Legitify 1.0 is officially out! Armed with new enterprise-level policies to make sure your GitHub Enterprise / GitLab Server doesn't contain risky misconfigurations. Plus improved performance and stability 🚀
https://ift.tt/b5QPhmF
Submitted August 01, 2023 at 05:55PM by roy_6472
via reddit https://ift.tt/5EXuUkT
https://ift.tt/b5QPhmF
Submitted August 01, 2023 at 05:55PM by roy_6472
via reddit https://ift.tt/5EXuUkT
GitHub
GitHub - Legit-Labs/legitify: Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets
Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets - Legit-Labs/legitify
AWS IAM Persistence Methods - Hacking The Cloud
https://ift.tt/7W0ABsV
Submitted August 01, 2023 at 07:10PM by RedTermSession
via reddit https://ift.tt/24NsEmw
https://ift.tt/7W0ABsV
Submitted August 01, 2023 at 07:10PM by RedTermSession
via reddit https://ift.tt/24NsEmw
hackingthe.cloud
AWS IAM Persistence Methods - Hacking The Cloud
A catalog of methods to maintain access to the AWS control plane.
CSRFing VS Code's Debug Adapter Protocol
https://ift.tt/43i9AML
Submitted August 01, 2023 at 08:10PM by 80x25
via reddit https://ift.tt/hGxgTVW
https://ift.tt/43i9AML
Submitted August 01, 2023 at 08:10PM by 80x25
via reddit https://ift.tt/hGxgTVW
www.mcnulty.blog
CSRFing VS Code's Debug Adapter Protocol
A technical write-up for a cross-site request forgery vulnerability present in some Debug Adapter Protocol implementations. The Debug Adapter Protocol is used by VS Code and other development tools to debug programs. The write-up details the vulnerability…
Installing P4wnP1 on an LTE modem
https://ift.tt/62LDdJl
Submitted August 02, 2023 at 12:32AM by RoganDawes
via reddit https://ift.tt/2vjFsVd
https://ift.tt/62LDdJl
Submitted August 02, 2023 at 12:32AM by RoganDawes
via reddit https://ift.tt/2vjFsVd
Sensepost
SensePost | P4wnp1-lte
Leaders in Information Security
Escaping the Google kCTF Container with a Data-Only Exploit
https://ift.tt/wnTSKq4
Submitted August 02, 2023 at 03:40PM by poltess0
via reddit https://ift.tt/XOFbRCE
https://ift.tt/wnTSKq4
Submitted August 02, 2023 at 03:40PM by poltess0
via reddit https://ift.tt/XOFbRCE
The Human Machine Interface
Escaping the Google kCTF Container with a Data-Only Exploit
Introduction I’ve been doing some Linux kernel exploit development/study and vulnerability research off and on since last Fall and a few months ago I had some downtime on vacation to sit and challenge myself to write my first data-only exploit for a real…
Manager of third-party sources of Semgrep rules
https://ift.tt/DxOS7TL
Submitted August 02, 2023 at 05:14PM by iosifache
via reddit https://ift.tt/W1KD2wt
https://ift.tt/DxOS7TL
Submitted August 02, 2023 at 05:14PM by iosifache
via reddit https://ift.tt/W1KD2wt
GitHub
GitHub - iosifache/semgrep-rules-manager: Manager of third-party sources of Semgrep rules 🗂
Manager of third-party sources of Semgrep rules 🗂 - GitHub - iosifache/semgrep-rules-manager: Manager of third-party sources of Semgrep rules 🗂
CVE-2022-41924 - RCE in Tailscale, DNS Rebinding, and You
https://ift.tt/q2h9byJ
Submitted August 02, 2023 at 05:11PM by preazmiko
via reddit https://ift.tt/mWnOvgh
https://ift.tt/q2h9byJ
Submitted August 02, 2023 at 05:11PM by preazmiko
via reddit https://ift.tt/mWnOvgh
emily.id.au
CVE-2022-41924 - RCE in Tailscale, DNS Rebinding, and You
TL;DR Recommendations
Critical Zero-Day Vulnerability in Citrix NetScaler ADC and NetScaler Gateway
https://ift.tt/cmqrKLF
Submitted August 02, 2023 at 05:53PM by tapmylap
via reddit https://ift.tt/AJjuZS1
https://ift.tt/cmqrKLF
Submitted August 02, 2023 at 05:53PM by tapmylap
via reddit https://ift.tt/AJjuZS1
Rapid7
Critical Zero-Day Vulnerability in Citrix NetScaler ADC and NetScaler Gateway | Rapid7 Blog
Citrix has published a security bulletin warning users of three new vulnerabilities affecting NetScaler ADC and NetScaler Gateway.
Ports and Protocols: An In-Depth Exploration for Ethical Hacking in Networking
https://ift.tt/zTwNvUC
Submitted August 02, 2023 at 07:17PM by securnerd_02
via reddit https://ift.tt/52eXAL3
https://ift.tt/zTwNvUC
Submitted August 02, 2023 at 07:17PM by securnerd_02
via reddit https://ift.tt/52eXAL3
Codelivly
Ports and Protocols: An In-Depth Exploration for Ethical Hacking in Networking
By the end , you’ll have a solid understanding of what ports and protocols are, how they work, and why they’re so vital in the field hacking.
Vulnerability Uncovered in Salesforce’s Email Services Exploited for Phishing Facebook Accounts In-The-Wil
https://ift.tt/nLMhuJc
Submitted August 02, 2023 at 06:47PM by pinpepnet
via reddit https://ift.tt/Sye7Rqx
https://ift.tt/nLMhuJc
Submitted August 02, 2023 at 06:47PM by pinpepnet
via reddit https://ift.tt/Sye7Rqx
Medium
“PhishForce” — Vulnerability Uncovered in Salesforce’s Email Services Exploited for Phishing Facebook Accounts In-The-Wild
By Oleg Zaytsev, Nati Tal (Guardio Labs)
2023 Global Cloud Threat Report: Cloud Attacks are Lightning Fast – Sysdig
https://ift.tt/iZuSG2t
Submitted August 02, 2023 at 08:32PM by Hallow_Rose
via reddit https://ift.tt/f6kEjdJ
https://ift.tt/iZuSG2t
Submitted August 02, 2023 at 08:32PM by Hallow_Rose
via reddit https://ift.tt/f6kEjdJ
Sysdig
2023 Global Cloud Threat Report: Cloud Attacks are Lightning Fast
The second Sysdig Threat Report is packed with findings and analysis of some of the hottest cybersecurity topics this year.
CVE-2023-28130 - Command Injection in Check Point Gaia Portal
https://ift.tt/x9FVfSQ
Submitted August 03, 2023 at 12:37AM by rikvduijn
via reddit https://ift.tt/tIdX3ZB
https://ift.tt/x9FVfSQ
Submitted August 03, 2023 at 12:37AM by rikvduijn
via reddit https://ift.tt/tIdX3ZB
Pentests
CVE-2023-28130 - Command Injection in Check Point Gaia Portal
Pentests.nl has discovered a vulnerability in Check Point Gaia Portal which could be exploited to execute code on the underlying system.
GitHub - Legit-Labs/legitify: Detect and remediate misconfigurations and security risks across all your GitHub GitLab assets. Version 1.0 is out, check out the new enterprise-level policies.
https://ift.tt/kon8a9D
Submitted August 03, 2023 at 01:19AM by roy_6472
via reddit https://ift.tt/h1Mmf8w
https://ift.tt/kon8a9D
Submitted August 03, 2023 at 01:19AM by roy_6472
via reddit https://ift.tt/h1Mmf8w
GitHub
GitHub - Legit-Labs/legitify: Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets
Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets - Legit-Labs/legitify
Hook, Line, and Phishlet: Conquering AD FS with Evilginx
https://ift.tt/dlQgzHV
Submitted August 03, 2023 at 07:47AM by Acceptable-Doubt-878
via reddit https://ift.tt/1Kq7OMQ
https://ift.tt/dlQgzHV
Submitted August 03, 2023 at 07:47AM by Acceptable-Doubt-878
via reddit https://ift.tt/1Kq7OMQ
research.aurainfosec.io
Hook, Line, and Phishlet: Conquering AD FS with Evilginx
A detailed walkthrough of the process and hurdles faced in leveraging Evilginx3 to conduct a successful phishing campaign on a AD FS protected domain.
CVE-2023-33383
https://ift.tt/pm48ZoP
Submitted August 03, 2023 at 02:23PM by 9lyph
via reddit https://ift.tt/8CWHMde
https://ift.tt/pm48ZoP
Submitted August 03, 2023 at 02:23PM by 9lyph
via reddit https://ift.tt/8CWHMde
Exploit Security
CVE-2023-33383
Summary: MTE As Implemented - Google Project Zero
https://ift.tt/FrdIKZi
Submitted August 03, 2023 at 01:55PM by poltess0
via reddit https://ift.tt/TzSfNtv
https://ift.tt/FrdIKZi
Submitted August 03, 2023 at 01:55PM by poltess0
via reddit https://ift.tt/TzSfNtv
Blogspot
Summary: MTE As Implemented
By Mark Brand, Project Zero In mid-2022, Project Zero was provided with access to pre-production hardware implementing the ARM MTE specifi...
MSMQ QueueJumper (RCE Vulnerability): An In-Depth Technical Analysis
https://ift.tt/ijfZMpG
Submitted August 03, 2023 at 12:39PM by buherator
via reddit https://ift.tt/jOFPbsC
https://ift.tt/ijfZMpG
Submitted August 03, 2023 at 12:39PM by buherator
via reddit https://ift.tt/jOFPbsC
Security Intelligence
MSMQ QueueJumper (RCE Vulnerability): An In-Depth Technical Analysis
Unpack the remote code execution vulnerability impacting the Microsoft Message Queueing service — CVE-2023-21554, a.k.a. QueueJumper.
CVE-2023-33383
https://ift.tt/pm48ZoP
Submitted August 03, 2023 at 05:15PM by 9lyph
via reddit https://ift.tt/nyskVmB
https://ift.tt/pm48ZoP
Submitted August 03, 2023 at 05:15PM by 9lyph
via reddit https://ift.tt/nyskVmB
Exploit Security
CVE-2023-33383
CVE-2023-33383 - Authentication Bypass via out-of-bounds read condition in Shelly 4PM Pro relay switch
https://ift.tt/pm48ZoP
Submitted August 03, 2023 at 05:51PM by 9lyph
via reddit https://ift.tt/KQJqWmj
https://ift.tt/pm48ZoP
Submitted August 03, 2023 at 05:51PM by 9lyph
via reddit https://ift.tt/KQJqWmj
Exploit Security
CVE-2023-33383
Targeted npm Malware Attempts to Steal Company Source Code
https://ift.tt/qP5Q9Nb
Submitted August 04, 2023 at 12:44AM by louis11
via reddit https://ift.tt/k134APB
https://ift.tt/qP5Q9Nb
Submitted August 04, 2023 at 12:44AM by louis11
via reddit https://ift.tt/k134APB
Phylum
Targeted npm Malware Attempts to Steal Company Source Code and Secrets
🚨August 9, 2023 Update: This appears to be a slow, on-going attack. Since our initial report, two more packages have been identified as part of this campaign: ng-zulutrade-ssr and binarium-crm. We will provide periodic updates as we identify further publications…
Fast security review of a smart contract stablecoin
https://ift.tt/bChxlOr
Submitted August 04, 2023 at 01:28AM by kruksym
via reddit https://ift.tt/pNvdXfA
https://ift.tt/bChxlOr
Submitted August 04, 2023 at 01:28AM by kruksym
via reddit https://ift.tt/pNvdXfA
CoinFabrik
Ripio (UXD) Stablecoin Token Fast Security Review
Ripio unveils UXD on LaChain for Latin America. With LaCoin (LAC) as native, we're diving deep into security audits of the stable coin!