Obfuscating Rubeus using Codecepticon
https://ift.tt/sYOKgQe
Submitted March 05, 2023 at 05:40PM by h0wlett
via reddit https://ift.tt/uJCbRad
https://ift.tt/sYOKgQe
Submitted March 05, 2023 at 05:40PM by h0wlett
via reddit https://ift.tt/uJCbRad
Pavel Tsakalidis - Personal Blog
Obfuscating Rubeus using Codecepticon
How to use Codecepticon for obfuscating offensive security tooling, such as Rubeus
Lord Of The Ring0 - Part 4 is out!
https://ift.tt/ut3bOXR
Submitted March 05, 2023 at 05:35PM by Idov31
via reddit https://ift.tt/cnwEFdM
https://ift.tt/ut3bOXR
Submitted March 05, 2023 at 05:35PM by Idov31
via reddit https://ift.tt/cnwEFdM
idov31.github.io
Lord Of The Ring0 - Part 4 | The call back home - Ido Veltzman - Security Blog
PrologueIn the last blog post, we learned some debugging concepts, understood what is IOCTL how to handle it and started to learn how to validate the data th...
Polynonce A Novel Attack against ECDSA. Paper, Code, and associated Story
https://ift.tt/JuRxLfw
Submitted March 06, 2023 at 07:43PM by nhamiel
via reddit https://ift.tt/hCZnrQt
https://ift.tt/JuRxLfw
Submitted March 06, 2023 at 07:43PM by nhamiel
via reddit https://ift.tt/hCZnrQt
Kudelski Security Research
Polynonce: A Tale of a Novel ECDSA Attack and Bitcoin Tears
Introduction In this blog post, we tell a tale of how we discovered a novel attack against ECDSA and how we applied it to datasets we found in the wild, including the Bitcoin and Ethereum net…
Insecure Toyota CRM exposed Mexican customer information
https://ift.tt/4XMJghx
Submitted March 06, 2023 at 11:49PM by EatonZ
via reddit https://ift.tt/jeg7B3n
https://ift.tt/4XMJghx
Submitted March 06, 2023 at 11:49PM by EatonZ
via reddit https://ift.tt/jeg7B3n
Eaton-Works
Insecure Toyota CRM exposed Mexican customer information
Breaking into a Toyota CRM and exploiting it to view customer information.
Protecting Android clipboard content from unintended exposure
https://ift.tt/soEcAUp
Submitted March 06, 2023 at 11:27PM by SCI_Rusher
via reddit https://ift.tt/oQwqtv1
https://ift.tt/soEcAUp
Submitted March 06, 2023 at 11:27PM by SCI_Rusher
via reddit https://ift.tt/oQwqtv1
Microsoft Security Blog
Protecting Android clipboard content from unintended exposure | Microsoft Security Blog
Microsoft discovered that the SHEIN Android application periodically read the contents of the Android device clipboard and, if a particular pattern was present, sent the contents of the clipboard to a remote server.
Manipulating Encrypted Traffic using PyCript for Manual and Automation
https://ift.tt/6HPoIJQ
Submitted March 06, 2023 at 11:52PM by Ano_F
via reddit https://ift.tt/lLbyMQu
https://ift.tt/6HPoIJQ
Submitted March 06, 2023 at 11:52PM by Ano_F
via reddit https://ift.tt/lLbyMQu
Medium
Manipulating Encrypted Traffic using PyCript
Bypassing Client-Side Encryption with Burp Suite and PyCript
Harvesting Active Directory credentials via HTTP Request Smuggling
https://ift.tt/q0zWc6X
Submitted March 07, 2023 at 02:46PM by albinowax
via reddit https://ift.tt/79qkfKe
https://ift.tt/q0zWc6X
Submitted March 07, 2023 at 02:46PM by albinowax
via reddit https://ift.tt/79qkfKe
tij.me
Harvesting credentials via HTTP Request Smuggling
By abusing an HTTP Request Smuggling vulnerability on Outlook Web Access (OWA) for Exchange, it is possible to steal credentials of unsuspecting Active Directory users trying to authenticate to OWA.
Avoiding Single-Point-of-Failure and securing the Root Infrastructure: TCG TPM 2.0
https://ift.tt/DRJnAmO
Submitted March 07, 2023 at 04:40PM by hardenedvault
via reddit https://ift.tt/iVYqk7x
https://ift.tt/DRJnAmO
Submitted March 07, 2023 at 04:40PM by hardenedvault
via reddit https://ift.tt/iVYqk7x
hardenedvault.net
Avoiding Single-Point-of-Failure and securing the Root Infrastructure: TCG TPM 2.0
What is TCG TPM 2.0? Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2.
Persistence – Event Log Online Help
https://ift.tt/z76eYLG
Submitted March 07, 2023 at 09:45PM by netbiosX
via reddit https://ift.tt/k5fq8WU
https://ift.tt/z76eYLG
Submitted March 07, 2023 at 09:45PM by netbiosX
via reddit https://ift.tt/k5fq8WU
Penetration Testing Lab
Persistence – Event Log Online Help
Event viewer is a component of Microsoft Windows that displays information related to application, security, system and setup events. Even though that Event Viewer is used mainly for troubleshootin…
RCE in Implementations of SHA-3, SHAKE, EdDSA
https://ift.tt/iUSztM0
Submitted March 07, 2023 at 09:33PM by Definitely_not_gpt3
via reddit https://ift.tt/mJisGxz
https://ift.tt/iUSztM0
Submitted March 07, 2023 at 09:33PM by Definitely_not_gpt3
via reddit https://ift.tt/mJisGxz
Open-source Static Code Analysis tool with sensitive-data prioritization
https://ift.tt/tneogGy
Submitted March 07, 2023 at 10:42PM by rukhrunnin
via reddit https://ift.tt/L8WQjiE
https://ift.tt/tneogGy
Submitted March 07, 2023 at 10:42PM by rukhrunnin
via reddit https://ift.tt/L8WQjiE
GitHub
GitHub - Bearer/bearer: Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks. - GitHub - Bearer/bearer: Code security scanning tool (SAST) to discover, filter and prioritize sec...
Authentication Bypass Vulnerability in Mura CMS and Masa CMS
https://ift.tt/U2irJtZ
Submitted March 07, 2023 at 10:26PM by albinowax
via reddit https://ift.tt/APqKHbO
https://ift.tt/U2irJtZ
Submitted March 07, 2023 at 10:26PM by albinowax
via reddit https://ift.tt/APqKHbO
Blogspot
Authentication Bypass Vulnerability in Mura CMS and Masa CMS (CVE-2022-47003 and CVE-2022-47002)
Hoya Haxa: A Security Research Blog
I made a VS Code extension to view nmap results in a graph view. Helpful if you like to keep notes in MarkDown. Let me know what you think about it.
https://ift.tt/mHLC6XA
Submitted March 07, 2023 at 10:51PM by marduc812
via reddit https://ift.tt/NV8cDWT
https://ift.tt/mHLC6XA
Submitted March 07, 2023 at 10:51PM by marduc812
via reddit https://ift.tt/NV8cDWT
Visualstudio
Nmap Peek - Visual Studio Marketplace
Extension for Visual Studio Code - View your nmap output inside VS Code, in a nice clean GUI
Using Subnet Filtering for Enhanced SSRF Protection
https://ift.tt/ecvk4Ix
Submitted March 08, 2023 at 01:28AM by SvixKen
via reddit https://ift.tt/kFAplo0
https://ift.tt/ecvk4Ix
Submitted March 08, 2023 at 01:28AM by SvixKen
via reddit https://ift.tt/kFAplo0
TIL authorization/access control is the top source of developer tech debt in addition to being No. 1 on the OWASP top 10.
https://ift.tt/qaLfyhP
Submitted March 08, 2023 at 06:25AM by SoftlyCourteous66
via reddit https://ift.tt/jwHWiNS
https://ift.tt/qaLfyhP
Submitted March 08, 2023 at 06:25AM by SoftlyCourteous66
via reddit https://ift.tt/jwHWiNS
Dev Interrupted
Solving the Enduring Pain of Authorization w/ Aserto’s Co-founder & CEO, Omri Gazitt
Whether you're at a startup, enterprise, or something in between, authorization and access control are likely major pain points for your team. This week on Dev Interrupted we talk to Omri Gazitt, co-founder and CEO of Aserto. Omri joins us to chat about the…
Chat GPT gets its first bug bounty
https://ift.tt/Um86Ar0
Submitted March 08, 2023 at 10:25AM by MenuParking7693
via reddit https://ift.tt/nmquOL6
https://ift.tt/Um86Ar0
Submitted March 08, 2023 at 10:25AM by MenuParking7693
via reddit https://ift.tt/nmquOL6
Hack Watcher
ChatGPT claims $650 bug bounty
codeblue29, a member of Youtube channel Null:404 Cyber Security used ChatGPT to make malware to test various EDR solutions in an effort to find...
Persistence – Event Log Online Help
https://ift.tt/z76eYLG
Submitted March 08, 2023 at 02:08PM by netbiosX
via reddit https://ift.tt/MsZGcgP
https://ift.tt/z76eYLG
Submitted March 08, 2023 at 02:08PM by netbiosX
via reddit https://ift.tt/MsZGcgP
Penetration Testing Lab
Persistence – Event Log Online Help
Event viewer is a component of Microsoft Windows that displays information related to application, security, system and setup events. Even though that Event Viewer is used mainly for troubleshootin…
Beating an old PHP source code protector
https://ift.tt/PILbvc0
Submitted March 08, 2023 at 05:40PM by gid0rah
via reddit https://ift.tt/EDwrPox
https://ift.tt/PILbvc0
Submitted March 08, 2023 at 05:40PM by gid0rah
via reddit https://ift.tt/EDwrPox
Beating an old PHP source code protector |
Beating an old PHP source code protector | AdeptsOf0xCC
Article describing how to decode/decrypt source code protected with Nu-Coder
ESXi Ransomware – A case study of Royal Ransomware
https://ift.tt/a4A7vZG
Submitted March 08, 2023 at 06:32PM by CyberMasterV
via reddit https://ift.tt/TrvYjkD
https://ift.tt/a4A7vZG
Submitted March 08, 2023 at 06:32PM by CyberMasterV
via reddit https://ift.tt/TrvYjkD
Security Scorecard
Royal Ransomware exploiting ESXi whitepaper
Fog of War - How the Ukraine Conflict Transformed the Cyber Threat Landscape
https://ift.tt/adBXl9U
Submitted March 08, 2023 at 08:05PM by mycall
via reddit https://ift.tt/lxctUhf
https://ift.tt/adBXl9U
Submitted March 08, 2023 at 08:05PM by mycall
via reddit https://ift.tt/lxctUhf
CorePlague: Severe Vulnerabilities in Jenkins Server Lead to Remote Code Execution
https://ift.tt/1ZnrjCh
Submitted March 08, 2023 at 09:38PM by ilay789
via reddit https://ift.tt/EvD0Cmi
https://ift.tt/1ZnrjCh
Submitted March 08, 2023 at 09:38PM by ilay789
via reddit https://ift.tt/EvD0Cmi
Aqua
CorePlague: Critical Vulnerabilities in Jenkins Server Lead to RCE
Aqua Research revealed a chain of vulnerabilities CVE-2023-27898, CVE-2023-27905 in Jenkins Server & Update Center which could lead to a complete compromise