Unserializable, but unreachable: Remote Code Execution on vBulletin
https://ift.tt/WjcXJ0g
Submitted February 02, 2023 at 01:59PM by cfambionics
via reddit https://ift.tt/hOl1QbR
https://ift.tt/WjcXJ0g
Submitted February 02, 2023 at 01:59PM by cfambionics
via reddit https://ift.tt/hOl1QbR
Ambionics
Unserializable, but unreachable: Remote code execution on vBulletin
Ambionics Security team discovered a pre-authentication remote code execution in vBulletin 5.6.9.
Demystifiying SMPC (Secure multi-party computation) and its threat model
https://ift.tt/f6Ip3j1
Submitted February 02, 2023 at 05:17PM by hardenedvault
via reddit https://ift.tt/W3y4oha
https://ift.tt/f6Ip3j1
Submitted February 02, 2023 at 05:17PM by hardenedvault
via reddit https://ift.tt/W3y4oha
hardenedvault.net
Demystifiying SMPC (Secure multi-party computation) and its threat model
Prologue SMPC is an interesting topic, whose the applications include systematic security and cryptographic engineering, and this article will discuss its principles, threat models and use-case.
Adobe Acrobat Reader - resetForm - CAgg UaF - RCE Exploit - CVE-2023-21608
https://ift.tt/9aXbcYw
Submitted February 02, 2023 at 06:18PM by hacksysteam
via reddit https://ift.tt/YBUM7tW
https://ift.tt/9aXbcYw
Submitted February 02, 2023 at 06:18PM by hacksysteam
via reddit https://ift.tt/YBUM7tW
EMBA - Automated firmware security scanner v1.2.1 released
https://ift.tt/UCtk7L3
Submitted February 02, 2023 at 08:20PM by _m-1-k-3_
via reddit https://ift.tt/1IYwTqd
https://ift.tt/UCtk7L3
Submitted February 02, 2023 at 08:20PM by _m-1-k-3_
via reddit https://ift.tt/1IYwTqd
GitHub
Release EMBA v1.2.1 · e-m-b-a/emba
Beside a huge number of bug fixes this release introduces multiple new features. You are invited to celebrate the new EMBA version with us.
Spread the word and secure the Internet of Things with ...
Spread the word and secure the Internet of Things with ...
An easy way to preview the content of an XML nmap file, in VS Code.
https://ift.tt/bWXTxqc
Submitted February 02, 2023 at 08:00PM by j_bono
via reddit https://ift.tt/Bsun82A
https://ift.tt/bWXTxqc
Submitted February 02, 2023 at 08:00PM by j_bono
via reddit https://ift.tt/Bsun82A
GitHub
GitHub - marduc812/vscode-nmap-peek: A VS Code extension to preview XML nmap output
A VS Code extension to preview XML nmap output. Contribute to marduc812/vscode-nmap-peek development by creating an account on GitHub.
The missing piece: the need for product management in security teams
https://ift.tt/MdGjIwE
Submitted February 02, 2023 at 09:56PM by sullivanmatt
via reddit https://ift.tt/WexbI9N
https://ift.tt/MdGjIwE
Submitted February 02, 2023 at 09:56PM by sullivanmatt
via reddit https://ift.tt/WexbI9N
Matt's Life Bytes
The missing piece: the need for product management in security teams
Security teams are receiving more headcount, tooling, and organizational support than ever before… so why are we still miserable? In this blog post, I will make the argument that a lack of pr…
GitHub - adityatelange/bhhb: Tool to view HTTP history exported from Burp Suite Community Edition
https://ift.tt/i58XMzR
Submitted February 02, 2023 at 10:54PM by adityatelange
via reddit https://ift.tt/mSNQW6Y
https://ift.tt/i58XMzR
Submitted February 02, 2023 at 10:54PM by adityatelange
via reddit https://ift.tt/mSNQW6Y
GitHub
GitHub - adityatelange/bhhb: Tool to view HTTP history exported from Burp Suite Community Edition
Tool to view HTTP history exported from Burp Suite Community Edition - GitHub - adityatelange/bhhb: Tool to view HTTP history exported from Burp Suite Community Edition
Discovering Six Critical Docker Desktop Privilege Escalation Vulnerabilities. (Bonus: New OSS Tool!)
https://ift.tt/2xznvd3
Submitted February 03, 2023 at 01:04AM by jat0369
via reddit https://ift.tt/XHpaAM8
https://ift.tt/2xznvd3
Submitted February 03, 2023 at 01:04AM by jat0369
via reddit https://ift.tt/XHpaAM8
Cyberark
Breaking Docker Named Pipes SYSTEMatically: Docker Desktop Privilege Escalation – Part 1
Everything started when I was researching Windows containers. It required installing Docker Desktop for Windows, and I couldn’t help but notice that there were many Docker processes. Since some of...
TC39 proposal for mitigating prototype pollution
https://ift.tt/hz4Hvwu
Submitted February 03, 2023 at 06:12AM by Gallus
via reddit https://ift.tt/Kt49bXx
https://ift.tt/hz4Hvwu
Submitted February 03, 2023 at 06:12AM by Gallus
via reddit https://ift.tt/Kt49bXx
GitHub
GitHub - tc39/proposal-symbol-proto: TC39 proposal for mitigating prototype pollution
TC39 proposal for mitigating prototype pollution. Contribute to tc39/proposal-symbol-proto development by creating an account on GitHub.
Adobe Acrobat Reader - resetForm - CAgg UaF - RCE Exploit - CVE-2023-21608
https://ift.tt/soxF1zf
Submitted February 03, 2023 at 08:28AM by hacksysteam
via reddit https://ift.tt/5cuPbp1
https://ift.tt/soxF1zf
Submitted February 03, 2023 at 08:28AM by hacksysteam
via reddit https://ift.tt/5cuPbp1
HackSys Inc
Pre-Auth RCE in Aspera Faspex: Case Guide for Auditing Ruby on Rails
https://ift.tt/SsN6p7v
Submitted February 03, 2023 at 08:21AM by Mempodipper
via reddit https://ift.tt/zbposvJ
https://ift.tt/SsN6p7v
Submitted February 03, 2023 at 08:21AM by Mempodipper
via reddit https://ift.tt/zbposvJ
Assetnote
Pre-Auth RCE in Aspera Faspex: Case Guide for Auditing Ruby on Rails
Application security issues found by Assetnote
PixPirate: a new Brazilian Banking Trojan | Cleafy LABS
https://ift.tt/3IZYFH7
Submitted February 03, 2023 at 08:08PM by f3d_0x0
via reddit https://ift.tt/7MeVK9O
https://ift.tt/3IZYFH7
Submitted February 03, 2023 at 08:08PM by f3d_0x0
via reddit https://ift.tt/7MeVK9O
Cleafy
PixPirate: a new Brazilian Banking Trojan | Cleafy LABS
Learn about PixPirate, the new Android banking trojan discovered by Cleafy TIR. This malware uses ATS to automate malicious money transfers via the Pix payment platform used by multiple Brazilian banks. Discover its features, including interception of banking…
How to Develop Intuition for Security Research: Apply the Scientific Method
https://ift.tt/9wLZIjo
Submitted February 03, 2023 at 09:20PM by crypt_keepr
via reddit https://ift.tt/mdu8b2U
https://ift.tt/9wLZIjo
Submitted February 03, 2023 at 09:20PM by crypt_keepr
via reddit https://ift.tt/mdu8b2U
Research Innovations
How to Develop Intuition for Security Research: Apply the Scientific Method
Intuition plays a prominent role in security research. It guides a researcher’s thought process to determine how to prioritize system components for analysis. What is the source of intuition? Can its source be defined and systematized so new researchers can…
Gartner Peer Insights widget - postMessage DOM XSS vulnerability
https://ift.tt/Fd819fH
Submitted February 04, 2023 at 04:31AM by Gallus
via reddit https://ift.tt/BlmPQSx
https://ift.tt/Fd819fH
Submitted February 04, 2023 at 04:31AM by Gallus
via reddit https://ift.tt/BlmPQSx
DoS and arbitrary file read in (ImageMagick: The hidden vulnerability behind your online images)
https://ift.tt/Xygx6Na
Submitted February 05, 2023 at 03:41AM by Mini_True
via reddit https://ift.tt/Sm3ViNE
https://ift.tt/Xygx6Na
Submitted February 05, 2023 at 03:41AM by Mini_True
via reddit https://ift.tt/Sm3ViNE
Linux Privilege Escalation: DirtyPipe (CVE 2022-0847)
https://ift.tt/C4lF5mU
Submitted February 05, 2023 at 09:28AM by glum-platimium
via reddit https://ift.tt/fTxcy5S
https://ift.tt/C4lF5mU
Submitted February 05, 2023 at 09:28AM by glum-platimium
via reddit https://ift.tt/fTxcy5S
Codelivly
Linux Privilege Escalation: DirtyPipe (CVE 2022-0847)
Max came to know of the vulnerability after he tried to resolve unprecedented CRC error in access logs
Reversing UK mobile rail tickets
https://ift.tt/0DSiPBa
Submitted February 05, 2023 at 10:58AM by Gallus
via reddit https://ift.tt/AtebC3w
https://ift.tt/0DSiPBa
Submitted February 05, 2023 at 10:58AM by Gallus
via reddit https://ift.tt/AtebC3w
eta.st
Reversing UK mobile rail tickets
The UK has used small credit-card sized tickets to pay for train travel for years and years, since long before I was born — originally theAPTIS ticket1,which...
"New Remote Job Board"
https://ift.tt/blZs7KX
Submitted February 05, 2023 at 04:25PM by Shazeb02
via reddit https://ift.tt/pfn3KWr
https://ift.tt/blZs7KX
Submitted February 05, 2023 at 04:25PM by Shazeb02
via reddit https://ift.tt/pfn3KWr
The Defender's Guide to OneNote MalDocs
https://ift.tt/nUuVGEQ
Submitted February 05, 2023 at 04:16PM by SuaveHobo
via reddit https://ift.tt/10Rp2TA
https://ift.tt/nUuVGEQ
Submitted February 05, 2023 at 04:16PM by SuaveHobo
via reddit https://ift.tt/10Rp2TA
Opalsec
The Defender's Guide to OneNote MalDocs
Who's abusing it, and how to mitigate it in your environment
CVE-2022-44268 - Arbitrary File Read PoC - PNG generator
https://ift.tt/Gm7ew2U
Submitted February 06, 2023 at 12:52AM by voidz0r
via reddit https://ift.tt/oNJ0tkA
https://ift.tt/Gm7ew2U
Submitted February 06, 2023 at 12:52AM by voidz0r
via reddit https://ift.tt/oNJ0tkA
GitHub
GitHub - voidz0r/CVE-2022-44268: A PoC for the CVE-2022-44268 - ImageMagick arbitrary file read
A PoC for the CVE-2022-44268 - ImageMagick arbitrary file read - GitHub - voidz0r/CVE-2022-44268: A PoC for the CVE-2022-44268 - ImageMagick arbitrary file read
StarHound - CLI tool for importing BloodHound's Active Directory and Azure data (for latest SharpHound/AzureHound data collectors)
https://ift.tt/IdnvG9K
Submitted February 05, 2023 at 05:26PM by malacupa
via reddit https://ift.tt/B8fAOUG
https://ift.tt/IdnvG9K
Submitted February 05, 2023 at 05:26PM by malacupa
via reddit https://ift.tt/B8fAOUG
malacupa.com
StarHound - CLI import tool for SharpHound/AzureHound data
StarHound - alternative tool to import SharpHound and AzureHound data into neo4j using CLI