Getting into AWS cloud security research as a n00bcake
https://ift.tt/4h9MWov
Submitted August 30, 2023 at 03:58AM by ScottContini
via reddit https://ift.tt/590AFfD
https://ift.tt/4h9MWov
Submitted August 30, 2023 at 03:58AM by ScottContini
via reddit https://ift.tt/590AFfD
Thousands of Organizations Vulnerable to Subdomain Hijacking
https://ift.tt/agX6j9J
Submitted August 30, 2023 at 12:01PM by ma-ni
via reddit https://ift.tt/pQSDaYK
https://ift.tt/agX6j9J
Submitted August 30, 2023 at 12:01PM by ma-ni
via reddit https://ift.tt/pQSDaYK
Diving into Starlink's User Terminal Firmware
https://ift.tt/bTLIhOi
Submitted August 30, 2023 at 02:07PM by guedou
via reddit https://ift.tt/rPlcZIz
https://ift.tt/bTLIhOi
Submitted August 30, 2023 at 02:07PM by guedou
via reddit https://ift.tt/rPlcZIz
Quarkslab
Diving into Starlink's User Terminal Firmware
Analysis of Obfuscation Techniques Found in Apple FairPlay
https://ift.tt/S1AxmI2
Submitted August 30, 2023 at 02:56PM by nicolodev
via reddit https://ift.tt/A2VF94C
https://ift.tt/S1AxmI2
Submitted August 30, 2023 at 02:56PM by nicolodev
via reddit https://ift.tt/A2VF94C
nicolo.dev
Analysis of Obfuscations Found in Apple FairPlay
FairPlay comprises a set of algorithms created by Apple for digital rights management (also called DRM, digital rights management). FairPlay is currently used to manage the decryption of iOS applications during their installation on Apple devices. In fact…
Extending Burp Suite for fun and profit - The Montoya way - Part 4
https://ift.tt/qITNfnH
Submitted August 30, 2023 at 04:04PM by 0xdea
via reddit https://ift.tt/UQM1xvh
https://ift.tt/qITNfnH
Submitted August 30, 2023 at 04:04PM by 0xdea
via reddit https://ift.tt/UQM1xvh
hn security
Extending Burp Suite for fun and profit - The Montoya way - Part 4 - hn security
Setting up the environment + Hello […]
nvflashk - Flash any BIOS to NVIDIA GPUs - Safe board ID bypass up to 4xxx series
https://ift.tt/0SUrLze
Submitted August 30, 2023 at 03:53PM by hardenedvault
via reddit https://ift.tt/K2azq3J
https://ift.tt/0SUrLze
Submitted August 30, 2023 at 03:53PM by hardenedvault
via reddit https://ift.tt/K2azq3J
GitHub
GitHub - notfromstatefarm/nvflashk: Flash (almost) any vBIOS to (almost) any nVIDIA GPU
Flash (almost) any vBIOS to (almost) any nVIDIA GPU - notfromstatefarm/nvflashk
NetHunter Hacker VIII: Wi-Fi hacking using wifite, deauthentication and wardriving
https://ift.tt/Kdz4hr7
Submitted August 30, 2023 at 05:27PM by barakadua131
via reddit https://ift.tt/PHGUFyh
https://ift.tt/Kdz4hr7
Submitted August 30, 2023 at 05:27PM by barakadua131
via reddit https://ift.tt/PHGUFyh
Mobile Hacker
NetHunter Hacker VIII: Wi-Fi hacking using wifite, deauthentication and wardriving Mobile Hacker
This blog will provide you with information on the several techniques and tools used to attack Wi-Fi networks using NetHunter app. We'll talk about the various tools such as the wifite, shed light on the deauthentication attack technique, and explore the…
Anti-Deepfake Proposal
https://ift.tt/yoT67Um
Submitted August 30, 2023 at 07:14PM by endless
via reddit https://ift.tt/uUv7KjX
https://ift.tt/yoT67Um
Submitted August 30, 2023 at 07:14PM by endless
via reddit https://ift.tt/uUv7KjX
Openai
ChatGPT
A conversational AI system that listens, learns, and challenges
Bypassing Defender’s LSASS dump detection and PPL protection In Go
https://ift.tt/T563CGq
Submitted August 30, 2023 at 10:30PM by tasty-pepperoni
via reddit https://ift.tt/P7p2ELA
https://ift.tt/T563CGq
Submitted August 30, 2023 at 10:30PM by tasty-pepperoni
via reddit https://ift.tt/P7p2ELA
GitHub
GitHub - tastypepperoni/PPLBlade: Protected Process Dumper Tool
Protected Process Dumper Tool. Contribute to tastypepperoni/PPLBlade development by creating an account on GitHub.
NosyMonkey: API hooking and code injection made easy! - Anvil Secure
https://ift.tt/XAmRuPI
Submitted August 30, 2023 at 10:00PM by anvilventures
via reddit https://ift.tt/RE3BqKA
https://ift.tt/XAmRuPI
Submitted August 30, 2023 at 10:00PM by anvilventures
via reddit https://ift.tt/RE3BqKA
Anvil Secure
NosyMonkey: API hooking and code injection made easy! - Anvil Secure
As a researcher I often run into situations in which I need to make a compiled binary do things that it wouldn’t normally do or change the way it works in some way. Of course, if one…
Contain Yourself: Staying Undetected Using the Windows Container Isolation Framework
https://ift.tt/NmBVI2k
Submitted August 31, 2023 at 01:12PM by Daniel24z25
via reddit https://ift.tt/kpZelhi
https://ift.tt/NmBVI2k
Submitted August 31, 2023 at 01:12PM by Daniel24z25
via reddit https://ift.tt/kpZelhi
Deep Instinct
Contain Yourself: Staying Undetected Using the Windows Container Isolation Framework | Deep Instinct
This blog is based on a session we presented at DEF CON 2023 on Friday, August 11, 2023, in Las Vegas: Contain Yourself: Staying Undetected Using the Windows Container Isolation Framework.
GitHub - APT64/EternalHushFramework: EternalHush - new free advanced open-source c2 framework
https://ift.tt/2nYvlAk
Submitted August 30, 2023 at 09:17PM by novkira03
via reddit https://ift.tt/0k1bA7g
https://ift.tt/2nYvlAk
Submitted August 30, 2023 at 09:17PM by novkira03
via reddit https://ift.tt/0k1bA7g
Converting Tokens to Session Cookies for Outlook Web Application
https://ift.tt/7h89OVw
Submitted August 31, 2023 at 01:40PM by Vast-Part7039
via reddit https://ift.tt/jLCGV7c
https://ift.tt/7h89OVw
Submitted August 31, 2023 at 01:40PM by Vast-Part7039
via reddit https://ift.tt/jLCGV7c
Lares Labs
Converting Tokens to Session Cookies for Outlook Web Application
As the adoption of Multi-Factor Authentication increases throughout organizations, so does the desire to bypass these protections.
Unpinnable Actions: How Malicious Code Can Sneak into Your GitHub Actions Workflows
https://ift.tt/7NYCE4B
Submitted August 31, 2023 at 03:39PM by Due_Lengthiness_9329
via reddit https://ift.tt/h6BTtUD
https://ift.tt/7NYCE4B
Submitted August 31, 2023 at 03:39PM by Due_Lengthiness_9329
via reddit https://ift.tt/h6BTtUD
Palo Alto Networks Blog
Unpinnable Actions: How Malicious Code Can Sneak into Your GitHub Actions Workflows
Action pinning doesn’t always offer security. Understand risks stemming from the GitHub Actions ecosystem and learn how to avoid compromise of CI/CD pipeline.
A Deep Dive into Brute Ratel C4 payloads
https://ift.tt/QRNU0mw
Submitted August 31, 2023 at 06:31PM by CyberMasterV
via reddit https://ift.tt/vI7bcd8
https://ift.tt/QRNU0mw
Submitted August 31, 2023 at 06:31PM by CyberMasterV
via reddit https://ift.tt/vI7bcd8
BitLocker, TPM and Pluton | What Are They and How Do They Work
https://ift.tt/Gi5evfX
Submitted August 31, 2023 at 11:28PM by HotCakeXXXXXXXXXXXXX
via reddit https://ift.tt/hvEe5ft
https://ift.tt/Gi5evfX
Submitted August 31, 2023 at 11:28PM by HotCakeXXXXXXXXXXXXX
via reddit https://ift.tt/hvEe5ft
GitHub
BitLocker, TPM and Pluton | What Are They and How Do They Work
Harden Windows Safely, Securely using Official Supported Microsoft methods and proper explanation | Always up-to-date and works with the latest build of Windows | Provides tools and Guides for Pers...
(nodejs) CVEAggregate - Generate and work with EPSS probabilities, CVSS vectors, and CISA-KEV due dates mapped by CVE IDs
https://ift.tt/Lg5CWZw
Submitted August 31, 2023 at 10:57PM by r3volved
via reddit https://ift.tt/R6iNsGl
https://ift.tt/Lg5CWZw
Submitted August 31, 2023 at 10:57PM by r3volved
via reddit https://ift.tt/R6iNsGl
GitHub
GitHub - r3volved/CVEAggregate: Build a CVE library with aggregated CISA, EPSS and CVSS data
Build a CVE library with aggregated CISA, EPSS and CVSS data - r3volved/CVEAggregate
Bypassing Windows Defender LSASS Dump Detection with EvilLsassTwin
https://ift.tt/BLHeAJX
Submitted September 01, 2023 at 12:02AM by EphReborn
via reddit https://ift.tt/cdlCXRD
https://ift.tt/BLHeAJX
Submitted September 01, 2023 at 12:02AM by EphReborn
via reddit https://ift.tt/cdlCXRD
GitHub
Nimperiments/EvilLsassTwin at main · RePRGM/Nimperiments
Various one-off pentesting projects written in Nim. Updates happen on a whim. - RePRGM/Nimperiments
Mashing Enter to bypass Linux full disk encryption with TPM, Clevis, dracut and systemd
https://ift.tt/qiMJ4Xs
Submitted September 01, 2023 at 04:20AM by MysteriousHotel3017
via reddit https://ift.tt/90xtb8R
https://ift.tt/qiMJ4Xs
Submitted September 01, 2023 at 04:20AM by MysteriousHotel3017
via reddit https://ift.tt/90xtb8R
Pulse Security
Mashing Enter to bypass full disk encryption with TPM, Clevis, dracut and systemd
This vulnerability allows a physically-present attacker to control the full disk encryption unlock process and gain complete access to decrypted content in some cases where a TPM, dracut and Clevis are used.
NetNTLMv1 Downgrade attacks
https://ift.tt/MaUlozT
Submitted September 01, 2023 at 02:30PM by S3cur3Th1sSh1t
via reddit https://ift.tt/rXKovwS
https://ift.tt/MaUlozT
Submitted September 01, 2023 at 02:30PM by S3cur3Th1sSh1t
via reddit https://ift.tt/rXKovwS
www.r-tec.net
NetNTLMv1 Downgrade to compromise
Easy to understand NetNTLMv1 downgrade, relaying stuff and further resources for those who want to get the bigger picture at the end of this post.
New OpenSecurityTraining2 class "Debuggers 3301: HyperDbg" by Sina Karvandi (~16 hours)
https://ift.tt/1Cy6tIZ
Submitted September 01, 2023 at 05:46PM by OpenSecurityTraining
via reddit https://ift.tt/T0UnbpD
https://ift.tt/1Cy6tIZ
Submitted September 01, 2023 at 05:46PM by OpenSecurityTraining
via reddit https://ift.tt/T0UnbpD
p.ost2.fyi
Debuggers 3301: HyperDbg
This class teaches you how to use HyperDbg, a virtualization-based debugger.