Legitify’s GitHub Action now supports SARIF output, allowing GitHub users to continuously see their organization’s security misconfigurations directly in the project’s Security tab, under the “Vulnerability alerts” section
https://ift.tt/EG3as0Q
Submitted June 28, 2023 at 10:18PM by roy_6472
via reddit https://ift.tt/yvAhBS0
https://ift.tt/EG3as0Q
Submitted June 28, 2023 at 10:18PM by roy_6472
via reddit https://ift.tt/yvAhBS0
GitHub
Legitify Analyze - GitHub Marketplace
Legitify GitHub Action
CVE-2023-26258 – Authentication bypass in ArcServe UDP Backup
https://ift.tt/qCulOy9
Submitted June 28, 2023 at 11:23PM by gid0rah
via reddit https://ift.tt/NvPt4sV
https://ift.tt/qCulOy9
Submitted June 28, 2023 at 11:23PM by gid0rah
via reddit https://ift.tt/NvPt4sV
MDSec
CVE-2023-26258 - Remote Code Execution in ArcServe UDP Backup - MDSec
Overview During a recent adversary simulation, the MDSec ActiveBreach red team were performing a ransomware scenario, with a key objective set on compromising the organisation’s backup infrastructure. As part of...
Discover the Power of OSINT: 350+ Integrated Tools for Passive Online Investigation and Analysis
https://cylect.io/
Submitted June 29, 2023 at 11:15AM by safekeepsecurity
via reddit https://ift.tt/CGjpzrT
https://cylect.io/
Submitted June 29, 2023 at 11:15AM by safekeepsecurity
via reddit https://ift.tt/CGjpzrT
Cylect.io
Cylect.io, the Ultimate AI OSINT Framework
Cylect.io is the Ultimate AI OSINT Framework. Threat Hunting specific information faster with Cylect.io, the ultimate AI OSINT search engine available.
Frida 16.1.0 is out w/ a brand new backend that supports instrumenting barebone targets — ranging from microcontrollers all the way to the iOS kernel on Corellium, allowing you to instantly inject your own Rust code and insert inline hooks
https://ift.tt/mx5vdOT
Submitted June 29, 2023 at 04:04PM by oleavr
via reddit https://ift.tt/gkLYHcP
https://ift.tt/mx5vdOT
Submitted June 29, 2023 at 04:04PM by oleavr
via reddit https://ift.tt/gkLYHcP
Frida • A world-class dynamic instrumentation toolkit
Frida 16.1.0 Released
Observe and reprogram running programs on Windows, macOS, GNU/Linux, iOS, watchOS, tvOS, Android, FreeBSD, and QNX
Finding Gadgets for CPU Side-Channels with Static Analysis Tools
https://ift.tt/rF2nPBy
Submitted June 29, 2023 at 03:48PM by poltess0
via reddit https://ift.tt/iWFPzrq
https://ift.tt/rF2nPBy
Submitted June 29, 2023 at 03:48PM by poltess0
via reddit https://ift.tt/iWFPzrq
GitHub
security-research/pocs/cpus/spectre-gadgets/README.md at master · google/security-research
This project hosts security advisories and their accompanying proof-of-concepts related to research conducted at Google which impact non-Google owned code. - google/security-research
0-day vulnerability found in Netskope leading to a Local Privilege Escalation.
https://ift.tt/wAbnNJf
Submitted June 29, 2023 at 05:40PM by luci_morningstart
via reddit https://ift.tt/xiyzLD6
https://ift.tt/wAbnNJf
Submitted June 29, 2023 at 05:40PM by luci_morningstart
via reddit https://ift.tt/xiyzLD6
Technical whitepaper: Everyone Knows SAP®, Everyone Uses SAP, Everyone Uses RFC, No One Knows RFC: From RFC to RCE 16 Years Later
https://ift.tt/pXasQGB
Submitted June 29, 2023 at 07:26PM by 0x9000
via reddit https://ift.tt/XIpRJk0
https://ift.tt/pXasQGB
Submitted June 29, 2023 at 07:26PM by 0x9000
via reddit https://ift.tt/XIpRJk0
Hacking Auto-GPT and escaping its docker container
https://ift.tt/MRbSsHU
Submitted June 29, 2023 at 08:14PM by albinowax
via reddit https://ift.tt/8AgVxBY
https://ift.tt/MRbSsHU
Submitted June 29, 2023 at 08:14PM by albinowax
via reddit https://ift.tt/8AgVxBY
positive.security
Hacking Auto-GPT and escaping its docker container | Positive Security
We leverage indirect prompt injection to trick Auto-GPT (GPT-4) into executing arbitrary code when it is asked to perform a seemingly harmless task such as text summarization on a malicious website, and discovered vulnerabilities that allow escaping its sandboxed…
Introducing route-detect: find authentication and authorization bugs in web application routes
https://ift.tt/cVxjB7M
Submitted June 29, 2023 at 08:05PM by Schwag
via reddit https://ift.tt/Y8cqo6Z
https://ift.tt/cVxjB7M
Submitted June 29, 2023 at 08:05PM by Schwag
via reddit https://ift.tt/Y8cqo6Z
GitHub
GitHub - mschwager/route-detect: Find authentication (authn) and authorization (authz) security bugs in web application routes.
Find authentication (authn) and authorization (authz) security bugs in web application routes. - mschwager/route-detect
NoMoreCookies: Protection against stealers/rats
https://ift.tt/3cUMwAn
Submitted June 30, 2023 at 06:56AM by AhmedMinegames
via reddit https://ift.tt/GSfH92J
https://ift.tt/3cUMwAn
Submitted June 30, 2023 at 06:56AM by AhmedMinegames
via reddit https://ift.tt/GSfH92J
GitHub
GitHub - AdvDebug/NoMoreCookies: Browser Protector against various stealers, written in C# & C/C++.
Browser Protector against various stealers, written in C# & C/C++. - AdvDebug/NoMoreCookies
Attacking GraphQL APIs
https://ift.tt/yur0hVG
Submitted June 30, 2023 at 12:59PM by albinowax
via reddit https://ift.tt/hl4SuZi
https://ift.tt/yur0hVG
Submitted June 30, 2023 at 12:59PM by albinowax
via reddit https://ift.tt/hl4SuZi
portswigger.net
GraphQL API vulnerabilities | Web Security Academy
GraphQL vulnerabilities generally arise due to implementation and design flaws. For example, the introspection feature may be left active, enabling ...
Huobi's Leaky Bucket Risked Massive Crypto Breach
https://ift.tt/GdAFq4H
Submitted June 30, 2023 at 04:39PM by aaron_devops
via reddit https://ift.tt/83ApfoZ
https://ift.tt/GdAFq4H
Submitted June 30, 2023 at 04:39PM by aaron_devops
via reddit https://ift.tt/83ApfoZ
Reversing Citrix Gateway for XSS
https://ift.tt/3JvXHpx
Submitted June 30, 2023 at 08:09PM by albinowax
via reddit https://ift.tt/42Cj9Kb
https://ift.tt/3JvXHpx
Submitted June 30, 2023 at 08:09PM by albinowax
via reddit https://ift.tt/42Cj9Kb
How I Hacked CASIO F-91W digital watch - Bringing NFC contactless payment capability to a true classic.
https://ift.tt/j4Fefk5
Submitted July 01, 2023 at 07:22PM by matteopisani
via reddit https://ift.tt/s5hWRN0
https://ift.tt/j4Fefk5
Submitted July 01, 2023 at 07:22PM by matteopisani
via reddit https://ift.tt/s5hWRN0
Medium
How I Hacked CASIO F-91W digital watch
Bringing NFC contactless payment capability to a true classic.
Retreading The AMLogic A113X TrustZone Exploit Process
https://ift.tt/QghTCxY
Submitted July 01, 2023 at 10:34PM by BoredPentester
via reddit https://ift.tt/UC3jlx4
https://ift.tt/QghTCxY
Submitted July 01, 2023 at 10:34PM by BoredPentester
via reddit https://ift.tt/UC3jlx4
Bored Pentester
Retreading The AMLogic A113X TrustZone Exploit Process - Bored Pentester
Back in December 2022, Blasty published his research noscriptd ‘Dumping the Amlogic A113X Bootrom‘. Feeling inspired, and having a keen interest in embedded device security testing, secure boot and Trustzone research, I thought it might be fun to follow along…
Fully Undetected shellcode loader featuring EDR killer PoC
https://ift.tt/D0gkeC3
Submitted July 02, 2023 at 04:39PM by florilsk
via reddit https://ift.tt/4hUkSL9
https://ift.tt/D0gkeC3
Submitted July 02, 2023 at 04:39PM by florilsk
via reddit https://ift.tt/4hUkSL9
GitHub
GitHub - florylsk/RecycledInjector: Native Syscalls Shellcode Injector
Native Syscalls Shellcode Injector. Contribute to florylsk/RecycledInjector development by creating an account on GitHub.
Technical Details of CVE-2023-30990 - Unauthenticated RCE in IBM i DDM Service
https://ift.tt/I6akiQg
Submitted July 03, 2023 at 05:19PM by buherator
via reddit https://ift.tt/mJSjy9d
https://ift.tt/I6akiQg
Submitted July 03, 2023 at 05:19PM by buherator
via reddit https://ift.tt/mJSjy9d
Silent Signal Techblog
Technical Details of CVE-2023-30990 - Unauthenticated RCE in IBM i DDM Service
Because we can!
Desuperpacking Meta Superpacked APKs
https://ift.tt/Q6l4JsK
Submitted July 03, 2023 at 05:44PM by onlinereadme
via reddit https://ift.tt/EqsOYif
https://ift.tt/Q6l4JsK
Submitted July 03, 2023 at 05:44PM by onlinereadme
via reddit https://ift.tt/EqsOYif
clearbluejar
Desuperpacking Meta Superpacked APKs
Superpacking is a method of optimal binary compression developed by Meta to help reduce the size of their Android APKs. This compression for APKs makes sense for reducing network traffic required for distribution, but becomes an issue when trying to recover…
CISA Launches CyberSentry. A CISA-managed threat detection and monitoring capability. Anyone else think this is a terrible idea?
https://ift.tt/vfGJMFQ
Submitted July 03, 2023 at 06:17PM by MMK033
via reddit https://ift.tt/jyXW3qg
https://ift.tt/vfGJMFQ
Submitted July 03, 2023 at 06:17PM by MMK033
via reddit https://ift.tt/jyXW3qg
Find DLLs with RWX sections
https://ift.tt/FEqHR1Q
Submitted July 03, 2023 at 10:54PM by oldboy21
via reddit https://ift.tt/3N7zTZK
https://ift.tt/FEqHR1Q
Submitted July 03, 2023 at 10:54PM by oldboy21
via reddit https://ift.tt/3N7zTZK
GitHub
GitHub - oldboy21/JayFinder: Find DLLs with RWX section
Find DLLs with RWX section. Contribute to oldboy21/JayFinder development by creating an account on GitHub.
Open Source CSP Report Listener
https://ift.tt/1eH38vG
Submitted July 04, 2023 at 01:39AM by LawfulnessFlat9560
via reddit https://ift.tt/xg56Y0r
https://ift.tt/1eH38vG
Submitted July 04, 2023 at 01:39AM by LawfulnessFlat9560
via reddit https://ift.tt/xg56Y0r
GitHub
GitHub - metlo-labs/csp-report-listener
Contribute to metlo-labs/csp-report-listener development by creating an account on GitHub.