Nonsense, mayhem, browser security, CSRF, and CORS - Part 1
https://ift.tt/krGoP7Y
Submitted March 16, 2023 at 11:57AM by arnc_cryptid
via reddit https://ift.tt/zYfHCy8
https://ift.tt/krGoP7Y
Submitted March 16, 2023 at 11:57AM by arnc_cryptid
via reddit https://ift.tt/zYfHCy8
kernelpanic.cryptid.fr
Nonsense, mayhem, browser security, CSRF, and CORS - Part 1 | kernel panic
Keep calm and grab a shell
NPM request Library SSRF Cross Protocol Redirect Bypass
https://ift.tt/7su5zxk
Submitted March 16, 2023 at 06:45PM by nibblesec
via reddit https://ift.tt/s8IAwC1
https://ift.tt/7su5zxk
Submitted March 16, 2023 at 06:45PM by nibblesec
via reddit https://ift.tt/s8IAwC1
Doyensec
SSRF Cross Protocol Redirect Bypass · Doyensec's Blog
Doyensec's Blog :: Doyensec is an independent security research and development company focused on vulnerability discovery and remediation.
Rapid7 Vulnerability Intelligence Report Webcast - today at 11am PDT / 2pm EDT
https://ift.tt/1VtSuGY
Submitted March 16, 2023 at 08:17PM by iagox86
via reddit https://ift.tt/qzdFGMO
https://ift.tt/1VtSuGY
Submitted March 16, 2023 at 08:17PM by iagox86
via reddit https://ift.tt/qzdFGMO
Rapid7
2022 Vulnerability Intelligence Report Webcast
Rapid7’s Vulnerability Intelligence Report is an annual research report that highlights CVE exploitation trends, explores attacker use cases, and offers a practical framework for risk-based vulnerability prioritization. With the release of a new edition of…
Smart Contracts Security: Exploring Common Bugs
https://ift.tt/Qs9nvyM
Submitted March 16, 2023 at 08:00PM by kobsoN
via reddit https://ift.tt/b3MFJfU
https://ift.tt/Qs9nvyM
Submitted March 16, 2023 at 08:00PM by kobsoN
via reddit https://ift.tt/b3MFJfU
Introducing "safe npm" – magical NPM wrapper to protect developers from malware
https://ift.tt/nm5cTu6
Submitted March 17, 2023 at 12:46AM by feross
via reddit https://ift.tt/lfhotGB
https://ift.tt/nm5cTu6
Submitted March 17, 2023 at 12:46AM by feross
via reddit https://ift.tt/lfhotGB
Socket
Introducing "safe npm", a Socket npm Wrapper - Socket
Socket is proud to introduce an exciting new tool—“safe npm”—that protects developers whenever they use npm install.
Debugging D-Link: Emulating firmware and hacking hardware
https://ift.tt/xQEfbpM
Submitted March 17, 2023 at 01:08AM by netsecfriends
via reddit https://ift.tt/6ZOlehK
https://ift.tt/xQEfbpM
Submitted March 17, 2023 at 01:08AM by netsecfriends
via reddit https://ift.tt/6ZOlehK
www.greynoise.io
Debugging D-Link: Emulating firmware and hacking hardware
GreyNoise researchers explain the process of how attackers gain footholds in organizations via exploiting weaknesses in device firmware, with a practical, working example of exploiting several vulnerabilities in D-Link routers.
Surveying Software Supply Chain Security
https://ift.tt/vyq2No8
Submitted March 17, 2023 at 03:27AM by pmz
via reddit https://ift.tt/ySwRkIJ
https://ift.tt/vyq2No8
Submitted March 17, 2023 at 03:27AM by pmz
via reddit https://ift.tt/ySwRkIJ
www.i-programmer.info
Surveying Software Supply Chain Security
Programming book reviews, programming tutorials,programming news, C#, Ruby, Python,C, C++, PHP, Visual Basic, Computer book reviews, computer history, programming history, joomla, theory, spreadsheets and more.
Adversary Simulation with Voice Cloning in Real Time, Part 1
https://ift.tt/lWHoG8f
Submitted March 17, 2023 at 09:06AM by kerberoast
via reddit https://ift.tt/uWfypFb
https://ift.tt/lWHoG8f
Submitted March 17, 2023 at 09:06AM by kerberoast
via reddit https://ift.tt/uWfypFb
Threat Blog
Adversary Simulation with Voice Cloning in Real Time, Part 1
Every day, blog posts and news articles warn us about the danger of artificial intelligence (AI) and how the technology behind it can be used by criminals to perform sophisticated attacks.
Our clients often ask, “Should we be worried?” Emerging technology…
Our clients often ask, “Should we be worried?” Emerging technology…
How to Google Dork a Specific Website for Hacking
https://ift.tt/dgeRDjK
Submitted March 17, 2023 at 05:43PM by josh252
via reddit https://ift.tt/TeiF1HA
https://ift.tt/dgeRDjK
Submitted March 17, 2023 at 05:43PM by josh252
via reddit https://ift.tt/TeiF1HA
StationX
How to Google Dork a Specific Website for Hacking
Not sure how to Google dork a specific website? Read this article to learn what Google dorking is, how to Google dork, and issues to pay attention to.
Chaos Malware - Persistence and Evasion Techniques
https://ift.tt/DEhARlo
Submitted March 17, 2023 at 07:39PM by MiguelHzBz
via reddit https://ift.tt/S3i1Y6C
https://ift.tt/DEhARlo
Submitted March 17, 2023 at 07:39PM by MiguelHzBz
via reddit https://ift.tt/S3i1Y6C
Sysdig
Chaos Malware Quietly Evolves Persistence and Evasion Techniques – Sysdig
We will go through the analysis of chaos malware based on our captured attacks with an emphasis on persistence techniques.
OpenSIPS Security Audit Report is fully disclosed and out there (VoIP security)
https://ift.tt/7l1gFoa
Submitted March 17, 2023 at 07:25PM by EnableSecurity
via reddit https://ift.tt/eBqgiSA
https://ift.tt/7l1gFoa
Submitted March 17, 2023 at 07:25PM by EnableSecurity
via reddit https://ift.tt/eBqgiSA
Enablesecurity
OpenSIPS Security Audit Report is fully disclosed and out there
The full OpenSIPS Security Audit report is published, with all details on how to reproduce the vulnerabilities found, root cause analysis and methodology used
18 Remote and Silent Zero Day RCEs/Baseband Exploits for Samsung Exynos
https://ift.tt/NHqQTho
Submitted March 17, 2023 at 04:40AM by BinkReddit
via reddit https://ift.tt/aEYZ1sN
https://ift.tt/NHqQTho
Submitted March 17, 2023 at 04:40AM by BinkReddit
via reddit https://ift.tt/aEYZ1sN
Blogspot
Multiple Internet to Baseband Remote Code Execution Vulnerabilities in Exynos Modems
Posted by Tim Willis, Project Zero Note: Until security updates are available, users who wish to protect themselves from the baseband ...
Bypassing PPL in userland again
https://ift.tt/YgsSzWC
Submitted March 17, 2023 at 09:35PM by IIIWeedWizard420III
via reddit https://ift.tt/vG8nPSm
https://ift.tt/YgsSzWC
Submitted March 17, 2023 at 09:35PM by IIIWeedWizard420III
via reddit https://ift.tt/vG8nPSm
Undocumented behavior change in Android 10: mode "w" no longer truncates
https://ift.tt/QXISPfC
Submitted March 18, 2023 at 06:10PM by Gallus
via reddit https://ift.tt/F2wOx5Y
https://ift.tt/QXISPfC
Submitted March 18, 2023 at 06:10PM by Gallus
via reddit https://ift.tt/F2wOx5Y
VBA: resolving exports in runtime without NtQueryInformationProcess or GetProcAddress
https://ift.tt/RBj2Z4X
Submitted March 18, 2023 at 10:28PM by gid0rah
via reddit https://ift.tt/8Z62Upv
https://ift.tt/RBj2Z4X
Submitted March 18, 2023 at 10:28PM by gid0rah
via reddit https://ift.tt/8Z62Upv
VBA: resolving exports in runtime without NtQueryInformationProcess or GetProcAddress |
VBA: resolving exports in runtime without NtQueryInformationProcess or GetProcAddress | AdeptsOf0xCC
Combination of small snippets of code to simulate getprocaddress avoiding dangerous functions
'Acropalypse' vulnerability recovers cropped screenshots on all Google Pixel phones
https://ift.tt/DhiSk5B
Submitted March 19, 2023 at 04:31AM by knoy
via reddit https://ift.tt/9PobnLG
https://ift.tt/DhiSk5B
Submitted March 19, 2023 at 04:31AM by knoy
via reddit https://ift.tt/9PobnLG
Armadillophone
Acropalypse vulnerability reveals your screenshots
Your phone is under constant attack from criminals, corporations and foreign governments.
Large monthly list of popular websites, extracted from Chrome UX Reports
https://ift.tt/tgzr7sI
Submitted March 19, 2023 at 03:18PM by neathack
via reddit https://ift.tt/fNubjcz
https://ift.tt/tgzr7sI
Submitted March 19, 2023 at 03:18PM by neathack
via reddit https://ift.tt/fNubjcz
GitHub
GitHub - crissyfield/crux-dumps: 📝 This repository contains dumps of the monthly "Chrome UX Report" (CrUX) datasets.
📝 This repository contains dumps of the monthly "Chrome UX Report" (CrUX) datasets. - GitHub - crissyfield/crux-dumps: 📝 This repository contains dumps of the monthly "Ch...
Got my OSCP!
https://ift.tt/x4NGcsP
Submitted March 19, 2023 at 06:02PM by andy-codes
via reddit https://ift.tt/etWXuRL
https://ift.tt/x4NGcsP
Submitted March 19, 2023 at 06:02PM by andy-codes
via reddit https://ift.tt/etWXuRL
Bitwarden PINs can be brute-forced, a how-to and reason for stronger master passwords.
https://ift.tt/10GmJ5A
Submitted March 19, 2023 at 09:55PM by AverageCowboyCentaur
via reddit https://ift.tt/x2nGzjs
https://ift.tt/10GmJ5A
Submitted March 19, 2023 at 09:55PM by AverageCowboyCentaur
via reddit https://ift.tt/x2nGzjs
Obfuscating WebAssembly using Emnoscripten with an LLVM-based obfuscator
https://ift.tt/GkWhQR2
Submitted March 20, 2023 at 01:23PM by Hawkis98
via reddit https://ift.tt/YApPODq
https://ift.tt/GkWhQR2
Submitted March 20, 2023 at 01:23PM by Hawkis98
via reddit https://ift.tt/YApPODq
GitHub
GitHub - HakonHarnes/emcc-obf: Modified Emnoscripten compiler with LLVM-level obfuscation
Modified Emnoscripten compiler with LLVM-level obfuscation - HakonHarnes/emcc-obf
Bypassing CloudTrail in AWS Service Catalog, and Other Logging Research | Datadog Security Labs
https://ift.tt/WuEm5J4
Submitted March 20, 2023 at 07:39PM by RedTermSession
via reddit https://ift.tt/NTl051P
https://ift.tt/WuEm5J4
Submitted March 20, 2023 at 07:39PM by RedTermSession
via reddit https://ift.tt/NTl051P
Datadoghq
Bypassing CloudTrail in AWS Service Catalog, and Other Logging Research
Public disclosure of CloudTrail bypass in AWS Service Catalog and other logging research.