Attacking GraphQL APIs
https://ift.tt/yur0hVG
Submitted June 30, 2023 at 12:59PM by albinowax
via reddit https://ift.tt/hl4SuZi
https://ift.tt/yur0hVG
Submitted June 30, 2023 at 12:59PM by albinowax
via reddit https://ift.tt/hl4SuZi
portswigger.net
GraphQL API vulnerabilities | Web Security Academy
GraphQL vulnerabilities generally arise due to implementation and design flaws. For example, the introspection feature may be left active, enabling ...
Huobi's Leaky Bucket Risked Massive Crypto Breach
https://ift.tt/GdAFq4H
Submitted June 30, 2023 at 04:39PM by aaron_devops
via reddit https://ift.tt/83ApfoZ
https://ift.tt/GdAFq4H
Submitted June 30, 2023 at 04:39PM by aaron_devops
via reddit https://ift.tt/83ApfoZ
Reversing Citrix Gateway for XSS
https://ift.tt/3JvXHpx
Submitted June 30, 2023 at 08:09PM by albinowax
via reddit https://ift.tt/42Cj9Kb
https://ift.tt/3JvXHpx
Submitted June 30, 2023 at 08:09PM by albinowax
via reddit https://ift.tt/42Cj9Kb
How I Hacked CASIO F-91W digital watch - Bringing NFC contactless payment capability to a true classic.
https://ift.tt/j4Fefk5
Submitted July 01, 2023 at 07:22PM by matteopisani
via reddit https://ift.tt/s5hWRN0
https://ift.tt/j4Fefk5
Submitted July 01, 2023 at 07:22PM by matteopisani
via reddit https://ift.tt/s5hWRN0
Medium
How I Hacked CASIO F-91W digital watch
Bringing NFC contactless payment capability to a true classic.
Retreading The AMLogic A113X TrustZone Exploit Process
https://ift.tt/QghTCxY
Submitted July 01, 2023 at 10:34PM by BoredPentester
via reddit https://ift.tt/UC3jlx4
https://ift.tt/QghTCxY
Submitted July 01, 2023 at 10:34PM by BoredPentester
via reddit https://ift.tt/UC3jlx4
Bored Pentester
Retreading The AMLogic A113X TrustZone Exploit Process - Bored Pentester
Back in December 2022, Blasty published his research noscriptd ‘Dumping the Amlogic A113X Bootrom‘. Feeling inspired, and having a keen interest in embedded device security testing, secure boot and Trustzone research, I thought it might be fun to follow along…
Fully Undetected shellcode loader featuring EDR killer PoC
https://ift.tt/D0gkeC3
Submitted July 02, 2023 at 04:39PM by florilsk
via reddit https://ift.tt/4hUkSL9
https://ift.tt/D0gkeC3
Submitted July 02, 2023 at 04:39PM by florilsk
via reddit https://ift.tt/4hUkSL9
GitHub
GitHub - florylsk/RecycledInjector: Native Syscalls Shellcode Injector
Native Syscalls Shellcode Injector. Contribute to florylsk/RecycledInjector development by creating an account on GitHub.
Technical Details of CVE-2023-30990 - Unauthenticated RCE in IBM i DDM Service
https://ift.tt/I6akiQg
Submitted July 03, 2023 at 05:19PM by buherator
via reddit https://ift.tt/mJSjy9d
https://ift.tt/I6akiQg
Submitted July 03, 2023 at 05:19PM by buherator
via reddit https://ift.tt/mJSjy9d
Silent Signal Techblog
Technical Details of CVE-2023-30990 - Unauthenticated RCE in IBM i DDM Service
Because we can!
Desuperpacking Meta Superpacked APKs
https://ift.tt/Q6l4JsK
Submitted July 03, 2023 at 05:44PM by onlinereadme
via reddit https://ift.tt/EqsOYif
https://ift.tt/Q6l4JsK
Submitted July 03, 2023 at 05:44PM by onlinereadme
via reddit https://ift.tt/EqsOYif
clearbluejar
Desuperpacking Meta Superpacked APKs
Superpacking is a method of optimal binary compression developed by Meta to help reduce the size of their Android APKs. This compression for APKs makes sense for reducing network traffic required for distribution, but becomes an issue when trying to recover…
CISA Launches CyberSentry. A CISA-managed threat detection and monitoring capability. Anyone else think this is a terrible idea?
https://ift.tt/vfGJMFQ
Submitted July 03, 2023 at 06:17PM by MMK033
via reddit https://ift.tt/jyXW3qg
https://ift.tt/vfGJMFQ
Submitted July 03, 2023 at 06:17PM by MMK033
via reddit https://ift.tt/jyXW3qg
Find DLLs with RWX sections
https://ift.tt/FEqHR1Q
Submitted July 03, 2023 at 10:54PM by oldboy21
via reddit https://ift.tt/3N7zTZK
https://ift.tt/FEqHR1Q
Submitted July 03, 2023 at 10:54PM by oldboy21
via reddit https://ift.tt/3N7zTZK
GitHub
GitHub - oldboy21/JayFinder: Find DLLs with RWX section
Find DLLs with RWX section. Contribute to oldboy21/JayFinder development by creating an account on GitHub.
Open Source CSP Report Listener
https://ift.tt/1eH38vG
Submitted July 04, 2023 at 01:39AM by LawfulnessFlat9560
via reddit https://ift.tt/xg56Y0r
https://ift.tt/1eH38vG
Submitted July 04, 2023 at 01:39AM by LawfulnessFlat9560
via reddit https://ift.tt/xg56Y0r
GitHub
GitHub - metlo-labs/csp-report-listener
Contribute to metlo-labs/csp-report-listener development by creating an account on GitHub.
TeamsPhisher: Send phishing messages and attachments to Microsoft Teams users
https://ift.tt/6inJW1B
Submitted July 04, 2023 at 06:06AM by DrinkMoreCodeMore
via reddit https://ift.tt/i4vZdTC
https://ift.tt/6inJW1B
Submitted July 04, 2023 at 06:06AM by DrinkMoreCodeMore
via reddit https://ift.tt/i4vZdTC
GitHub
GitHub - Octoberfest7/TeamsPhisher: Send phishing messages and attachments to Microsoft Teams users
Send phishing messages and attachments to Microsoft Teams users - Octoberfest7/TeamsPhisher
Use Case of ASM for Vulnerability Detection
https://ift.tt/eQP24iN
Submitted July 04, 2023 at 11:23AM by talentSA112200
via reddit https://ift.tt/a2NxTJY
https://ift.tt/eQP24iN
Submitted July 04, 2023 at 11:23AM by talentSA112200
via reddit https://ift.tt/a2NxTJY
CIP Blog
Vulnerability Detection Using Attack Surface Management: Criminal IP ASM Use Case (1) | CIP Blog
Attack Surface Management (ASM) is the proactive practice of identifying and managing the potential attack surface of an organization's IT assets to prevent and mitigate potential attacks by hackers. It is essential to minimize the exposure of valuable assets…
A reminder to test the CVSS 4.0 while it matters!
https://ift.tt/dkemG2H
Submitted July 04, 2023 at 12:41PM by forgetful_12345
via reddit https://ift.tt/Kmj7VqN
https://ift.tt/dkemG2H
Submitted July 04, 2023 at 12:41PM by forgetful_12345
via reddit https://ift.tt/Kmj7VqN
FIRST — Forum of Incident Response and Security Teams
Common Vulnerability Scoring System Version 4.0 Calculator
A reminder to test the CVSS 4.0 calculator while it matters.
https://ift.tt/dkemG2H
Submitted July 04, 2023 at 12:59PM by forgetful_12345
via reddit https://ift.tt/a9ptJ38
https://ift.tt/dkemG2H
Submitted July 04, 2023 at 12:59PM by forgetful_12345
via reddit https://ift.tt/a9ptJ38
FIRST — Forum of Incident Response and Security Teams
Common Vulnerability Scoring System Version 4.0 Calculator
[CVE-2022-43684] - Insecure Access Control to Full Administrator Takeover in ServiceNow Instances
https://ift.tt/m3I8PEK
Submitted July 04, 2023 at 12:01PM by Rezk0n_
via reddit https://ift.tt/hwBejrZ
https://ift.tt/m3I8PEK
Submitted July 04, 2023 at 12:01PM by Rezk0n_
via reddit https://ift.tt/hwBejrZ
R3zk0n
ServiceNow Insecure Access Control To Full Admin Takeover
ServiceNow Insecure Access Control leading to Administrator Account Takeover - CVE-2022-43684
Extracting Bitwarden master passwords after a vault is locked
https://ift.tt/S6flcNq
Submitted July 04, 2023 at 02:36PM by markuta
via reddit https://ift.tt/wEnHriq
https://ift.tt/S6flcNq
Submitted July 04, 2023 at 02:36PM by markuta
via reddit https://ift.tt/wEnHriq
Hexiosec
Hunting for Bitwarden master passwords stored in memory | Hexiosec Blogs
We discovered a vulnerability in the Bitwarden desktop app that exposed master passwords in the memory after a vault had been locked.
Hacking Back Infrastructure Used in Facebook Phishing Attack Chain
https://ift.tt/zKODegc
Submitted July 04, 2023 at 02:45PM by zdl007
via reddit https://ift.tt/ceO0hTN
https://ift.tt/zKODegc
Submitted July 04, 2023 at 02:45PM by zdl007
via reddit https://ift.tt/ceO0hTN
Zeroday.PRO
Hacking Back Infrastructure Used in Facebook Phishing Attack Chain
Our team of security experts will provide an exclusive glimpse into the phishing emails used in Facebook Phishing Campaign.
Hunting for Nginx Alias Traversals in the wild
https://ift.tt/G69k5hX
Submitted July 04, 2023 at 03:59PM by albinowax
via reddit https://ift.tt/sbOvloz
https://ift.tt/G69k5hX
Submitted July 04, 2023 at 03:59PM by albinowax
via reddit https://ift.tt/sbOvloz
Hakai
Vulnerability Research
Clop Ransomware and MoveIT CVE: Ransomware: History, Timeline, And Adversary Simulation - FourCore
https://ift.tt/RPZ5OAU
Submitted July 05, 2023 at 01:48AM by achilles4828
via reddit https://ift.tt/zCj0M4x
https://ift.tt/RPZ5OAU
Submitted July 05, 2023 at 01:48AM by achilles4828
via reddit https://ift.tt/zCj0M4x
Clop Ransomware: History, Timeline, And Adversary Simulation
https://ift.tt/TjSoxbQ
Submitted July 05, 2023 at 01:49PM by achilles4828
via reddit https://ift.tt/cHm1Wai
https://ift.tt/TjSoxbQ
Submitted July 05, 2023 at 01:49PM by achilles4828
via reddit https://ift.tt/cHm1Wai
FourCore
Clop Ransomware: History, Timeline, And Adversary Simulation - FourCore
The infamous Clop ransomware, mainly known as Cl0p, targets various industries and organizations, extorting data for a huge amount of ransom. It advances actively with new emerging campaigns. This blog walks through the Clop timeline, Mitre TTPs and their…