Getting RCE in Chrome with incorrect side effect in the JIT compiler
https://ift.tt/VPzMbDS
Submitted September 27, 2023 at 02:37PM by poltess0
via reddit https://ift.tt/EUJIHou
https://ift.tt/VPzMbDS
Submitted September 27, 2023 at 02:37PM by poltess0
via reddit https://ift.tt/EUJIHou
The GitHub Blog
Getting RCE in Chrome with incorrect side effect in the JIT compiler
In this post, I'll exploit CVE-2023-3420, a type confusion in Chrome that allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site.
NoSQL injection techniques & labs
https://ift.tt/Q7RbVvj
Submitted September 27, 2023 at 05:44PM by albinowax
via reddit https://ift.tt/ZqruSVF
https://ift.tt/Q7RbVvj
Submitted September 27, 2023 at 05:44PM by albinowax
via reddit https://ift.tt/ZqruSVF
portswigger.net
NoSQL injection | Web Security Academy
NoSQL injection is a vulnerability where an attacker is able to interfere with the queries that an application makes to a NoSQL database. NoSQL injection ...
A Deep Dive into Brute Ratel C4 payloads – Part 2
https://ift.tt/udSJRKY
Submitted September 27, 2023 at 06:40PM by CyberMasterV
via reddit https://ift.tt/cfTO7uo
https://ift.tt/udSJRKY
Submitted September 27, 2023 at 06:40PM by CyberMasterV
via reddit https://ift.tt/cfTO7uo
How to get persistent reverse shell from Android app without visible permissions to DoS device
https://ift.tt/l1ycgCz
Submitted September 27, 2023 at 07:57PM by barakadua131
via reddit https://ift.tt/enC5KIZ
https://ift.tt/l1ycgCz
Submitted September 27, 2023 at 07:57PM by barakadua131
via reddit https://ift.tt/enC5KIZ
Mobile Hacker
Get persistent reverse shell from Android app without visible permissions to make device unusable Mobile Hacker
This blog will introduce you how it is possible to write a persistent reverse shell app on Android without any user requested and visible permissions. Since such application has no permissions, it shouldn’t be able to perform any task. Well, that isn’t true.…
Chalk - Total visibility of your software engineering lifecycle
https://ift.tt/wCM6rj8
Submitted September 27, 2023 at 10:06PM by sanitybit
via reddit https://ift.tt/bNmEhaj
https://ift.tt/wCM6rj8
Submitted September 27, 2023 at 10:06PM by sanitybit
via reddit https://ift.tt/bNmEhaj
Crash Override
Chalk™ is now officially open-source
Cisco advisory: Reports about bad Actors Hiding in Router Firmware
https://ift.tt/QVlnGm2
Submitted September 28, 2023 at 02:29AM by foxwolfdogcat
via reddit https://ift.tt/Hx95sSD
https://ift.tt/QVlnGm2
Submitted September 28, 2023 at 02:29AM by foxwolfdogcat
via reddit https://ift.tt/Hx95sSD
Cisco
Cisco Security Advisory: Reports about Cyber Actors Hiding in Router Firmware
On September 27, 2023, the U.S. National Security Agency (NSA), the U.S. Federal Bureau of Investigation (FBI), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Japan National Police Agency (NPA), and the Japan National Center of Incident…
Input Validation, a go-to solution for fixing most security vulnerabilities does not really address the root cause
https://ift.tt/LGYcIPM
Submitted September 28, 2023 at 07:26AM by pi3ch
via reddit https://ift.tt/4WOXvDo
https://ift.tt/LGYcIPM
Submitted September 28, 2023 at 07:26AM by pi3ch
via reddit https://ift.tt/4WOXvDo
Discuss
Input Validation: Necessary but Not Sufficient; It Doesn't Target the Fundamental Issue
I have reviewed several solutions for our fix the flag contests, contributed by seasoned developers and prominent CTF players. What has been the most commonly adopted approach to address security vulnerabilities? The answer is Input Validation. This doesn’t…
Hi, I'm Matteo Malvica, senior content developer at OffSec. I'm doing an AMA on Thursday, September 28th from 12 - 2 pm EDT. Ask me Anything about Exploit Development.
https://ift.tt/w9cyROf
Submitted September 27, 2023 at 08:24PM by Offsec_Community
via reddit https://ift.tt/7wky8fR
https://ift.tt/w9cyROf
Submitted September 27, 2023 at 08:24PM by Offsec_Community
via reddit https://ift.tt/7wky8fR
reddit
r/offensive_security
r/offensive_security: Welcome to the Official Offensive Security now known as OffSec! Learn, share, and connect with others in preparation for OSCP …
A Practical Approach to SBOM in CI/CD Part II — Deploying Dependency-Track
https://ift.tt/jJgqwnI
Submitted September 28, 2023 at 09:32PM by theowni
via reddit https://ift.tt/2XyVvRq
https://ift.tt/jJgqwnI
Submitted September 28, 2023 at 09:32PM by theowni
via reddit https://ift.tt/2XyVvRq
Medium
A Practical Approach to SBOM in CI/CD Part II — Deploying Dependency-Track
The article presents how to store and analyse Software Bill of Materials with OWASP Dependency-Track to identify security vulnerabilities…
Exploring ScamClub Payloads via Deobfuscation Using Abstract Syntax Trees
https://ift.tt/XhxYz7R
Submitted September 29, 2023 at 01:49AM by mjuad
via reddit https://ift.tt/WckJnsV
https://ift.tt/XhxYz7R
Submitted September 29, 2023 at 01:49AM by mjuad
via reddit https://ift.tt/WckJnsV
Medium
Exploring ScamClub Payloads via Deobfuscation Using Abstract Syntax Trees
Introduction
Wifi without internet on a Southwest flight
https://ift.tt/b4ZhoEr
Submitted September 29, 2023 at 10:56AM by mycall
via reddit https://ift.tt/TAEKHpV
https://ift.tt/b4ZhoEr
Submitted September 29, 2023 at 10:56AM by mycall
via reddit https://ift.tt/TAEKHpV
Jamesbvaughan
Wifi without internet on a Southwest flight
I spent a recent flight finding out what I could do with an connection to the flight’s wifi, but without access to the internet.
I was on my way home from Strange Loop, on a flight from St. Louis to Oakland. It’s a long enough flight that I planned to purchase…
I was on my way home from Strange Loop, on a flight from St. Louis to Oakland. It’s a long enough flight that I planned to purchase…
How I shelled archive.org in 2012
https://ift.tt/9L5in83
Submitted September 29, 2023 at 04:19PM by nantucket
via reddit https://ift.tt/MTv4FyB
https://ift.tt/9L5in83
Submitted September 29, 2023 at 04:19PM by nantucket
via reddit https://ift.tt/MTv4FyB
3AM Ransomware: A Modern Threat with a Vintage Twist
https://ift.tt/9dwYho2
Submitted September 29, 2023 at 07:16PM by ziyahanalbeniz
via reddit https://ift.tt/doTtnXM
https://ift.tt/9dwYho2
Submitted September 29, 2023 at 07:16PM by ziyahanalbeniz
via reddit https://ift.tt/doTtnXM
SOCRadar® Cyber Intelligence Inc.
3AM Ransomware: A Modern Threat with a Vintage Twist - SOCRadar® Cyber Intelligence Inc.
The 3AM ransomware group has recently been spotlighted for its cybercriminal activities. However, why it is the topic of the day is their choice of
Fireblocks OSS MPC Lib
https://ift.tt/u3lPCHZ
Submitted September 29, 2023 at 06:49PM by kruksym
via reddit https://ift.tt/IzXHQb0
https://ift.tt/u3lPCHZ
Submitted September 29, 2023 at 06:49PM by kruksym
via reddit https://ift.tt/IzXHQb0
GitHub
GitHub - fireblocks/mpc-lib
Contribute to fireblocks/mpc-lib development by creating an account on GitHub.
You Can't Control Your Data in the Cloud
https://ift.tt/4T2eMRG
Submitted September 30, 2023 at 02:51AM by osantacruz
via reddit https://ift.tt/8Es0JYG
https://ift.tt/4T2eMRG
Submitted September 30, 2023 at 02:51AM by osantacruz
via reddit https://ift.tt/8Es0JYG
karl-voit.at
You Can't Control Your Data in the Cloud
Lazarus luring employees with trojanized coding challenges: The case of a Spanish aerospace company
https://ift.tt/uzOivmr
Submitted October 01, 2023 at 01:32PM by shulginlegacy
via reddit https://ift.tt/wN3Fs6K
https://ift.tt/uzOivmr
Submitted October 01, 2023 at 01:32PM by shulginlegacy
via reddit https://ift.tt/wN3Fs6K
Welivesecurity
Lazarus luring employees with trojanized coding challenges: The case of a Spanish aerospace company
ESET researchers uncover a Lazarus attack against an aerospace company in Spain, where the group deployed several tools, including a publicly undocumented backdoor we named LightlessCan.
Past week in brief - BlackTech's Cisco Router Intrusion, Google's libvpx Zero-Day, GPUzip Data Leak, Russia's $20M Zero-Day Bounty, and Malware in Bing Chat
https://ift.tt/lQHLwnY
Submitted October 01, 2023 at 10:47PM by mandos_io
via reddit https://ift.tt/mG7rMWz
https://ift.tt/lQHLwnY
Submitted October 01, 2023 at 10:47PM by mandos_io
via reddit https://ift.tt/mG7rMWz
SocVel Quiz 1 October 2023
https://ift.tt/XZNomqA
Submitted October 02, 2023 at 03:49AM by jaco_za
via reddit https://ift.tt/TpFjbPL
https://ift.tt/XZNomqA
Submitted October 02, 2023 at 03:49AM by jaco_za
via reddit https://ift.tt/TpFjbPL
Six 0day exploits were filed against Exim by ZDI, including several RCE. After days of silence, Exim has filed this public detail
https://ift.tt/5BaGigf
Submitted October 02, 2023 at 03:40AM by 1esproc
via reddit https://ift.tt/NkX5n4O
https://ift.tt/5BaGigf
Submitted October 02, 2023 at 03:40AM by 1esproc
via reddit https://ift.tt/NkX5n4O
The Marvin Attack
https://ift.tt/fbNeC85
Submitted October 02, 2023 at 03:22PM by Xaneris47
via reddit https://ift.tt/dsnbGva
https://ift.tt/fbNeC85
Submitted October 02, 2023 at 03:22PM by Xaneris47
via reddit https://ift.tt/dsnbGva
Redhat
The Marvin Attack
The Marvin Attack is a return of a timing variant of a 25-year-old vulnerability that allows performing RSA decryption and signing operations with the private key of a TLS server.
r-tec Blog | .NET Assembly Obfuscation for Memory Scanner Evasion
https://ift.tt/qAgtF8W
Submitted October 02, 2023 at 04:15PM by S3cur3Th1sSh1t
via reddit https://ift.tt/m2DwLjH
https://ift.tt/qAgtF8W
Submitted October 02, 2023 at 04:15PM by S3cur3Th1sSh1t
via reddit https://ift.tt/m2DwLjH
www.r-tec.net
.NET Assembly Obfuscation for Memory Scanner Evasion
This blog post will give a short overview of how in-memory .NET assembly execution commonly works and what detection mechanisms exist.