ift.tt/FyPlmOA
Submitted December 28, 2022 at 04:44AM by pracsec
via reddit https://ift.tt/pcHKbWq
Practical Security Analytics LLC
New AMSI Bypass Using CLR Hooking
Introduction In this article, I will present a new technique to bypass Microsoft’s Anti-Malware Scan Interface (AMSI) using API Call Hooking of CLR methods. When executed on a Windows system,…
Certificate Ripper v2 released - tool to extract server certificates
https://ift.tt/1Yr83Px
Submitted December 28, 2022 at 06:24AM by Hakky54
via reddit https://ift.tt/S8YAlmQ
https://ift.tt/1Yr83Px
Submitted December 28, 2022 at 06:24AM by Hakky54
via reddit https://ift.tt/S8YAlmQ
GitHub
GitHub - Hakky54/certificate-ripper: 🔐 A CLI tool to extract server certificates
🔐 A CLI tool to extract server certificates. Contribute to Hakky54/certificate-ripper development by creating an account on GitHub.