Introducing Fuzzomatic: Using AI to Automatically Fuzz Rust Projects from Scratch
https://ift.tt/iulgUTy
Submitted December 07, 2023 at 09:02PM by tmlxs
via reddit https://ift.tt/9UzbLWA
https://ift.tt/iulgUTy
Submitted December 07, 2023 at 09:02PM by tmlxs
via reddit https://ift.tt/9UzbLWA
Kudelski Security Research
Introducing Fuzzomatic: Using AI to Automatically Fuzz Rust Projects from Scratch
Introduction In August 2023, Google published research they did on AI-powered fuzzing. They showed they could automatically improve fuzzing code coverage of C/C++ projects already enrolled in OSS-F…
Qilin Ransomware malware analysis
https://ift.tt/alSX6i9
Submitted December 07, 2023 at 08:52PM by ShadowStackRE
via reddit https://ift.tt/s5H82nN
https://ift.tt/alSX6i9
Submitted December 07, 2023 at 08:52PM by ShadowStackRE
via reddit https://ift.tt/s5H82nN
ShadowStackRE
Qilin Ransomware malware analysis — ShadowStackRE
CVE-2023-46818: PHP Code Injection Vulnerability in ISPConfig <= 3.2.11
https://ift.tt/PGEhI5S
Submitted December 07, 2023 at 10:26PM by eg1x
via reddit https://ift.tt/gU58MWf
https://ift.tt/PGEhI5S
Submitted December 07, 2023 at 10:26PM by eg1x
via reddit https://ift.tt/gU58MWf
Karmainsecurity
ISPConfig <= 3.2.11 (language_edit.php) PHP Code Injection Vulnerability | Karma(In)Security
This is the personal website of Egidio Romano, a very curious guy from Sicily, Italy. He's a computer security enthusiast, particularly addicted to webapp security.
CISA ICS Advisory: ControlbyWeb Relay
https://ift.tt/ahliWp5
Submitted December 08, 2023 at 01:10AM by deepwatch_sec
via reddit https://ift.tt/rixsoPX
https://ift.tt/ahliWp5
Submitted December 08, 2023 at 01:10AM by deepwatch_sec
via reddit https://ift.tt/rixsoPX
Spoofing DNS records by abusing Microsoft DHCP server
https://ift.tt/o0GdFeV
Submitted December 08, 2023 at 02:50AM by oridavid1231
via reddit https://ift.tt/6p5sHzJ
https://ift.tt/o0GdFeV
Submitted December 08, 2023 at 02:50AM by oridavid1231
via reddit https://ift.tt/6p5sHzJ
Akamai
Spoofing DNS Records by Abusing DHCP DNS Dynamic Updates | Akamai
Akamai researchers discovered a new set of attacks against Active Directory (AD) using Microsoft DHCP servers that can lead to full AD takeover.
BSidesSF 2024 CFP is now open!
https://ift.tt/Zx73toq
Submitted December 08, 2023 at 07:48AM by sarah-bsidessf
via reddit https://ift.tt/V5S8Dua
https://ift.tt/Zx73toq
Submitted December 08, 2023 at 07:48AM by sarah-bsidessf
via reddit https://ift.tt/V5S8Dua
BSidesSF
BSidesSF 2025 Call For Participation
BSidesSF is soliciting submissions for the annual BSidesSF conference on April 26-27, 2025. Call for Participation is currently open for all tracks.Note: We DO NOT provide speaker or travel ...
RCE and LPE in a wide range of Unify OpenStage and OpenScape phones in default config (plus PoC)
https://ift.tt/DzJ1Amj
Submitted December 08, 2023 at 11:41AM by aunga
via reddit https://ift.tt/jYt09LW
https://ift.tt/DzJ1Amj
Submitted December 08, 2023 at 11:41AM by aunga
via reddit https://ift.tt/jYt09LW
Pentagrid AG
Remote code execution and elevation of local privileges in Mitel Unify
Multiple vulnerabilities in Mitel Unify OpenStage and OpenScape phones allow a remote compromise in the unhardened default configuration and an elevation of privileges to become the root user.
Russian cyberops fact sheet (UK gov)
https://ift.tt/a0D1Rs7
Submitted December 08, 2023 at 04:06PM by vjeuss
via reddit https://ift.tt/n7gheRV
https://ift.tt/a0D1Rs7
Submitted December 08, 2023 at 04:06PM by vjeuss
via reddit https://ift.tt/n7gheRV
GOV.UK
Russia's FSB malign activity: factsheet
Russia is one of the world’s most prolific cyber actors and dedicate significant resource into conducting cyber operations around the globe. The UK government has publicly attributed malign cyber activity to parts of three Russian Intelligence services: the…
AIJacking - A Vulnerability in the Popular Hugging Face AI Platform
https://ift.tt/cp3fuj5
Submitted December 08, 2023 at 09:10PM by roy_6472
via reddit https://ift.tt/RflNQHd
https://ift.tt/cp3fuj5
Submitted December 08, 2023 at 09:10PM by roy_6472
via reddit https://ift.tt/RflNQHd
Legitsecurity
Legit Discovers "AI Jacking" Vulnerability in Popular Hugging Face AI Platform
Legit Security | Uncovering 'AIJacking': How Attackers Exploit Hugging Face for AI Supply Chain Attacks - A Deep Dive into Vulnerabilities and Risks.
CVE-2023-45866: Unauthenticated Bluetooth keystroke-injection in Android, Linux, macOS and iOS
https://ift.tt/GdAaZB1
Submitted December 09, 2023 at 12:57AM by bagaudin
via reddit https://ift.tt/vWofjVZ
https://ift.tt/GdAaZB1
Submitted December 09, 2023 at 12:57AM by bagaudin
via reddit https://ift.tt/vWofjVZ
GitHub
reblog/cve-2023-45866 at main · skysafe/reblog
SkySafe Miscellaneous Reverse Engineering Blog. Contribute to skysafe/reblog development by creating an account on GitHub.
New Apache Struts file upload/execution vulnerability - CVE-2023-50164
https://ift.tt/Cz5mjYK
Submitted December 09, 2023 at 03:43AM by ExplodingFist
via reddit https://ift.tt/zmgjuAp
https://ift.tt/Cz5mjYK
Submitted December 09, 2023 at 03:43AM by ExplodingFist
via reddit https://ift.tt/zmgjuAp
CTO at NCSC Summary: week ending December 10th
https://ift.tt/ePrVl2a
Submitted December 10, 2023 at 11:37AM by digicat
via reddit https://ift.tt/CLNimOt
https://ift.tt/ePrVl2a
Submitted December 10, 2023 at 11:37AM by digicat
via reddit https://ift.tt/CLNimOt
CTO at NCSC - Cyber Defence Analysis
CTO at NCSC Summary: week ending December 10th
Industrial Control System spillover is a thing...
New payload to exploit Error-based SQL injection - Oracle database
https://ift.tt/yoVPj6c
Submitted December 10, 2023 at 01:37PM by 1046ica
via reddit https://ift.tt/Df71wLx
https://ift.tt/yoVPj6c
Submitted December 10, 2023 at 01:37PM by 1046ica
via reddit https://ift.tt/Df71wLx
www.mannulinux.org
New payload to exploit Error-based SQL injection - Oracle database
Learn Basic Concepts of Linux. Best site to learn Linux from beginner to Advanced.
AWS Organizations Defaults & Pivoting - Hacking The Cloud
https://ift.tt/JVnxGfq
Submitted December 10, 2023 at 10:45PM by RedTermSession
via reddit https://ift.tt/hVlDuJK
https://ift.tt/JVnxGfq
Submitted December 10, 2023 at 10:45PM by RedTermSession
via reddit https://ift.tt/hVlDuJK
hackingthe.cloud
AWS Organizations Defaults & Pivoting - Hacking The Cloud
How to abuse AWS Organizations' default behavior and lateral movement capabilities.
GitHub - boringtools/git-alerts: Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive files
https://ift.tt/eAP85OU
Submitted December 11, 2023 at 11:23AM by predev0x00
via reddit https://ift.tt/Kt1aQWb
https://ift.tt/eAP85OU
Submitted December 11, 2023 at 11:23AM by predev0x00
via reddit https://ift.tt/Kt1aQWb
GitHub
GitHub - boringtools/git-alerts: Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive files
Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive files - boringtools/git-alerts
wrapwrap: using PHP filters to wrap a file with a prefix and suffix (SSRF, file read)
https://ift.tt/rRBpgw3
Submitted December 11, 2023 at 01:48PM by cfambionics
via reddit https://ift.tt/qQBLXCe
https://ift.tt/rRBpgw3
Submitted December 11, 2023 at 01:48PM by cfambionics
via reddit https://ift.tt/qQBLXCe
Ambionics
Introducing wrapwrap: using PHP filters to wrap a file with a prefix and suffix
We introduce a tool that uses PHP filters to wrap PHP resources in an arbitrary prefix and suffix.
Rhysida Ransomware: History, TTPs and Adversary Emulation Plans
https://ift.tt/QUXAOns
Submitted December 12, 2023 at 12:03AM by achilles4828
via reddit https://ift.tt/vLgFbjU
https://ift.tt/QUXAOns
Submitted December 12, 2023 at 12:03AM by achilles4828
via reddit https://ift.tt/vLgFbjU
FourCore
Rhysida Ransomware: History, TTPs and Adversary Emulation Plans
Rhysida is a new player in the Ransomware space, first appearing in May 2023, and has been targeting industries all across the globe. In recent months, Rhysida has run campaigns compromising and extorting organizations from the government, education, healthcare…
JMP slide: A NOP-sled alternative
https://ift.tt/awEh9rp
Submitted December 12, 2023 at 07:17AM by NoPaleontologist7419
via reddit https://ift.tt/UnPXLOA
https://ift.tt/awEh9rp
Submitted December 12, 2023 at 07:17AM by NoPaleontologist7419
via reddit https://ift.tt/UnPXLOA
Lambda driver blog
JMP slide: A NOP-sled alternative
In the following blog post, I will introduce you to two techniques similar to NOP-sled or NOP slide, but with the advantage that they are faster. Those techniques are: JMP slide and JCC slide.
SyzGPT: When the fuzzer meets the LLM
https://ift.tt/R8cBafF
Submitted December 12, 2023 at 12:03PM by albocoder1
via reddit https://ift.tt/dg97any
https://ift.tt/R8cBafF
Submitted December 12, 2023 at 12:03PM by albocoder1
via reddit https://ift.tt/dg97any
Practice on certifications tool is now on offsec.tools check it out!
https://ift.tt/IvM1VBC
Submitted December 12, 2023 at 04:17PM by cybersecq
via reddit https://ift.tt/rA3F6Ba
https://ift.tt/IvM1VBC
Submitted December 12, 2023 at 04:17PM by cybersecq
via reddit https://ift.tt/rA3F6Ba
offsec.tools
CyberSec Quizzes on offsec.tools
Test your knowledge on cyber security and practice for industry recognised certifications.
EMBA and EMBArk version alert - EMBA version 1.3.2 is out AND the first EMBArk version is here
https://ift.tt/Xz3k42A
Submitted December 12, 2023 at 06:47PM by _m-1-k-3_
via reddit https://ift.tt/PfG1WpT
https://ift.tt/Xz3k42A
Submitted December 12, 2023 at 06:47PM by _m-1-k-3_
via reddit https://ift.tt/PfG1WpT
GitHub
Release Version 0.1 - Hello World! · e-m-b-a/embark
The first official EMBArk release is out now!
Everything started as an idea in the beginning of 2021. The idea was to build an enterprise ready open source firmware analysis environment on top ...
Everything started as an idea in the beginning of 2021. The idea was to build an enterprise ready open source firmware analysis environment on top ...