CarolinaCon 2023 CFP is accepting submissions here
https://ift.tt/wH3ScdE
Submitted January 05, 2023 at 11:58AM by blkmanta
via reddit https://ift.tt/lV8GCLZ
https://ift.tt/wH3ScdE
Submitted January 05, 2023 at 11:58AM by blkmanta
via reddit https://ift.tt/lV8GCLZ
cfp.carolinacon.org
CarolinaCon 2023
Schedule, talks and talk submissions for CarolinaCon 2023
Circle CI Compromised - Attackers Accessed Tokens & Other Sensitive Information
https://ift.tt/rT2ONyc
Submitted January 05, 2023 at 02:08PM by sanitybit
via reddit https://ift.tt/7aHZOv0
https://ift.tt/rT2ONyc
Submitted January 05, 2023 at 02:08PM by sanitybit
via reddit https://ift.tt/7aHZOv0
CircleCI
CircleCI security alert: Rotate any secrets stored in CircleCI (Updated Jan 13)
Read CircleCI’s security alerts from January 2023. Last updated 1/13/2023.
“MasquerAds” — Google’s Ad-Words Massively Abused by Threat Actors, Targeting Organizations, GPUs…
https://ift.tt/5nqPZuB
Submitted January 05, 2023 at 05:34PM by SharonBlatt
via reddit https://ift.tt/QoRrkMz
https://ift.tt/5nqPZuB
Submitted January 05, 2023 at 05:34PM by SharonBlatt
via reddit https://ift.tt/QoRrkMz
Medium
“MasquerAds” — Google’s Ad-Words Massively Abused by Threat Actors, Targeting Organizations, GPUs and Crypto Wallets
By Nati Tal (Guardio Labs)
pure Python implementation of MemoryModule technique to load a dll from memory without injection or shellcode
https://ift.tt/UTAtVpG
Submitted January 05, 2023 at 04:58PM by naksyn_
via reddit https://ift.tt/PZUhRoK
https://ift.tt/UTAtVpG
Submitted January 05, 2023 at 04:58PM by naksyn_
via reddit https://ift.tt/PZUhRoK
GitHub
GitHub - naksyn/PythonMemoryModule: pure-python implementation of MemoryModule technique to load dll and unmanaged exe entirely…
pure-python implementation of MemoryModule technique to load dll and unmanaged exe entirely from memory - GitHub - naksyn/PythonMemoryModule: pure-python implementation of MemoryModule technique to...
SpyNote: Spyware with RAT capabilities targeting Financial Institutions
https://ift.tt/JK6V2s5
Submitted January 05, 2023 at 07:50PM by YioUio
via reddit https://ift.tt/i5Xe43N
https://ift.tt/JK6V2s5
Submitted January 05, 2023 at 07:50PM by YioUio
via reddit https://ift.tt/i5Xe43N
GitHub Actions Privilege Escalations - The "workflow_run" trigger
https://ift.tt/Ng52PMB
Submitted January 05, 2023 at 09:34PM by dotanoam
via reddit https://ift.tt/vD5gs2C
https://ift.tt/Ng52PMB
Submitted January 05, 2023 at 09:34PM by dotanoam
via reddit https://ift.tt/vD5gs2C
Legitsecurity
Vulnerable GitHub Actions Workflows Part 1: Privilege Escalation Inside Your CI/CD Pipeline
Learn how Legit Security discovered a vulnerable GitHub actions workflow. Get details on the vulnerability and and what you can do to mitigate it.
How to avoid DoS when using Rust’s popular Hyper package
https://ift.tt/RkIrwXg
Submitted January 05, 2023 at 09:33PM by SRMish3
via reddit https://ift.tt/Ws6MUH1
https://ift.tt/RkIrwXg
Submitted January 05, 2023 at 09:33PM by SRMish3
via reddit https://ift.tt/Ws6MUH1
JFrog
Potential DoS Vulnerability in Rust Hyper
⚡ATTENTION⚡ Devs that rely on hyper-rust: your own code should include limitations for HTTP Body size - Hyper library does not restrict by default. Find out more…
Centos Web Panel 7 Unauthenticated Remote Code Execution - CVE-2022-44877
https://ift.tt/nmXLrsC
Submitted January 05, 2023 at 11:16PM by numanturle
via reddit https://ift.tt/eY59dUV
https://ift.tt/nmXLrsC
Submitted January 05, 2023 at 11:16PM by numanturle
via reddit https://ift.tt/eY59dUV
GitHub
GitHub - numanturle/CVE-2022-44877
Contribute to numanturle/CVE-2022-44877 development by creating an account on GitHub.
Unraveling the techniques of Mac ransomware
https://ift.tt/5anlUT2
Submitted January 05, 2023 at 11:04PM by SCI_Rusher
via reddit https://ift.tt/WJLfjCT
https://ift.tt/5anlUT2
Submitted January 05, 2023 at 11:04PM by SCI_Rusher
via reddit https://ift.tt/WJLfjCT
Announcing the Ronin 2.0.0 Open Beta
https://ift.tt/3Pkcbdm
Submitted January 06, 2023 at 11:32AM by postmodern
via reddit https://ift.tt/DCVqvoX
https://ift.tt/3Pkcbdm
Submitted January 06, 2023 at 11:32AM by postmodern
via reddit https://ift.tt/DCVqvoX
Variant analysis of CVE-2022-3515 affecting libksba, which resulted in CVE-2022-47629
https://ift.tt/HzoL91x
Submitted January 06, 2023 at 12:39PM by Gallus
via reddit https://ift.tt/FwVkfh2
https://ift.tt/HzoL91x
Submitted January 06, 2023 at 12:39PM by Gallus
via reddit https://ift.tt/FwVkfh2
GitHub
publications/CVE-2022-47629.md at master · elttam/publications
Contribute to elttam/publications development by creating an account on GitHub.
Announcing the Ronin 2.0.0 Open Beta. Ronin is a free and Open Source Ruby toolkit for security research and development.
https://ift.tt/3Pkcbdm
Submitted January 06, 2023 at 12:27PM by postmodern
via reddit https://ift.tt/5sXJw2x
https://ift.tt/3Pkcbdm
Submitted January 06, 2023 at 12:27PM by postmodern
via reddit https://ift.tt/5sXJw2x
reddit
Announcing the Ronin 2.0.0 Open Beta. Ronin is a free and Open...
Posted in r/netsec by u/postmodern • 0 points and 1 comment
SoftICE-like kernel debugger for Windows 11
https://ift.tt/UWIiHsk
Submitted January 05, 2023 at 12:02AM by vplanta
via reddit https://ift.tt/Fz5c9Wm
https://ift.tt/UWIiHsk
Submitted January 05, 2023 at 12:02AM by vplanta
via reddit https://ift.tt/Fz5c9Wm
GitHub
GitHub - vitoplantamura/BugChecker: SoftICE-like kernel debugger for Windows 11
SoftICE-like kernel debugger for Windows 11. Contribute to vitoplantamura/BugChecker development by creating an account on GitHub.
The Mac Malware of 2022
https://ift.tt/sE621yq
Submitted January 06, 2023 at 07:04PM by KolideKenny
via reddit https://ift.tt/735XPku
https://ift.tt/sE621yq
Submitted January 06, 2023 at 07:04PM by KolideKenny
via reddit https://ift.tt/735XPku
objective-see.org
The Mac Malware of 2022 👾
A comprehensive analysis of the year's new malware
How the Lastpass Breach affects Lastpass SSO
https://ift.tt/3IDCOKf
Submitted January 06, 2023 at 09:46PM by csanders_
via reddit https://ift.tt/bsEaMnF
https://ift.tt/3IDCOKf
Submitted January 06, 2023 at 09:46PM by csanders_
via reddit https://ift.tt/bsEaMnF
Medium
How the Lastpass Breach affects Lastpass SSO
Every week, almost without fail, I come across one thing that confuses, entertains, or most commonly infuriates me. I’ve decided to keep a…
Fetch Diversion
https://ift.tt/8laehMU
Submitted January 06, 2023 at 09:34PM by albinowax
via reddit https://ift.tt/jcoQOyP
https://ift.tt/8laehMU
Submitted January 06, 2023 at 09:34PM by albinowax
via reddit https://ift.tt/jcoQOyP
acut3
Fetch Diversion
API calls and requests for resources can sometimes be diverted toward a different endpoint on the same host, potentially resulting in DOM XSS’s that would otherwise be impossible to trigger, or other types of client-side vulnerabilities.
Latest activity from Turla {Mandiant}
https://ift.tt/h1In7OR
Submitted January 06, 2023 at 10:41PM by EspoJ
via reddit https://ift.tt/YikbEHa
https://ift.tt/h1In7OR
Submitted January 06, 2023 at 10:41PM by EspoJ
via reddit https://ift.tt/YikbEHa
Mandiant
Turla: A Galaxy of Opportunity | Mandiant
TruffleHog Now Scans CircleCI log outputs for passwords/credentials
https://ift.tt/zyndq5R
Submitted January 07, 2023 at 12:32AM by wifihack
via reddit https://ift.tt/7aisS1t
https://ift.tt/zyndq5R
Submitted January 07, 2023 at 12:32AM by wifihack
via reddit https://ift.tt/7aisS1t
Truffle Security
TruffleHog Now Scans CircleCI Build Logs - Truffle Security
TruffleHog Open Source now scans CircleCI log outputs for passwords, API keys, and other forms of credentials
udon: A simple tool that helps to find assets/domains based on the Google Analytics ID.
https://ift.tt/tCQa4JM
Submitted January 07, 2023 at 12:26AM by BananaBounty
via reddit https://ift.tt/jBbEIYq
https://ift.tt/tCQa4JM
Submitted January 07, 2023 at 12:26AM by BananaBounty
via reddit https://ift.tt/jBbEIYq
GitHub
GitHub - dhn/udon: A simple tool that helps to find assets/domains based on the Google Analytics ID.
A simple tool that helps to find assets/domains based on the Google Analytics ID. - GitHub - dhn/udon: A simple tool that helps to find assets/domains based on the Google Analytics ID.
I scanned every package on PyPi and found 57 live AWS keys
https://ift.tt/ZkdpS7h
Submitted January 07, 2023 at 12:22AM by Most-Loss5834
via reddit https://ift.tt/SqG6eVt
https://ift.tt/ZkdpS7h
Submitted January 07, 2023 at 12:22AM by Most-Loss5834
via reddit https://ift.tt/SqG6eVt
tomforb.es
I scanned every package on PyPi and found 57 live AWS keys
After inadvertently finding that InfoSys leaked an AWS key on PyPi I wanted to know how many other live AWS keys may be present on Python package index. After scanning every release published to PyPi I found 57 valid access keys from organisations like:
Amazon…
Amazon…
I made an Open Source Browser extension to aid in Threat Investigations!
https://ift.tt/1EdYyuh
Submitted January 07, 2023 at 03:59AM by zack7601
via reddit https://ift.tt/ThD4Rde
https://ift.tt/1EdYyuh
Submitted January 07, 2023 at 03:59AM by zack7601
via reddit https://ift.tt/ThD4Rde
GitHub
GitHub - zdhenard42/SOC-Multitool: A powerful and user-friendly browser extension that streamlines investigations for security…
A powerful and user-friendly browser extension that streamlines investigations for security professionals. - GitHub - zdhenard42/SOC-Multitool: A powerful and user-friendly browser extension that s...