Nim implementation of Old Dll Unlinking Technique
https://ift.tt/1YgMflX
Submitted December 14, 2023 at 04:06PM by DarkGrejuva
via reddit https://ift.tt/zF1Ds8U
https://ift.tt/1YgMflX
Submitted December 14, 2023 at 04:06PM by DarkGrejuva
via reddit https://ift.tt/zF1Ds8U
GitHub
GitHub - frkngksl/UnlinkDLL: DLL Unlinking from InLoadOrderModuleList, InMemoryOrderModuleList, InInitializationOrderModuleList…
DLL Unlinking from InLoadOrderModuleList, InMemoryOrderModuleList, InInitializationOrderModuleList, and LdrpHashTable - frkngksl/UnlinkDLL
New Methodology for Bluetooth Security Assessment
https://ift.tt/ObcWLod
Submitted December 14, 2023 at 05:06PM by jaimeff
via reddit https://ift.tt/6Sp2N8m
https://ift.tt/ObcWLod
Submitted December 14, 2023 at 05:06PM by jaimeff
via reddit https://ift.tt/6Sp2N8m
BSAM
Bluetooth Security Assessment Methodology
The BSAM methodology is a guide for security evaluation in devices with Bluetooth capabilities.
de4py: toolkit for python reverse engineering
https://ift.tt/ug5jDvZ
Submitted December 14, 2023 at 10:16PM by AhmedMinegames
via reddit https://ift.tt/ceTmonS
https://ift.tt/ug5jDvZ
Submitted December 14, 2023 at 10:16PM by AhmedMinegames
via reddit https://ift.tt/ceTmonS
GitHub
GitHub - Fadi002/de4py: toolkit for python reverse engineering
toolkit for python reverse engineering. Contribute to Fadi002/de4py development by creating an account on GitHub.
CVE-2023-47271: Remote Code Execution Vulnerability in PKP-WAL <= 3.4.0-3
https://ift.tt/1L4jVkD
Submitted December 15, 2023 at 12:25AM by eg1x
via reddit https://ift.tt/ig2ejyZ
https://ift.tt/1L4jVkD
Submitted December 15, 2023 at 12:25AM by eg1x
via reddit https://ift.tt/ig2ejyZ
Karmainsecurity
PKP-WAL <= 3.4.0-3 (NativeImportExportPlugin) Remote Code Execution Vulnerability | Karma(In)Security
This is the personal website of Egidio Romano, a very curious guy from Sicily, Italy. He's a computer security enthusiast, particularly addicted to webapp security.
It's been 24 hours of users reporting that Ubiquiti is showing other people's consoles and cameras with limited access
https://ift.tt/z7sRNg5
Submitted December 15, 2023 at 12:21AM by supernetworks
via reddit https://ift.tt/OKIY9Du
https://ift.tt/z7sRNg5
Submitted December 15, 2023 at 12:21AM by supernetworks
via reddit https://ift.tt/OKIY9Du
OpalOPC 2.0.0.0 Adds Support for OPC UA Brute Force
https://ift.tt/il0xy9B
Submitted December 15, 2023 at 01:14AM by Salmiakkilakritsi
via reddit https://ift.tt/AC0cTPh
https://ift.tt/il0xy9B
Submitted December 15, 2023 at 01:14AM by Salmiakkilakritsi
via reddit https://ift.tt/AC0cTPh
Opalopc
Release 2.0.0.0 | OpalOPC
Privesc to RCE in “enterprise-grade” OpenNMS
https://ift.tt/PV6BLz2
Submitted December 15, 2023 at 02:29AM by kalibabka
via reddit https://ift.tt/HStK3MV
https://ift.tt/PV6BLz2
Submitted December 15, 2023 at 02:29AM by kalibabka
via reddit https://ift.tt/HStK3MV
Medium
Privesc to RCE in “enterprise-grade” OpenNMS
An analysis of CVE-2023–0872, CVE-2023–40315 & more
Ledger Wallets Attack
https://ift.tt/fmWCvLV
Submitted December 15, 2023 at 02:10AM by arrowflakes
via reddit https://ift.tt/G8Nl3gx
https://ift.tt/fmWCvLV
Submitted December 15, 2023 at 02:10AM by arrowflakes
via reddit https://ift.tt/G8Nl3gx
CoinFabrik
Attack on Ledger Wallets - What happened?
All information about Ledger's Connect Kit attack. This suspected “supply chain attack” may leave dapp users open to loss of funds.
IDA Pro Vulfi plugin UPDATE
https://ift.tt/M3d5GFh
Submitted December 15, 2023 at 02:56PM by Martypx00
via reddit https://ift.tt/LBlkXi6
https://ift.tt/M3d5GFh
Submitted December 15, 2023 at 02:56PM by Martypx00
via reddit https://ift.tt/LBlkXi6
GitHub
GitHub - Accenture/VulFi: IDA Pro plugin for query based searching within the binary useful mainly for vulnerability research.
IDA Pro plugin for query based searching within the binary useful mainly for vulnerability research. - Accenture/VulFi
npm search RCE? - Escape Sequence Injection
https://ift.tt/tuKNQlM
Submitted December 16, 2023 at 04:23AM by _solid_snail
via reddit https://ift.tt/wNUzXVj
https://ift.tt/tuKNQlM
Submitted December 16, 2023 at 04:23AM by _solid_snail
via reddit https://ift.tt/wNUzXVj
solid-snail blog
npm search RCE? - Escape Sequence Injection
How many programmers does it take to filter out 36 characters? You may think this is an opening to a joke, but it’s not.
OSTE META SCANNER
https://ift.tt/KTh8mHW
Submitted December 16, 2023 at 05:18AM by OSTEsayed
via reddit https://ift.tt/zA0VM82
https://ift.tt/KTh8mHW
Submitted December 16, 2023 at 05:18AM by OSTEsayed
via reddit https://ift.tt/zA0VM82
GitHub
GitHub - OSTEsayed/OSTE-Meta-Scan: The OSTE meta scanner is a comprehensive web vulnerability scanner that combines multiple DAST…
The OSTE meta scanner is a comprehensive web vulnerability scanner that combines multiple DAST scanners, including Nikto Scanner, ZAP, Nuclei, SkipFish, and Wapiti. - OSTEsayed/OSTE-Meta-Scan
Google Oauth is Broken (sort of)
https://ift.tt/Fdfl8im
Submitted December 16, 2023 at 11:17PM by wifihack
via reddit https://ift.tt/9GtHl2w
https://ift.tt/Fdfl8im
Submitted December 16, 2023 at 11:17PM by wifihack
via reddit https://ift.tt/9GtHl2w
Trufflesecurity
Google OAuth is Broken (Sort Of) ◆ Truffle Security Co.
Today I’m publicizing a Google OAuth vulnerability that allows employees at companies to retain indefinite access to applications like Slack and Zoom, after they’re off-boarded and removed from their company’s Google organization. The vulnerability is easy…
GitHub - dwisiswant0/cve-2023-50164-poc: Proof of Concept for Path Traversal in Apache Struts ("CVE-2023-50164")
https://ift.tt/fjF0ObL
Submitted December 17, 2023 at 09:28PM by dwisiswant0
via reddit https://ift.tt/0LSiMKN
https://ift.tt/fjF0ObL
Submitted December 17, 2023 at 09:28PM by dwisiswant0
via reddit https://ift.tt/0LSiMKN
GitHub
GitHub - dwisiswant0/cve-2023-50164-poc: Proof of Concept for Path Traversal in Apache Struts ("CVE-2023-50164")
Proof of Concept for Path Traversal in Apache Struts ("CVE-2023-50164") - dwisiswant0/cve-2023-50164-poc
Advisory and PoC for CVE-2021-21480 (9.1/10) from BH MEA 23
https://ift.tt/hID5Esu
Submitted December 18, 2023 at 09:40AM by vah_13
via reddit https://ift.tt/1fviqVD
https://ift.tt/hID5Esu
Submitted December 18, 2023 at 09:40AM by vah_13
via reddit https://ift.tt/1fviqVD
RedRays - Your SAP Security Solution
Advisory for SAP Security Note 3022622 - [CVE-2021-21480][PoC]
Introducing SMTP Smuggling: A novel technique for spoofing e-mails
https://ift.tt/3rPMl4L
Submitted December 18, 2023 at 03:31PM by The_Login
via reddit https://ift.tt/8ZrKnLD
https://ift.tt/3rPMl4L
Submitted December 18, 2023 at 03:31PM by The_Login
via reddit https://ift.tt/8ZrKnLD
SEC Consult
SMTP Smuggling - Spoofing E-Mails Worldwide
Introducing a novel technique for e-mail spoofing
Lets Open(Dir) Some Presents: An Analysis of a Persistent Actor’s Activity
https://ift.tt/CouOGYU
Submitted December 18, 2023 at 05:11PM by TheDFIRReport
via reddit https://ift.tt/nqNPstQ
https://ift.tt/CouOGYU
Submitted December 18, 2023 at 05:11PM by TheDFIRReport
via reddit https://ift.tt/nqNPstQ
The DFIR Report
Lets Open(Dir) Some Presents: An Analysis of a Persistent Actor’s Activity
This report is a little different than our typical content. We were able to analyze data from a perspective we typically don’t get to see… a threat actor’s host! In early November…
Issue #3 of Paged Out! zine is out
https://ift.tt/PiF7z6c
Submitted December 18, 2023 at 06:28PM by gynvael
via reddit https://ift.tt/25EDW4o
https://ift.tt/PiF7z6c
Submitted December 18, 2023 at 06:28PM by gynvael
via reddit https://ift.tt/25EDW4o
OS Command Injection in cPH2 Charging Station <2.0.0 (CVE-2023-46359 and CVE-2023-46360) | Offensity
https://ift.tt/0yjc1RG
Submitted December 18, 2023 at 06:22PM by Offensity
via reddit https://ift.tt/m84AG7N
https://ift.tt/0yjc1RG
Submitted December 18, 2023 at 06:22PM by Offensity
via reddit https://ift.tt/m84AG7N
Offensity
OS Command Injection in cPH2 Charging Station <2.0.0 (CVE-2023-46359 and CVE-2023-46360) | Offensity
Security reports: efficient and straightforward. The simplest way to detect and fix vulnerabilities
Log4Shell Retrospective: Overblown and Exaggerated
https://ift.tt/wyqQTE5
Submitted December 18, 2023 at 08:38PM by chicksdigthelongrun
via reddit https://ift.tt/cthG1sY
https://ift.tt/wyqQTE5
Submitted December 18, 2023 at 08:38PM by chicksdigthelongrun
via reddit https://ift.tt/cthG1sY
VulnCheck
A Log4Shell Retrospective - Overblown and Exaggerated - Blog - VulnCheck
Log4Shell was proclaimed one of the most critical vulnerabilities, but in this blog, VulnCheck challenges that perspective, revealing the limited number of vulnerable systems still present two years after the initial disclosure.
CVE-2023-6483: Improper/missing API authentication in ADiTaaS v5.1
https://ift.tt/EwG5vyV
Submitted December 18, 2023 at 10:17PM by EatonZ
via reddit https://ift.tt/5vRceXG
https://ift.tt/EwG5vyV
Submitted December 18, 2023 at 10:17PM by EatonZ
via reddit https://ift.tt/5vRceXG
Eaton-Works
CVE-2023-6483: Improper/missing API authentication in ADiTaaS v5.1
The story of CVE-2023-6483, my first CVE and biggest security disclosure yet.
How Microsoft might have lured unsuspecting end-users into the hands of criminals
https://ift.tt/Kt2EcAF
Submitted December 19, 2023 at 02:41PM by vaizor
via reddit https://ift.tt/UWF9u3J
https://ift.tt/Kt2EcAF
Submitted December 19, 2023 at 02:41PM by vaizor
via reddit https://ift.tt/UWF9u3J
www.eye.security
How Microsoft might have lured unsuspecting end-users into the hands of criminals
We found a serious error in Microsoft’s Attack Simulator program. Without a fix, it would have turned into a real phishing attack platform circumventing all protection mechanisms.