A Review of Attacks Against Language-Based Package Managers
https://ift.tt/z7sWK5J
Submitted February 24, 2023 at 05:51PM by panoptischall
via reddit https://ift.tt/XzqE8o0
https://ift.tt/z7sWK5J
Submitted February 24, 2023 at 05:51PM by panoptischall
via reddit https://ift.tt/XzqE8o0
Yet, another packer/loader with my very own implementation of GetProcAddress and GetModuleHandle to dinamically fetch function addresses, as well as AES payload and function name encryption with a derived SHA256 key
https://ift.tt/s0D89Ux
Submitted February 24, 2023 at 09:49PM by oldboy21
via reddit https://ift.tt/Ybyirxv
https://ift.tt/s0D89Ux
Submitted February 24, 2023 at 09:49PM by oldboy21
via reddit https://ift.tt/Ybyirxv
GitHub
GitHub - oldboy21/CGPL: Yet, Another Packer/Loader
Yet, Another Packer/Loader . Contribute to oldboy21/CGPL development by creating an account on GitHub.
Wrote a hands-on blog series for anyone trying to get a start as a SOC analyst -- feedback welcome!
https://ift.tt/JGAI5if
Submitted February 25, 2023 at 09:26AM by skybound5
via reddit https://ift.tt/7Ani2hd
https://ift.tt/JGAI5if
Submitted February 25, 2023 at 09:26AM by skybound5
via reddit https://ift.tt/7Ani2hd
Eric’s Substack
So you want to be a SOC Analyst? Intro
A blog series for someone wanting to get a start as a SOC Analyst
Awesome Security Newsletters
https://ift.tt/r3ciYsD
Submitted February 26, 2023 at 09:29AM by mymalema
via reddit https://ift.tt/HFSVPKy
https://ift.tt/r3ciYsD
Submitted February 26, 2023 at 09:29AM by mymalema
via reddit https://ift.tt/HFSVPKy
GitHub
GitHub - TalEliyahu/awesome-security-newsletters: Periodic cyber security newsletters that capture the latest news, summaries of…
Periodic cyber security newsletters that capture the latest news, summaries of conference talks, research, best practices, tools, events, vulnerabilities, and analysis of trending threats and attac...
open-appsec provides ML-based API Security add-on for Kong API Gateways
https://ift.tt/bE1wpCr
Submitted February 26, 2023 at 03:30PM by Hen2022
via reddit https://ift.tt/CTXHhAE
https://ift.tt/bE1wpCr
Submitted February 26, 2023 at 03:30PM by Hen2022
via reddit https://ift.tt/CTXHhAE
open-appsec
open-appsec provides ML-based API Security add-on for Kong API Gateways
open-appsec provides Kong users effective and integrated API Security including preemptive protection against zero-day attacks.
Scripts for playing with WinDbg JS API (hugsy/windbg_js_noscripts)
https://ift.tt/WZo6rz3
Submitted February 27, 2023 at 06:57AM by Gallus
via reddit https://ift.tt/wdD2oji
https://ift.tt/WZo6rz3
Submitted February 27, 2023 at 06:57AM by Gallus
via reddit https://ift.tt/wdD2oji
GitHub
GitHub - hugsy/windbg_js_noscripts: Toy noscripts for playing with WinDbg JS API
Toy noscripts for playing with WinDbg JS API. Contribute to hugsy/windbg_js_noscripts development by creating an account on GitHub.
RIG Exploit Kit: In-Depth Analysis
https://ift.tt/Ll56PJd
Submitted February 27, 2023 at 09:05PM by wtfse
via reddit https://ift.tt/oRvbymI
https://ift.tt/Ll56PJd
Submitted February 27, 2023 at 09:05PM by wtfse
via reddit https://ift.tt/oRvbymI
ParamAngler - tool for testing specific payload on each parameter
https://ift.tt/8QEtpX6
Submitted February 28, 2023 at 01:17AM by spajky_yt
via reddit https://ift.tt/S1VIJNn
https://ift.tt/8QEtpX6
Submitted February 28, 2023 at 01:17AM by spajky_yt
via reddit https://ift.tt/S1VIJNn
GitHub
GitHub - spyx/ParamAngler
Contribute to spyx/ParamAngler development by creating an account on GitHub.
Lastpass Quietly indicates that Enterprise Users' K2s were accessed
https://ift.tt/s6EpGyF
Submitted February 28, 2023 at 01:12AM by csanders_
via reddit https://ift.tt/6McgLTz
https://ift.tt/s6EpGyF
Submitted February 28, 2023 at 01:12AM by csanders_
via reddit https://ift.tt/6McgLTz
Lastpass
Security Bulletin: Recommended Actions for LastPass Business Administrators
Your organization’s security is vital to our mutual success, so we’ve created this guide to help you respond to the recent LastPass security incident in a way that meets your security posture and environment’s needs.
It’s All Bad News: An update on how the Lastpass breach affects Lastpass SSO
https://ift.tt/uhptTmf
Submitted February 28, 2023 at 04:30AM by csanders_
via reddit https://ift.tt/zomdyug
https://ift.tt/uhptTmf
Submitted February 28, 2023 at 04:30AM by csanders_
via reddit https://ift.tt/zomdyug
Medium
It’s All Bad News: An update on how the Lastpass breach affects Lastpass SSO
Every week, almost without fail, I come across one thing that confuses, entertains, or most commonly infuriates me. I’ve decided to keep a…
SPIP Remote Code Execution (pre-auth)
https://ift.tt/aZ23R6X
Submitted February 28, 2023 at 03:29AM by EasyAd9596
via reddit https://ift.tt/mpj8GsQ
https://ift.tt/aZ23R6X
Submitted February 28, 2023 at 03:29AM by EasyAd9596
via reddit https://ift.tt/mpj8GsQ
Dirty Arbitrary File Write to RCE in Python uWSGI
https://ift.tt/Xmhugx1
Submitted February 28, 2023 at 07:17PM by nibblesec
via reddit https://ift.tt/EoB1jcm
https://ift.tt/Xmhugx1
Submitted February 28, 2023 at 07:17PM by nibblesec
via reddit https://ift.tt/EoB1jcm
Doyensec
A New Vector For “Dirty” Arbitrary File Write to RCE · Doyensec's Blog
Doyensec's Blog :: Doyensec is an independent security research and development company focused on vulnerability discovery and remediation.
How to conduct a Complete Kubernetes Security Config Review
https://ift.tt/Mi2SR5C
Submitted February 28, 2023 at 08:15PM by phoenixzeu
via reddit https://ift.tt/LalK3HD
https://ift.tt/Mi2SR5C
Submitted February 28, 2023 at 08:15PM by phoenixzeu
via reddit https://ift.tt/LalK3HD
Security Café
A Complete Kubernetes Config Review Methodology
The are many resources out there that tap into the subject of Kubernetes Pentesting or Configuration Review, however, they usually detail specific topics and misconfigurations and don’t offer…
Empowering weak primitives: file truncation to code execution with Git
https://ift.tt/jcEgFrX
Submitted February 28, 2023 at 09:24PM by monoimpact
via reddit https://ift.tt/fH21FR3
https://ift.tt/jcEgFrX
Submitted February 28, 2023 at 09:24PM by monoimpact
via reddit https://ift.tt/fH21FR3
Sonarsource
Empowering weak primitives: file truncation to code execution with Git
Let's dive into how a seemingly minor code vulnerability can hide a critical impact!
First steps in CHERIoT Security Research | MSRC Blog
https://ift.tt/ahWrjYU
Submitted February 28, 2023 at 11:19PM by unaligned_access
via reddit https://ift.tt/ZPXyuzi
https://ift.tt/ahWrjYU
Submitted February 28, 2023 at 11:19PM by unaligned_access
via reddit https://ift.tt/ZPXyuzi
Microsoft
First steps in CHERIoT Security Research | MSRC Blog
| Microsoft Security Response Center
| Microsoft Security Response Center
SCARLETEEL: Operation leveraging Terraform, Kubernetes, and AWS for data theft
https://ift.tt/G4Qkwmh
Submitted February 28, 2023 at 11:04PM by MiguelHzBz
via reddit https://ift.tt/dWgvl8a
https://ift.tt/G4Qkwmh
Submitted February 28, 2023 at 11:04PM by MiguelHzBz
via reddit https://ift.tt/dWgvl8a
Sysdig
SCARLETEEL: Operation leveraging Terraform, Kubernetes, and AWS for data theft – Sysdig
The Sysdig Threat Research Team recently discovered a sophisticated cloud operation in a customer environment, dubbed SCARLETEEL.
LastPass Breach - and your SSO
https://ift.tt/kR7p128
Submitted March 01, 2023 at 01:17AM by GelosSnake
via reddit https://ift.tt/kC1wKJX
https://ift.tt/kR7p128
Submitted March 01, 2023 at 01:17AM by GelosSnake
via reddit https://ift.tt/kC1wKJX
profero.io
LastPass Breach - and your SSO
New information coming out on LastPass breach
Indirect Prompt Injection on Bing Chat
https://ift.tt/bKLdCMZ
Submitted March 01, 2023 at 03:49PM by Gallus
via reddit https://ift.tt/6i7DGO4
https://ift.tt/bKLdCMZ
Submitted March 01, 2023 at 03:49PM by Gallus
via reddit https://ift.tt/6i7DGO4
Using JFrog Artifactory? Make sure it doesn't mistakenly expose your secrets, apparently it's not uncommon
https://ift.tt/zGSnOjB
Submitted March 01, 2023 at 03:17PM by roy_6472
via reddit https://ift.tt/028KLis
https://ift.tt/zGSnOjB
Submitted March 01, 2023 at 03:17PM by roy_6472
via reddit https://ift.tt/028KLis
Legitsecurity
Exposing Secrets Via SDLC Tools: The Artifactory Case
Legit Security | Our team investigated how sensitive information can get exposed via SDLC tools that may be used as part of your development pipeline.
Finding 10x+ Performance Improvements in C++ with CodeQL – Part 2/2 on Combining Dynamic and Static Analysis for Performance Optimisation
https://ift.tt/ZqadTwY
Submitted March 01, 2023 at 08:20PM by poltess0
via reddit https://ift.tt/95jxiTz
https://ift.tt/ZqadTwY
Submitted March 01, 2023 at 08:20PM by poltess0
via reddit https://ift.tt/95jxiTz
Sean Heelan's Blog
Finding 10x+ Performance Improvements in C++ with CodeQL – Part 2/2 on Combining Dynamic and Static Analysis for Performance Optimisation
In the previous post I advocated for building systems that combine static and dynamic analysis for performance optimisation. By doing so, we can build tools that are much more useful than those foc…
CI/CD secrets extraction, tips and tricks
https://ift.tt/dmuYoR8
Submitted March 01, 2023 at 09:01PM by Gallus
via reddit https://ift.tt/1YGHJ4p
https://ift.tt/dmuYoR8
Submitted March 01, 2023 at 09:01PM by Gallus
via reddit https://ift.tt/1YGHJ4p
Synacktiv
CI/CD secrets extraction, tips and tricks
Introduction CI/CD (Continuous Integration / Continuous Delivery) systems are becoming more and more popular today.