Sensing Vulnerabilities in your pfSense Firewall: From XSS to RCE
https://ift.tt/GvHO4Ep
Submitted December 12, 2023 at 09:17PM by SonarPaul
via reddit https://ift.tt/GL16wEr
https://ift.tt/GvHO4Ep
Submitted December 12, 2023 at 09:17PM by SonarPaul
via reddit https://ift.tt/GL16wEr
Sonarsource
pfSense Security: Sensing Code Vulnerabilities with SonarCloud
Our Clean Code solution SonarCloud discovered multiple vulnerabilities leading to remote code execution on pfSense CE 2.7.0. Let's see how SonarCloud found them and how it can keep your code clean.
Let Me Manage Your AppDomain
https://ift.tt/p391J5U
Submitted December 13, 2023 at 02:28AM by ipSlav
via reddit https://ift.tt/87S1mxf
https://ift.tt/p391J5U
Submitted December 13, 2023 at 02:28AM by ipSlav
via reddit https://ift.tt/87S1mxf
Purple Research
Let Me Manage Your AppDomain
Abuse the CLR memory (un)safety
🚀AWSAttacks: Your Resource for AWS Security Monitoring! 🛡️
https://ift.tt/Jl60Uxc
Submitted December 13, 2023 at 03:56PM by unknownhad
via reddit https://ift.tt/0LibuxJ
https://ift.tt/Jl60Uxc
Submitted December 13, 2023 at 03:56PM by unknownhad
via reddit https://ift.tt/0LibuxJ
GitHub
GitHub - unknownhad/CloudIntel: This repo contains IOC, malware and malware analysis associated with Public cloud
This repo contains IOC, malware and malware analysis associated with Public cloud - unknownhad/CloudIntel
Nmap Peek - View your Nmap files in VSCode
https://ift.tt/DAE02d6
Submitted December 13, 2023 at 06:05PM by marduc812
via reddit https://ift.tt/6c297GO
https://ift.tt/DAE02d6
Submitted December 13, 2023 at 06:05PM by marduc812
via reddit https://ift.tt/6c297GO
Visualstudio
Nmap Peek - Visual Studio Marketplace
Extension for Visual Studio Code - View your nmap output inside VS Code, in a nice clean GUI
CryptoLyzer 0.12 ~= SSLyze + testssl.sh + ssh-audit + Mozilla observatory
https://cryptolyzer.readthedocs.io/en/latest/features/
Submitted December 13, 2023 at 08:48PM by c0r0n3r
via reddit https://ift.tt/8ukSTo6
https://cryptolyzer.readthedocs.io/en/latest/features/
Submitted December 13, 2023 at 08:48PM by c0r0n3r
via reddit https://ift.tt/8ukSTo6
Reddit
From the netsec community on Reddit: CryptoLyzer 0.12 ~= SSLyze + testssl.sh + ssh-audit + Mozilla observatory
Posted by c0r0n3r - 6 votes and 2 comments
Routers Roasting on an Open Firewall: the KV-botnet Investigation
https://ift.tt/Cngj5Di
Submitted December 13, 2023 at 11:43PM by wheelfoot
via reddit https://ift.tt/pL8qFT2
https://ift.tt/Cngj5Di
Submitted December 13, 2023 at 11:43PM by wheelfoot
via reddit https://ift.tt/pL8qFT2
Lumen Blog
Routers Roasting on an Open Firewall: the KV-botnet Investigation
Understand how this small and home office router botnet can impact your business and how to combat the threat.
Remote Code Execution vs. OPC UA Clients
https://ift.tt/675UbuQ
Submitted December 14, 2023 at 02:54AM by derp6996
via reddit https://ift.tt/1EdGJtp
https://ift.tt/675UbuQ
Submitted December 14, 2023 at 02:54AM by derp6996
via reddit https://ift.tt/1EdGJtp
Claroty
OPC UA Deep Dive Series (Part 8): Gaining Client-Side Remote Code Execution
Nim implementation of Old Dll Unlinking Technique
https://ift.tt/1YgMflX
Submitted December 14, 2023 at 04:06PM by DarkGrejuva
via reddit https://ift.tt/zF1Ds8U
https://ift.tt/1YgMflX
Submitted December 14, 2023 at 04:06PM by DarkGrejuva
via reddit https://ift.tt/zF1Ds8U
GitHub
GitHub - frkngksl/UnlinkDLL: DLL Unlinking from InLoadOrderModuleList, InMemoryOrderModuleList, InInitializationOrderModuleList…
DLL Unlinking from InLoadOrderModuleList, InMemoryOrderModuleList, InInitializationOrderModuleList, and LdrpHashTable - frkngksl/UnlinkDLL
New Methodology for Bluetooth Security Assessment
https://ift.tt/ObcWLod
Submitted December 14, 2023 at 05:06PM by jaimeff
via reddit https://ift.tt/6Sp2N8m
https://ift.tt/ObcWLod
Submitted December 14, 2023 at 05:06PM by jaimeff
via reddit https://ift.tt/6Sp2N8m
BSAM
Bluetooth Security Assessment Methodology
The BSAM methodology is a guide for security evaluation in devices with Bluetooth capabilities.
de4py: toolkit for python reverse engineering
https://ift.tt/ug5jDvZ
Submitted December 14, 2023 at 10:16PM by AhmedMinegames
via reddit https://ift.tt/ceTmonS
https://ift.tt/ug5jDvZ
Submitted December 14, 2023 at 10:16PM by AhmedMinegames
via reddit https://ift.tt/ceTmonS
GitHub
GitHub - Fadi002/de4py: toolkit for python reverse engineering
toolkit for python reverse engineering. Contribute to Fadi002/de4py development by creating an account on GitHub.
CVE-2023-47271: Remote Code Execution Vulnerability in PKP-WAL <= 3.4.0-3
https://ift.tt/1L4jVkD
Submitted December 15, 2023 at 12:25AM by eg1x
via reddit https://ift.tt/ig2ejyZ
https://ift.tt/1L4jVkD
Submitted December 15, 2023 at 12:25AM by eg1x
via reddit https://ift.tt/ig2ejyZ
Karmainsecurity
PKP-WAL <= 3.4.0-3 (NativeImportExportPlugin) Remote Code Execution Vulnerability | Karma(In)Security
This is the personal website of Egidio Romano, a very curious guy from Sicily, Italy. He's a computer security enthusiast, particularly addicted to webapp security.
It's been 24 hours of users reporting that Ubiquiti is showing other people's consoles and cameras with limited access
https://ift.tt/z7sRNg5
Submitted December 15, 2023 at 12:21AM by supernetworks
via reddit https://ift.tt/OKIY9Du
https://ift.tt/z7sRNg5
Submitted December 15, 2023 at 12:21AM by supernetworks
via reddit https://ift.tt/OKIY9Du
OpalOPC 2.0.0.0 Adds Support for OPC UA Brute Force
https://ift.tt/il0xy9B
Submitted December 15, 2023 at 01:14AM by Salmiakkilakritsi
via reddit https://ift.tt/AC0cTPh
https://ift.tt/il0xy9B
Submitted December 15, 2023 at 01:14AM by Salmiakkilakritsi
via reddit https://ift.tt/AC0cTPh
Opalopc
Release 2.0.0.0 | OpalOPC
Privesc to RCE in “enterprise-grade” OpenNMS
https://ift.tt/PV6BLz2
Submitted December 15, 2023 at 02:29AM by kalibabka
via reddit https://ift.tt/HStK3MV
https://ift.tt/PV6BLz2
Submitted December 15, 2023 at 02:29AM by kalibabka
via reddit https://ift.tt/HStK3MV
Medium
Privesc to RCE in “enterprise-grade” OpenNMS
An analysis of CVE-2023–0872, CVE-2023–40315 & more
Ledger Wallets Attack
https://ift.tt/fmWCvLV
Submitted December 15, 2023 at 02:10AM by arrowflakes
via reddit https://ift.tt/G8Nl3gx
https://ift.tt/fmWCvLV
Submitted December 15, 2023 at 02:10AM by arrowflakes
via reddit https://ift.tt/G8Nl3gx
CoinFabrik
Attack on Ledger Wallets - What happened?
All information about Ledger's Connect Kit attack. This suspected “supply chain attack” may leave dapp users open to loss of funds.
IDA Pro Vulfi plugin UPDATE
https://ift.tt/M3d5GFh
Submitted December 15, 2023 at 02:56PM by Martypx00
via reddit https://ift.tt/LBlkXi6
https://ift.tt/M3d5GFh
Submitted December 15, 2023 at 02:56PM by Martypx00
via reddit https://ift.tt/LBlkXi6
GitHub
GitHub - Accenture/VulFi: IDA Pro plugin for query based searching within the binary useful mainly for vulnerability research.
IDA Pro plugin for query based searching within the binary useful mainly for vulnerability research. - Accenture/VulFi
npm search RCE? - Escape Sequence Injection
https://ift.tt/tuKNQlM
Submitted December 16, 2023 at 04:23AM by _solid_snail
via reddit https://ift.tt/wNUzXVj
https://ift.tt/tuKNQlM
Submitted December 16, 2023 at 04:23AM by _solid_snail
via reddit https://ift.tt/wNUzXVj
solid-snail blog
npm search RCE? - Escape Sequence Injection
How many programmers does it take to filter out 36 characters? You may think this is an opening to a joke, but it’s not.
OSTE META SCANNER
https://ift.tt/KTh8mHW
Submitted December 16, 2023 at 05:18AM by OSTEsayed
via reddit https://ift.tt/zA0VM82
https://ift.tt/KTh8mHW
Submitted December 16, 2023 at 05:18AM by OSTEsayed
via reddit https://ift.tt/zA0VM82
GitHub
GitHub - OSTEsayed/OSTE-Meta-Scan: The OSTE meta scanner is a comprehensive web vulnerability scanner that combines multiple DAST…
The OSTE meta scanner is a comprehensive web vulnerability scanner that combines multiple DAST scanners, including Nikto Scanner, ZAP, Nuclei, SkipFish, and Wapiti. - OSTEsayed/OSTE-Meta-Scan
Google Oauth is Broken (sort of)
https://ift.tt/Fdfl8im
Submitted December 16, 2023 at 11:17PM by wifihack
via reddit https://ift.tt/9GtHl2w
https://ift.tt/Fdfl8im
Submitted December 16, 2023 at 11:17PM by wifihack
via reddit https://ift.tt/9GtHl2w
Trufflesecurity
Google OAuth is Broken (Sort Of) ◆ Truffle Security Co.
Today I’m publicizing a Google OAuth vulnerability that allows employees at companies to retain indefinite access to applications like Slack and Zoom, after they’re off-boarded and removed from their company’s Google organization. The vulnerability is easy…
GitHub - dwisiswant0/cve-2023-50164-poc: Proof of Concept for Path Traversal in Apache Struts ("CVE-2023-50164")
https://ift.tt/fjF0ObL
Submitted December 17, 2023 at 09:28PM by dwisiswant0
via reddit https://ift.tt/0LSiMKN
https://ift.tt/fjF0ObL
Submitted December 17, 2023 at 09:28PM by dwisiswant0
via reddit https://ift.tt/0LSiMKN
GitHub
GitHub - dwisiswant0/cve-2023-50164-poc: Proof of Concept for Path Traversal in Apache Struts ("CVE-2023-50164")
Proof of Concept for Path Traversal in Apache Struts ("CVE-2023-50164") - dwisiswant0/cve-2023-50164-poc
Advisory and PoC for CVE-2021-21480 (9.1/10) from BH MEA 23
https://ift.tt/hID5Esu
Submitted December 18, 2023 at 09:40AM by vah_13
via reddit https://ift.tt/1fviqVD
https://ift.tt/hID5Esu
Submitted December 18, 2023 at 09:40AM by vah_13
via reddit https://ift.tt/1fviqVD
RedRays - Your SAP Security Solution
Advisory for SAP Security Note 3022622 - [CVE-2021-21480][PoC]