Length extension attack + HMAC explained
https://cryptography.re/notes/LEA/
Submitted October 12, 2023 at 10:04PM by ijk_xyz2
via reddit https://www.reddit.com/r/netsec/comments/176b80m/length_extension_attack_hmac_explained/?utm_source=ifttt
https://cryptography.re/notes/LEA/
Submitted October 12, 2023 at 10:04PM by ijk_xyz2
via reddit https://www.reddit.com/r/netsec/comments/176b80m/length_extension_attack_hmac_explained/?utm_source=ifttt
Reddit
From the netsec community on Reddit: Length extension attack + HMAC explained
Posted by ijk_xyz2 - 6 votes and no comments
Good Day Ransomware malware analysis
https://ift.tt/AI502GN
Submitted October 13, 2023 at 06:58AM by ShadowStackRE
via reddit https://ift.tt/TtMdRWV
https://ift.tt/AI502GN
Submitted October 13, 2023 at 06:58AM by ShadowStackRE
via reddit https://ift.tt/TtMdRWV
ShadowStackRE
Good Day Ransomware analysis — ShadowStackRE
Good Day ransomware technical malware analysis
2023 microsoft office XSS
https://ift.tt/dPQFZOm
Submitted October 12, 2023 at 08:17AM by Z4ck_01
via reddit https://ift.tt/6cYHBu5
https://ift.tt/dPQFZOm
Submitted October 12, 2023 at 08:17AM by Z4ck_01
via reddit https://ift.tt/6cYHBu5
PKSecurity
2023 Microsoft Office XSS
Found by @adm1nkyj and @justlikebono
LLM Security Series - Prompt Injection
https://ift.tt/NZvkb8E
Submitted October 13, 2023 at 02:51PM by r0075h3ll
via reddit https://ift.tt/8U92XfL
https://ift.tt/NZvkb8E
Submitted October 13, 2023 at 02:51PM by r0075h3ll
via reddit https://ift.tt/8U92XfL
r0075h3ll.github.io
LLM Security Series - Prompt Injection | r0075h3ll
An analysis of an in-the-wild iOS Safari WebContent to GPU Process exploit
https://ift.tt/F4l0cfe
Submitted October 13, 2023 at 04:19PM by poltess0
via reddit https://ift.tt/908WpwV
https://ift.tt/F4l0cfe
Submitted October 13, 2023 at 04:19PM by poltess0
via reddit https://ift.tt/908WpwV
Blogspot
An analysis of an in-the-wild iOS Safari WebContent to GPU Process exploit
By Ian Beer A graph representation of the sandbox escape NSExpression payload In April this year Google's Threat Analysis Group, in ...
Looking for CVE-2023-43261 in the Real World (Industrial Cellular Router)
https://ift.tt/9Vf5pxy
Submitted October 13, 2023 at 10:30PM by chicksdigthelongrun
via reddit https://ift.tt/YmDTpOG
https://ift.tt/9Vf5pxy
Submitted October 13, 2023 at 10:30PM by chicksdigthelongrun
via reddit https://ift.tt/YmDTpOG
VulnCheck
Looking for CVE-2023-43261 in the Real World - Blog - VulnCheck
VulnCheck was excited to breach ICS networks when CVE-2023-43261 was first disclosed. However, there is more to this than the CVE denoscription would lead you to believe. Follow VulnCheck’s journey from CVE denoscription to exploitation in the wild
GitHub - ZephrFish/Stompy: Timestomp Tool to flatten MAC times with a specific timestamp
https://ift.tt/eDmvfbz
Submitted October 15, 2023 at 06:44AM by ZephrX112
via reddit https://ift.tt/MQSW5vG
https://ift.tt/eDmvfbz
Submitted October 15, 2023 at 06:44AM by ZephrX112
via reddit https://ift.tt/MQSW5vG
GitHub
GitHub - ZephrFish/Stompy: Timestomp Tool to flatten MAC times with a specific timestamp
Timestomp Tool to flatten MAC times with a specific timestamp - ZephrFish/Stompy
cloudgrep now supports GCP and Azure - Open source tool for searching in cloud storage
https://ift.tt/RVCedQA
Submitted October 15, 2023 at 05:34PM by 0x636f6f6c
via reddit https://ift.tt/sFjkKOq
https://ift.tt/RVCedQA
Submitted October 15, 2023 at 05:34PM by 0x636f6f6c
via reddit https://ift.tt/sFjkKOq
GitHub
Release Latest: Merge pull request #7 from cado-security/cdoman/add-version · cado-security/cloudgrep
Add version 1.01
Exim 4.96.2 - SMTP Mail Server - Message Transfer Agent (MTA) - CVE ZDI
https://exim.org/
Submitted October 16, 2023 at 12:29AM by Neustradamus
via reddit https://ift.tt/JQUt3Oa
https://exim.org/
Submitted October 16, 2023 at 12:29AM by Neustradamus
via reddit https://ift.tt/JQUt3Oa
www.exim.org
Exim Internet Mailer
Exim is a message transfer agent (MTA) developed at the University of Cambridge for use on Unix systems connected to the Internet.
GitHub - sterrasec/dummy: Generator of static files for testing file upload. It can generate the png file of any number of bytes!
https://ift.tt/DUqQrCT
Submitted October 16, 2023 at 07:54AM by tkmru
via reddit https://ift.tt/GmZRFNL
https://ift.tt/DUqQrCT
Submitted October 16, 2023 at 07:54AM by tkmru
via reddit https://ift.tt/GmZRFNL
GitHub
GitHub - sterrasec/dummy: Generator of static files(csv, jpeg, png, pdf) for testing file upload. It can generate csv and png files…
Generator of static files(csv, jpeg, png, pdf) for testing file upload. It can generate csv and png files of any number of bytes! - sterrasec/dummy
Designing, Building and Running CTFs in 2023
https://ift.tt/EBWbhQJ
Submitted October 16, 2023 at 03:30PM by DLLCoolJ
via reddit https://ift.tt/XKghzTm
https://ift.tt/EBWbhQJ
Submitted October 16, 2023 at 03:30PM by DLLCoolJ
via reddit https://ift.tt/XKghzTm
Battle of The Bots
Building Micro-CGC Events - Art of The Flag
Battle of The Bots Website
“EtherHiding” — Hiding Web2 Malicious Code in Web3 Smart Contracts
https://ift.tt/L2Ufl36
Submitted October 16, 2023 at 02:45PM by exotic_jj
via reddit https://ift.tt/rciFDkR
https://ift.tt/L2Ufl36
Submitted October 16, 2023 at 02:45PM by exotic_jj
via reddit https://ift.tt/rciFDkR
guard.io
“EtherHiding” — Hiding Web2 Malicious Code in Web3 Smart Contracts
Public AWS RDS
https://ift.tt/RnGo7Ph
Submitted October 16, 2023 at 10:57PM by Current_Pomelo_3402
via reddit https://ift.tt/DyPBG6Z
https://ift.tt/RnGo7Ph
Submitted October 16, 2023 at 10:57PM by Current_Pomelo_3402
via reddit https://ift.tt/DyPBG6Z
Cloud Security Partners Blog
RDS Revealed? Time to Give It Some Shade!
By: John Poulin
At Cloud Security Partners, we have audited thousands of customer AWS accounts as part of our security reviews. Across our customers, roughly 5% of the AWS Relational Database Service (RDS) instances we analyze are publicly accessible. A…
At Cloud Security Partners, we have audited thousands of customer AWS accounts as part of our security reviews. Across our customers, roughly 5% of the AWS Relational Database Service (RDS) instances we analyze are publicly accessible. A…
Hacking ServiceNow Instances While Unauthenticated For Fun and Profit
https://ift.tt/p9vnDHm
Submitted October 16, 2023 at 11:46PM by dantalion4040
via reddit https://ift.tt/m0sH8br
https://ift.tt/p9vnDHm
Submitted October 16, 2023 at 11:46PM by dantalion4040
via reddit https://ift.tt/m0sH8br
Enumerated
Data Exposure and ServiceNow: The Elephant in the ITSM Room — Enumerated
This research is written and discovered by Aaron Costello (Twitter @ConspiracyProof). Daniel Miessler has had absolutely no part in the research nor this article. His sole link to the research is taking statements from this very article and reposting them…
Cisco IOS XE Software Web UI Privilege Escalation Vulnerability
https://ift.tt/BAb3jai
Submitted October 17, 2023 at 11:11AM by albhed
via reddit https://ift.tt/XClg4S6
https://ift.tt/BAb3jai
Submitted October 17, 2023 at 11:11AM by albhed
via reddit https://ift.tt/XClg4S6
Persistent cross-site-noscripting vulnerabilities in Liferay Portal software
https://ift.tt/LEefPDS
Submitted October 17, 2023 at 10:55AM by aunga
via reddit https://ift.tt/ybqVTGL
https://ift.tt/LEefPDS
Submitted October 17, 2023 at 10:55AM by aunga
via reddit https://ift.tt/ybqVTGL
Pentagrid AG
Persistent cross-site noscripting vulnerabilities in Liferay Portal
CVE-2023-42627, CVE-2023-42628, CVE-2023-42629: Several stored cross-site noscripting vulnerabilities in Liferay Portal
Authentication Bypass(es) in CasaOS (CVE-2023-37265, CVE-2023-37266)
https://ift.tt/Yw9sRyB
Submitted October 17, 2023 at 03:25PM by monoimpact
via reddit https://ift.tt/fXl27no
https://ift.tt/Yw9sRyB
Submitted October 17, 2023 at 03:25PM by monoimpact
via reddit https://ift.tt/fXl27no
Sonarsource
Security Vulnerabilities in CasaOS
We recently uncovered two critical code vulnerabilities in the personal cloud system CasaOS. Let's see what we can learn from them.
The MGM Resorts Attack: How Attackers Gained Highly Privileged Access Through Social Engineering
https://ift.tt/aIWwzxp
Submitted October 17, 2023 at 03:18PM by geewasfee
via reddit https://ift.tt/JjOaDNe
https://ift.tt/aIWwzxp
Submitted October 17, 2023 at 03:18PM by geewasfee
via reddit https://ift.tt/JjOaDNe
www.reco.ai
The MGM Resorts Cyber Attack
Learn how SaaS super admins targeted Okta in a social engineering campaign, and how to keep your Okta tenant and highly privileged SaaS identities secure using Reco’s AI-driven approach and comprehensive mapping of data, apps, and identities.
BLE Spam allows now to send unwanted notifications to iOS, Android and Windows at once using Flipper Zero or Android
https://ift.tt/8t4UoFY
Submitted October 17, 2023 at 03:43PM by barakadua131
via reddit https://ift.tt/C0WutX7
https://ift.tt/8t4UoFY
Submitted October 17, 2023 at 03:43PM by barakadua131
via reddit https://ift.tt/C0WutX7
Mobile Hacker
Spam iOS, Android and Windows with Bluetooth pairing messages using Flipper Zero or Android smartphone Mobile Hacker
So far, it was possible to spam through proximity paring messages only iOS devices, either using Flipper Zero, Arduino board or any Android as explained in my previous blog here. However, recently developers of Xtreme firmware for Flipper Zero pushed and…
Widespread Cisco IOS XE Implants in the Wild
https://ift.tt/qkVcxDa
Submitted October 17, 2023 at 05:24PM by chicksdigthelongrun
via reddit https://ift.tt/A7I96RY
https://ift.tt/qkVcxDa
Submitted October 17, 2023 at 05:24PM by chicksdigthelongrun
via reddit https://ift.tt/A7I96RY
VulnCheck
VulnCheck - Outpace Adversaries
Vulnerability intelligence that predicts avenues of attack with speed and accuracy.
Finding a POP chain on a common Symfony bundle : part 2
https://ift.tt/ptkZwEn
Submitted October 17, 2023 at 06:29PM by meowerguy
via reddit https://ift.tt/BXft3lA
https://ift.tt/ptkZwEn
Submitted October 17, 2023 at 06:29PM by meowerguy
via reddit https://ift.tt/BXft3lA
Synacktiv
Finding a POP chain on a common Symfony bundle : part 2