Reverse engineering tricks: identifying opaque network protocols
https://ift.tt/Ymk8JN5
Submitted May 03, 2023 at 08:02PM by iagox86
via reddit https://ift.tt/1Wz54qe
https://ift.tt/Ymk8JN5
Submitted May 03, 2023 at 08:02PM by iagox86
via reddit https://ift.tt/1Wz54qe
SkullSecurity Blog
Reverse engineering tricks: identifying opaque network protocols
Lately, I’ve been reverse engineering a reasonably complex network protocol, and I ran into a mystery - while the protocol is generally an unencrypted binary protocol, one of the messages was large and random. In an otherwise unencrypted protocol, why is…
Vulnerability Spotlight: Vulnerabilities in IBM AIX could lead to command injection with elevated privileges
https://ift.tt/MS9cRCE
Submitted May 03, 2023 at 09:11PM by timb_machine
via reddit https://ift.tt/gB0ytrG
https://ift.tt/MS9cRCE
Submitted May 03, 2023 at 09:11PM by timb_machine
via reddit https://ift.tt/gB0ytrG
Cisco Talos Blog
Vulnerability Spotlight: Vulnerabilities in IBM AIX could lead to command injection with elevated privileges
The issue could then allow the malicious actor to generate arbitrary logs which can trigger malicious commands to be run with elevated privileges.
Dracon – Open Source ASOC got major upgrades
https://ift.tt/CNYwKzg
Submitted May 03, 2023 at 08:56PM by ___foo_bar___
via reddit https://ift.tt/kOF9wYc
https://ift.tt/CNYwKzg
Submitted May 03, 2023 at 08:56PM by ___foo_bar___
via reddit https://ift.tt/kOF9wYc
GitHub
GitHub - ocurity/dracon: Security scanning orchestration and results enrichment framework -- forked and rewritten from @thought…
Security scanning orchestration and results enrichment framework -- forked and rewritten from @thought-machine/dracon - GitHub - ocurity/dracon: Security scanning orchestration and results enrichme...
OpenPubkey adds public keys to OpenID (OIDC) without breaking compatibility with IDPs
https://ift.tt/fKED14M
Submitted May 03, 2023 at 11:35PM by xor_rotate
via reddit https://ift.tt/YbNKxfH
https://ift.tt/fKED14M
Submitted May 03, 2023 at 11:35PM by xor_rotate
via reddit https://ift.tt/YbNKxfH
Bastionzero
A New Era for Cryptographic Signatures | BastionZero
Learn how the new OpenPubkey protocol advances cryptographic signature technology while bolstering OpenID Connect MFA.
So long passwords, thanks for all the phish
https://ift.tt/OCqeRVG
Submitted May 04, 2023 at 04:38AM by ScottContini
via reddit https://ift.tt/kPKoHzX
https://ift.tt/OCqeRVG
Submitted May 04, 2023 at 04:38AM by ScottContini
via reddit https://ift.tt/kPKoHzX
Google Online Security Blog
So long passwords, thanks for all the phish
By: Arnar Birgisson and Diana K Smetters, Identity Ecosystems and Google Account Security and Safety teams Starting today , you can create a...
How to Analyze Java Malware – A Case Study of STRRAT
https://ift.tt/rW105eQ
Submitted May 04, 2023 at 11:46AM by CyberMasterV
via reddit https://ift.tt/r5ahYl2
https://ift.tt/rW105eQ
Submitted May 04, 2023 at 11:46AM by CyberMasterV
via reddit https://ift.tt/r5ahYl2
Security Scorecard
How To Analyze Java Malware – A Case Study Of STRRAT
Apache Solr 8.3.1 RCE from exposed administration interface
https://ift.tt/xDpIf2k
Submitted May 04, 2023 at 12:34PM by IIIWeedWizard420III
via reddit https://ift.tt/Pce7vfO
https://ift.tt/xDpIf2k
Submitted May 04, 2023 at 12:34PM by IIIWeedWizard420III
via reddit https://ift.tt/Pce7vfO
From Chaos to Clarity: How to Secure Your Supply Chain with Attestations
https://ift.tt/CzpUxd8
Submitted May 04, 2023 at 02:43PM by BarakScribe
via reddit https://ift.tt/jCZN4QB
https://ift.tt/CzpUxd8
Submitted May 04, 2023 at 02:43PM by BarakScribe
via reddit https://ift.tt/jCZN4QB
Scribe Security
From Chaos to Clarity: How to Secure Your Supply Chain with Attestations
How to use a new model to build trust in your software supply chain elements through a comprehensive compliance platform turning building blocks into verifiable evidence.
Uncovering drIBAN fraud operations - Chapter 1 | Cleafy Labs
https://ift.tt/93hLdJk
Submitted May 04, 2023 at 03:43PM by f3d_0x0
via reddit https://ift.tt/BNt2Iyh
https://ift.tt/93hLdJk
Submitted May 04, 2023 at 03:43PM by f3d_0x0
via reddit https://ift.tt/BNt2Iyh
Cleafy
Uncovering drIBAN fraud operations 1 | Cleafy Labs
The threat intelligence team of Cleafy analyzed undercovering drIBAN fraud operations. Read here the first episode of the series of technical analysis.
I had a machine running for two weeks on the public cloud. Every few seconds there was an automated SSH login attempt. Here is the full list of usernames - some of which are quite curious.
https://ift.tt/autTKAW
Submitted May 04, 2023 at 04:39PM by scared_codeless
via reddit https://ift.tt/tBU2vwq
https://ift.tt/autTKAW
Submitted May 04, 2023 at 04:39PM by scared_codeless
via reddit https://ift.tt/tBU2vwq
Gist
ssh-login-attempts-usernames
GitHub Gist: instantly share code, notes, and snippets.
Introducing SpiderSuite: Advance web security crawler
https://ift.tt/qyX2Lv3
Submitted May 04, 2023 at 06:44PM by 3nock_N
via reddit https://ift.tt/yrps3it
https://ift.tt/qyX2Lv3
Submitted May 04, 2023 at 06:44PM by 3nock_N
via reddit https://ift.tt/yrps3it
GitHub
GitHub - 3nock/SpiderSuite: Advance web spider/crawler for cyber security professionals
Advance web spider/crawler for cyber security professionals - GitHub - 3nock/SpiderSuite: Advance web spider/crawler for cyber security professionals
PaperCut Exploitation: A Different Path to Code Execution
https://ift.tt/l4PbcUC
Submitted May 04, 2023 at 08:01PM by chicksdigthelongrun
via reddit https://ift.tt/IWd4GQS
https://ift.tt/l4PbcUC
Submitted May 04, 2023 at 08:01PM by chicksdigthelongrun
via reddit https://ift.tt/IWd4GQS
PaperCut Exploitation - A Different Path to Code Execution- Blog - VulnCheck
Public exploits and detections for CVE-2023-27350 focus on code execution using the PaperCut print noscripting interface. In this blog, VulnCheck shares a new code execution vector and demonstrates how existing detections aren't robust enough to flag the new…
Remote Bitcoin Upstream Drain / Financial Attack
https://ift.tt/MeAsV7F
Submitted May 05, 2023 at 01:21PM by SharpAd1823
via reddit https://ift.tt/MC1gkG2
https://ift.tt/MeAsV7F
Submitted May 05, 2023 at 01:21PM by SharpAd1823
via reddit https://ift.tt/MC1gkG2
GitHub
GitHub - visualbasic6/drain: bitdrain - remote p2p bandwidth/cpu overage attack against bitcoin, dogecoin, etc.
bitdrain - remote p2p bandwidth/cpu overage attack against bitcoin, dogecoin, etc. - GitHub - visualbasic6/drain: bitdrain - remote p2p bandwidth/cpu overage attack against bitcoin, dogecoin, etc.
Redash SAML Authentication Bypass
https://ift.tt/DF0YNaE
Submitted May 05, 2023 at 03:03PM by albinowax
via reddit https://ift.tt/VfPXhBy
https://ift.tt/DF0YNaE
Submitted May 05, 2023 at 03:03PM by albinowax
via reddit https://ift.tt/VfPXhBy
blog.calif.io
Redash SAML Authentication Bypass
Redash is a popular data analysis and visualization tool. We recently reported a critical SAML authentication bypass vulnerability affecting it latest version (10.1.0). The vulnerability could be exploited by anyone to gain highest possible privileges on…
Google Chrome WebRTC RTCStatsCollector out of bounds memory access vulnerability
https://ift.tt/TIztBwp
Submitted May 05, 2023 at 04:53PM by Gallus
via reddit https://ift.tt/JnxBqDK
https://ift.tt/TIztBwp
Submitted May 05, 2023 at 04:53PM by Gallus
via reddit https://ift.tt/JnxBqDK
gowhois - Support for various whois servers
https://ift.tt/BQ5qmd1
Submitted May 06, 2023 at 09:16AM by oil_sardine
via reddit https://ift.tt/pvjh0Rq
https://ift.tt/BQ5qmd1
Submitted May 06, 2023 at 09:16AM by oil_sardine
via reddit https://ift.tt/pvjh0Rq
GitHub
GitHub - famasoon/gowhois: whois command implemented by golang with awesome whois servers list
whois command implemented by golang with awesome whois servers list - famasoon/gowhois
Cookie Bugs - Smuggling & Injection
https://ift.tt/g68WkZy
Submitted May 06, 2023 at 02:12PM by albinowax
via reddit https://ift.tt/zgHm7ei
https://ift.tt/g68WkZy
Submitted May 06, 2023 at 02:12PM by albinowax
via reddit https://ift.tt/zgHm7ei
arxenix's blog
Cookie Bugs - Smuggling & Injection
Research on how browsers encode & send cookies, how they are parsed by various web frameworks, and some bugs
I created a GitHub repo for learning application security from scratch. It's perfect for beginners and includes a comprehensive list of reference links. But it's not complete yet! Contributors are welcome to add more details.
https://ift.tt/rdzjB1t
Submitted May 06, 2023 at 11:56PM by Ano_F
via reddit https://ift.tt/hlg8raq
https://ift.tt/rdzjB1t
Submitted May 06, 2023 at 11:56PM by Ano_F
via reddit https://ift.tt/hlg8raq
GitHub
GitHub - Anof-cyber/Application-Security: Resources for Application Security including Web, API, Android, iOS and Thick Client
Resources for Application Security including Web, API, Android, iOS and Thick Client - Anof-cyber/Application-Security
Dependabot Confusion: Gaining Access to Private GitHub Repositories using Dependabot
https://ift.tt/7Qin9mG
Submitted May 07, 2023 at 01:08AM by giraffesecurity
via reddit https://ift.tt/TV64zcy
https://ift.tt/7Qin9mG
Submitted May 07, 2023 at 01:08AM by giraffesecurity
via reddit https://ift.tt/TV64zcy
Breaking down Reverse shell commands
https://ift.tt/rCApuhj
Submitted May 07, 2023 at 10:04PM by adityatelange
via reddit https://ift.tt/bjpW9AS
https://ift.tt/rCApuhj
Submitted May 07, 2023 at 10:04PM by adityatelange
via reddit https://ift.tt/bjpW9AS
Aditya Telange
Breaking down Reverse shell commands
In pentesting assessments and CTFs we always need reverse shells to execute commands on target machine once we have exploited a system and have a command injection at some point in our engagement.
For that we have an awesome project: revshells.com or reverse…
For that we have an awesome project: revshells.com or reverse…
Evading MDATP for Full Endpoint Compromising
https://ift.tt/UMpH2Zr
Submitted May 08, 2023 at 01:57AM by florilsk
via reddit https://ift.tt/n2VKY3J
https://ift.tt/UMpH2Zr
Submitted May 08, 2023 at 01:57AM by florilsk
via reddit https://ift.tt/n2VKY3J