BusKill Warrant Canary for 2023 H2 🕵️
https://ift.tt/07weKId
Submitted June 09, 2023 at 09:25PM by maltfield
via reddit https://ift.tt/2ZnKs6T
https://ift.tt/07weKId
Submitted June 09, 2023 at 09:25PM by maltfield
via reddit https://ift.tt/2ZnKs6T
BusKill
BusKill Canary #6 - BusKill
This post contains the cryptographically-signed BusKill warrant canary #006 for June 2023 to January 2024.
Crest CPSA
https://ift.tt/vDnwVYF
Submitted June 09, 2023 at 10:44PM by DogTime3470
via reddit https://ift.tt/zjmTKph
https://ift.tt/vDnwVYF
Submitted June 09, 2023 at 10:44PM by DogTime3470
via reddit https://ift.tt/zjmTKph
CREST
CREST Practitioner Security Analyst (CPSA)
Barracuda Email Security Gateway Appliance (ESG) Vulnerability [CVE-2023-2868]
https://ift.tt/rq1pJk5
Submitted June 10, 2023 at 02:18AM by RamblinWreckGT
via reddit https://ift.tt/cjgNAwH
https://ift.tt/rq1pJk5
Submitted June 10, 2023 at 02:18AM by RamblinWreckGT
via reddit https://ift.tt/cjgNAwH
How to Find AWS IAM Access Keys Not Rotated Within 90 Days
https://ift.tt/IjrepfH
Submitted June 10, 2023 at 01:06PM by Current_Doubt_8584
via reddit https://ift.tt/LJj3rWS
https://ift.tt/IjrepfH
Submitted June 10, 2023 at 01:06PM by Current_Doubt_8584
via reddit https://ift.tt/LJj3rWS
Against HSTS preload
https://ift.tt/TOB3QCb?
Submitted June 10, 2023 at 08:00PM by Hopeful-Total
via reddit https://ift.tt/6u27VgP
https://ift.tt/TOB3QCb?
Submitted June 10, 2023 at 08:00PM by Hopeful-Total
via reddit https://ift.tt/6u27VgP
Web3 Security Distilled - An Article
https://ift.tt/7CAKh2Q
Submitted June 12, 2023 at 12:13AM by Silent-Homework7613
via reddit https://ift.tt/CEt0wr4
https://ift.tt/7CAKh2Q
Submitted June 12, 2023 at 12:13AM by Silent-Homework7613
via reddit https://ift.tt/CEt0wr4
Medium
Web3 Security Distilled
We will try to understand what a bug bounty is, why it’s important, and why it can complement auditing rather than replace it in order to…
Android Reverse Engineering: Visualizing Executed Code in Ghidra
https://ift.tt/tRjNr2D
Submitted June 12, 2023 at 02:29AM by theappanalyst
via reddit https://ift.tt/I29vdJw
https://ift.tt/tRjNr2D
Submitted June 12, 2023 at 02:29AM by theappanalyst
via reddit https://ift.tt/I29vdJw
/data/local/tmp
Visualizing Android Code Coverage Pt.1
Decompilers are essential when reverse engineering Android applications and binaries; unfortunately with static analysis it’s up to the reverse engineer to determine which of these complex paths to investigate.
Critical RCE flaw in Fortigate SSL-VPN devices CVE-2023-27997
https://ift.tt/DWxlBf8
Submitted June 12, 2023 at 06:24AM by Doodlebug2100
via reddit https://ift.tt/F39iNyS
https://ift.tt/DWxlBf8
Submitted June 12, 2023 at 06:24AM by Doodlebug2100
via reddit https://ift.tt/F39iNyS
BleepingComputer
Fortinet fixes critical RCE flaw in Fortigate SSL-VPN devices, patch now
Fortinet has released new Fortigate firmware updates that fix an undisclosed, critical pre-authentication remote code execution vulnerability in SSL VPN devices.
Multi-hop proxy tool for pentesters XD
https://ift.tt/PmWYioc
Submitted June 12, 2023 at 02:54PM by CryptographerWeak578
via reddit https://ift.tt/75GDLgj
https://ift.tt/PmWYioc
Submitted June 12, 2023 at 02:54PM by CryptographerWeak578
via reddit https://ift.tt/75GDLgj
GitHub
Stowaway/README_EN.md at master · ph4ntonn/Stowaway
👻Stowaway -- Multi-hop Proxy Tool for pentesters. Contribute to ph4ntonn/Stowaway development by creating an account on GitHub.
MOVEit Transfer CVE-2023-34362 Deep Dive, Indicators of Compromise, and Exploit POC
https://ift.tt/4l0Q3O9
Submitted June 12, 2023 at 05:08PM by scopedsecurity
via reddit https://ift.tt/APQyNVl
https://ift.tt/4l0Q3O9
Submitted June 12, 2023 at 05:08PM by scopedsecurity
via reddit https://ift.tt/APQyNVl
Horizon3.ai
MOVEit Transfer CVE-2023-34362 Deep Dive and Indicators of Compromise
Technical Deep-Dive and Indicators of Compromise for MOVEit Transfer CVE-2023-34362 SQL Injection to Remote Code Execution Vulnerability
A Truly Graceful Wipe Out
https://ift.tt/cOxuioy
Submitted June 12, 2023 at 04:59PM by TheDFIRReport
via reddit https://ift.tt/IfMCqLD
https://ift.tt/cOxuioy
Submitted June 12, 2023 at 04:59PM by TheDFIRReport
via reddit https://ift.tt/IfMCqLD
The DFIR Report
A Truly Graceful Wipe Out
In this intrusion, dated May 2023, we observed Truebot being used to deploy Cobalt Strike and FlawedGrace (aka GraceWire & BARBWIRE) resulting in the exfiltration of data and the deployment of …
Circumventing inotify Watchdogs
https://ift.tt/ZgRAUD4
Submitted June 12, 2023 at 04:54PM by DLLCoolJ
via reddit https://ift.tt/1OqrtzX
https://ift.tt/ZgRAUD4
Submitted June 12, 2023 at 04:54PM by DLLCoolJ
via reddit https://ift.tt/1OqrtzX
Archcloudlabs
Circumventing inotify Watchdogs
About The Project Recently I’ve been building rudimentary file monitoring tools to get better at Golang, and build faux-watchdog programs for research at Arch Cloud Labs. Through this experimentation, I’ve identified some interesting gaps in the inotify subsystem…
Pre-Authenticated RCE in VMware vRealize Network Insight
https://ift.tt/qXeR9V2
Submitted June 14, 2023 at 07:52PM by scopedsecurity
via reddit https://ift.tt/lagRd5J
https://ift.tt/qXeR9V2
Submitted June 14, 2023 at 07:52PM by scopedsecurity
via reddit https://ift.tt/lagRd5J
Summoning Team
Pre-authenticated RCE in VMware vRealize Network Insight
An interesting case of Pre-authenticated RCE in VMware vRealize Network Insight (CVE-2023-20887)
Google Ads: An effective phishing delivery mechanism for over a decade.
https://ift.tt/6USGtl0
Submitted June 14, 2023 at 09:39PM by Seaerkin2
via reddit https://ift.tt/wJQKYmC
https://ift.tt/6USGtl0
Submitted June 14, 2023 at 09:39PM by Seaerkin2
via reddit https://ift.tt/wJQKYmC
Guardyourdomain
DomainGuard | Threat Visibility Platform
We guard your domain, so you have peace of mind. Threat Visibility Platform.
Cadet Blizzard emerges as a novel and distinct Russian threat actor | Threat Intelligence
https://ift.tt/Bmi0k2r
Submitted June 14, 2023 at 10:14PM by SCI_Rusher
via reddit https://ift.tt/eV0x4nB
https://ift.tt/Bmi0k2r
Submitted June 14, 2023 at 10:14PM by SCI_Rusher
via reddit https://ift.tt/eV0x4nB
Microsoft News
Cadet Blizzard emerges as a novel and distinct Russian threat actor
Microsoft shares new details about techniques of a distinct Russian state-sponsored threat actor, now elevated to the name Cadet Blizzard.
Hardware Hacking to Bypass BIOS Passwords
https://ift.tt/aQTtzSX
Submitted June 15, 2023 at 01:38PM by CptWin_NZ
via reddit https://ift.tt/uqfazAP
https://ift.tt/aQTtzSX
Submitted June 15, 2023 at 01:38PM by CptWin_NZ
via reddit https://ift.tt/uqfazAP
CyberCX
Hardware Hacking to Bypass BIOS Passwords
A beginners hardware hacking journey of performing a BIOS password bypass on Lenovo laptops. In this article we identify what the problem is, how to identify a vulnerable chip, how to bypass a vulnerable chip, and finally identify why this attack works and…
Reverse Engineering Terminator aka Zemana AntiMalware Driver to achieve LPE - VoidSec
https://ift.tt/dReNHGk
Submitted June 15, 2023 at 09:08PM by Void_Sec
via reddit https://ift.tt/XQ74C1S
https://ift.tt/dReNHGk
Submitted June 15, 2023 at 09:08PM by Void_Sec
via reddit https://ift.tt/XQ74C1S
VoidSec
Reverse Engineering Terminator aka Zemana AntiMalware/AntiLogger Driver - VoidSec
Reverse engineering Spybot's Terminator tool (Zemana Antimalware driver) to achieve LPE as SYSTEM and unrestricted raw SCSI disk read/write.
Freaky Leaky SMS: Extracting User Locations by Analyzing SMS Timings
https://ift.tt/Fl2Nk1j
Submitted June 15, 2023 at 11:18PM by nangaparbat
via reddit https://ift.tt/uHi2Dtv
https://ift.tt/Fl2Nk1j
Submitted June 15, 2023 at 11:18PM by nangaparbat
via reddit https://ift.tt/uHi2Dtv
Serious vulnerabilities found in Georgia's Dominion ImageCast X ballot marking devices
https://ift.tt/2Ees8bO
Submitted June 16, 2023 at 03:33AM by magenta_placenta
via reddit https://ift.tt/qwLjAfN
https://ift.tt/2Ees8bO
Submitted June 16, 2023 at 03:33AM by magenta_placenta
via reddit https://ift.tt/qwLjAfN
June 1st CA/Browser Forum Code Signing Requirements Require the use of an HSM
https://ift.tt/diQIeXE
Submitted June 16, 2023 at 09:38AM by marklarledu
via reddit https://ift.tt/YAb87pm
https://ift.tt/diQIeXE
Submitted June 16, 2023 at 09:38AM by marklarledu
via reddit https://ift.tt/YAb87pm
Garantir
View the New CA/Browser Forum Code Signing Requirements Now
New in 2023, in order to satisfy the CA, you must use a hardware security module (HSM) to protect your code signing private keys.
End game: Why InfoSec Must Stop Playing Cat & Mouse
https://ift.tt/MUk8y36
Submitted June 16, 2023 at 10:46AM by One-Fan7214
via reddit https://ift.tt/WJv3GDA
https://ift.tt/MUk8y36
Submitted June 16, 2023 at 10:46AM by One-Fan7214
via reddit https://ift.tt/WJv3GDA
Memcyco
End game:Why InfoSec Must Stop Playing Cat & Mouse | Memcyco
As cyber attacks become more diverse in exploiting technical and psychological weaknesses, playing cat and mouse is no longer viable.