Algosec - network segmentation
http://www.algosec.com
Submitted December 19, 2023 at 04:40PM by BurkeSooty
via reddit https://ift.tt/ED3sCx2
http://www.algosec.com
Submitted December 19, 2023 at 04:40PM by BurkeSooty
via reddit https://ift.tt/ED3sCx2
AlgoSec
AlgoSec Horizon Platform | AlgoSec
Algosec helps to securely accelerate application delivery by automating application connectivity and security policy across the hybrid network estate.
Marvin Attack on rsa ( Rust ): potential key recovery through timing sidechannels
https://ift.tt/SBkvYm8
Submitted December 19, 2023 at 11:49AM by hardenedvault
via reddit https://ift.tt/wojnZ4U
https://ift.tt/SBkvYm8
Submitted December 19, 2023 at 11:49AM by hardenedvault
via reddit https://ift.tt/wojnZ4U
GitHub
Marvin Attack: potential key recovery through timing sidechannels
### Impact
Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use th...
Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use th...
Retro Gaming Vulnerability Research: Warcraft 2
https://ift.tt/7QLcl3E
Submitted December 19, 2023 at 04:54PM by poltess0
via reddit https://ift.tt/1AgSf3V
https://ift.tt/7QLcl3E
Submitted December 19, 2023 at 04:54PM by poltess0
via reddit https://ift.tt/1AgSf3V
Mute the Sound: Chaining Vulnerabilities to Achieve RCE on Outlook: Pt 1
https://ift.tt/PKCJe3q
Submitted December 19, 2023 at 04:52PM by poltess0
via reddit https://ift.tt/ozwsNXW
https://ift.tt/PKCJe3q
Submitted December 19, 2023 at 04:52PM by poltess0
via reddit https://ift.tt/ozwsNXW
Akamai
Mute the Sound: Chaining Vulnerabilities to Achieve RCE on Outlook: Pt 1 | Akamai
In part 1 of this two-part series, Akamai researchers explore two new Windows vulnerabilities that could lead to remote code execution against Outlook clients.
CVE-2023-42793 - Attacking and Defending JetBrains Teamcity
https://ift.tt/7QRStiZ
Submitted December 19, 2023 at 05:52PM by gfekkas
via reddit https://ift.tt/0UYiqZ3
https://ift.tt/7QRStiZ
Submitted December 19, 2023 at 05:52PM by gfekkas
via reddit https://ift.tt/0UYiqZ3
Understanding The Workings of Russian Hacker “Wazawaka”
https://ift.tt/IJYP21x
Submitted December 19, 2023 at 08:56PM by wtfse
via reddit https://ift.tt/Z5MdiAD
https://ift.tt/IJYP21x
Submitted December 19, 2023 at 08:56PM by wtfse
via reddit https://ift.tt/Z5MdiAD
Terrapin - SSH prefix truncation attack - CVE-2023-48795
https://ift.tt/Sp05lbk
Submitted December 20, 2023 at 03:39PM by lubricin
via reddit https://ift.tt/AiZrDTE
https://ift.tt/Sp05lbk
Submitted December 20, 2023 at 03:39PM by lubricin
via reddit https://ift.tt/AiZrDTE
A detailed analysis of the Menorah malware used by APT34
https://ift.tt/PDjp3Ym
Submitted December 20, 2023 at 07:34PM by CyberMasterV
via reddit https://ift.tt/TuJtm5Q
https://ift.tt/PDjp3Ym
Submitted December 20, 2023 at 07:34PM by CyberMasterV
via reddit https://ift.tt/TuJtm5Q
Command line tool for extracting secrets such as passwords, API keys, and tokens from WARC (Web ARChive) files
https://ift.tt/i0xEhBf
Submitted December 20, 2023 at 10:44PM by neathack
via reddit https://ift.tt/wsHmMLI
https://ift.tt/i0xEhBf
Submitted December 20, 2023 at 10:44PM by neathack
via reddit https://ift.tt/wsHmMLI
GitHub
GitHub - crissyfield/troll-a: Drill into WARC web archives
Drill into WARC web archives. Contribute to crissyfield/troll-a development by creating an account on GitHub.
Weaponizing DHCP DNS Spoofing: Part 2 — A Hands-On Guide
https://ift.tt/yNnfHR5
Submitted December 21, 2023 at 09:00PM by oridavid1231
via reddit https://ift.tt/ytqsiHQ
https://ift.tt/yNnfHR5
Submitted December 21, 2023 at 09:00PM by oridavid1231
via reddit https://ift.tt/ytqsiHQ
Akamai
Weaponizing DHCP DNS Spoofing — A Hands-On Guide | Akamai
In part 2 of this two-part series, Akamai researchers detail methods and attack imitations within DHCP to spoof DNS — and introduce a new tool for your toolkit.
Ghidriff: Ghidra Binary Diffing Engine
https://ift.tt/wOEMTSV
Submitted December 21, 2023 at 11:56PM by onlinereadme
via reddit https://ift.tt/7BmSe5C
https://ift.tt/wOEMTSV
Submitted December 21, 2023 at 11:56PM by onlinereadme
via reddit https://ift.tt/7BmSe5C
clearbluejar
Ghidriff: Ghidra Binary Diffing Engine
As seen in most security blog posts today, binary diffing tools are essential for reverse engineering, vulnerability research, and malware analysis. Patch diffing is a technique widely used to identify changes across versions of binaries as related to security…
SSH ProxyCommand == RCE
https://ift.tt/X8bp5kJ
Submitted December 22, 2023 at 02:19AM by nex25519
via reddit https://ift.tt/S9ZhCFW
https://ift.tt/X8bp5kJ
Submitted December 22, 2023 at 02:19AM by nex25519
via reddit https://ift.tt/S9ZhCFW
Vin01’s Blog
SSH ProxyCommand == RCE
Summary
SSH ProxyCommand == unexpected code execution (CVE-2023-51385)
https://ift.tt/X8bp5kJ
Submitted December 22, 2023 at 05:44PM by nex25519
via reddit https://ift.tt/tfUQnIK
https://ift.tt/X8bp5kJ
Submitted December 22, 2023 at 05:44PM by nex25519
via reddit https://ift.tt/tfUQnIK
Vin01’s Blog
SSH ProxyCommand == RCE
Summary
Developers are juicy targets: DCOM & Visual Studio
https://ift.tt/yIrCeqi
Submitted December 24, 2023 at 03:11PM by gid0rah
via reddit https://ift.tt/COJK0Yx
https://ift.tt/yIrCeqi
Submitted December 24, 2023 at 03:11PM by gid0rah
via reddit https://ift.tt/COJK0Yx
Developers are juicy targets: DCOM & Visual Studio |
Developers are juicy targets: DCOM & Visual Studio | AdeptsOf0xCC
Umpteenth time that you will see a lateral movement based on DCOM. This time it's Visual Studio.
PNLS: Tool that captures and displays SSIDs from device's Preferred Network List in the nearby vicinity.
https://ift.tt/1qEsJL7
Submitted December 24, 2023 at 04:36PM by ssj_aleksa
via reddit https://ift.tt/6lo0kmd
https://ift.tt/1qEsJL7
Submitted December 24, 2023 at 04:36PM by ssj_aleksa
via reddit https://ift.tt/6lo0kmd
GitHub
GitHub - AleksaMCode/Preferred-Network-List-Sniffer: A reconnaissance tool for capturing and displaying SSIDs from device's Preferred…
A reconnaissance tool for capturing and displaying SSIDs from device's Preferred Network List. - AleksaMCode/Preferred-Network-List-Sniffer
GitHub - dwisiswant0/ngocok: ngrok Collaborator Link — yet another Burp Collaborator alternative for free with ngrok.
https://ift.tt/DzObC0w
Submitted December 25, 2023 at 03:24AM by dwisiswant0
via reddit https://ift.tt/0djgJB9
https://ift.tt/DzObC0w
Submitted December 25, 2023 at 03:24AM by dwisiswant0
via reddit https://ift.tt/0djgJB9
GitHub
GitHub - dwisiswant0/ngocok: ngrok Collaborator Link — yet another Burp Collaborator alternative for free with ngrok.
ngrok Collaborator Link — yet another Burp Collaborator alternative for free with ngrok. - dwisiswant0/ngocok
Check out OpenSSF's "Source Code Management Platform Configuration Best Practices" and Legitify - a cli tool that helps you comply
https://ift.tt/sqwlATG
Submitted December 25, 2023 at 04:32AM by roy_6472
via reddit https://ift.tt/AId5KjV
https://ift.tt/sqwlATG
Submitted December 25, 2023 at 04:32AM by roy_6472
via reddit https://ift.tt/AId5KjV
OpenSSF Best Practices Working Group
Source Code Management Platform Configuration Best Practices
The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.
Active Directory and Internal Pentest Cheatsheets - Internal All The Things
https://ift.tt/f2p0hUO
Submitted December 27, 2023 at 02:27PM by K0llam_fury
via reddit https://ift.tt/P9Vobp5
https://ift.tt/f2p0hUO
Submitted December 27, 2023 at 02:27PM by K0llam_fury
via reddit https://ift.tt/P9Vobp5
swisskyrepo.github.io
Internal All The Things
Active Directory and Internal Pentest Cheatsheets
The Google 0-day all Infostealer groups are exploiting
https://ift.tt/r3IFNQX
Submitted December 27, 2023 at 03:40PM by Malwarebeasts
via reddit https://ift.tt/GXjfwUJ
https://ift.tt/r3IFNQX
Submitted December 27, 2023 at 03:40PM by Malwarebeasts
via reddit https://ift.tt/GXjfwUJ
InfoStealers
The Google 0-day all Infostealer groups are exploiting.
Today, even despite attempts to alert Google over a month ago that there is an ongoing 0-day being exploited by Infostealer groups.
SecButler: a comprehensive utility tool for pentester, bug-bounty hunters and security researchers
https://ift.tt/GyhWwAa
Submitted December 27, 2023 at 08:45PM by deleee
via reddit https://ift.tt/wOCU9pv
https://ift.tt/GyhWwAa
Submitted December 27, 2023 at 08:45PM by deleee
via reddit https://ift.tt/wOCU9pv
GitHub
GitHub - groundsec/secbutler: The perfect butler for pentesters, bug-bounty hunters and security researchers
The perfect butler for pentesters, bug-bounty hunters and security researchers - groundsec/secbutler
Operation Triangulation: The last (hardware) mystery
https://ift.tt/nSL8K2g
Submitted December 27, 2023 at 11:49PM by _vavkamil_
via reddit https://ift.tt/hTcAHg1
https://ift.tt/nSL8K2g
Submitted December 27, 2023 at 11:49PM by _vavkamil_
via reddit https://ift.tt/hTcAHg1
Securelist
Operation Triangulation: The last (hardware) mystery
Recent iPhone models have additional hardware-based security protection for sensitive regions of the kernel memory. We discovered that to bypass this hardware-based security protection, the attackers used another hardware feature of Apple-designed SoCs.