Gato (Github Attack TOolkit), a tool to enumerate, attack, and defend GitHub Actions self-hosted runners
https://ift.tt/gTJVbKY
Submitted January 24, 2023 at 08:46PM by exploding_nun
via reddit https://ift.tt/xubI1RC
https://ift.tt/gTJVbKY
Submitted January 24, 2023 at 08:46PM by exploding_nun
via reddit https://ift.tt/xubI1RC
GitHub
GitHub - praetorian-inc/gato: GitHub Self-Hosted Runner Enumeration and Attack Tool
GitHub Self-Hosted Runner Enumeration and Attack Tool - GitHub - praetorian-inc/gato: GitHub Self-Hosted Runner Enumeration and Attack Tool
Operator’s Guide to the Meterpreter BOFLoader
https://ift.tt/0yEMkY6
Submitted January 24, 2023 at 09:50PM by n00py
via reddit https://ift.tt/qAoSjct
https://ift.tt/0yEMkY6
Submitted January 24, 2023 at 09:50PM by n00py
via reddit https://ift.tt/qAoSjct
TrustedSec
Operator's Guide to the Meterpreter BOFLoader - TrustedSec
TrustedSec's blog is an expert source of information on information security trends and best practices for strategic risk management.
CVE-2023-0210 – Linux Kernel Unauthenticated Remote Heap Overflow Within KSMBD
https://ift.tt/sFdiL2Y
Submitted January 24, 2023 at 09:13PM by MiguelHzBz
via reddit https://ift.tt/rHSsuU9
https://ift.tt/sFdiL2Y
Submitted January 24, 2023 at 09:13PM by MiguelHzBz
via reddit https://ift.tt/rHSsuU9
Sysdig
CVE-2023-0210 – Sysdig
Recently, a vulnerability was discovered, which allowed for unauthenticated remote code execution in the kernel context.
GitHub - Free Python scanner for CVE-2022-47966
https://ift.tt/GJmQ1as
Submitted January 24, 2023 at 11:09PM by vonahisec
via reddit https://ift.tt/aBUMkhn
https://ift.tt/GJmQ1as
Submitted January 24, 2023 at 11:09PM by vonahisec
via reddit https://ift.tt/aBUMkhn
GitHub
GitHub - vonahisec/CVE-2022-47966-Scan
Contribute to vonahisec/CVE-2022-47966-Scan development by creating an account on GitHub.
Exploiting Hardcoded Keys to achieve RCE in Yellowfin BI
https://ift.tt/eX1biC5
Submitted January 25, 2023 at 10:00AM by Mempodipper
via reddit https://ift.tt/O9g0jQZ
https://ift.tt/eX1biC5
Submitted January 25, 2023 at 10:00AM by Mempodipper
via reddit https://ift.tt/O9g0jQZ
Assetnote
Exploiting Hardcoded Keys to achieve RCE in Yellowfin BI
Application security issues found by Assetnote
Active Directory: Using LDAP Queries for Stealthy Enumeration
https://ift.tt/vfOCFhT
Submitted January 25, 2023 at 02:01PM by andreashappe
via reddit https://ift.tt/UNnwcTx
https://ift.tt/vfOCFhT
Submitted January 25, 2023 at 02:01PM by andreashappe
via reddit https://ift.tt/UNnwcTx
snikt.net
Active Directory: Using LDAP Queries for Stealthy Enumeration -
Andreas Happe sometimes blogs about development, life or security.
DMARC Identifier Alignment: relax, don't do it, when you want to go to it - From subdomain takeover to phishing mails
https://ift.tt/cGhLpum
Submitted January 25, 2023 at 04:56PM by ljulolsen
via reddit https://ift.tt/D72K1wO
https://ift.tt/cGhLpum
Submitted January 25, 2023 at 04:56PM by ljulolsen
via reddit https://ift.tt/D72K1wO
Jeffrey Bencteux
DMARC Identifier Alignment: relax, don't do it, when you want to go to it
From subdomain takeover to phishing mails
TL;DR; if you have a subdomain takeover for a given domain, and default DMARC alignment settings, you can create emails that passes SPF and DMARC for phishing purposes. DKIM, however, cannot be passed for the domain…
TL;DR; if you have a subdomain takeover for a given domain, and default DMARC alignment settings, you can create emails that passes SPF and DMARC for phishing purposes. DKIM, however, cannot be passed for the domain…
PyCript is a Burp Suite extension to bypass client-side encryption that supports both manual and automated testing such as Scanners, Intruder, or SQLMAP. Custom encryption logic can be written in NodeJS to support any encryption within BurpSuite
https://ift.tt/qLV3SyC
Submitted January 25, 2023 at 10:40PM by Ano_F
via reddit https://ift.tt/GF5L1xh
https://ift.tt/qLV3SyC
Submitted January 25, 2023 at 10:40PM by Ano_F
via reddit https://ift.tt/GF5L1xh
GitHub
GitHub - Anof-cyber/PyCript: Burp Suite extension for bypassing client-side encryption using custom logic for manual and automation…
Burp Suite extension for bypassing client-side encryption using custom logic for manual and automation testing. - GitHub - Anof-cyber/PyCript: Burp Suite extension for bypassing client-side encrypt...
Whacking a phishing admin panel for fun and profit
https://ift.tt/RpX7QeP
Submitted January 26, 2023 at 10:32AM by thehunter699
via reddit https://ift.tt/Ia3shPl
https://ift.tt/RpX7QeP
Submitted January 26, 2023 at 10:32AM by thehunter699
via reddit https://ift.tt/Ia3shPl
Medium
Destroying the Scammers Portal — SBI Scam
Greetings to all readers,
Digital False Flag Operations: A How-To Guide. Pinning your malicious digital operations to the opposition
https://ift.tt/elin5VJ
Submitted January 26, 2023 at 02:48PM by Robbedoes_
via reddit https://ift.tt/JTpI2lz
https://ift.tt/elin5VJ
Submitted January 26, 2023 at 02:48PM by Robbedoes_
via reddit https://ift.tt/JTpI2lz
Medium
Digital False Flag Operations: A How-To Guide
Pinning your malicious cyber operations to the opposition
Help! is this a false positive? this file was flagged by defender, it is from a mod downloaded from moddb
https://ift.tt/q42frwd
Submitted January 26, 2023 at 06:29PM by UncannyBishop
via reddit https://ift.tt/LyGbfiN
https://ift.tt/q42frwd
Submitted January 26, 2023 at 06:29PM by UncannyBishop
via reddit https://ift.tt/LyGbfiN
Ransacking your password reset tokens
https://ift.tt/QJFvrU4
Submitted January 26, 2023 at 06:26PM by mckirk_
via reddit https://ift.tt/FChn13t
https://ift.tt/QJFvrU4
Submitted January 26, 2023 at 06:26PM by mckirk_
via reddit https://ift.tt/FChn13t
positive.security
Ransacking your password reset tokens | Positive Security
We demonstrate how the popular "Ransack" library (Ruby on Rails) can be abused to exfiltrate sensitive data via character by character brute-force, allowing for a full application compromise in some cases. An internet wide search identifies several hundred…
Software Supply Chain Security Debt is Increasing: Here's How To Pay If Off
https://ift.tt/6m8U9Mj
Submitted January 26, 2023 at 07:37PM by dlorenc
via reddit https://ift.tt/tl0mBE6
https://ift.tt/6m8U9Mj
Submitted January 26, 2023 at 07:37PM by dlorenc
via reddit https://ift.tt/tl0mBE6
DevOps.com
Software Supply Chain Security Debt is Increasing: Here’s How To Pay It Off
Risks in the software supply chain contribute to increased security debt, but there are ways organizations can pay it off.
Yandex Services Source Code Leaked
https://ift.tt/MegJusC
Submitted January 26, 2023 at 08:21PM by pipewire
via reddit https://ift.tt/CsTIjc4
https://ift.tt/MegJusC
Submitted January 26, 2023 at 08:21PM by pipewire
via reddit https://ift.tt/CsTIjc4
Arseniyshestakov
Yandex Services Source Code Leak
Short overview of breach contents
Exploiting a Critical Spoofing Vulnerability in Windows CryptoAPI
https://ift.tt/9KAMkJ7
Submitted January 26, 2023 at 08:04PM by Gallus
via reddit https://ift.tt/fVF80MC
https://ift.tt/9KAMkJ7
Submitted January 26, 2023 at 08:04PM by Gallus
via reddit https://ift.tt/fVF80MC
Akamai
Exploiting a Critical Spoofing Vulnerability in Windows CryptoAPI | Akamai
Akamai researchers have analyzed a critical vulnerability in Microsoft's CryptoAPI that would allow an attacker to masquerade as a legitimate entity.
Advisory: XXS Vulnerability for Arbitrary Domains in Skyhigh Security's Secure Web Gateway
https://ift.tt/WiU7p3y
Submitted January 26, 2023 at 08:57PM by RedTeamPentesting
via reddit https://ift.tt/P4zcO8p
https://ift.tt/WiU7p3y
Submitted January 26, 2023 at 08:57PM by RedTeamPentesting
via reddit https://ift.tt/P4zcO8p
www.redteam-pentesting.de
Skyhigh Security Secure Web Gateway: Cross-Site Scripting in Single Sign-On Plugin
RedTeam Pentesting identified a vulnerability which allows attackers to craft URLs to any third-party website that result in arbitrary content to be injected into the response when accessed through the Secure Web Gateway. While it is possible to inject arbitrary…
Bypassing Cloudflare WAF: XSS via SQL Injection
https://ift.tt/NDu4t7o
Submitted January 25, 2023 at 02:56AM by plsaskmecom
via reddit https://ift.tt/djzwnUx
https://ift.tt/NDu4t7o
Submitted January 25, 2023 at 02:56AM by plsaskmecom
via reddit https://ift.tt/djzwnUx
Uku's Playground
Bypassing Cloudflare WAF: XSS via SQL Injection
Reflected XSS in a big e-store, their response & the power of Google dorks.
Fun with Gentoo: Why don't we just shuffle those ROP gadgets away?
https://ift.tt/XVsiQbg
Submitted January 27, 2023 at 10:45AM by Gallus
via reddit https://ift.tt/BPTucLO
https://ift.tt/XVsiQbg
Submitted January 27, 2023 at 10:45AM by Gallus
via reddit https://ift.tt/BPTucLO
Pre-Auth RCE on OpenEMR: Using a rogue MySQL server to steal your health data
https://ift.tt/uxrZV7y
Submitted January 27, 2023 at 03:43PM by SonarPaul
via reddit https://ift.tt/lPTuXgN
https://ift.tt/uxrZV7y
Submitted January 27, 2023 at 03:43PM by SonarPaul
via reddit https://ift.tt/lPTuXgN
Sonarsource
OpenEMR - Remote Code Execution in your Healthcare System
We recently discovered three vulnerabilities that allow arbitrary code execution on OpenEMR. Let’s see what we can learn from them and discuss their patches!
Kamailio's exec module considered harmful – RTC security
https://ift.tt/FT7Dkvw
Submitted January 27, 2023 at 06:15PM by EnableSecurity
via reddit https://ift.tt/hjtZVmc
https://ift.tt/FT7Dkvw
Submitted January 27, 2023 at 06:15PM by EnableSecurity
via reddit https://ift.tt/hjtZVmc
Rtcsec
Kamailio's exec module considered harmful
How the Open Source SIP server may be vulnerable to OS command injection (remote code execution) when misusing the exec module, how to exploit and then fix it.
Factorization (DCQF) of a 48-bit integer using 10 trapped-ion qubits
https://ift.tt/cXhu5jN
Submitted January 27, 2023 at 07:07PM by c0r0n3r
via reddit https://ift.tt/zxGZPm8
https://ift.tt/cXhu5jN
Submitted January 27, 2023 at 07:07PM by c0r0n3r
via reddit https://ift.tt/zxGZPm8