Fuzzer-V: New project for Fuzzing Hyper-V VSP's using Intel Processor Trace (IPT) for code coverage guided fuzzing, built upon WinAFL, winipt, HAFL1, and Microsoft’s IPT.sys.
https://ift.tt/LpkmiAV
Submitted November 28, 2023 at 07:36PM by jat0369
via reddit https://ift.tt/cThrJBy
https://ift.tt/LpkmiAV
Submitted November 28, 2023 at 07:36PM by jat0369
via reddit https://ift.tt/cThrJBy
Cyberark
Fuzzer-V
TL;DR An overview of a fuzzing project targeting the Hyper-V VSPs using Intel Processor Trace (IPT) for code coverage guided fuzzing, built upon WinAFL, winipt, HAFL1, and Microsoft’s IPT.sys....
I made a tool to analyze incoming HTTP/DNS requests. Let me know how it is
https://ift.tt/WL3X6MA
Submitted November 28, 2023 at 07:46PM by adragos_
via reddit https://ift.tt/1KsdrZi
https://ift.tt/WL3X6MA
Submitted November 28, 2023 at 07:46PM by adragos_
via reddit https://ift.tt/1KsdrZi
requestrepo
Dashboard - requestrepo.com
Analyze HTTP and DNS requests and create custom DNS records for your subdomain.
BLUFFS: Bluetooth Forward and Future Secrecy Attacks and Defenses
https://ift.tt/QJdcMVk
Submitted November 28, 2023 at 11:18PM by sanitybit
via reddit https://ift.tt/7FvcKyM
https://ift.tt/QJdcMVk
Submitted November 28, 2023 at 11:18PM by sanitybit
via reddit https://ift.tt/7FvcKyM
Daniele Antonioli
BLUFFS: Bluetooth Forward and Future Secrecy Attacks and Defenses | Daniele Antonioli
Breaking and fixing the Bluetooth standard. One More Time.
Paper Slides Toolkit CVE-2023-24023 BT SIG note
Paper Slides Toolkit CVE-2023-24023 BT SIG note
New RCE popchain in WordPress
https://ift.tt/HVn8sqY
Submitted November 28, 2023 at 11:58PM by monoimpact
via reddit https://ift.tt/YyeQFzu
https://ift.tt/HVn8sqY
Submitted November 28, 2023 at 11:58PM by monoimpact
via reddit https://ift.tt/YyeQFzu
Fenrisk
Gadgets chain in Wordpress
Security experts
Unmasking the Dark Art of Vectored Exception Handling: Bypassing XDR and EDR in the Evolving CyberThreat Landscape - Donato Onofri
https://ift.tt/kjr01uh
Submitted November 28, 2023 at 02:10PM by himazawa
via reddit https://ift.tt/IiXMzVb
https://ift.tt/kjr01uh
Submitted November 28, 2023 at 02:10PM by himazawa
via reddit https://ift.tt/IiXMzVb
SlideShare
Unmasking the Dark Art of Vectored Exception Handling: Bypassing XDR and EDR in the Evolving Cyber Threat Landscape
Unmasking the Dark Art of Vectored Exception Handling: Bypassing XDR and EDR in the Evolving Cyber Threat Landscape - Download as a PDF or view online for free
DICOM Protocol Vulnerabilities and Attack Surface
https://ift.tt/eknrQqB
Submitted November 30, 2023 at 02:19AM by derp6996
via reddit https://ift.tt/H15NtcJ
https://ift.tt/eknrQqB
Submitted November 30, 2023 at 02:19AM by derp6996
via reddit https://ift.tt/H15NtcJ
Claroty
DICOM Demystified: Exploring the Underbelly of Medical Imaging
Pentest Muse: an Open Source AI-Powered Tool for Ethical Hacking
https://ift.tt/CVpufLe
Submitted November 30, 2023 at 06:09AM by Jumpy-Tumbleweed-437
via reddit https://ift.tt/I8YTXv3
https://ift.tt/CVpufLe
Submitted November 30, 2023 at 06:09AM by Jumpy-Tumbleweed-437
via reddit https://ift.tt/I8YTXv3
GitHub
GitHub - AbstractEngine/pentest-muse-cli
Contribute to AbstractEngine/pentest-muse-cli development by creating an account on GitHub.
Decompilation Debugging - Pretending All Binaries Come With Source Code
https://ift.tt/uCA8gQc
Submitted November 30, 2023 at 08:45AM by onlinereadme
via reddit https://ift.tt/z8CquM9
https://ift.tt/uCA8gQc
Submitted November 30, 2023 at 08:45AM by onlinereadme
via reddit https://ift.tt/z8CquM9
clearbluejar
Decompilation Debugging
Debugging an application can provide the insight needed troubleshoot a subtle bug in your software. Normally, when debugging, you have source code and data type information (aka symbols) to help navigate your application. In the world of Reverse Engineering…
Okta Threat Hunting Guide - Part 2
https://ift.tt/q5BPLoS
Submitted November 30, 2023 at 12:51PM by Or1rez
via reddit https://ift.tt/gzNtEUm
https://ift.tt/q5BPLoS
Submitted November 30, 2023 at 12:51PM by Or1rez
via reddit https://ift.tt/gzNtEUm
Rezonate - Protect Identities, Everywhere
Okta Threat Hunting: Auditing Okta Logs Part 2 - Rezonate
Update Note Due to the recent events at MGM, which included the compromise of MGM’s Okta tenant, and the surge in attacks of Okta Admins, we have updated the threat-hunting article, adding a few relevant queries to increase visibility surrounding compromised…
TRAP; RESET; POISON; - Taking over a country Kaminsky style
https://ift.tt/bUJgm5e
Submitted November 30, 2023 at 05:56PM by The_Login
via reddit https://ift.tt/oWzwIaK
https://ift.tt/bUJgm5e
Submitted November 30, 2023 at 05:56PM by The_Login
via reddit https://ift.tt/oWzwIaK
SEC Consult
TRAP; RESET; POISON; - Taking over a country Kaminsky style
A technical deep dive on how to poison the DNS name resolution of an entire country!
To Schnorr and beyond (part 2)
https://ift.tt/vOmB9F0
Submitted November 30, 2023 at 09:17PM by feross
via reddit https://ift.tt/J3vQpu9
https://ift.tt/vOmB9F0
Submitted November 30, 2023 at 09:17PM by feross
via reddit https://ift.tt/J3vQpu9
A Few Thoughts on Cryptographic Engineering
To Schnorr and beyond (part 2)
This post continues a long, wonky discussion of Schnorr signature schemes and the Dilithium post-quantum signature. You may want to start with Part 1. In the previous post I discussed the intuition…
Autonomous Hacking of PHP Web Applications at the Bytecode Level
https://ift.tt/jeUMNKi
Submitted December 01, 2023 at 09:02AM by finixbit
via reddit https://ift.tt/D8cnBQY
https://ift.tt/jeUMNKi
Submitted December 01, 2023 at 09:02AM by finixbit
via reddit https://ift.tt/D8cnBQY
finixbit.github.io
Finixbit - site/blog
We Hacked Ourselves With DNS Rebinding
https://ift.tt/5uARE3v
Submitted December 01, 2023 at 05:56PM by dcthatch
via reddit https://ift.tt/vFf6qGm
https://ift.tt/5uARE3v
Submitted December 01, 2023 at 05:56PM by dcthatch
via reddit https://ift.tt/vFf6qGm
www.intruder.io
We Hacked Ourselves With DNS Rebinding
This post is the first in a two-part series on DNS rebinding in web browsers. In this post, I will talk about a bug we found in our own product which allowed us to retrieve low-privileged AWS credentials using DNS rebinding. In the next post, I will share…
Tricard: Malware Sandboxes Fingerprinting
https://ift.tt/Va1DZ7F
Submitted December 01, 2023 at 07:22PM by _kawhl
via reddit https://ift.tt/953WzMp
https://ift.tt/Va1DZ7F
Submitted December 01, 2023 at 07:22PM by _kawhl
via reddit https://ift.tt/953WzMp
therealunicornsecurity.github.io
Tricard - Malware sandboxes fingerprinting
Introduction to malware sandboxes fingerprinting
Owncloud: details about CVE-2023-49103 and CVE-2023-49105
https://ift.tt/ERm2aq7
Submitted December 04, 2023 at 03:32PM by poltess0
via reddit https://ift.tt/GNICud3
https://ift.tt/ERm2aq7
Submitted December 04, 2023 at 03:32PM by poltess0
via reddit https://ift.tt/GNICud3
Ambionics
Owncloud: details about CVE-2023-49103 and CVE-2023-49105
We provide details about CVE-2023-49103 and CVE-2023-49105
Shooting Yourself in the .flags – Jailbreaking the Sonos Era 100
https://ift.tt/dIL2A1o
Submitted December 04, 2023 at 04:01PM by poltess0
via reddit https://ift.tt/0RLBrUC
https://ift.tt/dIL2A1o
Submitted December 04, 2023 at 04:01PM by poltess0
via reddit https://ift.tt/0RLBrUC
Phishing and Exfiltrating Leaked Secrets from Slack Workspaces
https://ift.tt/sGkO6FB
Submitted December 04, 2023 at 07:21PM by Dr_Mantis_Tobbogon
via reddit https://ift.tt/YLxn2jR
https://ift.tt/sGkO6FB
Submitted December 04, 2023 at 07:21PM by Dr_Mantis_Tobbogon
via reddit https://ift.tt/YLxn2jR
SQL Brute Force Leads to BlueSky Ransomware
https://ift.tt/jQq7oDl
Submitted December 04, 2023 at 06:46PM by TheDFIRReport
via reddit https://ift.tt/LZ4yu0I
https://ift.tt/jQq7oDl
Submitted December 04, 2023 at 06:46PM by TheDFIRReport
via reddit https://ift.tt/LZ4yu0I
The DFIR Report
SQL Brute Force Leads to BlueSky Ransomware - The DFIR Report
In December 2022, we observed an intrusion on a public-facing MSSQL Server, which resulted in BlueSky ransomware. First discovered in June 2022, BlueSky ransomware has code links to Conti and … Read More
The Art and Science of Automated CVSS Predictions
https://ift.tt/yz1BvjQ
Submitted December 04, 2023 at 11:02PM by gfekkas
via reddit https://ift.tt/rSgwzFj
https://ift.tt/yz1BvjQ
Submitted December 04, 2023 at 11:02PM by gfekkas
via reddit https://ift.tt/rSgwzFj
PRIOn - AI Driven Vulnerablity Analysis & Prioritization
Blog - The Art and Science of Automated CVSS Predictions - PRIOn
With a significant daily influx of vulnerabilities, the assessment and assignment of CVSS base scores demand considerable time, expertise, and human resources.
Vulnerability Management with DefectDojo - presenting capabilities of DefectDojo for DevSecOps and traditional application security engineers.
https://ift.tt/LrO8ymN
Submitted December 05, 2023 at 12:29AM by theowni
via reddit https://ift.tt/sRSvenU
https://ift.tt/LrO8ymN
Submitted December 05, 2023 at 12:29AM by theowni
via reddit https://ift.tt/sRSvenU
Medium
Vulnerability Management with DefectDojo — is it great for DevSecOps?
Presenting capabilities of DefectDojo in context of Vulnerability Management for DevSecOps and traditional application security engineers.
Argument injection leading to unauthenticated RCE and authentication bypass in Atos Unify OpenScape Session Border Controller (and Branch, BCF products)
https://ift.tt/suqAKfw
Submitted December 05, 2023 at 12:28PM by 0x9000
via reddit https://ift.tt/bA6gIyQ
https://ift.tt/suqAKfw
Submitted December 05, 2023 at 12:28PM by 0x9000
via reddit https://ift.tt/bA6gIyQ
SEC Consult
Argument injection vulnerability in multiple Atos Unify OpenScape products
A critical argument injection vulnerability has been identified in the administrative web interface of the Atos Unify OpenScape products Session Border Controller, Branch, and BCF. This allows an unauthenticated attacker to gain root access to the appliance…