Input Validation, a go-to solution for fixing most security vulnerabilities does not really address the root cause
https://ift.tt/LGYcIPM
Submitted September 28, 2023 at 07:26AM by pi3ch
via reddit https://ift.tt/4WOXvDo
https://ift.tt/LGYcIPM
Submitted September 28, 2023 at 07:26AM by pi3ch
via reddit https://ift.tt/4WOXvDo
Discuss
Input Validation: Necessary but Not Sufficient; It Doesn't Target the Fundamental Issue
I have reviewed several solutions for our fix the flag contests, contributed by seasoned developers and prominent CTF players. What has been the most commonly adopted approach to address security vulnerabilities? The answer is Input Validation. This doesn’t…
Hi, I'm Matteo Malvica, senior content developer at OffSec. I'm doing an AMA on Thursday, September 28th from 12 - 2 pm EDT. Ask me Anything about Exploit Development.
https://ift.tt/w9cyROf
Submitted September 27, 2023 at 08:24PM by Offsec_Community
via reddit https://ift.tt/7wky8fR
https://ift.tt/w9cyROf
Submitted September 27, 2023 at 08:24PM by Offsec_Community
via reddit https://ift.tt/7wky8fR
reddit
r/offensive_security
r/offensive_security: Welcome to the Official Offensive Security now known as OffSec! Learn, share, and connect with others in preparation for OSCP …
A Practical Approach to SBOM in CI/CD Part II — Deploying Dependency-Track
https://ift.tt/jJgqwnI
Submitted September 28, 2023 at 09:32PM by theowni
via reddit https://ift.tt/2XyVvRq
https://ift.tt/jJgqwnI
Submitted September 28, 2023 at 09:32PM by theowni
via reddit https://ift.tt/2XyVvRq
Medium
A Practical Approach to SBOM in CI/CD Part II — Deploying Dependency-Track
The article presents how to store and analyse Software Bill of Materials with OWASP Dependency-Track to identify security vulnerabilities…
Exploring ScamClub Payloads via Deobfuscation Using Abstract Syntax Trees
https://ift.tt/XhxYz7R
Submitted September 29, 2023 at 01:49AM by mjuad
via reddit https://ift.tt/WckJnsV
https://ift.tt/XhxYz7R
Submitted September 29, 2023 at 01:49AM by mjuad
via reddit https://ift.tt/WckJnsV
Medium
Exploring ScamClub Payloads via Deobfuscation Using Abstract Syntax Trees
Introduction
Wifi without internet on a Southwest flight
https://ift.tt/b4ZhoEr
Submitted September 29, 2023 at 10:56AM by mycall
via reddit https://ift.tt/TAEKHpV
https://ift.tt/b4ZhoEr
Submitted September 29, 2023 at 10:56AM by mycall
via reddit https://ift.tt/TAEKHpV
Jamesbvaughan
Wifi without internet on a Southwest flight
I spent a recent flight finding out what I could do with an connection to the flight’s wifi, but without access to the internet.
I was on my way home from Strange Loop, on a flight from St. Louis to Oakland. It’s a long enough flight that I planned to purchase…
I was on my way home from Strange Loop, on a flight from St. Louis to Oakland. It’s a long enough flight that I planned to purchase…
How I shelled archive.org in 2012
https://ift.tt/9L5in83
Submitted September 29, 2023 at 04:19PM by nantucket
via reddit https://ift.tt/MTv4FyB
https://ift.tt/9L5in83
Submitted September 29, 2023 at 04:19PM by nantucket
via reddit https://ift.tt/MTv4FyB
3AM Ransomware: A Modern Threat with a Vintage Twist
https://ift.tt/9dwYho2
Submitted September 29, 2023 at 07:16PM by ziyahanalbeniz
via reddit https://ift.tt/doTtnXM
https://ift.tt/9dwYho2
Submitted September 29, 2023 at 07:16PM by ziyahanalbeniz
via reddit https://ift.tt/doTtnXM
SOCRadar® Cyber Intelligence Inc.
3AM Ransomware: A Modern Threat with a Vintage Twist - SOCRadar® Cyber Intelligence Inc.
The 3AM ransomware group has recently been spotlighted for its cybercriminal activities. However, why it is the topic of the day is their choice of
Fireblocks OSS MPC Lib
https://ift.tt/u3lPCHZ
Submitted September 29, 2023 at 06:49PM by kruksym
via reddit https://ift.tt/IzXHQb0
https://ift.tt/u3lPCHZ
Submitted September 29, 2023 at 06:49PM by kruksym
via reddit https://ift.tt/IzXHQb0
GitHub
GitHub - fireblocks/mpc-lib
Contribute to fireblocks/mpc-lib development by creating an account on GitHub.
You Can't Control Your Data in the Cloud
https://ift.tt/4T2eMRG
Submitted September 30, 2023 at 02:51AM by osantacruz
via reddit https://ift.tt/8Es0JYG
https://ift.tt/4T2eMRG
Submitted September 30, 2023 at 02:51AM by osantacruz
via reddit https://ift.tt/8Es0JYG
karl-voit.at
You Can't Control Your Data in the Cloud
Lazarus luring employees with trojanized coding challenges: The case of a Spanish aerospace company
https://ift.tt/uzOivmr
Submitted October 01, 2023 at 01:32PM by shulginlegacy
via reddit https://ift.tt/wN3Fs6K
https://ift.tt/uzOivmr
Submitted October 01, 2023 at 01:32PM by shulginlegacy
via reddit https://ift.tt/wN3Fs6K
Welivesecurity
Lazarus luring employees with trojanized coding challenges: The case of a Spanish aerospace company
ESET researchers uncover a Lazarus attack against an aerospace company in Spain, where the group deployed several tools, including a publicly undocumented backdoor we named LightlessCan.
Past week in brief - BlackTech's Cisco Router Intrusion, Google's libvpx Zero-Day, GPUzip Data Leak, Russia's $20M Zero-Day Bounty, and Malware in Bing Chat
https://ift.tt/lQHLwnY
Submitted October 01, 2023 at 10:47PM by mandos_io
via reddit https://ift.tt/mG7rMWz
https://ift.tt/lQHLwnY
Submitted October 01, 2023 at 10:47PM by mandos_io
via reddit https://ift.tt/mG7rMWz
SocVel Quiz 1 October 2023
https://ift.tt/XZNomqA
Submitted October 02, 2023 at 03:49AM by jaco_za
via reddit https://ift.tt/TpFjbPL
https://ift.tt/XZNomqA
Submitted October 02, 2023 at 03:49AM by jaco_za
via reddit https://ift.tt/TpFjbPL
Six 0day exploits were filed against Exim by ZDI, including several RCE. After days of silence, Exim has filed this public detail
https://ift.tt/5BaGigf
Submitted October 02, 2023 at 03:40AM by 1esproc
via reddit https://ift.tt/NkX5n4O
https://ift.tt/5BaGigf
Submitted October 02, 2023 at 03:40AM by 1esproc
via reddit https://ift.tt/NkX5n4O
The Marvin Attack
https://ift.tt/fbNeC85
Submitted October 02, 2023 at 03:22PM by Xaneris47
via reddit https://ift.tt/dsnbGva
https://ift.tt/fbNeC85
Submitted October 02, 2023 at 03:22PM by Xaneris47
via reddit https://ift.tt/dsnbGva
Redhat
The Marvin Attack
The Marvin Attack is a return of a timing variant of a 25-year-old vulnerability that allows performing RSA decryption and signing operations with the private key of a TLS server.
r-tec Blog | .NET Assembly Obfuscation for Memory Scanner Evasion
https://ift.tt/qAgtF8W
Submitted October 02, 2023 at 04:15PM by S3cur3Th1sSh1t
via reddit https://ift.tt/m2DwLjH
https://ift.tt/qAgtF8W
Submitted October 02, 2023 at 04:15PM by S3cur3Th1sSh1t
via reddit https://ift.tt/m2DwLjH
www.r-tec.net
.NET Assembly Obfuscation for Memory Scanner Evasion
This blog post will give a short overview of how in-memory .NET assembly execution commonly works and what detection mechanisms exist.
cloudgrep: cloudgrep is grep for cloud storage
https://ift.tt/S0pbaFZ
Submitted October 02, 2023 at 06:41PM by 0x636f6f6c
via reddit https://ift.tt/NUVWtzl
https://ift.tt/S0pbaFZ
Submitted October 02, 2023 at 06:41PM by 0x636f6f6c
via reddit https://ift.tt/NUVWtzl
GitHub
GitHub - cado-security/cloudgrep: cloudgrep is grep for cloud storage
cloudgrep is grep for cloud storage. Contribute to cado-security/cloudgrep development by creating an account on GitHub.
Decrypting the Shadows: Revealing the Secrets of Ransomware Operators - An Interview with @htmalgae
https://ift.tt/uAGCzme
Submitted October 02, 2023 at 07:44PM by ziyahanalbeniz
via reddit https://ift.tt/3UtRr1H
https://ift.tt/uAGCzme
Submitted October 02, 2023 at 07:44PM by ziyahanalbeniz
via reddit https://ift.tt/3UtRr1H
SOCRadar® Cyber Intelligence Inc.
Decrypting the Shadows: Revealing the Secrets of Ransomware Operators - An Interview with @htmalgae - SOCRadar® Cyber Intelligence…
Meet @htmalgae, an anonymous security researcher with a wealth of experience in web application development. In the digital realm, htmalgae operates under
Microsoft Defender flags Tor Browser as a Trojan and removes it from the system
https://ift.tt/Hwzpqik
Submitted October 02, 2023 at 08:07PM by nareksays
via reddit https://ift.tt/dpR2UIb
https://ift.tt/Hwzpqik
Submitted October 02, 2023 at 08:07PM by nareksays
via reddit https://ift.tt/dpR2UIb
root with a single command: sudo logrotate
https://ift.tt/67L1quM
Submitted October 03, 2023 at 04:16PM by MegaManSec2
via reddit https://ift.tt/XJ3EGfu
https://ift.tt/67L1quM
Submitted October 03, 2023 at 04:16PM by MegaManSec2
via reddit https://ift.tt/XJ3EGfu
Joshua.Hu
root with a single command: sudo logrotate
The scenario is this: a brand new Ubuntu 22.04 server has an account which is restricted to running sudo logrotate *. Can we get root? Short answer: Yes. I couldn’t find much online about this type of exploitation of logrotate, so let’s document something…
Exploiting Edge Routers Acting as IoT Gateways
https://ift.tt/JyKzPgV
Submitted October 03, 2023 at 06:43PM by derp6996
via reddit https://ift.tt/5md3l19
https://ift.tt/JyKzPgV
Submitted October 03, 2023 at 06:43PM by derp6996
via reddit https://ift.tt/5md3l19
Claroty
The Path to the Cloud is Filled with Holes: Exploiting 4G Edge Routers
Retired Server called Home — A server decommissioning failure
https://ift.tt/YzbfrcU
Submitted October 03, 2023 at 06:36PM by oherrala
via reddit https://ift.tt/Nb9Tkgn
https://ift.tt/YzbfrcU
Submitted October 03, 2023 at 06:36PM by oherrala
via reddit https://ift.tt/Nb9Tkgn
Medium
Retired Device called Home
We were told a story which piqued our curiosity. Our customer’s security team started to get a flood of Beacon alerts from one of their…