Exploring Android Heap allocations in jemalloc 'new'
https://ift.tt/sHdVCJQ
Submitted May 30, 2023 at 03:40PM by Gallus
via reddit https://ift.tt/5U6biye
https://ift.tt/sHdVCJQ
Submitted May 30, 2023 at 03:40PM by Gallus
via reddit https://ift.tt/5U6biye
Synacktiv
Exploring Android Heap allocations in jemalloc 'new'
When writing an exploit for a memory corruption vulnerability, knowing the heap allocator internals is often required to shape the heap as desired. This article will dive into one of Android libc allo
Introducing ScrapingKit
https://ift.tt/nRPSikT
Submitted May 30, 2023 at 03:40PM by ZephrX112
via reddit https://ift.tt/fzeAJsP
https://ift.tt/nRPSikT
Submitted May 30, 2023 at 03:40PM by ZephrX112
via reddit https://ift.tt/fzeAJsP
Lares Labs
Introducing ScrapingKit
A toolkit for scraping windows apps for keywords to find quick wins on outlook and domain shares.
Fickle Multi-Factor Authentication in Microsoft 365
https://ift.tt/s5BGt6Q
Submitted May 30, 2023 at 02:57PM by CptWin_NZ
via reddit https://ift.tt/o56IiVx
https://ift.tt/s5BGt6Q
Submitted May 30, 2023 at 02:57PM by CptWin_NZ
via reddit https://ift.tt/o56IiVx
blog.cybercx.co.nz
Fickle Multi-Factor Authentication in Microsoft 365
MFA is widely accepted as necessary in our threat-filled environment, and often forms a critical part of compliance frameworks. Once applied though, what assurance does an organisation have that its configuration is impermeable?
A deep-dive on Pluck CMS vulnerability CVE-2023-25828
https://ift.tt/maUTl7S
Submitted May 30, 2023 at 05:34PM by FineDines
via reddit https://ift.tt/FRo9w3p
https://ift.tt/maUTl7S
Submitted May 30, 2023 at 05:34PM by FineDines
via reddit https://ift.tt/FRo9w3p
Application Security Blog
A deep-dive on Pluck CMS vulnerability CVE-2023-25828
CVE-2023-25828; history, mitigation analysis, and everything you need to know about the remote code execution vulnerability in Pluck CMS.
New macOS vulnerability, Migraine, could bypass System Integrity Protection
https://ift.tt/6uXP7jU
Submitted May 30, 2023 at 09:52PM by SCI_Rusher
via reddit https://ift.tt/XGDZBna
https://ift.tt/6uXP7jU
Submitted May 30, 2023 at 09:52PM by SCI_Rusher
via reddit https://ift.tt/XGDZBna
Microsoft Security Blog
New macOS vulnerability, Migraine, could bypass System Integrity Protection | Microsoft Security Blog
A new vulnerability, which we refer to as “Migraine”, could allow an attacker with root access to bypass System Integrity Protection (SIP) in macOS and perform arbitrary operations on a device.
Google Chrome's V8 JIT Compiler Analysis & Exploit Write-Up (CVE-2020-16040)
https://ift.tt/Cu9LrzG
Submitted May 31, 2023 at 05:35AM by ac1db1tch3z
via reddit https://ift.tt/rvVhisQ
https://ift.tt/Cu9LrzG
Submitted May 31, 2023 at 05:35AM by ac1db1tch3z
via reddit https://ift.tt/rvVhisQ
Pass The eWPTX v2 using free resources and labs!
https://ift.tt/GtLvaRE
Submitted May 31, 2023 at 11:49AM by grumpzsux
via reddit https://ift.tt/tpa6JBY
https://ift.tt/GtLvaRE
Submitted May 31, 2023 at 11:49AM by grumpzsux
via reddit https://ift.tt/tpa6JBY
Bug Bounty Hunter. Wannabe Hacker.
Pass the eWPTXv2 Exam on Your First Attempt in 2023!
Finally! As promised, I am sharing my tips and tricks on how to pass the eWPTXv2 exam by INE and eLearnSecurity on your first attempt, using nothing but free resources. This exam is by far the hardest exam that I have taken to date, and I thought it ...
Undercover drIBAN fraud operations 2 - From sLoad to Ramnit | Cleafy Lab
https://ift.tt/Zj9F6ng
Submitted May 31, 2023 at 04:02PM by f3d_0x0
via reddit https://ift.tt/znkTlXB
https://ift.tt/Zj9F6ng
Submitted May 31, 2023 at 04:02PM by f3d_0x0
via reddit https://ift.tt/znkTlXB
Cleafy
Undercovering drIBAN fraud operations 2 | Cleafy Labs
The threat intelligence team of Cleafy analyzed undercovering drIBAN fraud operations. Read here the second episode of the series of technical analysis.
I found a remote code execution bug in VSCode that can be triggered from untrusted workspaces. Microsoft fixed it but marked it as moderate severity and ineligible under their bug bounty program.
https://ift.tt/pNZ59qn
Submitted May 31, 2023 at 09:19PM by ammar2
via reddit https://ift.tt/SwzXimx
https://ift.tt/pNZ59qn
Submitted May 31, 2023 at 09:19PM by ammar2
via reddit https://ift.tt/SwzXimx
Ammar's Blog
VSCode Remote Code Execution advisory
My blog, mostly about programming
Bypassing SELinux with init_module
https://ift.tt/DOury1o
Submitted May 31, 2023 at 11:43PM by SeanPesce
via reddit https://ift.tt/UkVRvEH
https://ift.tt/DOury1o
Submitted May 31, 2023 at 11:43PM by SeanPesce
via reddit https://ift.tt/UkVRvEH
Blogspot
Bypassing SELinux with init_module
TL;DR There are two Linux system calls for loading a kernel module - init_module and finit_module . By leveraging ...
XSS vulnerability in the ASP.NET application: examining CVE-2023-24322 in mojoPortal CMS
https://ift.tt/JW1NhA9
Submitted May 31, 2023 at 03:00PM by Hell_walker13
via reddit https://ift.tt/s4gF0np
https://ift.tt/JW1NhA9
Submitted May 31, 2023 at 03:00PM by Hell_walker13
via reddit https://ift.tt/s4gF0np
PVS-Studio
XSS vulnerability in the ASP.NET application: examining CVE-2023…
In this article, we will thoroughly examine the XSS vulnerability in a CMS written in C#. Let′s recall the theory, figure out how the security defect looks from a user′s perspective and in …
chonked pt.1: MiniDLNA 1.3.2 HTTP Chunk Parsing Heap Overflow - Root Cause Analysis
https://ift.tt/aJZXf6b
Submitted June 01, 2023 at 07:45AM by ahigherporpoise
via reddit https://ift.tt/R1L7Juk
https://ift.tt/aJZXf6b
Submitted June 01, 2023 at 07:45AM by ahigherporpoise
via reddit https://ift.tt/R1L7Juk
hyprblog
chonked pt.1: MiniDLNA 1.3.2 HTTP Chunk Parsing Heap Overflow (CVE-2023-33476) Root Cause Analysis
first part in a two-part series going over a heap overflow in MiniDLNA, a media server commonly deployed in embedded environments. this post provides a summary and root cause analysis of the vulnerability.
[CVE-2021-33690] SSRF vulnerability in SAP NetWeaver DI || CVSS 9.9/10 || RedRays
https://ift.tt/9MRtY34
Submitted June 01, 2023 at 01:43PM by vah_13
via reddit https://ift.tt/xgayK9Y
https://ift.tt/9MRtY34
Submitted June 01, 2023 at 01:43PM by vah_13
via reddit https://ift.tt/xgayK9Y
RedRays - Your SAP Security Solution
[CVE-2021-33690] SSRF vulnerability in SAP NetWeaver DI
Explore the critical Server-Side Request Forgery (SSRF) vulnerability, CVE-2021-33690, in SAP NetWeaver Development Infrastructure, affecting versions 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50. This vulnerability allows attackers with server access to execute…
Welcome New Moderators!
Hey /r/netsec,I'm thrilled to bring some exciting news to you all today. We've expanded our moderation team to include a group of passionate information security professionals who are dedicated to helping /r/netsec continue to serve as your go-to resource for high-quality, technical security content.Please join me in extending a warm welcome to our new moderators:/u/rejuicekeve/u/netsec_burn/u/ustayready/u/qwerty0x41/u/infinitelogins/u/Gallus/u/shellsharks/u/jsonpile/u/voidnull/u/execveatAll of these folks have a shared passion for information security, and a shared vision for /r/netsec as a curated, community-sourced aggregator for top-tier security content and research. We're all here to help cut through the noise of fear-mongering and low quality clickbait, and stick to our roots by rewarding the folks who create high-quality original content.Our new moderators will be working closely with the existing team to uphold and enforce our content guidelines. We believe in open discussion and collaboration, and any disagreements about content removal, spam decisions, bans, or user-facing activity will be handled through conversation with the mod team.I am incredibly excited for this new chapter in /r/netsec, and I am grateful to each of you for making this community what it is. Let's continue to build a thriving and engaging space for high-quality, technical security discourse together.- /u/sanitybitGreetz to SophSec and Busticati worldwide.
Submitted June 01, 2023 at 01:19PM by sanitybit
via reddit https://ift.tt/nfTVgUY
Hey /r/netsec,I'm thrilled to bring some exciting news to you all today. We've expanded our moderation team to include a group of passionate information security professionals who are dedicated to helping /r/netsec continue to serve as your go-to resource for high-quality, technical security content.Please join me in extending a warm welcome to our new moderators:/u/rejuicekeve/u/netsec_burn/u/ustayready/u/qwerty0x41/u/infinitelogins/u/Gallus/u/shellsharks/u/jsonpile/u/voidnull/u/execveatAll of these folks have a shared passion for information security, and a shared vision for /r/netsec as a curated, community-sourced aggregator for top-tier security content and research. We're all here to help cut through the noise of fear-mongering and low quality clickbait, and stick to our roots by rewarding the folks who create high-quality original content.Our new moderators will be working closely with the existing team to uphold and enforce our content guidelines. We believe in open discussion and collaboration, and any disagreements about content removal, spam decisions, bans, or user-facing activity will be handled through conversation with the mod team.I am incredibly excited for this new chapter in /r/netsec, and I am grateful to each of you for making this community what it is. Let's continue to build a thriving and engaging space for high-quality, technical security discourse together.- /u/sanitybitGreetz to SophSec and Busticati worldwide.
Submitted June 01, 2023 at 01:19PM by sanitybit
via reddit https://ift.tt/nfTVgUY
Reddit
r/netsec on Reddit: Welcome New Moderators!
Posted by u/sanitybit - 89 votes and 9 comments
[Fixed] [CVE-2021-33690] SSRF vulnerability in SAP NetWeaver DI
https://ift.tt/9MRtY34
Submitted June 01, 2023 at 02:10PM by vah_13
via reddit https://ift.tt/CWQvk4A
https://ift.tt/9MRtY34
Submitted June 01, 2023 at 02:10PM by vah_13
via reddit https://ift.tt/CWQvk4A
RedRays - Your SAP Security Solution
[CVE-2021-33690] SSRF vulnerability in SAP NetWeaver DI
Explore the critical Server-Side Request Forgery (SSRF) vulnerability, CVE-2021-33690, in SAP NetWeaver Development Infrastructure, affecting versions 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50. This vulnerability allows attackers with server access to execute…
CSP Bypass Unveiled: The Hidden Threat of Bookmarklets
https://ift.tt/MkPUJ1f
Submitted June 01, 2023 at 03:25PM by ziyahanalbeniz
via reddit https://ift.tt/GAd5NYi
https://ift.tt/MkPUJ1f
Submitted June 01, 2023 at 03:25PM by ziyahanalbeniz
via reddit https://ift.tt/GAd5NYi
SOCRadar® Cyber Intelligence Inc.
CSP Bypass Unveiled: The Hidden Threat of Bookmarklets
A newly developed method for enticing victims involves the addition of bookmarklets and enticing them to click on specific websites.
ChatGPT for Pentesters - A few useful scenarios pentesters need daily
https://ift.tt/zJ0X7Kr
Submitted June 01, 2023 at 03:13PM by ziyahanalbeniz
via reddit https://ift.tt/ZGDcCmH
https://ift.tt/zJ0X7Kr
Submitted June 01, 2023 at 03:13PM by ziyahanalbeniz
via reddit https://ift.tt/ZGDcCmH
Medium
ChatGPT for Pentesters
Can we use generative AI or ChatGPT, the most known and used application for penetration testing?
[CVE-2023-33243] STARFACE: Authentication with Password Hash Possible
https://ift.tt/ACuO1lg
Submitted June 01, 2023 at 05:35PM by RedTeamPentesting
via reddit https://ift.tt/X4J7sN0
https://ift.tt/ACuO1lg
Submitted June 01, 2023 at 05:35PM by RedTeamPentesting
via reddit https://ift.tt/X4J7sN0
www.redteam-pentesting.de
STARFACE: Authentication with Password Hash Possible
RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows authentication using the SHA512 hash of the password instead of the cleartext password. While storing password hashes instead of cleartext passwords in an application's…
Printerlogic Multiple Vulnerabilities - Published at Full Disclosure
https://ift.tt/9IUv1mp
Submitted June 01, 2023 at 06:54PM by 4SysAdmin
via reddit https://ift.tt/p5TnEXZ
https://ift.tt/9IUv1mp
Submitted June 01, 2023 at 06:54PM by 4SysAdmin
via reddit https://ift.tt/p5TnEXZ
seclists.org
Full Disclosure: Printerlogic multiple vulnerabilities
Reversing Python Pickles
https://ift.tt/JyZvfR8
Submitted June 01, 2023 at 09:24PM by nibblesec
via reddit https://ift.tt/vNYL8GR
https://ift.tt/JyZvfR8
Submitted June 01, 2023 at 09:24PM by nibblesec
via reddit https://ift.tt/vNYL8GR
Doyensec
Reversing Pickles with r2pickledec · Doyensec's Blog
Doyensec's Blog :: Doyensec is an independent security research and development company focused on vulnerability discovery and remediation.
TyphoonCon Capture The Flag 2023 - specially crafted challenges alongside fantastic prizes
https://ift.tt/gIocu9y
Submitted June 01, 2023 at 08:55PM by Marsy_star
via reddit https://ift.tt/vJYxA5t
https://ift.tt/gIocu9y
Submitted June 01, 2023 at 08:55PM by Marsy_star
via reddit https://ift.tt/vJYxA5t
Typhooncon
TyphoonCon Capture The Flag 2023
WELCOME TO TYPHOONCON CTF!Typhooncon CTF is back for the third year in a row! As part of TyphoonCon 2023, we’ll be hosting an on-site/online competition with specially crafted challenges alongside fantastic prizes
REGISTER NOW
…
REGISTER NOW
…