CVE-2021-34462: Exploiting the Windows AppXSvc Service Logic-Error Vulnerability
https://ift.tt/Qcsf2Hk
Submitted February 01, 2023 at 01:20PM by Gallus
via reddit https://ift.tt/XI6n1dO
https://ift.tt/Qcsf2Hk
Submitted February 01, 2023 at 01:20PM by Gallus
via reddit https://ift.tt/XI6n1dO
Precision Munitions for Denial of Service
https://ift.tt/BeL5pQV
Submitted February 01, 2023 at 08:10PM by DevSec23
via reddit https://ift.tt/0yzW79f
https://ift.tt/BeL5pQV
Submitted February 01, 2023 at 08:10PM by DevSec23
via reddit https://ift.tt/0yzW79f
beny23.github.io
Precision Munitions for Denial of Service
There’s a metaphor about the fight between attackers and defenders in the Denial of Service cybersecurity game. It’s an “arms race” between ever bigger attacks throwing huge amounts of traffic at ever more sophisticated defenses (e.g. AWS shield).
Incidentally…
Incidentally…
HeadCrab: A Novel State-of-the-Art Redis Malware in a Global Campaign
https://ift.tt/WyiG1pO
Submitted February 02, 2023 at 12:09AM by gfdgfbal
via reddit https://ift.tt/VYCtUux
https://ift.tt/WyiG1pO
Submitted February 02, 2023 at 12:09AM by gfdgfbal
via reddit https://ift.tt/VYCtUux
Aquasec
HeadCrab: A Novel State-of-the-Art Redis Malware in a Global Campaign
Aqua Nautilus uncovers threat actor HeadCrab has created an advanced malicious Redis framework that has compromised over 1200 servers and how to protect yourself
Ronin 2.0.0 has finally been released! Ronin is a free and Open Source Ruby toolkit for security research and development.
https://ift.tt/GBCWlsk
Submitted February 02, 2023 at 04:39AM by postmodern
via reddit https://ift.tt/lSXNk5P
https://ift.tt/GBCWlsk
Submitted February 02, 2023 at 04:39AM by postmodern
via reddit https://ift.tt/lSXNk5P
Unserializable, but unreachable: Remote Code Execution on vBulletin
https://ift.tt/WjcXJ0g
Submitted February 02, 2023 at 01:59PM by cfambionics
via reddit https://ift.tt/hOl1QbR
https://ift.tt/WjcXJ0g
Submitted February 02, 2023 at 01:59PM by cfambionics
via reddit https://ift.tt/hOl1QbR
Ambionics
Unserializable, but unreachable: Remote code execution on vBulletin
Ambionics Security team discovered a pre-authentication remote code execution in vBulletin 5.6.9.
Demystifiying SMPC (Secure multi-party computation) and its threat model
https://ift.tt/f6Ip3j1
Submitted February 02, 2023 at 05:17PM by hardenedvault
via reddit https://ift.tt/W3y4oha
https://ift.tt/f6Ip3j1
Submitted February 02, 2023 at 05:17PM by hardenedvault
via reddit https://ift.tt/W3y4oha
hardenedvault.net
Demystifiying SMPC (Secure multi-party computation) and its threat model
Prologue SMPC is an interesting topic, whose the applications include systematic security and cryptographic engineering, and this article will discuss its principles, threat models and use-case.
Adobe Acrobat Reader - resetForm - CAgg UaF - RCE Exploit - CVE-2023-21608
https://ift.tt/9aXbcYw
Submitted February 02, 2023 at 06:18PM by hacksysteam
via reddit https://ift.tt/YBUM7tW
https://ift.tt/9aXbcYw
Submitted February 02, 2023 at 06:18PM by hacksysteam
via reddit https://ift.tt/YBUM7tW
EMBA - Automated firmware security scanner v1.2.1 released
https://ift.tt/UCtk7L3
Submitted February 02, 2023 at 08:20PM by _m-1-k-3_
via reddit https://ift.tt/1IYwTqd
https://ift.tt/UCtk7L3
Submitted February 02, 2023 at 08:20PM by _m-1-k-3_
via reddit https://ift.tt/1IYwTqd
GitHub
Release EMBA v1.2.1 · e-m-b-a/emba
Beside a huge number of bug fixes this release introduces multiple new features. You are invited to celebrate the new EMBA version with us.
Spread the word and secure the Internet of Things with ...
Spread the word and secure the Internet of Things with ...
An easy way to preview the content of an XML nmap file, in VS Code.
https://ift.tt/bWXTxqc
Submitted February 02, 2023 at 08:00PM by j_bono
via reddit https://ift.tt/Bsun82A
https://ift.tt/bWXTxqc
Submitted February 02, 2023 at 08:00PM by j_bono
via reddit https://ift.tt/Bsun82A
GitHub
GitHub - marduc812/vscode-nmap-peek: A VS Code extension to preview XML nmap output
A VS Code extension to preview XML nmap output. Contribute to marduc812/vscode-nmap-peek development by creating an account on GitHub.
The missing piece: the need for product management in security teams
https://ift.tt/MdGjIwE
Submitted February 02, 2023 at 09:56PM by sullivanmatt
via reddit https://ift.tt/WexbI9N
https://ift.tt/MdGjIwE
Submitted February 02, 2023 at 09:56PM by sullivanmatt
via reddit https://ift.tt/WexbI9N
Matt's Life Bytes
The missing piece: the need for product management in security teams
Security teams are receiving more headcount, tooling, and organizational support than ever before… so why are we still miserable? In this blog post, I will make the argument that a lack of pr…
GitHub - adityatelange/bhhb: Tool to view HTTP history exported from Burp Suite Community Edition
https://ift.tt/i58XMzR
Submitted February 02, 2023 at 10:54PM by adityatelange
via reddit https://ift.tt/mSNQW6Y
https://ift.tt/i58XMzR
Submitted February 02, 2023 at 10:54PM by adityatelange
via reddit https://ift.tt/mSNQW6Y
GitHub
GitHub - adityatelange/bhhb: Tool to view HTTP history exported from Burp Suite Community Edition
Tool to view HTTP history exported from Burp Suite Community Edition - GitHub - adityatelange/bhhb: Tool to view HTTP history exported from Burp Suite Community Edition
Discovering Six Critical Docker Desktop Privilege Escalation Vulnerabilities. (Bonus: New OSS Tool!)
https://ift.tt/2xznvd3
Submitted February 03, 2023 at 01:04AM by jat0369
via reddit https://ift.tt/XHpaAM8
https://ift.tt/2xznvd3
Submitted February 03, 2023 at 01:04AM by jat0369
via reddit https://ift.tt/XHpaAM8
Cyberark
Breaking Docker Named Pipes SYSTEMatically: Docker Desktop Privilege Escalation – Part 1
Everything started when I was researching Windows containers. It required installing Docker Desktop for Windows, and I couldn’t help but notice that there were many Docker processes. Since some of...
TC39 proposal for mitigating prototype pollution
https://ift.tt/hz4Hvwu
Submitted February 03, 2023 at 06:12AM by Gallus
via reddit https://ift.tt/Kt49bXx
https://ift.tt/hz4Hvwu
Submitted February 03, 2023 at 06:12AM by Gallus
via reddit https://ift.tt/Kt49bXx
GitHub
GitHub - tc39/proposal-symbol-proto: TC39 proposal for mitigating prototype pollution
TC39 proposal for mitigating prototype pollution. Contribute to tc39/proposal-symbol-proto development by creating an account on GitHub.
Adobe Acrobat Reader - resetForm - CAgg UaF - RCE Exploit - CVE-2023-21608
https://ift.tt/soxF1zf
Submitted February 03, 2023 at 08:28AM by hacksysteam
via reddit https://ift.tt/5cuPbp1
https://ift.tt/soxF1zf
Submitted February 03, 2023 at 08:28AM by hacksysteam
via reddit https://ift.tt/5cuPbp1
HackSys Inc
Pre-Auth RCE in Aspera Faspex: Case Guide for Auditing Ruby on Rails
https://ift.tt/SsN6p7v
Submitted February 03, 2023 at 08:21AM by Mempodipper
via reddit https://ift.tt/zbposvJ
https://ift.tt/SsN6p7v
Submitted February 03, 2023 at 08:21AM by Mempodipper
via reddit https://ift.tt/zbposvJ
Assetnote
Pre-Auth RCE in Aspera Faspex: Case Guide for Auditing Ruby on Rails
Application security issues found by Assetnote
PixPirate: a new Brazilian Banking Trojan | Cleafy LABS
https://ift.tt/3IZYFH7
Submitted February 03, 2023 at 08:08PM by f3d_0x0
via reddit https://ift.tt/7MeVK9O
https://ift.tt/3IZYFH7
Submitted February 03, 2023 at 08:08PM by f3d_0x0
via reddit https://ift.tt/7MeVK9O
Cleafy
PixPirate: a new Brazilian Banking Trojan | Cleafy LABS
Learn about PixPirate, the new Android banking trojan discovered by Cleafy TIR. This malware uses ATS to automate malicious money transfers via the Pix payment platform used by multiple Brazilian banks. Discover its features, including interception of banking…
How to Develop Intuition for Security Research: Apply the Scientific Method
https://ift.tt/9wLZIjo
Submitted February 03, 2023 at 09:20PM by crypt_keepr
via reddit https://ift.tt/mdu8b2U
https://ift.tt/9wLZIjo
Submitted February 03, 2023 at 09:20PM by crypt_keepr
via reddit https://ift.tt/mdu8b2U
Research Innovations
How to Develop Intuition for Security Research: Apply the Scientific Method
Intuition plays a prominent role in security research. It guides a researcher’s thought process to determine how to prioritize system components for analysis. What is the source of intuition? Can its source be defined and systematized so new researchers can…
Gartner Peer Insights widget - postMessage DOM XSS vulnerability
https://ift.tt/Fd819fH
Submitted February 04, 2023 at 04:31AM by Gallus
via reddit https://ift.tt/BlmPQSx
https://ift.tt/Fd819fH
Submitted February 04, 2023 at 04:31AM by Gallus
via reddit https://ift.tt/BlmPQSx
DoS and arbitrary file read in (ImageMagick: The hidden vulnerability behind your online images)
https://ift.tt/Xygx6Na
Submitted February 05, 2023 at 03:41AM by Mini_True
via reddit https://ift.tt/Sm3ViNE
https://ift.tt/Xygx6Na
Submitted February 05, 2023 at 03:41AM by Mini_True
via reddit https://ift.tt/Sm3ViNE
Linux Privilege Escalation: DirtyPipe (CVE 2022-0847)
https://ift.tt/C4lF5mU
Submitted February 05, 2023 at 09:28AM by glum-platimium
via reddit https://ift.tt/fTxcy5S
https://ift.tt/C4lF5mU
Submitted February 05, 2023 at 09:28AM by glum-platimium
via reddit https://ift.tt/fTxcy5S
Codelivly
Linux Privilege Escalation: DirtyPipe (CVE 2022-0847)
Max came to know of the vulnerability after he tried to resolve unprecedented CRC error in access logs
Reversing UK mobile rail tickets
https://ift.tt/0DSiPBa
Submitted February 05, 2023 at 10:58AM by Gallus
via reddit https://ift.tt/AtebC3w
https://ift.tt/0DSiPBa
Submitted February 05, 2023 at 10:58AM by Gallus
via reddit https://ift.tt/AtebC3w
eta.st
Reversing UK mobile rail tickets
The UK has used small credit-card sized tickets to pay for train travel for years and years, since long before I was born — originally theAPTIS ticket1,which...