Analysis of an Info Stealer - Chapter 1: The Phishing Website
https://ift.tt/VhUPKvS
Submitted January 08, 2024 at 01:52PM by _Fr4_
via reddit https://ift.tt/cODIvPj
https://ift.tt/VhUPKvS
Submitted January 08, 2024 at 01:52PM by _Fr4_
via reddit https://ift.tt/cODIvPj
Medium
Analysis of an Info Stealer — Chapter 1: The Phishing Website
Introduction
Multiple vulnerabilities in Lantronix EDS-MD IoT gateway for medical devices
https://ift.tt/TvERjmG
Submitted January 08, 2024 at 02:59PM by aunga
via reddit https://ift.tt/sYqKA6L
https://ift.tt/TvERjmG
Submitted January 08, 2024 at 02:59PM by aunga
via reddit https://ift.tt/sYqKA6L
Pentagrid AG
Multiple vulnerabilities in Lantronix EDS-MD IoT gateway for medical d
The Lantronix EDS-MS is an "IoT gateway for mission critical medical devices and equipment connectivity". It is affected by multiple vulnerabilities.
Bypass Cognito Account Enumeration Controls
https://ift.tt/mQNtYVz
Submitted January 08, 2024 at 07:45PM by RedTermSession
via reddit https://ift.tt/DqVhbi9
https://ift.tt/mQNtYVz
Submitted January 08, 2024 at 07:45PM by RedTermSession
via reddit https://ift.tt/DqVhbi9
hackingthe.cloud
Bypass Cognito Account Enumeration Controls - Hacking The Cloud
Leverage a flaw in Cognito's API to enumerate accounts in User Pools.
Blog - cve-2023-49070-51467-attacking-defending-Apache-OFBiz
https://ift.tt/U0HeBXp
Submitted January 09, 2024 at 12:55PM by gfekkas
via reddit https://ift.tt/DhUv0d7
https://ift.tt/U0HeBXp
Submitted January 09, 2024 at 12:55PM by gfekkas
via reddit https://ift.tt/DhUv0d7
PRIOn - AI Driven Vulnerablity Analysis & Prioritization
Blog - CVE-2023-49070/51467 - Attacking & Defending Apache OFBiz - PRIOn
cve-2023-49070/51467 disclose authentication flaws leading to remote code execution (RCE) within Apache OFBiz. Learn how to attack and defend Apache OFBiz
[Podcast] Unlocking the Web: Exploring WebAuthn & Beyond • Eli Holderness & Mark Rendle
https://ift.tt/ViXANRa
Submitted January 09, 2024 at 03:12PM by goto-con
via reddit https://ift.tt/mvZ1TV0
https://ift.tt/ViXANRa
Submitted January 09, 2024 at 03:12PM by goto-con
via reddit https://ift.tt/mvZ1TV0
MobSF Remote code execution (via CVE-2024-21633)
https://ift.tt/BhU9jZE
Submitted January 09, 2024 at 05:21PM by foursomeone
via reddit https://ift.tt/317AG6p
https://ift.tt/BhU9jZE
Submitted January 09, 2024 at 05:21PM by foursomeone
via reddit https://ift.tt/317AG6p
GitHub
GitHub - 0x33c0unt/CVE-2024-21633: MobSF Remote code execution (via CVE-2024-21633)
MobSF Remote code execution (via CVE-2024-21633). Contribute to 0x33c0unt/CVE-2024-21633 development by creating an account on GitHub.
Using honeytokens to detect (AiTM) phishing attacks on your Microsoft 365 tenant
https://ift.tt/XjKsTuS
Submitted January 09, 2024 at 06:33PM by rikvduijn
via reddit https://ift.tt/tscBDon
https://ift.tt/XjKsTuS
Submitted January 09, 2024 at 06:33PM by rikvduijn
via reddit https://ift.tt/tscBDon
Zolder - Applied Security Research
Using honeytokens to detect (AiTM) phishing attacks on your Microsoft 365 tenant | Zolder - Applied Security Research
Phishing attacks are rapidly increasing against Microsoft 365 tenants. Why? Microsoft is used by many company’s and users, so targetting...
Control-M Web Security Advisory
https://ift.tt/7NIKujx
Submitted January 09, 2024 at 07:50PM by gquere
via reddit https://ift.tt/gjtU8R7
https://ift.tt/7NIKujx
Submitted January 09, 2024 at 07:50PM by gquere
via reddit https://ift.tt/gjtU8R7
Top 10 web hacking techniques of 2023 - nominations open
https://ift.tt/gcFhisr
Submitted January 09, 2024 at 10:08PM by albinowax
via reddit https://ift.tt/AunsrOc
https://ift.tt/gcFhisr
Submitted January 09, 2024 at 10:08PM by albinowax
via reddit https://ift.tt/AunsrOc
PortSwigger Research
Top 10 web hacking techniques of 2023 - nominations open
Update: The results are in! Check out the final top ten here or scroll down to view all nominations Over the last year, numerous security researchers have shared their discoveries with the community t
From start to finish: How to hack OPC UA - OpalOPC
https://ift.tt/UdBr02n
Submitted January 10, 2024 at 01:05AM by Salmiakkilakritsi
via reddit https://ift.tt/KQMSTAp
https://ift.tt/UdBr02n
Submitted January 10, 2024 at 01:05AM by Salmiakkilakritsi
via reddit https://ift.tt/KQMSTAp
Opalopc
From start to finish: How to hack OPC UA | OpalOPC
Presentation front page
How I pwned half of America’s fast food chains, simultaneously
https://ift.tt/H0MVSfZ
Submitted January 10, 2024 at 02:23PM by slyms483
via reddit https://ift.tt/ZnWPXSI
https://ift.tt/H0MVSfZ
Submitted January 10, 2024 at 02:23PM by slyms483
via reddit https://ift.tt/ZnWPXSI
Mrbruh
MrBruh's Epic Blog
How I pwned half of America’s fast food chains, simultaneously. Also checkout Eva’s blogpost of this event.
With an upbeat pling my console alerted me that my noscript had finished running, to be precise it was searching for exposed Firebase credentials on…
With an upbeat pling my console alerted me that my noscript had finished running, to be precise it was searching for exposed Firebase credentials on…
How I detected sensitive data leaks, such as log leaks in open source projects using Piiano Flows
https://ift.tt/kvRhC0t
Submitted January 10, 2024 at 02:48PM by slyms483
via reddit https://ift.tt/qosXbCO
https://ift.tt/kvRhC0t
Submitted January 10, 2024 at 02:48PM by slyms483
via reddit https://ift.tt/qosXbCO
Piiano
How I Detected Log Leaks in Open Source Projects
Explore how to detect and prevent log leaks in open-source projects such as Shopizer, Killbill, and Teammates, using a Piiano Flows scanner.
Unauthenticated RCE in Adobe Coldfusion – CVE-2023-26360
https://ift.tt/6Xoic2g
Submitted January 10, 2024 at 05:59PM by SL7reach
via reddit https://ift.tt/iAwn05E
https://ift.tt/6Xoic2g
Submitted January 10, 2024 at 05:59PM by SL7reach
via reddit https://ift.tt/iAwn05E
SecureLayer7 - Offensive Security, API Scanner & Attack Surface Management
Unauthenticated RCE in Adobe Coldfusion – CVE-2023-26360
Overview CVE-2023-263060 was exploited in the wild in Adobe ColdFusion product, a commercial application server for rapid web application development. The vulnerability affects both the 2018 and...
Detecting Office365 AiTM attacks using a canary in Azure
https://ift.tt/uzRJTEN
Submitted January 10, 2024 at 07:08PM by nindustries
via reddit https://ift.tt/Q9AaZzR
https://ift.tt/uzRJTEN
Submitted January 10, 2024 at 07:08PM by nindustries
via reddit https://ift.tt/Q9AaZzR
ironpeak.be
Detecting AiTM attacks in Azure - ironPeak Blog
How to detect Adversary-in-the-Middle attacks in Office365 logon pages using hidden canaries.
secator: the pentester's swiss knife
https://ift.tt/S0KUcpf
Submitted January 10, 2024 at 09:38PM by freelabz
via reddit https://ift.tt/5deshjF
https://ift.tt/S0KUcpf
Submitted January 10, 2024 at 09:38PM by freelabz
via reddit https://ift.tt/5deshjF
GitHub
GitHub - freelabz/secator: secator - the pentester's swiss knife
secator - the pentester's swiss knife. Contribute to freelabz/secator development by creating an account on GitHub.
KB CVE-2023-46805 (Authentication Bypass) & CVE-2024-21887 (Command Injection) for Ivanti Connect Secure and Ivanti Policy Secure Gateways
https://ift.tt/l9tvabw
Submitted January 11, 2024 at 12:19AM by TheDarthSnarf
via reddit https://ift.tt/FoxcSW4
https://ift.tt/l9tvabw
Submitted January 11, 2024 at 12:19AM by TheDarthSnarf
via reddit https://ift.tt/FoxcSW4
Analysis of an Info Stealer — Chapter 2: The iOS App
https://ift.tt/v4t6d1S
Submitted January 11, 2024 at 01:30AM by _Fr4_
via reddit https://ift.tt/KaWSFzq
https://ift.tt/v4t6d1S
Submitted January 11, 2024 at 01:30AM by _Fr4_
via reddit https://ift.tt/KaWSFzq
Medium
Analysis of an Info Stealer — Chapter 2: The iOS App
Introduction
Enhance your security posture with this LLM-powered tool: Prioritize and mitigate vulnerabilities efficiently using NIST and CISA insights. Stay ahead, save time, and reduce risk. Chat with a specific CVE-ID or request the most exploited vulnerabilities to prioritize your patch management efforts.
https://ift.tt/ue5CmcR
Submitted January 11, 2024 at 02:14AM by otto_r
via reddit https://ift.tt/453jazh
https://ift.tt/ue5CmcR
Submitted January 11, 2024 at 02:14AM by otto_r
via reddit https://ift.tt/453jazh
ChatGPT
ChatGPT - Patch Tuesday - Vulnerability Insights & Guidance
A conversational AI system that listens, learns, and challenges
Hey guys! Can someone help me identify what we see here in this picture
https://ibb.co/gvTNbqK
Submitted January 11, 2024 at 01:55AM by Shr3wd
via reddit https://ift.tt/bliCfKp
https://ibb.co/gvTNbqK
Submitted January 11, 2024 at 01:55AM by Shr3wd
via reddit https://ift.tt/bliCfKp
Breaking the Flash Encryption Feature of Espressif’s Parts
https://ift.tt/3EqnKXZ
Submitted January 11, 2024 at 06:47AM by Kefused
via reddit https://ift.tt/0rtc5hX
https://ift.tt/3EqnKXZ
Submitted January 11, 2024 at 06:47AM by Kefused
via reddit https://ift.tt/0rtc5hX
Courk's Blog
Breaking the Flash Encryption Feature of Espressif's Parts
I recently read the Unlimited Results: Breaking Firmware Encryption of ESP32-V3 paper. This paper is about breaking the firmware encryption feature of the ESP32 SoC using a Side-Channel attack. This was an interesting read, and soon, I wanted to try to reproduce…
Crafting Malicious Pluggable Authentication Modules for Persistence, Privilege Escalation, and Lateral Movement | RoseSecurity Research
https://ift.tt/7CrdSgb
Submitted January 11, 2024 at 09:00AM by RoseSec_
via reddit https://ift.tt/YNBxK8s
https://ift.tt/7CrdSgb
Submitted January 11, 2024 at 09:00AM by RoseSec_
via reddit https://ift.tt/YNBxK8s