Pwning Pixel 6 with a leftover patch
https://ift.tt/oHze5Kt
Submitted April 07, 2023 at 03:30AM by Titokhan
via reddit https://ift.tt/U6543iw
https://ift.tt/oHze5Kt
Submitted April 07, 2023 at 03:30AM by Titokhan
via reddit https://ift.tt/U6543iw
The GitHub Blog
Pwning Pixel 6 with a leftover patch | The GitHub Blog
In this post, I’ll look at a security-related change in version r40p0 of the Arm Mali driver that was AWOL in the January update of the Pixel bulletin, where other patches from r40p0 was applied, and how these two lines of changes can be exploited to gain…
A Follow-up to the Exploit-DB and 0day.today Comparison
https://ift.tt/YDp5f1r
Submitted April 07, 2023 at 08:39PM by chicksdigthelongrun
via reddit https://ift.tt/5wOLNpJ
https://ift.tt/YDp5f1r
Submitted April 07, 2023 at 08:39PM by chicksdigthelongrun
via reddit https://ift.tt/5wOLNpJ
A Follow-up to the Exploit-DB and 0day.today Comparison - Blog - VulnCheck
Following reader suggestions, we take a deeper look at the types of vulnerabilities in the Exploit-DB and 0day.today exploit databases. We also examine exploit attack vectors and find out how many of the exploits have been used in the wild.
I wrote a thing! - How AI is revolutionizing infosec offensively and defensively.
https://ift.tt/3t80g5r
Submitted April 07, 2023 at 08:03PM by jat0369
via reddit https://ift.tt/npbHSwI
https://ift.tt/3t80g5r
Submitted April 07, 2023 at 08:03PM by jat0369
via reddit https://ift.tt/npbHSwI
Cyberark
AI, ChatGPT and Identity Security’s Critical Human Element
In 1999, a far-fetched movie about a dystopia run by intelligent machines captured our imaginations (and to this day, remains my favorite film). Twenty-four years later, the line between fact and...
MERCURY and DEV-1084: Destructive attack on hybrid environment
https://ift.tt/2DbpQ8x
Submitted April 07, 2023 at 11:40PM by SCI_Rusher
via reddit https://ift.tt/GC8ZKTP
https://ift.tt/2DbpQ8x
Submitted April 07, 2023 at 11:40PM by SCI_Rusher
via reddit https://ift.tt/GC8ZKTP
Microsoft Security Blog
MERCURY and DEV-1084: Destructive attack on hybrid environment | Microsoft Security Blog
Microsoft detected a unique operation where threat actors carried out destructive actions in both on-premises and cloud environments.
/r/netsec's Q2 2023 Information Security Hiring Thread
OverviewIf you have open positions at your company for information security professionals and would like to hire from the /r/netsec user base, please leave a comment detailing any open job listings at your company.We would also like to encourage you to post internship positions as well. Many of our readers are currently in school or are just finishing their education.Please reserve top level comments for those posting open positions.Rules & GuidelinesInclude the company name in the post. If you want to be topsykret, go recruit elsewhere. Include the geographic location of the position along with the availability of relocation assistance or remote work.If you are a third party recruiter, you must disclose this in your posting.Please be thorough and upfront with the position details.Use of non-hr'd (realistic) requirements is encouraged.While it's fine to link to the position on your companies website, provide the important details in the comment.Mention if applicants should apply officially through HR, or directly through you.Please clearly list citizenship, visa, and security clearance requirements.You can see an example of acceptable posts by perusing past hiring threads.FeedbackFeedback and suggestions are welcome, but please don't hijack this thread (use moderator mail instead.)
Submitted April 08, 2023 at 12:37AM by ranok
via reddit https://ift.tt/TrmxgPd
OverviewIf you have open positions at your company for information security professionals and would like to hire from the /r/netsec user base, please leave a comment detailing any open job listings at your company.We would also like to encourage you to post internship positions as well. Many of our readers are currently in school or are just finishing their education.Please reserve top level comments for those posting open positions.Rules & GuidelinesInclude the company name in the post. If you want to be topsykret, go recruit elsewhere. Include the geographic location of the position along with the availability of relocation assistance or remote work.If you are a third party recruiter, you must disclose this in your posting.Please be thorough and upfront with the position details.Use of non-hr'd (realistic) requirements is encouraged.While it's fine to link to the position on your companies website, provide the important details in the comment.Mention if applicants should apply officially through HR, or directly through you.Please clearly list citizenship, visa, and security clearance requirements.You can see an example of acceptable posts by perusing past hiring threads.FeedbackFeedback and suggestions are welcome, but please don't hijack this thread (use moderator mail instead.)
Submitted April 08, 2023 at 12:37AM by ranok
via reddit https://ift.tt/TrmxgPd
Nonsense, mayhem, SameSite, cors and CSRF - Part 2
https://ift.tt/HIgBGfK
Submitted April 08, 2023 at 02:46PM by arnc_cryptid
via reddit https://ift.tt/CbHt9Qo
https://ift.tt/HIgBGfK
Submitted April 08, 2023 at 02:46PM by arnc_cryptid
via reddit https://ift.tt/CbHt9Qo
kernelpanic.cryptid.fr
Nonsense, mayhem, browser security, CSRF, and CORS - Part 2 | kernel panic
Keep calm and grab a shell
Vulnerable version of WordPress that is provided monthly.
https://ift.tt/rmLVnFQ
Submitted April 08, 2023 at 06:37PM by seyyid_
via reddit https://ift.tt/sihYLr7
https://ift.tt/rmLVnFQ
Submitted April 08, 2023 at 06:37PM by seyyid_
via reddit https://ift.tt/sihYLr7
GitHub
GitHub - onhexgroup/Vulnerable-WordPress: Vulnerable version of WordPress that is provided monthly.
Vulnerable version of WordPress that is provided monthly. - GitHub - onhexgroup/Vulnerable-WordPress: Vulnerable version of WordPress that is provided monthly.
Using Python to Operate in EDR blind spots
https://ift.tt/5XNmAOY
Submitted April 08, 2023 at 07:12PM by naksyn_
via reddit https://ift.tt/5J2KLjI
https://ift.tt/5XNmAOY
Submitted April 08, 2023 at 07:12PM by naksyn_
via reddit https://ift.tt/5J2KLjI
GitHub
GitHub - naksyn/Pyramid: a tool to help operate in EDRs' blind spots
a tool to help operate in EDRs' blind spots. Contribute to naksyn/Pyramid development by creating an account on GitHub.
🚀 Cilium Tetragon - eBPF-based Security Observability and Runtime Enforcement in Kubernetes Goat 🐐
https://ift.tt/CTzNAgS
Submitted April 09, 2023 at 12:09AM by madhuakula
via reddit https://ift.tt/wT9yt7q
https://ift.tt/CTzNAgS
Submitted April 09, 2023 at 12:09AM by madhuakula
via reddit https://ift.tt/wT9yt7q
Madhuakula
⎈ Cilium Tetragon - eBPF-based Security Observability and Runtime Enforcement | Kubernetes Goat
Learn to monitor, detect and enforce the runtime security using eBPF-based Cilium Tetragon in the Kubernetes Clusters - Kubernetes Goat Scenario 🚀
Bridging the gap between infosec and the IT Teams
https://ift.tt/hnyX3AR
Submitted April 09, 2023 at 06:22PM by pageup83
via reddit https://ift.tt/dOBvk2h
https://ift.tt/hnyX3AR
Submitted April 09, 2023 at 06:22PM by pageup83
via reddit https://ift.tt/dOBvk2h
Securing Kubernetes Clusters using Kyverno Policy Engine - New Kubernetes Goat Scenario 🚀
https://ift.tt/bfwrK80
Submitted April 09, 2023 at 10:28PM by madhuakula
via reddit https://ift.tt/xQHC6T0
https://ift.tt/bfwrK80
Submitted April 09, 2023 at 10:28PM by madhuakula
via reddit https://ift.tt/xQHC6T0
Madhuakula
⎈ Securing Kubernetes Clusters using Kyverno Policy Engine | Kubernetes Goat
Use Kyverno policy engine to validate, mutate, generate the Kubernetes cluster resources. We create policies to prevent insecure patterns and build secure guardrails - Kubernetes Goat Scenario 🚀
Catching Threat Actors using honeypots
https://ift.tt/CaVtexU
Submitted April 10, 2023 at 06:49AM by TachiPy
via reddit https://ift.tt/EBRD2OU
https://ift.tt/CaVtexU
Submitted April 10, 2023 at 06:49AM by TachiPy
via reddit https://ift.tt/EBRD2OU
Burningmalware Security Research
Catching Threat Actors using honeypots! (Part1)
In this post we will discuss how to set up honeypots to catch some nasty Threat Actors!
Tool to Decrypt Chrome, Firefox and Edge login information
https://ift.tt/q6hOXFy
Submitted April 10, 2023 at 06:46AM by Affectionate-Bed4878
via reddit https://ift.tt/mDg2N6X
https://ift.tt/q6hOXFy
Submitted April 10, 2023 at 06:46AM by Affectionate-Bed4878
via reddit https://ift.tt/mDg2N6X
MediaFire
CollectAndDecrypt
Programs that can collect the user credentials for Google Chrome, Mozilla Firefox and Microsoft Edge and decrypt them then save the decrypted output to .txt files - Lukey J
Building a Budget Red Team Implant for Fun
https://ift.tt/JnyUMp5
Submitted April 10, 2023 at 03:01PM by Fedorable_One
via reddit https://ift.tt/eAWvjIL
https://ift.tt/JnyUMp5
Submitted April 10, 2023 at 03:01PM by Fedorable_One
via reddit https://ift.tt/eAWvjIL
Medium
Building a Budget Red Team Implant
Why Do I Need an Implant?
Rilide: A New Malicious Browser Extension for Stealing Cryptocurrencies
https://ift.tt/1Io9bep
Submitted April 10, 2023 at 07:18PM by montouesto
via reddit https://ift.tt/3NbaTWd
https://ift.tt/1Io9bep
Submitted April 10, 2023 at 07:18PM by montouesto
via reddit https://ift.tt/3NbaTWd
Trustwave
Rilide: A New Malicious Browser Extension for Stealing Cryptocurrencies
Trustwave SpiderLabs uncovered a new strain of malware that it dubbed Rilide, which targets Chromium-based browsers such as Google Chrome, Microsoft Edge, Brave, and Opera.
GoBruteforcer: Golang-Based Botnet Actively Harvests Web Servers
https://ift.tt/OBXaSiT
Submitted April 10, 2023 at 07:14PM by montouesto
via reddit https://ift.tt/NJPzTkQ
https://ift.tt/OBXaSiT
Submitted April 10, 2023 at 07:14PM by montouesto
via reddit https://ift.tt/NJPzTkQ
Unit 42
GoBruteforcer: Golang-Based Botnet Actively Harvests Web Servers
New Golang-based malware we have dubbed GoBruteforcer targets web servers. Golang is becoming popular with malware programmers due to its versatility.
Leaked Pentagon Document Claims Russian Hacktivists Breached Canadian Gas Pipeline Company
https://ift.tt/idWEFIV
Submitted April 10, 2023 at 09:46PM by EspoJ
via reddit https://ift.tt/Jxz7ICB
https://ift.tt/idWEFIV
Submitted April 10, 2023 at 09:46PM by EspoJ
via reddit https://ift.tt/Jxz7ICB
Zero Day
Leaked Pentagon Document Claims Russian Hacktivists Breached Canadian Gas Pipeline Company
The document, part of a cache of leaks recently circulated on the internet, suggests the hackers had the ability to cause an explosion and sought instruction from the FSB.
Hijacking Arch Linux Packages by Repo Jacking GitHub Repositories
https://ift.tt/tFW0eBy
Submitted April 10, 2023 at 09:11PM by whisperingmime
via reddit https://ift.tt/Lz3up16
https://ift.tt/tFW0eBy
Submitted April 10, 2023 at 09:11PM by whisperingmime
via reddit https://ift.tt/Lz3up16
Blog by Joren Vrancken
Hijacking Arch Linux Packages by Repo Jacking GitHub Repositories
Last year, we published a blog post discussing an attack where a malicious actor hijacks Arch User Repository (AUR) vulnerable packages by registering expired domains.
Hacking play-to-earn blockchain games: The case of Manarium
https://ift.tt/0mlBbC2
Submitted April 10, 2023 at 09:58PM by juliocesarfort
via reddit https://ift.tt/6470qWB
https://ift.tt/0mlBbC2
Submitted April 10, 2023 at 09:58PM by juliocesarfort
via reddit https://ift.tt/6470qWB
Blaze Information Security
Hacking Play-to-Earn Blockchain Games: The Case Of Manarium
This post provides an overview of hacking play-to-earn blockchain games and common security pitfalls affecting P2E. It explains in detail how several vulnerabilities were discovered in a P2E game named Manarium.
Check out my new tool: SourceGPT a source code analyzer and prompt manager built on top of ChatGPT as the oracle. Then a set of prompt for security purposes can be found at the link provided below
https://ift.tt/nTCPSup
Submitted April 11, 2023 at 12:42AM by NoPaleontologist7419
via reddit https://ift.tt/J1As2zF
https://ift.tt/nTCPSup
Submitted April 11, 2023 at 12:42AM by NoPaleontologist7419
via reddit https://ift.tt/J1As2zF
GitHub
SourceGPT/use_cases at main · NightmareLab/SourceGPT
SourceGPT - prompt manager and source code analyzer built on top of ChatGPT as the oracle - SourceGPT/use_cases at main · NightmareLab/SourceGPT
Firewalls and Internet Security: Repelling the Wily Hacker -- now released under a Creative Commons license
https://wilyhacker.com/
Submitted April 11, 2023 at 06:24AM by self
via reddit https://ift.tt/Rb4zVQY
https://wilyhacker.com/
Submitted April 11, 2023 at 06:24AM by self
via reddit https://ift.tt/Rb4zVQY