Azure B2C Crypto Misuse and Account Compromise
https://ift.tt/rECKWDX
Submitted February 18, 2023 at 07:03PM by dlorenc
via reddit https://ift.tt/Y5lbgEs
https://ift.tt/rECKWDX
Submitted February 18, 2023 at 07:03PM by dlorenc
via reddit https://ift.tt/Y5lbgEs
Praetorian
Azure B2C Crypto Misuse and Account Compromise -
Microsoft’s Azure B2C service misused cryptography, which allowed an attacker to craft an OAuth refresh token to access a victim account.
Small utility to chunk up a large BloodHound JSON file into smaller files for faster importing.
https://ift.tt/KxLyd86
Submitted February 19, 2023 at 04:08AM by ustayready
via reddit https://ift.tt/C0uD57s
https://ift.tt/KxLyd86
Submitted February 19, 2023 at 04:08AM by ustayready
via reddit https://ift.tt/C0uD57s
GitHub
GitHub - ustayready/ShredHound: Small utility to chunk up a large BloodHound JSON file into smaller files for importing.
Small utility to chunk up a large BloodHound JSON file into smaller files for importing. - GitHub - ustayready/ShredHound: Small utility to chunk up a large BloodHound JSON file into smaller files ...
mast1c0re: Part 3 – Escaping the PS5 emulator
https://ift.tt/FS3V5Q7
Submitted February 19, 2023 at 04:06AM by ArbitraryWrite
via reddit https://ift.tt/e8N4fDL
https://ift.tt/FS3V5Q7
Submitted February 19, 2023 at 04:06AM by ArbitraryWrite
via reddit https://ift.tt/e8N4fDL
McCaulay
mast1c0re: Part 3 - Escaping the emulator
Introduction
In the previous post, we developed a traditional stack buffer overflow exploit in the Okage: Shadow King game which resulted in us being able to execute arbitrary code from within a PlayStation 2 ELF that was embedded inside the exploitable…
In the previous post, we developed a traditional stack buffer overflow exploit in the Okage: Shadow King game which resulted in us being able to execute arbitrary code from within a PlayStation 2 ELF that was embedded inside the exploitable…
Return of the 0ktapus? Coinbase fend of UNC3944/ScatteredSpider attack that used SMS Phishing and attempted MFA bypass
https://ift.tt/DNABcJh
Submitted February 19, 2023 at 09:41AM by SuaveHobo
via reddit https://ift.tt/H4l8xN1
https://ift.tt/DNABcJh
Submitted February 19, 2023 at 09:41AM by SuaveHobo
via reddit https://ift.tt/H4l8xN1
Opalsec
Return of the 0ktapus?
Coinbase seems to think so
New OpenSecurityTraining2 class, "Hardware 1101: Intel SPI Analysis"
https://ift.tt/R3KEaA5
Submitted February 20, 2023 at 08:13AM by OpenSecurityTraining
via reddit https://ift.tt/dTfDcyt
https://ift.tt/R3KEaA5
Submitted February 20, 2023 at 08:13AM by OpenSecurityTraining
via reddit https://ift.tt/dTfDcyt
p.ost2.fyi
Hardware 1101: Intel SPI Analysis
Mini-course on using a logic analyzer to view SPI flash transactions caused by Intel MMIO interface.
316ctf: Beginner CTF for Students and Anybody Else
https://316ctf.com/
Submitted February 20, 2023 at 06:43PM by 4NonOfficialUseOnly
via reddit https://ift.tt/fj5qpxO
https://316ctf.com/
Submitted February 20, 2023 at 06:43PM by 4NonOfficialUseOnly
via reddit https://ift.tt/fj5qpxO
316ctf
Cyber Challenges for Students! | 316ctf
316ctf - Cybersecurity CTF Challenges for High School and Middle School Students
Legitify added support for GPT-based security recommendations for GitHub & GitLab assets
https://ift.tt/PxVDpU6
Submitted February 20, 2023 at 09:05PM by dotanoam
via reddit https://ift.tt/khVlZjT
https://ift.tt/PxVDpU6
Submitted February 20, 2023 at 09:05PM by dotanoam
via reddit https://ift.tt/khVlZjT
GitHub
GitHub - Legit-Labs/legitify: Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets
Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets - GitHub - Legit-Labs/legitify: Detect and remediate misconfigurations and security risks across a...
GitHub - zblurx/dploot: DPAPI looting remotely in Python
https://ift.tt/letY0rS
Submitted February 20, 2023 at 08:54PM by scopedsecurity
via reddit https://ift.tt/wJIcCgq
https://ift.tt/letY0rS
Submitted February 20, 2023 at 08:54PM by scopedsecurity
via reddit https://ift.tt/wJIcCgq
GitHub
GitHub - zblurx/dploot: DPAPI looting remotely in Python
DPAPI looting remotely in Python. Contribute to zblurx/dploot development by creating an account on GitHub.
CVE-2022-24942 Heap-based buffer overflow in Silicon Labs Gecko SDK
https://ift.tt/mtPIqAC
Submitted February 21, 2023 at 12:48AM by attilaszia
via reddit https://ift.tt/v6V3WxN
https://ift.tt/mtPIqAC
Submitted February 21, 2023 at 12:48AM by attilaszia
via reddit https://ift.tt/v6V3WxN
Bugprove
CVE-2022-24942 Heap-based buffer overflow in Silicon Labs Gecko SDK
Heap-based buffer overflow vulnerabilities were found by BugProve in Silicon Lab’s Gecko SDK.
New OSCP Reporting Tool (SysReptor)
https://ift.tt/cfMkHvh
Submitted February 21, 2023 at 12:24PM by Pleasant-Drawer729
via reddit https://ift.tt/sbIZyY0
https://ift.tt/cfMkHvh
Submitted February 21, 2023 at 12:24PM by Pleasant-Drawer729
via reddit https://ift.tt/sbIZyY0
Sysreptor
Free OSCP Reporting - SysReptor Docs
None
Fortinet FortiNAC CVE-2022-39952 Deep-Dive, IOCs, and POC
https://ift.tt/wH6o0Fv
Submitted February 21, 2023 at 06:22PM by scopedsecurity
via reddit https://ift.tt/mPojJW4
https://ift.tt/wH6o0Fv
Submitted February 21, 2023 at 06:22PM by scopedsecurity
via reddit https://ift.tt/mPojJW4
Horizon3.ai
Fortinet FortiNAC CVE-2022-39952 Deep-Dive and IOCs
Fortinet FortiNAC CVE-2022-39952 Deep-Dive and IOCs. This vulnerability allows remote code execution as the root user.
ClamAV Critical Patch Review
https://ift.tt/aU2jHKu
Submitted February 21, 2023 at 08:32PM by g_e_r_h_a_r_d
via reddit https://ift.tt/g7FhPZS
https://ift.tt/aU2jHKu
Submitted February 21, 2023 at 08:32PM by g_e_r_h_a_r_d
via reddit https://ift.tt/g7FhPZS
ONEKEY
ClamAV Critical Patch Review
Explore issues resolved by ClamAV's recent critical patch in technical deep dive.
A Deep Dive Into a PoshC2 Implant
https://ift.tt/ZXC31Eo
Submitted February 21, 2023 at 08:32PM by CyberMasterV
via reddit https://ift.tt/UYRiqj5
https://ift.tt/ZXC31Eo
Submitted February 21, 2023 at 08:32PM by CyberMasterV
via reddit https://ift.tt/UYRiqj5
SecurityScorecard
Resources
Explore cybersecurity white papers, data sheets, webinars, videos, informative blogs, and more with SecurityScorecard.
OWASP Kubernetes Top 10 - Tools & Techniques
https://ift.tt/nw3fX7C
Submitted February 21, 2023 at 09:15PM by MiguelHzBz
via reddit https://ift.tt/YBCr0lQ
https://ift.tt/nw3fX7C
Submitted February 21, 2023 at 09:15PM by MiguelHzBz
via reddit https://ift.tt/YBCr0lQ
Sysdig
OWASP Kubernetes Top 10 – Sysdig
OWASP has created the OWASP Kubernetes Top 10, which helps identify the most likely risks.
Introducing Sublime: A new, open approach to email security
https://ift.tt/M4AnyGu
Submitted February 22, 2023 at 03:23AM by Glomar-Response
via reddit https://ift.tt/UrQBP2M
https://ift.tt/M4AnyGu
Submitted February 22, 2023 at 03:23AM by Glomar-Response
via reddit https://ift.tt/UrQBP2M
sublime.security
Introducing Sublime: A new, open approach to email security
The detection and response platform for securing email.
Let's build a Chrome extension that steals everything
https://ift.tt/fUlTB7M
Submitted February 22, 2023 at 07:23AM by ScottContini
via reddit https://ift.tt/UqfE8Ah
https://ift.tt/fUlTB7M
Submitted February 22, 2023 at 07:23AM by ScottContini
via reddit https://ift.tt/UqfE8Ah
Building Browser Extensions
Let's build a Chrome extension that steals everything
Today's adventure: DIY whole hog data exfiltration
Multiple vulnerabilities in Nokia BTS Airscale ASIKA [PDF]
https://ift.tt/RH0uF3Q
Submitted February 22, 2023 at 03:45PM by Gallus
via reddit https://ift.tt/vK1IAwm
https://ift.tt/RH0uF3Q
Submitted February 22, 2023 at 03:45PM by Gallus
via reddit https://ift.tt/vK1IAwm
A New Privilege Escalation Bug Class on macOS and iOS
https://ift.tt/5a38fiM
Submitted February 22, 2023 at 05:08PM by poltess0
via reddit https://ift.tt/MJcKbEy
https://ift.tt/5a38fiM
Submitted February 22, 2023 at 05:08PM by poltess0
via reddit https://ift.tt/MJcKbEy
Trellix
Trellix Advanced Research Center Discovers a New Privilege Escalation Bug Class on macOS and iOS
The Trellix Advanced Research Center vulnerability team has discovered a large new class of bugs that allow bypassing code signing to execute arbitrary code in the context of several platform applications, leading to escalation of privileges and sandbox escape…
Disabling ClamAV as an Unprivileged User
https://ift.tt/YlPaKhC
Submitted February 22, 2023 at 06:28PM by DLLCoolJ
via reddit https://ift.tt/QcGrYsB
https://ift.tt/YlPaKhC
Submitted February 22, 2023 at 06:28PM by DLLCoolJ
via reddit https://ift.tt/QcGrYsB
Archcloudlabs
Disabling ClamAV as an Unprivileged User
About The Project ClamAV is an Open Source antivirus engine that is widely used on mail servers to scan incoming messages. On February 15, 2023 ClamAV published a security advisory detailing a potential remote code execution vulnerability in its HFS+ file…
What the Hack: A Personal Story about Ethical Hacking
https://www.youtube.com/watch?v=pdH8bd-niyQ&list=PLEx5khR4g7PIEgcDlsEP5veliuyKgnpbt
Submitted February 22, 2023 at 07:03PM by Ambitious_Material67
via reddit https://ift.tt/JYuNhpc
https://www.youtube.com/watch?v=pdH8bd-niyQ&list=PLEx5khR4g7PIEgcDlsEP5veliuyKgnpbt
Submitted February 22, 2023 at 07:03PM by Ambitious_Material67
via reddit https://ift.tt/JYuNhpc
YouTube
What the Hack: A Personal Story about Ethical Hacking • Ben Sadeghipour • GOTO 2022
This presentation was recorded at GOTO Copenhagen 2022. #GOTOcon #GOTOcph
http://gotocph.com
Ben Sadeghipour - VP of Research at Hadrian Security @NahamSec
ORIGINAL TALK TITLE
What the Hack?
ABSTRACT
Join Ben Sadeghipour in this session. He is Head of…
http://gotocph.com
Ben Sadeghipour - VP of Research at Hadrian Security @NahamSec
ORIGINAL TALK TITLE
What the Hack?
ABSTRACT
Join Ben Sadeghipour in this session. He is Head of…
Vulnerability write-up - "Dangerous assumptions" (6 CVEs in Node.js packages)
https://ift.tt/jO0uhAm
Submitted February 22, 2023 at 10:10PM by ThomasRinsma
via reddit https://ift.tt/nf5xuNs
https://ift.tt/jO0uhAm
Submitted February 22, 2023 at 10:10PM by ThomasRinsma
via reddit https://ift.tt/nf5xuNs
Codean
Vulnerability write-up - "Dangerous assumptions"
d08e8132-1c34-4223-b83d-9b7622e0f9c4