Exposing Secrets Via AppSec Tools: The SonarQube Case
https://ift.tt/lVpSnBO
Submitted January 31, 2023 at 04:59PM by roy_6472
via reddit https://ift.tt/CA0zVQd
https://ift.tt/lVpSnBO
Submitted January 31, 2023 at 04:59PM by roy_6472
via reddit https://ift.tt/CA0zVQd
Legitsecurity
Exposing Secrets Via SDLC Tools: The SonarQube Case
Legit Security | We investigate how sensitive information can get exposed via AppSec tools that you use in your dev pipeline, using the SonarQube Case.
Learning CodeQL - Going Beyond Grep
https://ift.tt/d9bsTOE
Submitted January 31, 2023 at 06:27PM by Gallus
via reddit https://ift.tt/6cUxEpe
https://ift.tt/d9bsTOE
Submitted January 31, 2023 at 06:27PM by Gallus
via reddit https://ift.tt/6cUxEpe
Goingbeyondgrep
Learning CodeQL
Unlike many SAST products, CodeQL is more than just a tool and learning it requires learning more than just a tool. It’s a programming language, a tool, and a supporting ecosystem that come together to create something extremely powerful, flexible, and unique.…
Github reports unauthorized access to some Github Desktop and Atom repositories
https://ift.tt/Mw5HBOY
Submitted January 31, 2023 at 06:12PM by qwerty0x41
via reddit https://ift.tt/eRC0MZu
https://ift.tt/Mw5HBOY
Submitted January 31, 2023 at 06:12PM by qwerty0x41
via reddit https://ift.tt/eRC0MZu
The GitHub Blog
Action needed for GitHub Desktop and Atom users | The GitHub Blog
Update to the latest version of Desktop and previous version of Atom before February 2.
Remote Command Execution in binwalk
https://ift.tt/Pu6X4mH
Submitted January 31, 2023 at 07:39PM by Gallus
via reddit https://ift.tt/lFqDaXz
https://ift.tt/Pu6X4mH
Submitted January 31, 2023 at 07:39PM by Gallus
via reddit https://ift.tt/lFqDaXz
ONEKEY
Security Advisory: Remote Command Execution in binwalk
Learn about the security vulnerability in binwalk v2.1.2b-2.3.3 !
We reversed engineered Splunk and created a pure python based S2S client
https://ift.tt/HlCnwi4
Submitted January 31, 2023 at 09:13PM by sh0n1z
via reddit https://ift.tt/qCyedFT
https://ift.tt/HlCnwi4
Submitted January 31, 2023 at 09:13PM by sh0n1z
via reddit https://ift.tt/qCyedFT
TimeException: A tool to find folders excluded from AV real-time scanning using a time oracle
https://ift.tt/0Oh7pRc
Submitted January 31, 2023 at 11:55PM by sanitybit
via reddit https://ift.tt/JQ425NC
https://ift.tt/0Oh7pRc
Submitted January 31, 2023 at 11:55PM by sanitybit
via reddit https://ift.tt/JQ425NC
GitHub
GitHub - bananabr/TimeException: A tool to find folders excluded from AV real-time scanning using a time oracle
A tool to find folders excluded from AV real-time scanning using a time oracle - GitHub - bananabr/TimeException: A tool to find folders excluded from AV real-time scanning using a time oracle
Setting you up for failure: Exploring 2FA bypasses in web application settings page functionality
https://ift.tt/bvRq1ls
Submitted February 01, 2023 at 03:45AM by TheCrazyAcademic
via reddit https://ift.tt/osApmUB
https://ift.tt/bvRq1ls
Submitted February 01, 2023 at 03:45AM by TheCrazyAcademic
via reddit https://ift.tt/osApmUB
Medium
Setting you up for failure: Exploring 2FA bypasses in web application settings page functionality
In January it was reported in the mainstream media a 2FA Bypass was discovered in Facebook involving their new account center APIs. This is…
RCE in Avaya Aura Device Services
https://ift.tt/SxwLBbm
Submitted February 01, 2023 at 06:33AM by Mempodipper
via reddit https://ift.tt/36Q0bOS
https://ift.tt/SxwLBbm
Submitted February 01, 2023 at 06:33AM by Mempodipper
via reddit https://ift.tt/36Q0bOS
Assetnote
RCE in Avaya Aura Device Services
Application security issues found by Assetnote
CVE-2021-34462: Exploiting the Windows AppXSvc Service Logic-Error Vulnerability
https://ift.tt/Qcsf2Hk
Submitted February 01, 2023 at 01:20PM by Gallus
via reddit https://ift.tt/XI6n1dO
https://ift.tt/Qcsf2Hk
Submitted February 01, 2023 at 01:20PM by Gallus
via reddit https://ift.tt/XI6n1dO
Precision Munitions for Denial of Service
https://ift.tt/BeL5pQV
Submitted February 01, 2023 at 08:10PM by DevSec23
via reddit https://ift.tt/0yzW79f
https://ift.tt/BeL5pQV
Submitted February 01, 2023 at 08:10PM by DevSec23
via reddit https://ift.tt/0yzW79f
beny23.github.io
Precision Munitions for Denial of Service
There’s a metaphor about the fight between attackers and defenders in the Denial of Service cybersecurity game. It’s an “arms race” between ever bigger attacks throwing huge amounts of traffic at ever more sophisticated defenses (e.g. AWS shield).
Incidentally…
Incidentally…
HeadCrab: A Novel State-of-the-Art Redis Malware in a Global Campaign
https://ift.tt/WyiG1pO
Submitted February 02, 2023 at 12:09AM by gfdgfbal
via reddit https://ift.tt/VYCtUux
https://ift.tt/WyiG1pO
Submitted February 02, 2023 at 12:09AM by gfdgfbal
via reddit https://ift.tt/VYCtUux
Aquasec
HeadCrab: A Novel State-of-the-Art Redis Malware in a Global Campaign
Aqua Nautilus uncovers threat actor HeadCrab has created an advanced malicious Redis framework that has compromised over 1200 servers and how to protect yourself
Ronin 2.0.0 has finally been released! Ronin is a free and Open Source Ruby toolkit for security research and development.
https://ift.tt/GBCWlsk
Submitted February 02, 2023 at 04:39AM by postmodern
via reddit https://ift.tt/lSXNk5P
https://ift.tt/GBCWlsk
Submitted February 02, 2023 at 04:39AM by postmodern
via reddit https://ift.tt/lSXNk5P
Unserializable, but unreachable: Remote Code Execution on vBulletin
https://ift.tt/WjcXJ0g
Submitted February 02, 2023 at 01:59PM by cfambionics
via reddit https://ift.tt/hOl1QbR
https://ift.tt/WjcXJ0g
Submitted February 02, 2023 at 01:59PM by cfambionics
via reddit https://ift.tt/hOl1QbR
Ambionics
Unserializable, but unreachable: Remote code execution on vBulletin
Ambionics Security team discovered a pre-authentication remote code execution in vBulletin 5.6.9.
Demystifiying SMPC (Secure multi-party computation) and its threat model
https://ift.tt/f6Ip3j1
Submitted February 02, 2023 at 05:17PM by hardenedvault
via reddit https://ift.tt/W3y4oha
https://ift.tt/f6Ip3j1
Submitted February 02, 2023 at 05:17PM by hardenedvault
via reddit https://ift.tt/W3y4oha
hardenedvault.net
Demystifiying SMPC (Secure multi-party computation) and its threat model
Prologue SMPC is an interesting topic, whose the applications include systematic security and cryptographic engineering, and this article will discuss its principles, threat models and use-case.
Adobe Acrobat Reader - resetForm - CAgg UaF - RCE Exploit - CVE-2023-21608
https://ift.tt/9aXbcYw
Submitted February 02, 2023 at 06:18PM by hacksysteam
via reddit https://ift.tt/YBUM7tW
https://ift.tt/9aXbcYw
Submitted February 02, 2023 at 06:18PM by hacksysteam
via reddit https://ift.tt/YBUM7tW
EMBA - Automated firmware security scanner v1.2.1 released
https://ift.tt/UCtk7L3
Submitted February 02, 2023 at 08:20PM by _m-1-k-3_
via reddit https://ift.tt/1IYwTqd
https://ift.tt/UCtk7L3
Submitted February 02, 2023 at 08:20PM by _m-1-k-3_
via reddit https://ift.tt/1IYwTqd
GitHub
Release EMBA v1.2.1 · e-m-b-a/emba
Beside a huge number of bug fixes this release introduces multiple new features. You are invited to celebrate the new EMBA version with us.
Spread the word and secure the Internet of Things with ...
Spread the word and secure the Internet of Things with ...
An easy way to preview the content of an XML nmap file, in VS Code.
https://ift.tt/bWXTxqc
Submitted February 02, 2023 at 08:00PM by j_bono
via reddit https://ift.tt/Bsun82A
https://ift.tt/bWXTxqc
Submitted February 02, 2023 at 08:00PM by j_bono
via reddit https://ift.tt/Bsun82A
GitHub
GitHub - marduc812/vscode-nmap-peek: A VS Code extension to preview XML nmap output
A VS Code extension to preview XML nmap output. Contribute to marduc812/vscode-nmap-peek development by creating an account on GitHub.
The missing piece: the need for product management in security teams
https://ift.tt/MdGjIwE
Submitted February 02, 2023 at 09:56PM by sullivanmatt
via reddit https://ift.tt/WexbI9N
https://ift.tt/MdGjIwE
Submitted February 02, 2023 at 09:56PM by sullivanmatt
via reddit https://ift.tt/WexbI9N
Matt's Life Bytes
The missing piece: the need for product management in security teams
Security teams are receiving more headcount, tooling, and organizational support than ever before… so why are we still miserable? In this blog post, I will make the argument that a lack of pr…
GitHub - adityatelange/bhhb: Tool to view HTTP history exported from Burp Suite Community Edition
https://ift.tt/i58XMzR
Submitted February 02, 2023 at 10:54PM by adityatelange
via reddit https://ift.tt/mSNQW6Y
https://ift.tt/i58XMzR
Submitted February 02, 2023 at 10:54PM by adityatelange
via reddit https://ift.tt/mSNQW6Y
GitHub
GitHub - adityatelange/bhhb: Tool to view HTTP history exported from Burp Suite Community Edition
Tool to view HTTP history exported from Burp Suite Community Edition - GitHub - adityatelange/bhhb: Tool to view HTTP history exported from Burp Suite Community Edition
Discovering Six Critical Docker Desktop Privilege Escalation Vulnerabilities. (Bonus: New OSS Tool!)
https://ift.tt/2xznvd3
Submitted February 03, 2023 at 01:04AM by jat0369
via reddit https://ift.tt/XHpaAM8
https://ift.tt/2xznvd3
Submitted February 03, 2023 at 01:04AM by jat0369
via reddit https://ift.tt/XHpaAM8
Cyberark
Breaking Docker Named Pipes SYSTEMatically: Docker Desktop Privilege Escalation – Part 1
Everything started when I was researching Windows containers. It required installing Docker Desktop for Windows, and I couldn’t help but notice that there were many Docker processes. Since some of...
TC39 proposal for mitigating prototype pollution
https://ift.tt/hz4Hvwu
Submitted February 03, 2023 at 06:12AM by Gallus
via reddit https://ift.tt/Kt49bXx
https://ift.tt/hz4Hvwu
Submitted February 03, 2023 at 06:12AM by Gallus
via reddit https://ift.tt/Kt49bXx
GitHub
GitHub - tc39/proposal-symbol-proto: TC39 proposal for mitigating prototype pollution
TC39 proposal for mitigating prototype pollution. Contribute to tc39/proposal-symbol-proto development by creating an account on GitHub.