GitHub Dataset Reveals Millions Potentially Vulnerable to RepoJacking
https://ift.tt/482vh1x
Submitted June 21, 2023 at 08:52PM by ilay789
via reddit https://ift.tt/8RPTzj9
https://ift.tt/482vh1x
Submitted June 21, 2023 at 08:52PM by ilay789
via reddit https://ift.tt/8RPTzj9
Aqua
GitHub Dataset Research Reveals Millions Potentially Vulnerable to RepoJacking
Millions of GitHub repositories are potentially vulnerable to RepoJacking, which if exploited may lead to code execution on environments
How To Pass AWS Certified Database – Specialty Exam
https://ift.tt/saz61fH
Submitted June 22, 2023 at 08:45AM by Intelligent_Tune_392
via reddit https://ift.tt/s6R0hxc
https://ift.tt/saz61fH
Submitted June 22, 2023 at 08:45AM by Intelligent_Tune_392
via reddit https://ift.tt/s6R0hxc
ITCertificate.Org
How To Pass AWS Certified Database – Specialty Exam
How to prepare for AWS Certified Database Specialty
Callisto - Automated Binary Vulnerability Discovery Tool
https://ift.tt/v3C2G9z
Submitted June 22, 2023 at 12:11PM by jibblz
via reddit https://ift.tt/r0tbMxj
https://ift.tt/v3C2G9z
Submitted June 22, 2023 at 12:11PM by jibblz
via reddit https://ift.tt/r0tbMxj
GitHub
GitHub - JetP1ane/Callisto: Callisto - An Intelligent Binary Vulnerability Analysis Tool
Callisto - An Intelligent Binary Vulnerability Analysis Tool - JetP1ane/Callisto
Secfault Security - LibreOffice Arbitrary File Write (CVE-2023-1883)
https://ift.tt/5GYbE49
Submitted June 22, 2023 at 01:08PM by Xadartt
via reddit https://ift.tt/bMeRj9N
https://ift.tt/5GYbE49
Submitted June 22, 2023 at 01:08PM by Xadartt
via reddit https://ift.tt/bMeRj9N
Another AWS WAF bypass allowing SQLi caused by an unorthodox MSSQL design choice
https://ift.tt/QgdepHi
Submitted June 22, 2023 at 08:00PM by obilodeau
via reddit https://ift.tt/uDi2JjH
https://ift.tt/QgdepHi
Submitted June 22, 2023 at 08:00PM by obilodeau
via reddit https://ift.tt/uDi2JjH
GoSecure
AWS WAF Clients Left Vulnerable to SQL Injection Due to Unorthodox MSSQL Design Choice - GoSecure
While doing research on Microsoft SQL (MSSQL) Server, GoSecure ethical hackers found an unorthodox design choice that ultimately led to a WAF bypass.
A brief summary about a SSTI to RCE in Bagisto
https://ift.tt/whVJGR4
Submitted June 23, 2023 at 04:41PM by sp1d3rr
via reddit https://ift.tt/yHeXhij
https://ift.tt/whVJGR4
Submitted June 23, 2023 at 04:41PM by sp1d3rr
via reddit https://ift.tt/yHeXhij
Medium
A brief summary about a SSTI to RCE in Bagisto
This is a summary of a Server Side Template Injection vulnerability found and used as RCE.
Fileless command execution for Lateral Movement in Nim
https://ift.tt/ApHc5O4
Submitted June 24, 2023 at 01:03AM by DarkGrejuva
via reddit https://ift.tt/ERzfeOZ
https://ift.tt/ApHc5O4
Submitted June 24, 2023 at 01:03AM by DarkGrejuva
via reddit https://ift.tt/ERzfeOZ
GitHub
GitHub - frkngksl/NimExec: Fileless Command Execution for Lateral Movement in Nim
Fileless Command Execution for Lateral Movement in Nim - frkngksl/NimExec
Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.
https://ift.tt/KSHUPMz
Submitted June 25, 2023 at 12:05PM by Idov31
via reddit https://ift.tt/4bHgnc2
https://ift.tt/KSHUPMz
Submitted June 25, 2023 at 12:05PM by Idov31
via reddit https://ift.tt/4bHgnc2
GitHub
GitHub - Idov31/Jormungandr: Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute…
Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel. - GitHub - Idov31/Jormungandr: Jormungandr is a kernel implementa...
Bluetooth protocol abuse allows attackers to reveal confidential information, Tarlogic researchers say.
https://ift.tt/KeFklXD
Submitted June 26, 2023 at 04:14PM by jaimeff
via reddit https://ift.tt/OTcu6mX
https://ift.tt/KeFklXD
Submitted June 26, 2023 at 04:14PM by jaimeff
via reddit https://ift.tt/OTcu6mX
Introducing DNS Analyzer: A Burp Suite extension for finding DNS vulnerabilities in web applications
https://ift.tt/cMPLRjn
Submitted June 26, 2023 at 03:46PM by The_Login
via reddit https://ift.tt/906EytK
https://ift.tt/cMPLRjn
Submitted June 26, 2023 at 03:46PM by The_Login
via reddit https://ift.tt/906EytK
SEC Consult
DNS Analyzer - Finding DNS vulnerabilities with Burp Suite
A brand-new Burp Suite extension for discovering DNS vulnerabilities in web applications.
A technical analysis of the SALTWATER backdoor used in Barracuda 0-day vulnerability (CVE-2023-2868) exploitation
https://ift.tt/9YJDISR
Submitted June 26, 2023 at 07:33PM by CyberMasterV
via reddit https://ift.tt/XOzqN6W
https://ift.tt/9YJDISR
Submitted June 26, 2023 at 07:33PM by CyberMasterV
via reddit https://ift.tt/XOzqN6W
For Science! - Using an Unimpressive Bug in EDK II to Do Some Fun Exploitation
https://ift.tt/MPnQTtU
Submitted June 27, 2023 at 02:22PM by poltess0
via reddit https://ift.tt/vQWw2Hg
https://ift.tt/MPnQTtU
Submitted June 27, 2023 at 02:22PM by poltess0
via reddit https://ift.tt/vQWw2Hg
Quarkslab
For Science! - Using an Unimpressive Bug in EDK II to Do Some Fun Exploitation
Mandiant Courses and Trainings
https://ift.tt/XgbJeND
Submitted June 27, 2023 at 02:57PM by Zomdrop
via reddit https://ift.tt/bUxc9BQ
https://ift.tt/XgbJeND
Submitted June 27, 2023 at 02:57PM by Zomdrop
via reddit https://ift.tt/bUxc9BQ
Google Cloud
Mandiant Academy training courses
Get cybersecurity training from frontline experts with hands-on learning methods for on-the-job application: private, public, and on-demand courses.
Why ORMs and Prepared Statements Can't (Always) Win (CVE-2023-28424)
https://ift.tt/dEfeF9v
Submitted June 27, 2023 at 07:13PM by monoimpact
via reddit https://ift.tt/KOe7ZyH
https://ift.tt/dEfeF9v
Submitted June 27, 2023 at 07:13PM by monoimpact
via reddit https://ift.tt/KOe7ZyH
Sonarsource
Why ORMs and Prepared Statements Can't (Always) Win
We always assume prepared statements and ORMs are enough to protect us from SQL injection, but be careful not to misuse their APIs! Let's look into a real-world case and see what we can learn from it.
Process Mockingjay: Echoing RWX In Userland To Achieve Code Execution
https://ift.tt/fGCs3zd
Submitted June 27, 2023 at 07:04PM by thewatcher_
via reddit https://ift.tt/Lq8BIKt
https://ift.tt/fGCs3zd
Submitted June 27, 2023 at 07:04PM by thewatcher_
via reddit https://ift.tt/Lq8BIKt
Security Joes
Process Mockingjay: Echoing RWX In Userland To Achieve Code Execution
Our research team is committed to continuously identifying potential security vulnerabilities and techniques that threat actors may exploit to bypass existing security controls. In this blog post, our team is detailing on a comprehensive research specifically…
ParaForge: A BurpSuite extension to create a custom word-list of endpoint and parameters for enumeration and fuzzing
https://ift.tt/HD7M24L
Submitted June 27, 2023 at 10:49PM by Ano_F
via reddit https://ift.tt/Y1ZkmFV
https://ift.tt/HD7M24L
Submitted June 27, 2023 at 10:49PM by Ano_F
via reddit https://ift.tt/Y1ZkmFV
GitHub
GitHub - Anof-cyber/ParaForge: A BurpSuite extension to create a custom word-list of endpoint and parameters for enumeration and…
A BurpSuite extension to create a custom word-list of endpoint and parameters for enumeration and fuzzing - Anof-cyber/ParaForge
A deep dive on how Camaro Dragon utilized USB flash drives to infect a EU heath system
https://ift.tt/ZqH7yvx
Submitted June 28, 2023 at 12:22AM by vampiricrogu3
via reddit https://ift.tt/TDGNI9V
https://ift.tt/ZqH7yvx
Submitted June 28, 2023 at 12:22AM by vampiricrogu3
via reddit https://ift.tt/TDGNI9V
Check Point Research
Beyond the Horizon: Traveling the World on Camaro Dragon’s USB Flash Drives - Check Point Research
Executive summary Introduction In early 2023, CPIRT investigated an incident at a European hospital. The investigation showed that the malicious activity observed was likely not targeted but was simply collateral damage from Camaro Dragon’s self-propagating…
Hashing Phone Numbers For 2-Factor Authentication
https://ift.tt/j1eoR6s
Submitted June 28, 2023 at 04:34AM by small_hole_energy
via reddit https://ift.tt/sI9Mxlo
https://ift.tt/j1eoR6s
Submitted June 28, 2023 at 04:34AM by small_hole_energy
via reddit https://ift.tt/sI9Mxlo
TheAbbie
Hashing Phone Numbers For 2-Factor Authentication
With the rise of internet and increasing risks of getting hacked, it's more than necessary nowadays that we have an extra layer of security on our accounts, since password alone is not enough. Thus, using Phone numbers for 2FA sounds much more secure, but…
Legitify’s GitHub Action now supports SARIF output, allowing GitHub users to continuously see their organization’s security misconfigurations directly in the project’s Security tab, under the “Vulnerability alerts” section
https://ift.tt/EG3as0Q
Submitted June 28, 2023 at 10:18PM by roy_6472
via reddit https://ift.tt/yvAhBS0
https://ift.tt/EG3as0Q
Submitted June 28, 2023 at 10:18PM by roy_6472
via reddit https://ift.tt/yvAhBS0
GitHub
Legitify Analyze - GitHub Marketplace
Legitify GitHub Action
CVE-2023-26258 – Authentication bypass in ArcServe UDP Backup
https://ift.tt/qCulOy9
Submitted June 28, 2023 at 11:23PM by gid0rah
via reddit https://ift.tt/NvPt4sV
https://ift.tt/qCulOy9
Submitted June 28, 2023 at 11:23PM by gid0rah
via reddit https://ift.tt/NvPt4sV
MDSec
CVE-2023-26258 - Remote Code Execution in ArcServe UDP Backup - MDSec
Overview During a recent adversary simulation, the MDSec ActiveBreach red team were performing a ransomware scenario, with a key objective set on compromising the organisation’s backup infrastructure. As part of...
Discover the Power of OSINT: 350+ Integrated Tools for Passive Online Investigation and Analysis
https://cylect.io/
Submitted June 29, 2023 at 11:15AM by safekeepsecurity
via reddit https://ift.tt/CGjpzrT
https://cylect.io/
Submitted June 29, 2023 at 11:15AM by safekeepsecurity
via reddit https://ift.tt/CGjpzrT
Cylect.io
Cylect.io, the Ultimate AI OSINT Framework
Cylect.io is the Ultimate AI OSINT Framework. Threat Hunting specific information faster with Cylect.io, the ultimate AI OSINT search engine available.