Fixing cringeworthy bugs in the OpenBSD console code
https://ift.tt/8WIypHr
Submitted March 11, 2023 at 07:35AM by Gallus
via reddit https://ift.tt/Q3N65uI
https://ift.tt/8WIypHr
Submitted March 11, 2023 at 07:35AM by Gallus
via reddit https://ift.tt/Q3N65uI
WebGL fuzzer based on IDL definition by @ant4g0nist
https://ift.tt/Z6DHuKk
Submitted March 11, 2023 at 04:36PM by ant4g0nist
via reddit https://ift.tt/WtyBQJF
https://ift.tt/Z6DHuKk
Submitted March 11, 2023 at 04:36PM by ant4g0nist
via reddit https://ift.tt/WtyBQJF
GitHub
GitHub - ant4g0nist/webgl-fuzzer: WebGL fuzzer
WebGL fuzzer. Contribute to ant4g0nist/webgl-fuzzer development by creating an account on GitHub.
A Comprehensive Synopsis of 217 Subdomain Takeover Reports - by Cyjax researcher @_nynan
https://ift.tt/ZOWHoNx
Submitted March 11, 2023 at 06:13PM by ObscureError
via reddit https://ift.tt/ALKV9wB
https://ift.tt/ZOWHoNx
Submitted March 11, 2023 at 06:13PM by ObscureError
via reddit https://ift.tt/ALKV9wB
Cyjax
A comprehensive synopsis of 217 subdomain takeover reports
We are living in extraordinary times. Global conflict has moved from peace time to war footing which is being enhanced by civilian armies of ‘pseudo authorised and encouraged’ cyber volunteers. In addition to this merger between civilian and military, the…
🏄♂️ ProtoDeep - Decode and analyze protobuf efficiently
https://ift.tt/R1yCBm4
Submitted March 11, 2023 at 08:22PM by mxrchreborn
via reddit https://ift.tt/y9GE1MI
https://ift.tt/R1yCBm4
Submitted March 11, 2023 at 08:22PM by mxrchreborn
via reddit https://ift.tt/y9GE1MI
GitHub
GitHub - mxrch/ProtoDeep: 🏄♂️ Decode and analyze protobuf efficiently.
🏄♂️ Decode and analyze protobuf efficiently. Contribute to mxrch/ProtoDeep development by creating an account on GitHub.
Crawlector - A threat hunting framework designed for scanning websites for malicious objects.
https://ift.tt/8b3mER5
Submitted March 12, 2023 at 03:58AM by MFMokbel
via reddit https://ift.tt/4peKWnC
https://ift.tt/8b3mER5
Submitted March 12, 2023 at 03:58AM by MFMokbel
via reddit https://ift.tt/4peKWnC
GitHub
GitHub - MFMokbel/Crawlector: Crawlector is a threat hunting framework designed for scanning websites for malicious objects.
Crawlector is a threat hunting framework designed for scanning websites for malicious objects. - GitHub - MFMokbel/Crawlector: Crawlector is a threat hunting framework designed for scanning website...
New Cosmos Blockchain API DoS
https://ift.tt/lM5TJze
Submitted March 12, 2023 at 06:31AM by SharpAd1823
via reddit https://ift.tt/2ILPvHX
https://ift.tt/lM5TJze
Submitted March 12, 2023 at 06:31AM by SharpAd1823
via reddit https://ift.tt/2ILPvHX
Livejournal
New Cosmos Blockchain API DoS
Author : https://twitter.com/123456 A critical remote Denial-of-Service (DoS) vulnerability has been identified in Tendermint, which currently serves as the underlying technology powering a significant portion of the blockchain APIs in the Cosmos ecosystem.…
Clipchamp ( Microsoft Office Product) - Google IAP Authorization bypass allowed access to Internal Environment Leading to Zero Interaction Account takeover
https://ift.tt/l1r2BdK
Submitted March 12, 2023 at 04:34PM by vikzsharma
via reddit https://ift.tt/hdSoXBu
https://ift.tt/l1r2BdK
Submitted March 12, 2023 at 04:34PM by vikzsharma
via reddit https://ift.tt/hdSoXBu
Agilehunt
Clipchamp ( Microsoft Office Product) - Google IAP Authorization bypass allowed access to Internal Environment Leading to Zero…
Before getting started reported product Clipchamp is not under the scope for MSRC bug bounty rewards so don't waste your precious time on this asset if monetary reward is your goal.
Vulnerability Denoscription
While the security research and analyzing the assets…
Vulnerability Denoscription
While the security research and analyzing the assets…
Pinduoduo malicious code sample and sheller
https://ift.tt/q6823zb
Submitted March 13, 2023 at 09:50AM by sysadminsith
via reddit https://ift.tt/OCFzLvI
https://ift.tt/q6823zb
Submitted March 13, 2023 at 09:50AM by sysadminsith
via reddit https://ift.tt/OCFzLvI
GitHub
GitHub - davinci1012/pinduoduo_backdoor_unpacker: Samples and Unpacker of malicious backdoors and exploits developed and used by…
Samples and Unpacker of malicious backdoors and exploits developed and used by Pinduoduo - GitHub - davinci1012/pinduoduo_backdoor_unpacker: Samples and Unpacker of malicious backdoors and exploits...
Persistence – Context Menu
https://ift.tt/qdnKcxs
Submitted March 13, 2023 at 09:11PM by netbiosX
via reddit https://ift.tt/tfZSi14
https://ift.tt/qdnKcxs
Submitted March 13, 2023 at 09:11PM by netbiosX
via reddit https://ift.tt/tfZSi14
Penetration Testing Lab
Persistence – Context Menu
Context menu provides shortcuts to the user in order to perform a number of actions. The context menu is invoked with a right mouse click and it is a very common action for every Windows user. In o…
DEV-1101 enables high-volume AiTM campaigns with open-source phishing kit
https://ift.tt/Jym1Bcg
Submitted March 13, 2023 at 09:52PM by SCI_Rusher
via reddit https://ift.tt/7WOYanP
https://ift.tt/Jym1Bcg
Submitted March 13, 2023 at 09:52PM by SCI_Rusher
via reddit https://ift.tt/7WOYanP
Microsoft Security Blog
DEV-1101 enables high-volume AiTM campaigns with open-source phishing kit | Microsoft Security Blog
DEV-1101 is an actor tracked by Microsoft responsible for the development, support, and advertising of several AiTM phishing kits, including an open-source kit capable of circumventing MFA through reverse-proxy functionality.
Vendor Acknowledges Smart Intercom RCE Vulns
https://ift.tt/zO2tI1q
Submitted March 14, 2023 at 01:01AM by derp6996
via reddit https://ift.tt/w4PdGFW
https://ift.tt/zO2tI1q
Submitted March 14, 2023 at 01:01AM by derp6996
via reddit https://ift.tt/w4PdGFW
Claroty
Akuvox Smart Intercom Vulnerabilities Leave Privacy Ajar
Some new job openings I did not expect at Mercedes Benz
https://ift.tt/OHz0f19
Submitted March 14, 2023 at 01:00AM by Imaginary-Yogurt-237
via reddit https://ift.tt/SW6qM3A
https://ift.tt/OHz0f19
Submitted March 14, 2023 at 01:00AM by Imaginary-Yogurt-237
via reddit https://ift.tt/SW6qM3A
Dissecting Exfiltrator-22: A Post-Exploitation Framework
https://ift.tt/iRs3UvE
Submitted March 14, 2023 at 11:10AM by navneetmuffin
via reddit https://ift.tt/6QLeiFl
https://ift.tt/iRs3UvE
Submitted March 14, 2023 at 11:10AM by navneetmuffin
via reddit https://ift.tt/6QLeiFl
Dolibarr ERP/CRM 16.x is vulnerable to a pre-auth customer database theft
https://ift.tt/sjO2HEL
Submitted March 14, 2023 at 12:25PM by qwerty0x41
via reddit https://ift.tt/aUxl6Rg
https://ift.tt/sjO2HEL
Submitted March 14, 2023 at 12:25PM by qwerty0x41
via reddit https://ift.tt/aUxl6Rg
"Understanding a Payload's Life (featuring Meterpreter & other guests)". Understanding the life of a Meterpreter payload from its generation to its execution. How all the pieces fit together!
https://ift.tt/lREK8L5
Submitted March 14, 2023 at 01:58PM by attl4s
via reddit https://ift.tt/NuVWdq4
https://ift.tt/lREK8L5
Submitted March 14, 2023 at 01:58PM by attl4s
via reddit https://ift.tt/NuVWdq4
Kali Linux 2023.1 introduces 'Purple' distro for defensive security
https://ift.tt/dowJu6H
Submitted March 14, 2023 at 04:25PM by MrNobody136
via reddit https://ift.tt/9BIgRf0
https://ift.tt/dowJu6H
Submitted March 14, 2023 at 04:25PM by MrNobody136
via reddit https://ift.tt/9BIgRf0
GitLab
Home · Wiki · Kali Linux / kali-purple / Documentation · GitLab
The ultimate SOC-in-a-box community project
Bootkit Showcase: Real-World Examples of Infrastructure Security Threats
https://ift.tt/H80brGl
Submitted March 14, 2023 at 04:56PM by hardenedvault
via reddit https://ift.tt/BlUXEg2
https://ift.tt/H80brGl
Submitted March 14, 2023 at 04:56PM by hardenedvault
via reddit https://ift.tt/BlUXEg2
GitHub
bootkit-samples/README.md at master · hardenedvault/bootkit-samples
Bootkit sample for firmware attack. Contribute to hardenedvault/bootkit-samples development by creating an account on GitHub.
I have compiled a list of common methods people use to attempt to access accounts based on my research. It would be greatly appreciated if you could provide your feedback on the list. Thank you!
https://ift.tt/aBbAqyj
Submitted March 14, 2023 at 06:40PM by Kinsleynkt
via reddit https://ift.tt/RSCX9sw
https://ift.tt/aBbAqyj
Submitted March 14, 2023 at 06:40PM by Kinsleynkt
via reddit https://ift.tt/RSCX9sw
9 Types of Password Attacks and How to Stop Them | MojoAuth Blog
Passwords are a common form of authentication and are used to grant access to online accounts, devices, and other resources. However, passwords are also a common target for attackers, who may use a variety of techniques to try to guess or capture them. This…
Vulnerabilities in the TPM 2.0 reference implementation code
https://ift.tt/a2nMhp1
Submitted March 14, 2023 at 06:19PM by guedou
via reddit https://ift.tt/pfbLF83
https://ift.tt/a2nMhp1
Submitted March 14, 2023 at 06:19PM by guedou
via reddit https://ift.tt/pfbLF83
Quarkslab
Vulnerabilities in the TPM 2.0 reference implementation code
Examining OpenSSH Sandboxing and Privilege Separation – Attack Surface Analysis
https://ift.tt/8EvFmKh
Submitted March 14, 2023 at 10:43PM by n0llbyte
via reddit https://ift.tt/1VuXlYj
https://ift.tt/8EvFmKh
Submitted March 14, 2023 at 10:43PM by n0llbyte
via reddit https://ift.tt/1VuXlYj
JFrog
OpenSSH Privilege Separation and Sandbox - Attack Surface Analysis
An in-depth analysis of OpenSSH's attack surface and security measures. Read our research findings and analysis >
Exploiting CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability
https://ift.tt/Tv7AxmX
Submitted March 15, 2023 at 06:55AM by Gallus
via reddit https://ift.tt/gcBMiFl
https://ift.tt/Tv7AxmX
Submitted March 15, 2023 at 06:55AM by Gallus
via reddit https://ift.tt/gcBMiFl
MDSec
Exploiting CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability - MDSec
Date: 14th March 2023 Today saw Microsoft patch an interesting vulnerability in Microsoft Outlook. The vulnerability is described as follows: Microsoft Office Outlook contains a privilege escalation vulnerability that allows...