Accurately fingerprint and detect vulnerable (and patched!) versions of Netscaler / Citrix ADC to CVE-2023-3519
https://ift.tt/bP3actY
Submitted July 22, 2023 at 06:17AM by d4rkm0de
via reddit https://ift.tt/j59xsHF
https://ift.tt/bP3actY
Submitted July 22, 2023 at 06:17AM by d4rkm0de
via reddit https://ift.tt/j59xsHF
GitHub
GitHub - securekomodo/citrixInspector: Accurately fingerprint and detect vulnerable (and patched!) versions of Netscaler / Citrix…
Accurately fingerprint and detect vulnerable (and patched!) versions of Netscaler / Citrix ADC to CVE-2023-3519 - GitHub - securekomodo/citrixInspector: Accurately fingerprint and detect vulnerable...
Malicious NPM Packages Attributed To North Korean State Actors
https://ift.tt/WqbR9L1
Submitted July 22, 2023 at 07:12AM by louis11
via reddit https://ift.tt/LWdQtpP
https://ift.tt/WqbR9L1
Submitted July 22, 2023 at 07:12AM by louis11
via reddit https://ift.tt/LWdQtpP
Phylum
June’s Sophisticated npm Attack Attributed to North Korea
In June 2023, Phylum was the first to unearth a series of suspicious npm publications belonging to what appeared to be a highly targeted attack. The identified packages, published in pairs, required installation in a specific sequence, subsequently retrieving…
Security concerns regarding the Ethereum token standard ERC-20
https://ift.tt/nQszy2i
Submitted July 23, 2023 at 05:49AM by Dexaran
via reddit https://ift.tt/o9tgsAj
https://ift.tt/nQszy2i
Submitted July 23, 2023 at 05:49AM by Dexaran
via reddit https://ift.tt/o9tgsAj
Medium
Known problems of ERC20 token standard
ERC-20 token standard contains a major logical flaw — lack of communication model (lack of transaction handling model).
Cloud supply chain
https://ift.tt/BiKePVc
Submitted July 23, 2023 at 04:01PM by CarelessOne7933
via reddit https://ift.tt/s1G7PCE
https://ift.tt/BiKePVc
Submitted July 23, 2023 at 04:01PM by CarelessOne7933
via reddit https://ift.tt/s1G7PCE
divyanshu-mehta.gitbook.io
Hijacking Cloud CI/CD Systems for Fun and Profit | Researchs
This research details a new technique that can be used by threat actors for supply chain attacks on open-source repositories using GCP, Azure and AWS.
Okta Logs Decoded: Okta Logs Threat Hunting Guide
https://ift.tt/2ipuB89
Submitted July 23, 2023 at 07:50PM by Or1rez
via reddit https://ift.tt/kyIgSQ5
https://ift.tt/2ipuB89
Submitted July 23, 2023 at 07:50PM by Or1rez
via reddit https://ift.tt/kyIgSQ5
Rezonate
Okta Logs Decoded: Unveiling Identity Threats Through Threat Hunting - Rezonate
Technical
254 Custom BloodHound Cyphers
https://ift.tt/QSi0pes
Submitted July 23, 2023 at 11:06PM by edreatingmonkey
via reddit https://ift.tt/rpEYQfm
https://ift.tt/QSi0pes
Submitted July 23, 2023 at 11:06PM by edreatingmonkey
via reddit https://ift.tt/rpEYQfm
GitHub
cypherhound/customqueries.json at main · fin3ss3g0d/cypherhound
Python3 terminal application that contains 400 Neo4j cyphers for BloodHound data sets and 383 GUI cyphers - fin3ss3g0d/cypherhound
Securing PyTorch Models with eBPF
https://ift.tt/vlKAJMZ
Submitted July 24, 2023 at 01:58PM by cov_id19
via reddit https://ift.tt/Yjz2AwE
https://ift.tt/vlKAJMZ
Submitted July 24, 2023 at 01:58PM by cov_id19
via reddit https://ift.tt/Yjz2AwE
Medium
Secure PyTorch Models with eBPF
This article was not generated by GPT
Analysis of CVE-2023-3519 in Citrix ADC and NetScaler Gateway (Part 2)
https://ift.tt/DJmokKZ
Submitted July 24, 2023 at 05:02PM by Mempodipper
via reddit https://ift.tt/Ejp5U1Q
https://ift.tt/DJmokKZ
Submitted July 24, 2023 at 05:02PM by Mempodipper
via reddit https://ift.tt/Ejp5U1Q
Unauthenticated RCE chain on Apache OpenMeetings
https://ift.tt/vJdONRA
Submitted July 24, 2023 at 05:52PM by monoimpact
via reddit https://ift.tt/hV5Guo6
https://ift.tt/vJdONRA
Submitted July 24, 2023 at 05:52PM by monoimpact
via reddit https://ift.tt/hV5Guo6
Sonarsource
A Twist in the Code: OpenMeetings Vulnerabilities through Unexpected Application State
Unexpected application states are often overlooked and can introduce severe security vulnerabilities. Read more about this real-world example.
Zenbleed: A use-after-free in AMD Zen2 processors (CVE-2023-20593)
https://ift.tt/hBA93uf
Submitted July 24, 2023 at 08:17PM by Worldly_Topic
via reddit https://ift.tt/K09SXPl
https://ift.tt/hBA93uf
Submitted July 24, 2023 at 08:17PM by Worldly_Topic
via reddit https://ift.tt/K09SXPl
Cmpxchg8B
Zenbleed
My talk regarding windows kernel development
https://www.youtube.com/watch?app=desktop&v=CVJmGfElqw0&list=PLkNlAwTF5yEuFqzHOirH6xxYsnqBNlNfY&index=15
Submitted July 24, 2023 at 08:58PM by Idov31
via reddit https://ift.tt/3vQwsXg
https://www.youtube.com/watch?app=desktop&v=CVJmGfElqw0&list=PLkNlAwTF5yEuFqzHOirH6xxYsnqBNlNfY&index=15
Submitted July 24, 2023 at 08:58PM by Idov31
via reddit https://ift.tt/3vQwsXg
YouTube
Ido Veltzman - (Lady|)Lord Of The Ring
Ido Veltzman speaking at BSidesTLV 2023: (Lady|)Lord Of The Ring
Persistence via Shell Extensions
https://ift.tt/leBWEwq
Submitted July 25, 2023 at 12:02AM by NecessaryDark3283
via reddit https://ift.tt/tHzp25s
https://ift.tt/leBWEwq
Submitted July 25, 2023 at 12:02AM by NecessaryDark3283
via reddit https://ift.tt/tHzp25s
GitHub
GitHub - aahmad097/Test004: Persistence via Shell Extensions
Persistence via Shell Extensions. Contribute to aahmad097/Test004 development by creating an account on GitHub.
EchoCLI: A tethered root solution for the Amazon Echo Dot 2nd generation
https://ift.tt/FVaJq4u
Submitted July 25, 2023 at 01:59AM by Titokhan
via reddit https://ift.tt/OhQIpln
https://ift.tt/FVaJq4u
Submitted July 25, 2023 at 01:59AM by Titokhan
via reddit https://ift.tt/OhQIpln
dragon863.github.io
Dragon863 - Rooting the Amazon Echo Dot
Gaining a temporary root on the Amazon echo dot 2nd generation.
CVE-2023-35086 POC - ASUS routers format string vulnerability
https://ift.tt/9PSzfsX
Submitted July 25, 2023 at 07:13AM by NoPaleontologist7419
via reddit https://ift.tt/Z4BXzOL
https://ift.tt/9PSzfsX
Submitted July 25, 2023 at 07:13AM by NoPaleontologist7419
via reddit https://ift.tt/Z4BXzOL
GitHub
GitHub - tin-z/CVE-2023-35086-POC: POC of CVE-2023-35086 only DoS
POC of CVE-2023-35086 only DoS. Contribute to tin-z/CVE-2023-35086-POC development by creating an account on GitHub.
Introduction to Cross-Site Leaks (XS-Leaks) – Attacks and Mitigations
https://ift.tt/3P9Hu2w
Submitted July 25, 2023 at 02:13PM by CptWin_NZ
via reddit https://ift.tt/E2DvU16
https://ift.tt/3P9Hu2w
Submitted July 25, 2023 at 02:13PM by CptWin_NZ
via reddit https://ift.tt/E2DvU16
New release of EMBA version 1.3.0 is now available. AI-Assisted firmware analysis is now integrated into the fully automated Open-Source firmware security analyzer EMBA.
https://ift.tt/cZpAPB6
Submitted July 25, 2023 at 04:36PM by _m-1-k-3_
via reddit https://ift.tt/Mmdw92v
https://ift.tt/cZpAPB6
Submitted July 25, 2023 at 04:36PM by _m-1-k-3_
via reddit https://ift.tt/Mmdw92v
GitHub
Release EMBA v1.3.0 - AI-Assisted Firmware Analysis · e-m-b-a/emba
Q: Can we use AI for firmware analysis?
A: Sure, let's do it! EMBA now supports AI-assisted firmware analysis.
Again, we rise the bar in the field of Open-Source firmware security analysis. ...
A: Sure, let's do it! EMBA now supports AI-assisted firmware analysis.
Again, we rise the bar in the field of Open-Source firmware security analysis. ...
Exploiting MikroTik RouterOS Hardware
https://ift.tt/QxGqFAg
Submitted July 25, 2023 at 04:41PM by chicksdigthelongrun
via reddit https://ift.tt/fJA0PxL
https://ift.tt/QxGqFAg
Submitted July 25, 2023 at 04:41PM by chicksdigthelongrun
via reddit https://ift.tt/fJA0PxL
VulnCheck
Exploiting MikroTik RouterOS Hardware with CVE-2023-30799 - Blog - VulnCheck
VulnCheck develops an exploit that gets a root shell on MikroTik RouterOS.
Zenbleed Vulnerability Affects AMD Zen2 Processors, Sensitive Data at Risk
https://ift.tt/tTa70NU
Submitted July 25, 2023 at 10:36PM by KindooGaming
via reddit https://ift.tt/jh3gHTw
https://ift.tt/tTa70NU
Submitted July 25, 2023 at 10:36PM by KindooGaming
via reddit https://ift.tt/jh3gHTw
RFC 9420: The Messaging Layer Security (MLS) Protocol
https://ift.tt/bFJDM5k
Submitted July 26, 2023 at 12:19AM by moofali
via reddit https://ift.tt/zvKI5XY
https://ift.tt/bFJDM5k
Submitted July 26, 2023 at 12:19AM by moofali
via reddit https://ift.tt/zvKI5XY
IETF Datatracker
RFC 9420: The Messaging Layer Security (MLS) Protocol
Messaging applications are increasingly making use of end-to-end security mechanisms to ensure that messages are only accessible to the communicating endpoints, and not to any servers involved in delivering messages. Establishing keys to provide such protections…
Critical Vulnerabilities Discovered in Global TETRA Communication Standard Used by Law Enforcement and Critical Infrastructure
https://ift.tt/wNCGAZd
Submitted July 25, 2023 at 11:44PM by Errol_dont_care
via reddit https://ift.tt/RhVEvGN
https://ift.tt/wNCGAZd
Submitted July 25, 2023 at 11:44PM by Errol_dont_care
via reddit https://ift.tt/RhVEvGN
The Black Box of GitHub Leaks: Analyzing Companies' GitHub Repos
https://ift.tt/LFmICtv
Submitted July 26, 2023 at 12:57AM by bartukilic
via reddit https://ift.tt/CvFdK6h
https://ift.tt/LFmICtv
Submitted July 26, 2023 at 12:57AM by bartukilic
via reddit https://ift.tt/CvFdK6h
SOCRadar® Cyber Intelligence Inc.
The Black Box of GitHub Leaks: Analyzing Companies' GitHub Repos - SOCRadar® Cyber Intelligence Inc.
This research aimed to investigate the files that companies might have accidentally uploaded to GitHub and identify any sensitive information that could be