Leaking secrets through caching with Bunny CDN
https://ift.tt/Y8Q1stz
Submitted June 20, 2023 at 08:25PM by pimterry
via reddit https://ift.tt/Pf8KMV4
https://ift.tt/Y8Q1stz
Submitted June 20, 2023 at 08:25PM by pimterry
via reddit https://ift.tt/Pf8KMV4
Httptoolkit
Leaking secrets through caching with Bunny CDN
Caching is hard. Unfortunately though, caching is quite important. Hosted caching & CDNs offer incredible powers that can provide amazing performance boosts,...
nOAuth: How Microsoft OAuth Misconfiguration Can Lead to Full Account Takeover
https://ift.tt/beACcFs
Submitted June 20, 2023 at 10:23PM by meirwah
via reddit https://ift.tt/pOoFcnU
https://ift.tt/beACcFs
Submitted June 20, 2023 at 10:23PM by meirwah
via reddit https://ift.tt/pOoFcnU
Descope
nOAuth: How Microsoft OAuth Misconfiguration Can Lead to Full Account Takeover
This blog will cover an authentication implementation flaw Descope discovered in Microsoft Azure AD OAuth applications that, when exploited, could lead to full account takeover.
Best Wireless Router for Home Users
https://ift.tt/M5G81dV
Submitted June 21, 2023 at 05:41AM by CuriousBee742
via reddit https://ift.tt/IHpkUeD
https://ift.tt/M5G81dV
Submitted June 21, 2023 at 05:41AM by CuriousBee742
via reddit https://ift.tt/IHpkUeD
National Security Agency/Central Security Service
NSA Releases Best Practices For Securing Your Home Network
FORT MEADE, Md. — The National Security Agency (NSA) released the “Best Practices for Securing Your Home Network” Cybersecurity Information Sheet (CSI) today to help teleworkers protect their home
Harmful code in a website
http://crygma.com
Submitted June 21, 2023 at 05:01PM by Crypto-Angel
via reddit https://ift.tt/zJN48tY
http://crygma.com
Submitted June 21, 2023 at 05:01PM by Crypto-Angel
via reddit https://ift.tt/zJN48tY
Crygma
Crygma - Quantum Security
Crygma provides advanced cybersecurity solutions focused on delivering quantum-secure communication, identity, and data protection. Our technologies are designed to eliminate stored secrets, passwords, and static encryption keys.
"Another field where it beats humans [in security] is by being 24/7 available and can stand guard literally non-stop. ChatGPT doesn't need sleep as a regular human being does, so it's always awake and ready."
https://ift.tt/FYeRlmj
Submitted June 21, 2023 at 04:41PM by susanvilleula1
via reddit https://ift.tt/Wd8Pnka
https://ift.tt/FYeRlmj
Submitted June 21, 2023 at 04:41PM by susanvilleula1
via reddit https://ift.tt/Wd8Pnka
Crossplag
ChatGPT and Cybersecurity - friends or foes? - Crossplag
Is ChatGPT truly a trustworthy ally when it comes to cybersecurity? Or does it pose a threat when implemented?
Android Malware on the Rise – A case study of AhMyth RAT
https://ift.tt/8bEXuaD
Submitted June 21, 2023 at 07:29PM by CyberMasterV
via reddit https://ift.tt/60lHDXW
https://ift.tt/8bEXuaD
Submitted June 21, 2023 at 07:29PM by CyberMasterV
via reddit https://ift.tt/60lHDXW
SecurityScorecard
Resources
Explore cybersecurity white papers, data sheets, webinars, videos, informative blogs, and more with SecurityScorecard.
Targeting Core OPC UA Components
https://ift.tt/6ySCvdN
Submitted June 21, 2023 at 06:34PM by derp6996
via reddit https://ift.tt/dKvebOG
https://ift.tt/6ySCvdN
Submitted June 21, 2023 at 06:34PM by derp6996
via reddit https://ift.tt/dKvebOG
Claroty
OPC UA Deep Dive Series (Part 4): Targeting Core OPC UA Components
In Part 3 of the OPC UA series, we described the inner workings of the OPC-UA protocol, its structure, and various security aspects. Learn more with Claroty.
GitHub Dataset Reveals Millions Potentially Vulnerable to RepoJacking
https://ift.tt/482vh1x
Submitted June 21, 2023 at 08:52PM by ilay789
via reddit https://ift.tt/8RPTzj9
https://ift.tt/482vh1x
Submitted June 21, 2023 at 08:52PM by ilay789
via reddit https://ift.tt/8RPTzj9
Aqua
GitHub Dataset Research Reveals Millions Potentially Vulnerable to RepoJacking
Millions of GitHub repositories are potentially vulnerable to RepoJacking, which if exploited may lead to code execution on environments
How To Pass AWS Certified Database – Specialty Exam
https://ift.tt/saz61fH
Submitted June 22, 2023 at 08:45AM by Intelligent_Tune_392
via reddit https://ift.tt/s6R0hxc
https://ift.tt/saz61fH
Submitted June 22, 2023 at 08:45AM by Intelligent_Tune_392
via reddit https://ift.tt/s6R0hxc
ITCertificate.Org
How To Pass AWS Certified Database – Specialty Exam
How to prepare for AWS Certified Database Specialty
Callisto - Automated Binary Vulnerability Discovery Tool
https://ift.tt/v3C2G9z
Submitted June 22, 2023 at 12:11PM by jibblz
via reddit https://ift.tt/r0tbMxj
https://ift.tt/v3C2G9z
Submitted June 22, 2023 at 12:11PM by jibblz
via reddit https://ift.tt/r0tbMxj
GitHub
GitHub - JetP1ane/Callisto: Callisto - An Intelligent Binary Vulnerability Analysis Tool
Callisto - An Intelligent Binary Vulnerability Analysis Tool - JetP1ane/Callisto
Secfault Security - LibreOffice Arbitrary File Write (CVE-2023-1883)
https://ift.tt/5GYbE49
Submitted June 22, 2023 at 01:08PM by Xadartt
via reddit https://ift.tt/bMeRj9N
https://ift.tt/5GYbE49
Submitted June 22, 2023 at 01:08PM by Xadartt
via reddit https://ift.tt/bMeRj9N
Another AWS WAF bypass allowing SQLi caused by an unorthodox MSSQL design choice
https://ift.tt/QgdepHi
Submitted June 22, 2023 at 08:00PM by obilodeau
via reddit https://ift.tt/uDi2JjH
https://ift.tt/QgdepHi
Submitted June 22, 2023 at 08:00PM by obilodeau
via reddit https://ift.tt/uDi2JjH
GoSecure
AWS WAF Clients Left Vulnerable to SQL Injection Due to Unorthodox MSSQL Design Choice - GoSecure
While doing research on Microsoft SQL (MSSQL) Server, GoSecure ethical hackers found an unorthodox design choice that ultimately led to a WAF bypass.
A brief summary about a SSTI to RCE in Bagisto
https://ift.tt/whVJGR4
Submitted June 23, 2023 at 04:41PM by sp1d3rr
via reddit https://ift.tt/yHeXhij
https://ift.tt/whVJGR4
Submitted June 23, 2023 at 04:41PM by sp1d3rr
via reddit https://ift.tt/yHeXhij
Medium
A brief summary about a SSTI to RCE in Bagisto
This is a summary of a Server Side Template Injection vulnerability found and used as RCE.
Fileless command execution for Lateral Movement in Nim
https://ift.tt/ApHc5O4
Submitted June 24, 2023 at 01:03AM by DarkGrejuva
via reddit https://ift.tt/ERzfeOZ
https://ift.tt/ApHc5O4
Submitted June 24, 2023 at 01:03AM by DarkGrejuva
via reddit https://ift.tt/ERzfeOZ
GitHub
GitHub - frkngksl/NimExec: Fileless Command Execution for Lateral Movement in Nim
Fileless Command Execution for Lateral Movement in Nim - frkngksl/NimExec
Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.
https://ift.tt/KSHUPMz
Submitted June 25, 2023 at 12:05PM by Idov31
via reddit https://ift.tt/4bHgnc2
https://ift.tt/KSHUPMz
Submitted June 25, 2023 at 12:05PM by Idov31
via reddit https://ift.tt/4bHgnc2
GitHub
GitHub - Idov31/Jormungandr: Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute…
Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel. - GitHub - Idov31/Jormungandr: Jormungandr is a kernel implementa...
Bluetooth protocol abuse allows attackers to reveal confidential information, Tarlogic researchers say.
https://ift.tt/KeFklXD
Submitted June 26, 2023 at 04:14PM by jaimeff
via reddit https://ift.tt/OTcu6mX
https://ift.tt/KeFklXD
Submitted June 26, 2023 at 04:14PM by jaimeff
via reddit https://ift.tt/OTcu6mX
Introducing DNS Analyzer: A Burp Suite extension for finding DNS vulnerabilities in web applications
https://ift.tt/cMPLRjn
Submitted June 26, 2023 at 03:46PM by The_Login
via reddit https://ift.tt/906EytK
https://ift.tt/cMPLRjn
Submitted June 26, 2023 at 03:46PM by The_Login
via reddit https://ift.tt/906EytK
SEC Consult
DNS Analyzer - Finding DNS vulnerabilities with Burp Suite
A brand-new Burp Suite extension for discovering DNS vulnerabilities in web applications.
A technical analysis of the SALTWATER backdoor used in Barracuda 0-day vulnerability (CVE-2023-2868) exploitation
https://ift.tt/9YJDISR
Submitted June 26, 2023 at 07:33PM by CyberMasterV
via reddit https://ift.tt/XOzqN6W
https://ift.tt/9YJDISR
Submitted June 26, 2023 at 07:33PM by CyberMasterV
via reddit https://ift.tt/XOzqN6W
For Science! - Using an Unimpressive Bug in EDK II to Do Some Fun Exploitation
https://ift.tt/MPnQTtU
Submitted June 27, 2023 at 02:22PM by poltess0
via reddit https://ift.tt/vQWw2Hg
https://ift.tt/MPnQTtU
Submitted June 27, 2023 at 02:22PM by poltess0
via reddit https://ift.tt/vQWw2Hg
Quarkslab
For Science! - Using an Unimpressive Bug in EDK II to Do Some Fun Exploitation
Mandiant Courses and Trainings
https://ift.tt/XgbJeND
Submitted June 27, 2023 at 02:57PM by Zomdrop
via reddit https://ift.tt/bUxc9BQ
https://ift.tt/XgbJeND
Submitted June 27, 2023 at 02:57PM by Zomdrop
via reddit https://ift.tt/bUxc9BQ
Google Cloud
Mandiant Academy training courses
Get cybersecurity training from frontline experts with hands-on learning methods for on-the-job application: private, public, and on-demand courses.
Why ORMs and Prepared Statements Can't (Always) Win (CVE-2023-28424)
https://ift.tt/dEfeF9v
Submitted June 27, 2023 at 07:13PM by monoimpact
via reddit https://ift.tt/KOe7ZyH
https://ift.tt/dEfeF9v
Submitted June 27, 2023 at 07:13PM by monoimpact
via reddit https://ift.tt/KOe7ZyH
Sonarsource
Why ORMs and Prepared Statements Can't (Always) Win
We always assume prepared statements and ORMs are enough to protect us from SQL injection, but be careful not to misuse their APIs! Let's look into a real-world case and see what we can learn from it.