I made a quick and dirty DLL spoofer in python for DLL hijacking POC's. Makes life a little easier.
https://ift.tt/ebJWBqy
Submitted October 18, 2023 at 08:29PM by thehunter699
via reddit https://ift.tt/kxm4g7z
https://ift.tt/ebJWBqy
Submitted October 18, 2023 at 08:29PM by thehunter699
via reddit https://ift.tt/kxm4g7z
GitHub
GitHub - MitchHS/DLL-Spoofer: POC for a DLL spoofer to determine DLL Hijacking
POC for a DLL spoofer to determine DLL Hijacking. Contribute to MitchHS/DLL-Spoofer development by creating an account on GitHub.
GitHub - n0mi1k/subby: An uber fast and simple subdomain enumeration tool using DNS and web requests with support for detecting wildcard DNS records.
https://ift.tt/Hs3lJyZ
Submitted October 18, 2023 at 10:35PM by n0mi1k
via reddit https://ift.tt/a1ExkWK
https://ift.tt/Hs3lJyZ
Submitted October 18, 2023 at 10:35PM by n0mi1k
via reddit https://ift.tt/a1ExkWK
GitHub
GitHub - n0mi1k/subby: An uber fast and simple subdomain enumeration tool using DNS and web requests with support for detecting…
An uber fast and simple subdomain enumeration tool using DNS and web requests with support for detecting wildcard DNS records. - GitHub - n0mi1k/subby: An uber fast and simple subdomain enumeration...
Multiple North Korean threat actors exploiting the TeamCity CVE-2023-42793 vulnerability
https://ift.tt/lf15HVO
Submitted October 18, 2023 at 10:26PM by SCI_Rusher
via reddit https://ift.tt/56zRe8b
https://ift.tt/lf15HVO
Submitted October 18, 2023 at 10:26PM by SCI_Rusher
via reddit https://ift.tt/56zRe8b
Microsoft Security Blog
Multiple North Korean threat actors exploiting the TeamCity CVE-2023-42793 vulnerability | Microsoft Security Blog
Since early October 2023, Microsoft has observed North Korean nation-state threat actors Diamond Sleet and Onyx Sleet exploiting the Jet Brains TeamCity CVE-2023-42793 remote-code execution vulnerability. Given supply chain attacks carried out by these threat…
Blog post regarding GCP Domain Wide Delegation abuses
https://ift.tt/Xfln4zq
Submitted October 18, 2023 at 09:50PM by lutzenfried
via reddit https://ift.tt/IO6NgFY
https://ift.tt/Xfln4zq
Submitted October 18, 2023 at 09:50PM by lutzenfried
via reddit https://ift.tt/IO6NgFY
Medium
GCP — Domain Wide Delegation Abuses
In today’s dynamic technological landscape, the shift to cloud environments has become a cornerstone of business innovation. As companies…
301party.com: The intentionally open redirect
https://301party.com/
Submitted October 19, 2023 at 07:48PM by EightNinerNinerTwo
via reddit https://ift.tt/z5QPA0N
https://301party.com/
Submitted October 19, 2023 at 07:48PM by EightNinerNinerTwo
via reddit https://ift.tt/z5QPA0N
Reddit
301party.com: The intentionally open redirect : r/netsec
15 votes, 11 comments. 492K subscribers in the netsec community. /r/netsec is a community-curated aggregator of technical information security…
Protobuf Magic: Burp Extension for Deserializing Protobuf Without .proto Files
https://ift.tt/mfD8Ulw
Submitted October 20, 2023 at 01:55AM by SuspiciousIsland2682
via reddit https://ift.tt/vqY3ZnO
https://ift.tt/mfD8Ulw
Submitted October 20, 2023 at 01:55AM by SuspiciousIsland2682
via reddit https://ift.tt/vqY3ZnO
GitHub
GitHub - DeiteriyLab/protobuf-magic
Contribute to DeiteriyLab/protobuf-magic development by creating an account on GitHub.
IoT-Security/Development-Lab-Setup
https://ift.tt/e97lyNU
Submitted October 20, 2023 at 02:29PM by v33ruiot
via reddit https://ift.tt/862Ornz
https://ift.tt/e97lyNU
Submitted October 20, 2023 at 02:29PM by v33ruiot
via reddit https://ift.tt/862Ornz
GitHub
GitHub - IoTSecurity101/IoT-Lab-Setup-Guide
Contribute to IoTSecurity101/IoT-Lab-Setup-Guide development by creating an account on GitHub.
Exploiting Zenbleed from Chrome
https://ift.tt/yxhOHdF
Submitted October 20, 2023 at 02:54PM by poltess0
via reddit https://ift.tt/m6aJeb4
https://ift.tt/yxhOHdF
Submitted October 20, 2023 at 02:54PM by poltess0
via reddit https://ift.tt/m6aJeb4
Ghost In The Wire, Sonic In The Wall - Adventures With SonicWall - watchTowr Labs
https://ift.tt/I8KJBcW
Submitted October 20, 2023 at 04:50PM by dx7r__
via reddit https://ift.tt/PBd3u9S
https://ift.tt/I8KJBcW
Submitted October 20, 2023 at 04:50PM by dx7r__
via reddit https://ift.tt/PBd3u9S
watchTowr Labs - Blog
Ghost In The Wire, Sonic In The Wall - Adventures With SonicWall
Here at watchTowr, we just love attacking high-privilege devices (and spending hours thinking of awful noscripts [see above]).
A good example of these is the device class of ‘next generation’ firewalls, which usually include VPN termination functionality (meaning…
A good example of these is the device class of ‘next generation’ firewalls, which usually include VPN termination functionality (meaning…
VMware Aria Operations for Logs CVE-2023-34051 Technical Deep Dive, IOCs, and Exploit
https://ift.tt/8BHJxgP
Submitted October 20, 2023 at 09:06PM by scopedsecurity
via reddit https://ift.tt/dXgaRLV
https://ift.tt/8BHJxgP
Submitted October 20, 2023 at 09:06PM by scopedsecurity
via reddit https://ift.tt/dXgaRLV
Horizon3.ai
VMware Aria Operations for Logs CVE-2023-34051 Technical Deep Dive and IOCs – Horizon3.ai
Technical deep-dive, indicators of compromise, and exploit POC for CVE-2023-34051 which affects VMware vRealize Log Insight RCE as reported in VMSA-2023-0021. This vulnerability leads to remote code execution and full system compromise.
Microsoft Account's OAuth tokens leaking via open redirect in Harvest App
https://ift.tt/pIsDXfj
Submitted October 21, 2023 at 11:09PM by 0xcrypto
via reddit https://ift.tt/mQXnRqc
https://ift.tt/pIsDXfj
Submitted October 21, 2023 at 11:09PM by 0xcrypto
via reddit https://ift.tt/mQXnRqc
closed source http1.1 tls1.2 web server (requires your security assessment)
https://ift.tt/VD4dHOq
Submitted October 22, 2023 at 12:04PM by rainbowvalue
via reddit https://ift.tt/HcEMshd
https://ift.tt/VD4dHOq
Submitted October 22, 2023 at 12:04PM by rainbowvalue
via reddit https://ift.tt/HcEMshd
Blog Post: How to build your first hardware hacking lab
https://ift.tt/MjHgQob
Submitted October 22, 2023 at 05:13PM by wrongbaud
via reddit https://ift.tt/Y0astQy
https://ift.tt/MjHgQob
Submitted October 22, 2023 at 05:13PM by wrongbaud
via reddit https://ift.tt/Y0astQy
VoidStar Security Wiki
VSS Hardware Hacking Wiki and Blog Entries
[Crypto] SSL/TLS, part 2: Toy TLS 1.2 client with TLS_DHE_RSA ciphersuites support.
https://ift.tt/EukWQsj
Submitted October 22, 2023 at 11:08PM by yurichev
via reddit https://ift.tt/Iol2CjR
https://ift.tt/EukWQsj
Submitted October 22, 2023 at 11:08PM by yurichev
via reddit https://ift.tt/Iol2CjR
People who say "PHP is insecure" are uninformed
https://ift.tt/HtOMECP
Submitted October 23, 2023 at 06:38AM by hakluke
via reddit https://ift.tt/oD6WyKT
https://ift.tt/HtOMECP
Submitted October 23, 2023 at 06:38AM by hakluke
via reddit https://ift.tt/oD6WyKT
Abusing gdb Features for Data Ingress & Egress
https://ift.tt/f76RTUS
Submitted October 23, 2023 at 07:25AM by DLLCoolJ
via reddit https://ift.tt/A1P0hLX
https://ift.tt/f76RTUS
Submitted October 23, 2023 at 07:25AM by DLLCoolJ
via reddit https://ift.tt/A1P0hLX
Archcloudlabs
Abusing gdb Features for Data Ingress & Egress
About The Project Modern Software Development environments have significant debugging capabilities to troubleshoot issues with the complex nature of modern software . These debugging capabilities typically manifest in Interactive Development Environment (IDE)…
A Deep Dive into Cactus Ransomware
https://ift.tt/Eq7nQJG
Submitted October 23, 2023 at 06:34PM by CyberMasterV
via reddit https://ift.tt/1lAgjHw
https://ift.tt/Eq7nQJG
Submitted October 23, 2023 at 06:34PM by CyberMasterV
via reddit https://ift.tt/1lAgjHw
Security Scorecard
A Deep Dive Into Cactus Ransomware Whitepaper | SecurityScorecard
LXD for security research
https://ift.tt/0ZoIT5j
Submitted October 23, 2023 at 07:49PM by bo-tato
via reddit https://ift.tt/BAuSYUk
https://ift.tt/0ZoIT5j
Submitted October 23, 2023 at 07:49PM by bo-tato
via reddit https://ift.tt/BAuSYUk
Ramblings of a misspelled potato
LXD for security research
Doing security research we are constantly setting up local installations of software we are testing, and running many noscripts and utilities. To avoid risking or polluting our computer with this, we do most things isolated in virtual machines or containers.…
Java Deserialization Vulnerability Still Alive
https://ift.tt/FJjW3qx
Submitted October 23, 2023 at 07:41PM by poltess0
via reddit https://ift.tt/ifcGnbC
https://ift.tt/FJjW3qx
Submitted October 23, 2023 at 07:41PM by poltess0
via reddit https://ift.tt/ifcGnbC
Pyn3Rd
Java Deserialization Vulnerability Still Alive
Several months ago, the Constrast Security Team reported a Java deserialization vulnerability about Spring Kafka to VMWare Security Team. It immediately attracted my attention and I got started to ana
CosmicRakp - Mass Go IPMI Hash Dumper
https://ift.tt/s2bjegh
Submitted October 24, 2023 at 01:44AM by edreatingmonkey
via reddit https://ift.tt/iJVqIo7
https://ift.tt/s2bjegh
Submitted October 24, 2023 at 01:44AM by edreatingmonkey
via reddit https://ift.tt/iJVqIo7
GitHub
GitHub - fin3ss3g0d/CosmicRakp: CVE-2013-4786 Go exploitation tool
CVE-2013-4786 Go exploitation tool. Contribute to fin3ss3g0d/CosmicRakp development by creating an account on GitHub.
CVE-2023-33466 - Exploiting Healthcare Servers with Polyglot Files
https://ift.tt/9ViY3uw
Submitted October 24, 2023 at 04:23PM by smaury
via reddit https://ift.tt/ykh3exW
https://ift.tt/9ViY3uw
Submitted October 24, 2023 at 04:23PM by smaury
via reddit https://ift.tt/ykh3exW
Shielder
Shielder - CVE-2023-33466 - Exploiting Healthcare Servers with Polyglot Files
A recently disclosed CVE for the Orthanc DICOM server can be used to obtain Remote Code Execution. As a PoC was not available, we wrote one.