CVE-2021-20294 POC - readelf stack overflow
https://ift.tt/BqvNVHt
Submitted January 22, 2023 at 10:14PM by NoPaleontologist7419
via reddit https://ift.tt/sQwMtuo
https://ift.tt/BqvNVHt
Submitted January 22, 2023 at 10:14PM by NoPaleontologist7419
via reddit https://ift.tt/sQwMtuo
GitHub
GitHub - tin-z/CVE-2021-20294-POC: Simple CVE-2021-20294 poc
Simple CVE-2021-20294 poc. Contribute to tin-z/CVE-2021-20294-POC development by creating an account on GitHub.
OSINT Search Engine | Cylect.io
https://cylect.io
Submitted January 23, 2023 at 11:30AM by brekfasbaksetz
via reddit https://ift.tt/ldKTjeG
https://cylect.io
Submitted January 23, 2023 at 11:30AM by brekfasbaksetz
via reddit https://ift.tt/ldKTjeG
Reddit
From the netsec community on Reddit: OSINT Search Engine | Cylect.io
Posted by [Deleted Account] - 38 votes and 2 comments
NSA CSI IPv6 Security Guidance
https://ift.tt/8bzIi5Z
Submitted January 23, 2023 at 01:42PM by sanitybit
via reddit https://ift.tt/YabNFEz
https://ift.tt/8bzIi5Z
Submitted January 23, 2023 at 01:42PM by sanitybit
via reddit https://ift.tt/YabNFEz
Streamlining incident response investigations with cloud relationship graphs
https://ift.tt/Ua8Nw1q
Submitted January 23, 2023 at 07:34PM by bobtbot
via reddit https://ift.tt/Xv5NpoI
https://ift.tt/Ua8Nw1q
Submitted January 23, 2023 at 07:34PM by bobtbot
via reddit https://ift.tt/Xv5NpoI
Steampipe
Streamlining incident response investigations with Steampipe relationship graphs | Steampipe Blog
Quickly visualize and identify attack paths an attacker could leverage. Relationship graphs provide an interactive visualization to navigate resource relationships and drill into asset details without authenticating into multiple accounts or jumping across…
A step-by-step introduction to the use of ROP gadgets to bypass DEP
https://ift.tt/tYdPFON
Submitted January 23, 2023 at 08:34PM by CyberMasterV
via reddit https://ift.tt/9jTGaYs
https://ift.tt/tYdPFON
Submitted January 23, 2023 at 08:34PM by CyberMasterV
via reddit https://ift.tt/9jTGaYs
2FA Day FTW
https://2fa.day
Submitted January 23, 2023 at 10:12PM by intosec
via reddit https://ift.tt/hG0QZdx
https://2fa.day
Submitted January 23, 2023 at 10:12PM by intosec
via reddit https://ift.tt/hG0QZdx
2FA Day
2nd of FebruAry is 2FA Day
2FA Day on 2nd of FebruAry promotes two-factor authentication to enhance online security. It raises awareness about the importance of an extra security layer.
Pwning the all Google phone with a non-Google bug | The GitHub Blog
https://ift.tt/hU3u5qy
Submitted January 24, 2023 at 02:37AM by smaury
via reddit https://ift.tt/ukeamV1
https://ift.tt/hU3u5qy
Submitted January 24, 2023 at 02:37AM by smaury
via reddit https://ift.tt/ukeamV1
The GitHub Blog
Pwning the all Google phone with a non-Google bug | The GitHub Blog
It turns out that the first “all Google” phone includes a non-Google bug. Learn about the details of CVE-2022-38181, a vulnerability in the Arm Mali GPU. Join me on my journey through reporting the vulnerability to the Android security team, and the exploit…
Mastodon server for hacking community
https://h4x0r.army
Submitted January 24, 2023 at 05:09AM by n4bb
via reddit https://ift.tt/FuUbhQr
https://h4x0r.army
Submitted January 24, 2023 at 05:09AM by n4bb
via reddit https://ift.tt/FuUbhQr
Mastodon hosted on h4x0r.army
h4x0r army
Community for hackers, pentesters, programmers, activists, philosophers, cyberpunks, artists, infosec, privacy professionals, and those genuinely curious about technology.
Reverse-engineering the conditional jump circuitry in the 8086 processor
https://ift.tt/q6D1jLB
Submitted January 24, 2023 at 11:47AM by Gallus
via reddit https://ift.tt/Qvdq6c8
https://ift.tt/q6D1jLB
Submitted January 24, 2023 at 11:47AM by Gallus
via reddit https://ift.tt/Qvdq6c8
Righto
Reverse-engineering the conditional jump circuitry in the 8086 processor
Intel introduced the 8086 microprocessor in 1978 and it had a huge influence on computing. I'm reverse-engineering the 8086 by examining t...
Bitwarden design flaw: Server side iterations
https://ift.tt/0lt6AgJ
Submitted January 24, 2023 at 11:46AM by Gallus
via reddit https://ift.tt/0SKfCtD
https://ift.tt/0lt6AgJ
Submitted January 24, 2023 at 11:46AM by Gallus
via reddit https://ift.tt/0SKfCtD
Almost Secure
Bitwarden design flaw: Server side iterations
Bitwarden is a hot candidate for a LastPass replacement. Looking into how they encrypt data, it doesn’t do things that much better however.
Tampering User Attributes In AWS Cognito User Pools
https://ift.tt/ROXlLvz
Submitted January 24, 2023 at 03:18PM by nibblesec
via reddit https://ift.tt/2gRX89M
https://ift.tt/ROXlLvz
Submitted January 24, 2023 at 03:18PM by nibblesec
via reddit https://ift.tt/2gRX89M
Doyensec
Tampering User Attributes In AWS Cognito User Pools · Doyensec's Blog
Doyensec's Blog :: Doyensec is an independent security research and development company focused on vulnerability discovery and remediation.
A website to get latest security advisories from multiple sources
https://cyberowl.org
Submitted January 24, 2023 at 05:12PM by karimhabush
via reddit https://ift.tt/0EQvsjl
https://cyberowl.org
Submitted January 24, 2023 at 05:12PM by karimhabush
via reddit https://ift.tt/0EQvsjl
cyberowl.org
Cyberowl | CyberOwl
Stay informed on the latest cyber threats - a one-stop destination for all the latest alerts and updates from multiple sources.
Gato (Github Attack TOolkit), a tool to enumerate, attack, and defend GitHub Actions self-hosted runners
https://ift.tt/gTJVbKY
Submitted January 24, 2023 at 08:46PM by exploding_nun
via reddit https://ift.tt/xubI1RC
https://ift.tt/gTJVbKY
Submitted January 24, 2023 at 08:46PM by exploding_nun
via reddit https://ift.tt/xubI1RC
GitHub
GitHub - praetorian-inc/gato: GitHub Self-Hosted Runner Enumeration and Attack Tool
GitHub Self-Hosted Runner Enumeration and Attack Tool - GitHub - praetorian-inc/gato: GitHub Self-Hosted Runner Enumeration and Attack Tool
Operator’s Guide to the Meterpreter BOFLoader
https://ift.tt/0yEMkY6
Submitted January 24, 2023 at 09:50PM by n00py
via reddit https://ift.tt/qAoSjct
https://ift.tt/0yEMkY6
Submitted January 24, 2023 at 09:50PM by n00py
via reddit https://ift.tt/qAoSjct
TrustedSec
Operator's Guide to the Meterpreter BOFLoader - TrustedSec
TrustedSec's blog is an expert source of information on information security trends and best practices for strategic risk management.
CVE-2023-0210 – Linux Kernel Unauthenticated Remote Heap Overflow Within KSMBD
https://ift.tt/sFdiL2Y
Submitted January 24, 2023 at 09:13PM by MiguelHzBz
via reddit https://ift.tt/rHSsuU9
https://ift.tt/sFdiL2Y
Submitted January 24, 2023 at 09:13PM by MiguelHzBz
via reddit https://ift.tt/rHSsuU9
Sysdig
CVE-2023-0210 – Sysdig
Recently, a vulnerability was discovered, which allowed for unauthenticated remote code execution in the kernel context.
GitHub - Free Python scanner for CVE-2022-47966
https://ift.tt/GJmQ1as
Submitted January 24, 2023 at 11:09PM by vonahisec
via reddit https://ift.tt/aBUMkhn
https://ift.tt/GJmQ1as
Submitted January 24, 2023 at 11:09PM by vonahisec
via reddit https://ift.tt/aBUMkhn
GitHub
GitHub - vonahisec/CVE-2022-47966-Scan
Contribute to vonahisec/CVE-2022-47966-Scan development by creating an account on GitHub.
Exploiting Hardcoded Keys to achieve RCE in Yellowfin BI
https://ift.tt/eX1biC5
Submitted January 25, 2023 at 10:00AM by Mempodipper
via reddit https://ift.tt/O9g0jQZ
https://ift.tt/eX1biC5
Submitted January 25, 2023 at 10:00AM by Mempodipper
via reddit https://ift.tt/O9g0jQZ
Assetnote
Exploiting Hardcoded Keys to achieve RCE in Yellowfin BI
Application security issues found by Assetnote
Active Directory: Using LDAP Queries for Stealthy Enumeration
https://ift.tt/vfOCFhT
Submitted January 25, 2023 at 02:01PM by andreashappe
via reddit https://ift.tt/UNnwcTx
https://ift.tt/vfOCFhT
Submitted January 25, 2023 at 02:01PM by andreashappe
via reddit https://ift.tt/UNnwcTx
snikt.net
Active Directory: Using LDAP Queries for Stealthy Enumeration -
Andreas Happe sometimes blogs about development, life or security.
DMARC Identifier Alignment: relax, don't do it, when you want to go to it - From subdomain takeover to phishing mails
https://ift.tt/cGhLpum
Submitted January 25, 2023 at 04:56PM by ljulolsen
via reddit https://ift.tt/D72K1wO
https://ift.tt/cGhLpum
Submitted January 25, 2023 at 04:56PM by ljulolsen
via reddit https://ift.tt/D72K1wO
Jeffrey Bencteux
DMARC Identifier Alignment: relax, don't do it, when you want to go to it
From subdomain takeover to phishing mails
TL;DR; if you have a subdomain takeover for a given domain, and default DMARC alignment settings, you can create emails that passes SPF and DMARC for phishing purposes. DKIM, however, cannot be passed for the domain…
TL;DR; if you have a subdomain takeover for a given domain, and default DMARC alignment settings, you can create emails that passes SPF and DMARC for phishing purposes. DKIM, however, cannot be passed for the domain…
PyCript is a Burp Suite extension to bypass client-side encryption that supports both manual and automated testing such as Scanners, Intruder, or SQLMAP. Custom encryption logic can be written in NodeJS to support any encryption within BurpSuite
https://ift.tt/qLV3SyC
Submitted January 25, 2023 at 10:40PM by Ano_F
via reddit https://ift.tt/GF5L1xh
https://ift.tt/qLV3SyC
Submitted January 25, 2023 at 10:40PM by Ano_F
via reddit https://ift.tt/GF5L1xh
GitHub
GitHub - Anof-cyber/PyCript: Burp Suite extension for bypassing client-side encryption using custom logic for manual and automation…
Burp Suite extension for bypassing client-side encryption using custom logic for manual and automation testing. - GitHub - Anof-cyber/PyCript: Burp Suite extension for bypassing client-side encrypt...
Whacking a phishing admin panel for fun and profit
https://ift.tt/RpX7QeP
Submitted January 26, 2023 at 10:32AM by thehunter699
via reddit https://ift.tt/Ia3shPl
https://ift.tt/RpX7QeP
Submitted January 26, 2023 at 10:32AM by thehunter699
via reddit https://ift.tt/Ia3shPl
Medium
Destroying the Scammers Portal — SBI Scam
Greetings to all readers,