How to completely own an airline in 3 easy steps
https://ift.tt/DsZiIY6
Submitted January 20, 2023 at 07:48AM by _vavkamil_
via reddit https://ift.tt/CoDSNga
https://ift.tt/DsZiIY6
Submitted January 20, 2023 at 07:48AM by _vavkamil_
via reddit https://ift.tt/CoDSNga
maia :3
how to completely own an airline in 3 easy steps
and grab the TSA nofly list along the way
Building a io_uring based network scanner in Rust
https://ift.tt/wxBmGOU
Submitted January 20, 2023 at 05:08PM by Gallus
via reddit https://ift.tt/zNESQx7
https://ift.tt/wxBmGOU
Submitted January 20, 2023 at 05:08PM by Gallus
via reddit https://ift.tt/zNESQx7
Synacktiv
Building a io_uring based network scanner in Rust
Abusing Adopted Authority on IBM i
https://ift.tt/Cw3IhmT
Submitted January 20, 2023 at 07:03PM by buherator
via reddit https://ift.tt/Bb1S3hP
https://ift.tt/Cw3IhmT
Submitted January 20, 2023 at 07:03PM by buherator
via reddit https://ift.tt/Bb1S3hP
Silent Signal Techblog
Abusing Adopted Authority on IBM i
Because we can!
Vijilan - Managed service Providers (msp)
https://ift.tt/UekdrDm
Submitted January 21, 2023 at 01:49AM by High_Sleep3694
via reddit https://ift.tt/LhX04gI
https://ift.tt/UekdrDm
Submitted January 21, 2023 at 01:49AM by High_Sleep3694
via reddit https://ift.tt/LhX04gI
CVE-2022-25637 - Multiple TOCTOU vulns in peripheral devices (Razer, EVGA, MSI, AMI)
https://ift.tt/1pkVzIm
Submitted January 21, 2023 at 01:17AM by jat0369
via reddit https://ift.tt/5FAweZ3
https://ift.tt/1pkVzIm
Submitted January 21, 2023 at 01:17AM by jat0369
via reddit https://ift.tt/5FAweZ3
Cyberark
Inglourious Drivers – A Journey of Finding Vulnerabilities in Drivers
TL;DR I discovered multiple bugs in OEM vendors for peripheral devices, which affected many users of these OEM vendors (Razer, EVGA, MSI, AMI). Many of the vulnerabilities originated in a...
The SSL Certificate Issuer Field is a Lie
https://ift.tt/D1rc5lE
Submitted January 21, 2023 at 05:03AM by self
via reddit https://ift.tt/r75RsEW
https://ift.tt/D1rc5lE
Submitted January 21, 2023 at 05:03AM by self
via reddit https://ift.tt/r75RsEW
www.agwa.name
The SSL Certificate Issuer Field is a Lie
Why certificates issued by "Cloudflare" and "Baltimore" are really issued by DigiCert
libgit2 fails to verify SSH keys by default
https://ift.tt/LWFxzGD
Submitted January 21, 2023 at 06:38AM by bascule
via reddit https://ift.tt/4CILrWk
https://ift.tt/LWFxzGD
Submitted January 21, 2023 at 06:38AM by bascule
via reddit https://ift.tt/4CILrWk
GitHub
libgit2 fails to verify SSH keys by default
libgit2, when compiled using the optional, included [libssh2](https://www.libssh2.org) backend, fails to verify SSH keys by default.
## Denoscription
When using an SSH remote with the optional,...
## Denoscription
When using an SSH remote with the optional,...
U-Boot – Unchecked Download Size and Direction in USB DFU (CVE-2022-2347)
https://ift.tt/XqyNErx
Submitted January 21, 2023 at 10:35AM by Gallus
via reddit https://ift.tt/wnxofi3
https://ift.tt/XqyNErx
Submitted January 21, 2023 at 10:35AM by Gallus
via reddit https://ift.tt/wnxofi3
NCC Group Research Blog
Technical Advisory – U-Boot – Unchecked Download Size and Direction in USB DFU (CVE-2022-2347)
Vendor: DENX Software Engineering Vendor URL: Versions affected: v2012.10-rc1 to v2023.01-rc1 Systems Affected: All systems with CONFIG_DFU_OVER_USB or CONFIG_SPL_DFU enabled Author: <Sultan Qas…
Somnium: Script to test netsec detection capabilities.
https://ift.tt/78GsYK4
Submitted January 21, 2023 at 11:57AM by Th4ray
via reddit https://ift.tt/zWSYNFi
https://ift.tt/78GsYK4
Submitted January 21, 2023 at 11:57AM by Th4ray
via reddit https://ift.tt/zWSYNFi
GitHub
GitHub - asluppiter/Somnium: Script to test NetSec capabilities.
Script to test NetSec capabilities. Contribute to asluppiter/Somnium development by creating an account on GitHub.
Researchers release PoC for iTLB-multihit bug affecting Intel cpus (crashes host from guest in most hypervisors).
https://ift.tt/ALHzVxB
Submitted January 21, 2023 at 11:36PM by Ch0pdr0p
via reddit https://ift.tt/VvgspW3
https://ift.tt/ALHzVxB
Submitted January 21, 2023 at 11:36PM by Ch0pdr0p
via reddit https://ift.tt/VvgspW3
GitHub
GitHub - ergot86/itlb_poc: iTLB multihit PoC
iTLB multihit PoC. Contribute to ergot86/itlb_poc development by creating an account on GitHub.
Using a service with markdown capabilities? Good chance it's vulnerable and attackers can easily take it down
https://ift.tt/Gscn2OB
Submitted January 22, 2023 at 01:45PM by roy_6472
via reddit https://ift.tt/uqhl8FO
https://ift.tt/Gscn2OB
Submitted January 22, 2023 at 01:45PM by roy_6472
via reddit https://ift.tt/uqhl8FO
Legitsecurity
The MarkdownTime Vulnerability: How to Avoid This DoS Attack on Business Critical Services
We explore a vulnerability we found in a popular implementation of the markdown engine and the potential Denial-of-Service (DoS) attack that it could cause on projects rendering markdown.
Git repository of Linux forensic/monitoring noscripts (small side project for implementing ideas and testing stuff I read somewhere)
https://ift.tt/bUvIxPY
Submitted January 22, 2023 at 05:25PM by sqall01
via reddit https://ift.tt/5uAQRjx
https://ift.tt/bUvIxPY
Submitted January 22, 2023 at 05:25PM by sqall01
via reddit https://ift.tt/5uAQRjx
GitHub
GitHub - sqall01/LSMS: Linux Security and Monitoring Scripts
Linux Security and Monitoring Scripts. Contribute to sqall01/LSMS development by creating an account on GitHub.
Studying Conformance of MANRS Members (routing security)
https://ift.tt/D7bMCPI
Submitted January 22, 2023 at 07:34PM by danyork
via reddit https://ift.tt/MZejxE5
https://ift.tt/D7bMCPI
Submitted January 22, 2023 at 07:34PM by danyork
via reddit https://ift.tt/MZejxE5
(In)Security of the "Pass" password manager
https://ift.tt/h9T27pm
Submitted January 22, 2023 at 09:48PM by Gallus
via reddit https://ift.tt/AzftlXw
https://ift.tt/h9T27pm
Submitted January 22, 2023 at 09:48PM by Gallus
via reddit https://ift.tt/AzftlXw
rot256.dev
(In)Security of the "Pass" password manager
What is Pass? What is “Pass; the standard unix password manager”?
Password management should be simple and follow Unix philosophy. With pass, each password lives inside of a gpg encrypted file whose filename is the noscript of the website or resource that requires…
Password management should be simple and follow Unix philosophy. With pass, each password lives inside of a gpg encrypted file whose filename is the noscript of the website or resource that requires…
CVE-2020-36109 POC - ASUS routers stack overflow
https://ift.tt/lJQWuO2
Submitted January 22, 2023 at 10:29PM by NoPaleontologist7419
via reddit https://ift.tt/OPB5Xcm
https://ift.tt/lJQWuO2
Submitted January 22, 2023 at 10:29PM by NoPaleontologist7419
via reddit https://ift.tt/OPB5Xcm
GitHub
GitHub - sunn1day/CVE-2020-36109-POC: CVE-2020-36109 PoC causing DoS
CVE-2020-36109 PoC causing DoS. Contribute to sunn1day/CVE-2020-36109-POC development by creating an account on GitHub.
CVE-2021-20294 POC - readelf stack overflow
https://ift.tt/BqvNVHt
Submitted January 22, 2023 at 10:14PM by NoPaleontologist7419
via reddit https://ift.tt/sQwMtuo
https://ift.tt/BqvNVHt
Submitted January 22, 2023 at 10:14PM by NoPaleontologist7419
via reddit https://ift.tt/sQwMtuo
GitHub
GitHub - tin-z/CVE-2021-20294-POC: Simple CVE-2021-20294 poc
Simple CVE-2021-20294 poc. Contribute to tin-z/CVE-2021-20294-POC development by creating an account on GitHub.
OSINT Search Engine | Cylect.io
https://cylect.io
Submitted January 23, 2023 at 11:30AM by brekfasbaksetz
via reddit https://ift.tt/ldKTjeG
https://cylect.io
Submitted January 23, 2023 at 11:30AM by brekfasbaksetz
via reddit https://ift.tt/ldKTjeG
Reddit
From the netsec community on Reddit: OSINT Search Engine | Cylect.io
Posted by [Deleted Account] - 38 votes and 2 comments
NSA CSI IPv6 Security Guidance
https://ift.tt/8bzIi5Z
Submitted January 23, 2023 at 01:42PM by sanitybit
via reddit https://ift.tt/YabNFEz
https://ift.tt/8bzIi5Z
Submitted January 23, 2023 at 01:42PM by sanitybit
via reddit https://ift.tt/YabNFEz
Streamlining incident response investigations with cloud relationship graphs
https://ift.tt/Ua8Nw1q
Submitted January 23, 2023 at 07:34PM by bobtbot
via reddit https://ift.tt/Xv5NpoI
https://ift.tt/Ua8Nw1q
Submitted January 23, 2023 at 07:34PM by bobtbot
via reddit https://ift.tt/Xv5NpoI
Steampipe
Streamlining incident response investigations with Steampipe relationship graphs | Steampipe Blog
Quickly visualize and identify attack paths an attacker could leverage. Relationship graphs provide an interactive visualization to navigate resource relationships and drill into asset details without authenticating into multiple accounts or jumping across…
A step-by-step introduction to the use of ROP gadgets to bypass DEP
https://ift.tt/tYdPFON
Submitted January 23, 2023 at 08:34PM by CyberMasterV
via reddit https://ift.tt/9jTGaYs
https://ift.tt/tYdPFON
Submitted January 23, 2023 at 08:34PM by CyberMasterV
via reddit https://ift.tt/9jTGaYs
2FA Day FTW
https://2fa.day
Submitted January 23, 2023 at 10:12PM by intosec
via reddit https://ift.tt/hG0QZdx
https://2fa.day
Submitted January 23, 2023 at 10:12PM by intosec
via reddit https://ift.tt/hG0QZdx
2FA Day
2nd of FebruAry is 2FA Day
2FA Day on 2nd of FebruAry promotes two-factor authentication to enhance online security. It raises awareness about the importance of an extra security layer.