Keeping the wolves out of wolfSSL (Protocol Fuzzing)
https://ift.tt/h7HCIGK
Submitted January 13, 2023 at 01:33AM by maxammann
via reddit https://ift.tt/O9USPh7
https://ift.tt/h7HCIGK
Submitted January 13, 2023 at 01:33AM by maxammann
via reddit https://ift.tt/O9USPh7
Trail of Bits Blog
Keeping the wolves out of wolfSSL
By Max Ammann Trail of Bits is publicly disclosing four vulnerabilities that affect wolfSSL: CVE-2022-38152, CVE-2022-38153, CVE-2022-39173, and CVE-2022-42905. The four issues, which have CVSS sco…
List of git commits before and after a security audit
https://ift.tt/MG3AVgk
Submitted January 13, 2023 at 02:29AM by kruksym
via reddit https://ift.tt/d58VE4O
https://ift.tt/MG3AVgk
Submitted January 13, 2023 at 02:29AM by kruksym
via reddit https://ift.tt/d58VE4O
GraphQL exploitation – All you need to know – Cybervelia
https://ift.tt/lILWoxS
Submitted January 13, 2023 at 02:28AM by Necessary-Reality-80
via reddit https://ift.tt/SLsfWgA
https://ift.tt/lILWoxS
Submitted January 13, 2023 at 02:28AM by Necessary-Reality-80
via reddit https://ift.tt/SLsfWgA
Cybervelia
GraphQL exploitation – The ultimate guide
So you are a tester and you would like to know more about GraphQL Testing.
Bad things come in large packages: .pkg signature verification bypass on macOS
https://ift.tt/m7BK9nM
Submitted January 13, 2023 at 03:39PM by xnyhps
via reddit https://ift.tt/EsJ1GlY
https://ift.tt/m7BK9nM
Submitted January 13, 2023 at 03:39PM by xnyhps
via reddit https://ift.tt/EsJ1GlY
sector7.computest.nl
Bad things come in large packages: .pkg signature verification bypass on macOS
Code signing of applications is an essential element of macOS security. Besides signing applications, it is also possible to sign installer packages (.pkg files). During a short review of the xar source code, we found a vulnerability (CVE-2022-42841) that…
Crassus: Windows privilege escalation discovery tool
https://ift.tt/5BpuRQl
Submitted January 13, 2023 at 07:51PM by Fugitif
via reddit https://ift.tt/el0hwB4
https://ift.tt/5BpuRQl
Submitted January 13, 2023 at 07:51PM by Fugitif
via reddit https://ift.tt/el0hwB4
GitHub
GitHub - vu-ls/Crassus
Contribute to vu-ls/Crassus development by creating an account on GitHub.
Clear communication is crucial: why writing effective vulnerability reports matters
https://ift.tt/MQqmK3Y
Submitted January 13, 2023 at 07:44PM by glum-platimium
via reddit https://ift.tt/Bos83bv
https://ift.tt/MQqmK3Y
Submitted January 13, 2023 at 07:44PM by glum-platimium
via reddit https://ift.tt/Bos83bv
How to use Open Source CloudQuery for Attack Surface Management and Graph Visualization for Cloud and AWS | CloudQuery
https://ift.tt/tbJuToS
Submitted January 13, 2023 at 07:31PM by jsonpile
via reddit https://ift.tt/k1FauPV
https://ift.tt/tbJuToS
Submitted January 13, 2023 at 07:31PM by jsonpile
via reddit https://ift.tt/k1FauPV
www.cloudquery.io
CloudQuery Blog | How to Build an Open Source ASM for Attack Surface Management with CloudQuery and Neo4j
How to Build an Open Source ASM for Attack Surface Management with CloudQuery and Neo4j, including pre-built queries and views.
🚀 Announcing Matano + Suricata: Build your own Security Data Lake on AWS using Suricata Logs
https://ift.tt/8ZDrzJt
Submitted January 13, 2023 at 08:49PM by shaeqahmed
via reddit https://ift.tt/ybB5hn6
https://ift.tt/8ZDrzJt
Submitted January 13, 2023 at 08:49PM by shaeqahmed
via reddit https://ift.tt/ybB5hn6
www.matano.dev
Adding Suricata Support to Matano | Matano
We're excited to announce that Matano now supports managed log sources from Suricata. This means that you can easily ingest and analyze your network activity logs and alerts from Suricata into your Matano security lake without having to define any schemas…
Announcing a stable release of sigstore-python
https://ift.tt/ui0Zl3Y
Submitted January 13, 2023 at 08:39PM by yossarian_flew_away
via reddit https://ift.tt/nfWsHe5
https://ift.tt/ui0Zl3Y
Submitted January 13, 2023 at 08:39PM by yossarian_flew_away
via reddit https://ift.tt/nfWsHe5
Trail of Bits Blog
Announcing a stable release of sigstore-python
By William Woodruff Read the official announcement on the Sigstore blog as well! Trail of Bits is thrilled to announce the first stable release of sigstore-python, a client implementation of Sigsto…
A Public Git repository & misconfiguration detection tool
https://ift.tt/LKyZWNk
Submitted January 14, 2023 at 01:31AM by nicksthehacker_
via reddit https://ift.tt/16hbVEN
https://ift.tt/LKyZWNk
Submitted January 14, 2023 at 01:31AM by nicksthehacker_
via reddit https://ift.tt/16hbVEN
GitHub
GitHub - boringtools/git-alerts: A Public Git repository & misconfiguration detection tool
A Public Git repository & misconfiguration detection tool - GitHub - boringtools/git-alerts: A Public Git repository & misconfiguration detection tool
Load testing private endpoints
https://ift.tt/QnT9HYL
Submitted January 14, 2023 at 02:51AM by krstCB
via reddit https://ift.tt/qAUkBEV
https://ift.tt/QnT9HYL
Submitted January 14, 2023 at 02:51AM by krstCB
via reddit https://ift.tt/qAUkBEV
Getanteon
Testing the Performance of User Authentication Flow
Explore how to thoroughly test the performance of user authentication flows
CircleCI incident report for January 4, 2023 security incident
https://ift.tt/iH8gqXe
Submitted January 14, 2023 at 03:56AM by baty0man_
via reddit https://ift.tt/Fzt9qdG
https://ift.tt/iH8gqXe
Submitted January 14, 2023 at 03:56AM by baty0man_
via reddit https://ift.tt/Fzt9qdG
CircleCI
CircleCI incident report for January 4, 2023 security incident
Read the complete incident report from CircleCI’s January 4, 2023 security alert.
santa-linux: a proof of concept binary authorization system for linux, based on Google's Santa
https://ift.tt/GUPxHnd
Submitted January 14, 2023 at 10:19PM by ahigherporpoise
via reddit https://ift.tt/bTnECXy
https://ift.tt/GUPxHnd
Submitted January 14, 2023 at 10:19PM by ahigherporpoise
via reddit https://ift.tt/bTnECXy
GitHub
GitHub - mellow-hype/santa-linux: A proof-of-concept Linux clone of Santa, Google's binary authorization system for macOS
A proof-of-concept Linux clone of Santa, Google's binary authorization system for macOS - GitHub - mellow-hype/santa-linux: A proof-of-concept Linux clone of Santa, Google's binary ...
Impact of the CircleCI Security Incident on the Datadog Agent
https://ift.tt/e87yTsx
Submitted January 14, 2023 at 11:59PM by dlorenc
via reddit https://ift.tt/9wTuo6P
https://ift.tt/e87yTsx
Submitted January 14, 2023 at 11:59PM by dlorenc
via reddit https://ift.tt/9wTuo6P
Datadog Infrastructure and Application Monitoring
Impact of the CircleCI Security Incident on the Datadog Agent
Datadog, the leading service for cloud-scale monitoring.
Analysis of FG-IR-22-398 – FortiOS - heap-based buffer overflow in SSLVPNd
https://ift.tt/w3lyFhr
Submitted January 15, 2023 at 02:48AM by Gallus
via reddit https://ift.tt/JoLeQYW
https://ift.tt/w3lyFhr
Submitted January 15, 2023 at 02:48AM by Gallus
via reddit https://ift.tt/JoLeQYW
Fortinet Blog
Analysis of FG-IR-22-398 – FortiOS - heap-based buffer overflow in SSLVPNd | Fortinet Blog
Fortinet published CVSS: Critical advisory FG-IR-22-398 / CVE-2022-42475 on Dec 12, 2022. This blog details our initial investigation into this malware and additional IoCs identified during our on…
Is it possible to hack iCloud info for missing person (last known location of phone)
https://ift.tt/8n2Wqhw
Submitted January 15, 2023 at 06:09AM by beeksoner
via reddit https://ift.tt/spVYbZJ
https://ift.tt/8n2Wqhw
Submitted January 15, 2023 at 06:09AM by beeksoner
via reddit https://ift.tt/spVYbZJ
DLL Hijacking outside DllMain, using Spartacus
https://ift.tt/LI3smYB
Submitted January 15, 2023 at 01:47PM by h0wlett
via reddit https://ift.tt/foEjrVk
https://ift.tt/LI3smYB
Submitted January 15, 2023 at 01:47PM by h0wlett
via reddit https://ift.tt/foEjrVk
Pavel Tsakalidis - Personal Blog
DLL Hijacking using Spartacus, outside of DllMain
Exploiting DLL Hijacking vulnerabilities and running payloads outside DllMain
what do you think about that ?🧑💻🧠
https://ift.tt/8y3GwZk
Submitted January 16, 2023 at 04:11AM by devnatech
via reddit https://ift.tt/QYZRpmn
https://ift.tt/8y3GwZk
Submitted January 16, 2023 at 04:11AM by devnatech
via reddit https://ift.tt/QYZRpmn
Medium
How to start Penetration testing of Artificial Intelligence
Pentesting needs to evolve to find AI based risks
[CVE-2023-0179] Linux kernel stack buffer overflow in nftables: PoC and writeup
https://ift.tt/ubA5eaj
Submitted January 16, 2023 at 01:55PM by qwerty0x41
via reddit https://ift.tt/CqGl5do
https://ift.tt/ubA5eaj
Submitted January 16, 2023 at 01:55PM by qwerty0x41
via reddit https://ift.tt/CqGl5do
seclists.org
oss-sec: CVE-2023-0179: Linux kernel stack buffer overflow in nftables: PoC and writeup
Unauthenticated Configuration Export in Multiple WAGO Products
https://ift.tt/g93t0LU
Submitted January 16, 2023 at 04:22PM by g_e_r_h_a_r_d
via reddit https://ift.tt/Nd4y3hr
https://ift.tt/g93t0LU
Submitted January 16, 2023 at 04:22PM by g_e_r_h_a_r_d
via reddit https://ift.tt/Nd4y3hr
ONEKEY
🚨 WAGO Alert: Unauthorized Configuration Exports Discovered 🔒
Learn How to Keep Your Industrial Controllers Safe 👉
rsbkb: a Rust CLI tool to easily chain operations (CyberChef-like) through pipes. Other utils as a bonus.
https://ift.tt/kSqKrsj
Submitted January 17, 2023 at 03:28AM by alain_proviste
via reddit https://ift.tt/8dterzS
https://ift.tt/kSqKrsj
Submitted January 17, 2023 at 03:28AM by alain_proviste
via reddit https://ift.tt/8dterzS
GitHub
GitHub - trou/rsbkb: CLI tools to encode/decode things
CLI tools to encode/decode things. Contribute to trou/rsbkb development by creating an account on GitHub.