Galah: an LLM-powered web honeypot using the OpenAI API
https://ift.tt/WcgVhMP
Submitted January 05, 2024 at 06:11AM by netw0rm
via reddit https://ift.tt/C0jTBSn
https://ift.tt/WcgVhMP
Submitted January 05, 2024 at 06:11AM by netw0rm
via reddit https://ift.tt/C0jTBSn
GitHub
GitHub - 0x4D31/galah: Galah: An LLM-powered web honeypot.
Galah: An LLM-powered web honeypot. Contribute to 0x4D31/galah development by creating an account on GitHub.
The Artemis security scanner: how CERT PL scans Polish internet for vulnerabilities
https://ift.tt/YbCGIT5
Submitted January 05, 2024 at 04:49PM by kazetkazet
via reddit https://ift.tt/73qY9GR
https://ift.tt/YbCGIT5
Submitted January 05, 2024 at 04:49PM by kazetkazet
via reddit https://ift.tt/73qY9GR
cert.pl
The Artemis security scanner
Artemis is an open-source security vulnerability scanner developed by CERT PL. It is built to look for website misconfigurations and vulnerabilities on a large number of sites. It automatically prepares reports that can be sent to the affected institutions.…
Five WordPress Security Plugins Prevented Exploitation of Serious Vulnerability in Another Security Plugin
https://ift.tt/hLQG6Ae
Submitted January 05, 2024 at 10:53PM by PluginVulns
via reddit https://ift.tt/b8DLUrw
https://ift.tt/hLQG6Ae
Submitted January 05, 2024 at 10:53PM by PluginVulns
via reddit https://ift.tt/b8DLUrw
Plugin Vulnerabilities
Five WordPress Security Plugins Prevented Exploitation of Serious Vulnerability in Another Security Plugin
Intro into CI/CD research that has lead to critical vulnerabilities in Google, Meta, Microsoft, Blockchains, and more.
https://ift.tt/h5d8cFQ
Submitted January 06, 2024 at 03:37AM by IrohsLotusTile
via reddit https://ift.tt/UkgF9HO
https://ift.tt/h5d8cFQ
Submitted January 06, 2024 at 03:37AM by IrohsLotusTile
via reddit https://ift.tt/UkgF9HO
John Stawinski IV
Worse than SolarWinds: Three Steps to Hack Blockchains, GitHub, and ML through GitHub Actions
Six months ago, my friend and colleague Adnan Khan started researching a new class of CI/CD attacks. Adnan grasped the significance of these attacks after executing them against GitHub to gain tota…
2023 CVE Data Review
https://ift.tt/W5LRJ2r
Submitted January 06, 2024 at 03:18AM by JGamblin
via reddit https://ift.tt/1WJhMc7
https://ift.tt/W5LRJ2r
Submitted January 06, 2024 at 03:18AM by JGamblin
via reddit https://ift.tt/1WJhMc7
Bandook RAT Variant Resurfaces, Targeting Windows Machines
https://ift.tt/upnwfrz
Submitted January 06, 2024 at 11:09AM by No_Apple_997
via reddit https://ift.tt/1thlZEK
https://ift.tt/upnwfrz
Submitted January 06, 2024 at 11:09AM by No_Apple_997
via reddit https://ift.tt/1thlZEK
Leet.lat
News - Bandook RAT Variant Resurfaces, Targeting Windows Machines
It's January 2024 and there is a new troublemaker in town! Meet Bandook, the sneaky remote access trojan that's causing a ruckus on Windows machines.
Interested in IoT Security? Begin your journey with these key resources
https://ift.tt/KWgcY1u
Submitted January 06, 2024 at 01:41PM by falcnix
via reddit https://ift.tt/97Db4ou
https://ift.tt/KWgcY1u
Submitted January 06, 2024 at 01:41PM by falcnix
via reddit https://ift.tt/97Db4ou
LDAP Watchdog: A real-time LDAP monitoring tool for detecting (or stalking) directory changes
https://ift.tt/2h75SXD
Submitted January 07, 2024 at 12:31AM by MegaManSec2
via reddit https://ift.tt/Acqrz6C
https://ift.tt/2h75SXD
Submitted January 07, 2024 at 12:31AM by MegaManSec2
via reddit https://ift.tt/Acqrz6C
GitHub
GitHub - MegaManSec/LDAP-Monitoring-Watchdog: LDAP Watchdog: A real-time linux-compatible LDAP monitoring tool for detecting directory…
LDAP Watchdog: A real-time linux-compatible LDAP monitoring tool for detecting directory changes, providing visibility into additions, modifications, and deletions for administrators and security r...
Converting Integers to Hex with CyberChef - Recipe 0x1 - Securityinbits
https://ift.tt/Cfy2Nun
Submitted January 07, 2024 at 05:28PM by securityinbits
via reddit https://ift.tt/Fx6OzKL
https://ift.tt/Cfy2Nun
Submitted January 07, 2024 at 05:28PM by securityinbits
via reddit https://ift.tt/Fx6OzKL
Securityinbits
Converting Integers to Hex with CyberChef - Recipe 0x1 - Securityinbits
We will use CyberChef to decode the integer array into hex and pad it with extra 0s if needed. Then, we can disassemble the code using an online tool or CyberChef.
(Im)perfectProject(or) - Hacking a small WiFi connected projector for fun and to learn hard lessons.
https://ift.tt/g7f3BPC
Submitted January 07, 2024 at 09:18PM by CuckooExe
via reddit https://ift.tt/f1mM0hP
https://ift.tt/g7f3BPC
Submitted January 07, 2024 at 09:18PM by CuckooExe
via reddit https://ift.tt/f1mM0hP
Axel’s Blog
ImperfectProjector
A perfect project to hack an imperfect projector, including a hardware teardown, potential CLI injection, and some lessons learned.
Buffer Overflow in TP-Link Tapo C100 Home Security Camera
https://ift.tt/eNK9zhG
Submitted January 08, 2024 at 12:15AM by pwntheplanet
via reddit https://ift.tt/NIzy9L3
https://ift.tt/eNK9zhG
Submitted January 08, 2024 at 12:15AM by pwntheplanet
via reddit https://ift.tt/NIzy9L3
0xbigshaq.github.io
Exploiting n-day in Home Security Camera
Note: This blogpost was written in November 2023, but I was waiting for the TP Link Security Team to release a fix so now it’s published(Jan 2024).
Hello world! and happy new year. It’s been a long time since I last posted here.
I decided to take a new…
Hello world! and happy new year. It’s been a long time since I last posted here.
I decided to take a new…
Persistence – Event Log
https://ift.tt/riv3mxk
Submitted January 08, 2024 at 01:56PM by netbiosX
via reddit https://ift.tt/97tB8I1
https://ift.tt/riv3mxk
Submitted January 08, 2024 at 01:56PM by netbiosX
via reddit https://ift.tt/97tB8I1
Penetration Testing Lab
Persistence – Event Log
Windows Event logs are the main source of information for defensive security teams to identify threats and for administrators to troubleshoot errors. The logs are represented in a structured format…
Analysis of an Info Stealer - Chapter 1: The Phishing Website
https://ift.tt/VhUPKvS
Submitted January 08, 2024 at 01:52PM by _Fr4_
via reddit https://ift.tt/cODIvPj
https://ift.tt/VhUPKvS
Submitted January 08, 2024 at 01:52PM by _Fr4_
via reddit https://ift.tt/cODIvPj
Medium
Analysis of an Info Stealer — Chapter 1: The Phishing Website
Introduction
Multiple vulnerabilities in Lantronix EDS-MD IoT gateway for medical devices
https://ift.tt/TvERjmG
Submitted January 08, 2024 at 02:59PM by aunga
via reddit https://ift.tt/sYqKA6L
https://ift.tt/TvERjmG
Submitted January 08, 2024 at 02:59PM by aunga
via reddit https://ift.tt/sYqKA6L
Pentagrid AG
Multiple vulnerabilities in Lantronix EDS-MD IoT gateway for medical d
The Lantronix EDS-MS is an "IoT gateway for mission critical medical devices and equipment connectivity". It is affected by multiple vulnerabilities.
Bypass Cognito Account Enumeration Controls
https://ift.tt/mQNtYVz
Submitted January 08, 2024 at 07:45PM by RedTermSession
via reddit https://ift.tt/DqVhbi9
https://ift.tt/mQNtYVz
Submitted January 08, 2024 at 07:45PM by RedTermSession
via reddit https://ift.tt/DqVhbi9
hackingthe.cloud
Bypass Cognito Account Enumeration Controls - Hacking The Cloud
Leverage a flaw in Cognito's API to enumerate accounts in User Pools.
Blog - cve-2023-49070-51467-attacking-defending-Apache-OFBiz
https://ift.tt/U0HeBXp
Submitted January 09, 2024 at 12:55PM by gfekkas
via reddit https://ift.tt/DhUv0d7
https://ift.tt/U0HeBXp
Submitted January 09, 2024 at 12:55PM by gfekkas
via reddit https://ift.tt/DhUv0d7
PRIOn - AI Driven Vulnerablity Analysis & Prioritization
Blog - CVE-2023-49070/51467 - Attacking & Defending Apache OFBiz - PRIOn
cve-2023-49070/51467 disclose authentication flaws leading to remote code execution (RCE) within Apache OFBiz. Learn how to attack and defend Apache OFBiz
[Podcast] Unlocking the Web: Exploring WebAuthn & Beyond • Eli Holderness & Mark Rendle
https://ift.tt/ViXANRa
Submitted January 09, 2024 at 03:12PM by goto-con
via reddit https://ift.tt/mvZ1TV0
https://ift.tt/ViXANRa
Submitted January 09, 2024 at 03:12PM by goto-con
via reddit https://ift.tt/mvZ1TV0
MobSF Remote code execution (via CVE-2024-21633)
https://ift.tt/BhU9jZE
Submitted January 09, 2024 at 05:21PM by foursomeone
via reddit https://ift.tt/317AG6p
https://ift.tt/BhU9jZE
Submitted January 09, 2024 at 05:21PM by foursomeone
via reddit https://ift.tt/317AG6p
GitHub
GitHub - 0x33c0unt/CVE-2024-21633: MobSF Remote code execution (via CVE-2024-21633)
MobSF Remote code execution (via CVE-2024-21633). Contribute to 0x33c0unt/CVE-2024-21633 development by creating an account on GitHub.
Using honeytokens to detect (AiTM) phishing attacks on your Microsoft 365 tenant
https://ift.tt/XjKsTuS
Submitted January 09, 2024 at 06:33PM by rikvduijn
via reddit https://ift.tt/tscBDon
https://ift.tt/XjKsTuS
Submitted January 09, 2024 at 06:33PM by rikvduijn
via reddit https://ift.tt/tscBDon
Zolder - Applied Security Research
Using honeytokens to detect (AiTM) phishing attacks on your Microsoft 365 tenant | Zolder - Applied Security Research
Phishing attacks are rapidly increasing against Microsoft 365 tenants. Why? Microsoft is used by many company’s and users, so targetting...
Control-M Web Security Advisory
https://ift.tt/7NIKujx
Submitted January 09, 2024 at 07:50PM by gquere
via reddit https://ift.tt/gjtU8R7
https://ift.tt/7NIKujx
Submitted January 09, 2024 at 07:50PM by gquere
via reddit https://ift.tt/gjtU8R7
Top 10 web hacking techniques of 2023 - nominations open
https://ift.tt/gcFhisr
Submitted January 09, 2024 at 10:08PM by albinowax
via reddit https://ift.tt/AunsrOc
https://ift.tt/gcFhisr
Submitted January 09, 2024 at 10:08PM by albinowax
via reddit https://ift.tt/AunsrOc
PortSwigger Research
Top 10 web hacking techniques of 2023 - nominations open
Update: The results are in! Check out the final top ten here or scroll down to view all nominations Over the last year, numerous security researchers have shared their discoveries with the community t