Control-M Web Security Advisory
https://ift.tt/7NIKujx
Submitted January 09, 2024 at 07:50PM by gquere
via reddit https://ift.tt/gjtU8R7
https://ift.tt/7NIKujx
Submitted January 09, 2024 at 07:50PM by gquere
via reddit https://ift.tt/gjtU8R7
Top 10 web hacking techniques of 2023 - nominations open
https://ift.tt/gcFhisr
Submitted January 09, 2024 at 10:08PM by albinowax
via reddit https://ift.tt/AunsrOc
https://ift.tt/gcFhisr
Submitted January 09, 2024 at 10:08PM by albinowax
via reddit https://ift.tt/AunsrOc
PortSwigger Research
Top 10 web hacking techniques of 2023 - nominations open
Update: The results are in! Check out the final top ten here or scroll down to view all nominations Over the last year, numerous security researchers have shared their discoveries with the community t
From start to finish: How to hack OPC UA - OpalOPC
https://ift.tt/UdBr02n
Submitted January 10, 2024 at 01:05AM by Salmiakkilakritsi
via reddit https://ift.tt/KQMSTAp
https://ift.tt/UdBr02n
Submitted January 10, 2024 at 01:05AM by Salmiakkilakritsi
via reddit https://ift.tt/KQMSTAp
Opalopc
From start to finish: How to hack OPC UA | OpalOPC
Presentation front page
How I pwned half of America’s fast food chains, simultaneously
https://ift.tt/H0MVSfZ
Submitted January 10, 2024 at 02:23PM by slyms483
via reddit https://ift.tt/ZnWPXSI
https://ift.tt/H0MVSfZ
Submitted January 10, 2024 at 02:23PM by slyms483
via reddit https://ift.tt/ZnWPXSI
Mrbruh
MrBruh's Epic Blog
How I pwned half of America’s fast food chains, simultaneously. Also checkout Eva’s blogpost of this event.
With an upbeat pling my console alerted me that my noscript had finished running, to be precise it was searching for exposed Firebase credentials on…
With an upbeat pling my console alerted me that my noscript had finished running, to be precise it was searching for exposed Firebase credentials on…
How I detected sensitive data leaks, such as log leaks in open source projects using Piiano Flows
https://ift.tt/kvRhC0t
Submitted January 10, 2024 at 02:48PM by slyms483
via reddit https://ift.tt/qosXbCO
https://ift.tt/kvRhC0t
Submitted January 10, 2024 at 02:48PM by slyms483
via reddit https://ift.tt/qosXbCO
Piiano
How I Detected Log Leaks in Open Source Projects
Explore how to detect and prevent log leaks in open-source projects such as Shopizer, Killbill, and Teammates, using a Piiano Flows scanner.
Unauthenticated RCE in Adobe Coldfusion – CVE-2023-26360
https://ift.tt/6Xoic2g
Submitted January 10, 2024 at 05:59PM by SL7reach
via reddit https://ift.tt/iAwn05E
https://ift.tt/6Xoic2g
Submitted January 10, 2024 at 05:59PM by SL7reach
via reddit https://ift.tt/iAwn05E
SecureLayer7 - Offensive Security, API Scanner & Attack Surface Management
Unauthenticated RCE in Adobe Coldfusion – CVE-2023-26360
Overview CVE-2023-263060 was exploited in the wild in Adobe ColdFusion product, a commercial application server for rapid web application development. The vulnerability affects both the 2018 and...
Detecting Office365 AiTM attacks using a canary in Azure
https://ift.tt/uzRJTEN
Submitted January 10, 2024 at 07:08PM by nindustries
via reddit https://ift.tt/Q9AaZzR
https://ift.tt/uzRJTEN
Submitted January 10, 2024 at 07:08PM by nindustries
via reddit https://ift.tt/Q9AaZzR
ironpeak.be
Detecting AiTM attacks in Azure - ironPeak Blog
How to detect Adversary-in-the-Middle attacks in Office365 logon pages using hidden canaries.
secator: the pentester's swiss knife
https://ift.tt/S0KUcpf
Submitted January 10, 2024 at 09:38PM by freelabz
via reddit https://ift.tt/5deshjF
https://ift.tt/S0KUcpf
Submitted January 10, 2024 at 09:38PM by freelabz
via reddit https://ift.tt/5deshjF
GitHub
GitHub - freelabz/secator: secator - the pentester's swiss knife
secator - the pentester's swiss knife. Contribute to freelabz/secator development by creating an account on GitHub.
KB CVE-2023-46805 (Authentication Bypass) & CVE-2024-21887 (Command Injection) for Ivanti Connect Secure and Ivanti Policy Secure Gateways
https://ift.tt/l9tvabw
Submitted January 11, 2024 at 12:19AM by TheDarthSnarf
via reddit https://ift.tt/FoxcSW4
https://ift.tt/l9tvabw
Submitted January 11, 2024 at 12:19AM by TheDarthSnarf
via reddit https://ift.tt/FoxcSW4
Analysis of an Info Stealer — Chapter 2: The iOS App
https://ift.tt/v4t6d1S
Submitted January 11, 2024 at 01:30AM by _Fr4_
via reddit https://ift.tt/KaWSFzq
https://ift.tt/v4t6d1S
Submitted January 11, 2024 at 01:30AM by _Fr4_
via reddit https://ift.tt/KaWSFzq
Medium
Analysis of an Info Stealer — Chapter 2: The iOS App
Introduction
Enhance your security posture with this LLM-powered tool: Prioritize and mitigate vulnerabilities efficiently using NIST and CISA insights. Stay ahead, save time, and reduce risk. Chat with a specific CVE-ID or request the most exploited vulnerabilities to prioritize your patch management efforts.
https://ift.tt/ue5CmcR
Submitted January 11, 2024 at 02:14AM by otto_r
via reddit https://ift.tt/453jazh
https://ift.tt/ue5CmcR
Submitted January 11, 2024 at 02:14AM by otto_r
via reddit https://ift.tt/453jazh
ChatGPT
ChatGPT - Patch Tuesday - Vulnerability Insights & Guidance
A conversational AI system that listens, learns, and challenges
Hey guys! Can someone help me identify what we see here in this picture
https://ibb.co/gvTNbqK
Submitted January 11, 2024 at 01:55AM by Shr3wd
via reddit https://ift.tt/bliCfKp
https://ibb.co/gvTNbqK
Submitted January 11, 2024 at 01:55AM by Shr3wd
via reddit https://ift.tt/bliCfKp
Breaking the Flash Encryption Feature of Espressif’s Parts
https://ift.tt/3EqnKXZ
Submitted January 11, 2024 at 06:47AM by Kefused
via reddit https://ift.tt/0rtc5hX
https://ift.tt/3EqnKXZ
Submitted January 11, 2024 at 06:47AM by Kefused
via reddit https://ift.tt/0rtc5hX
Courk's Blog
Breaking the Flash Encryption Feature of Espressif's Parts
I recently read the Unlimited Results: Breaking Firmware Encryption of ESP32-V3 paper. This paper is about breaking the firmware encryption feature of the ESP32 SoC using a Side-Channel attack. This was an interesting read, and soon, I wanted to try to reproduce…
Crafting Malicious Pluggable Authentication Modules for Persistence, Privilege Escalation, and Lateral Movement | RoseSecurity Research
https://ift.tt/7CrdSgb
Submitted January 11, 2024 at 09:00AM by RoseSec_
via reddit https://ift.tt/YNBxK8s
https://ift.tt/7CrdSgb
Submitted January 11, 2024 at 09:00AM by RoseSec_
via reddit https://ift.tt/YNBxK8s
A collection of weggli patterns for C/C++ vulnerability research
https://ift.tt/B9uimeI
Submitted January 11, 2024 at 01:56PM by 0xdea
via reddit https://ift.tt/fzPZsL8
https://ift.tt/B9uimeI
Submitted January 11, 2024 at 01:56PM by 0xdea
via reddit https://ift.tt/fzPZsL8
hn security
A collection of weggli patterns for C/C++ vulnerability research - hn security
“No one cares about the old […]
Writeup of a [RCE] in Factorio by supplying a modified save file.
https://ift.tt/v9T6EDa
Submitted January 11, 2024 at 03:40PM by moviuro
via reddit https://ift.tt/JVuYXRb
https://ift.tt/v9T6EDa
Submitted January 11, 2024 at 03:40PM by moviuro
via reddit https://ift.tt/JVuYXRb
GitHub
GitHub - Valentin-Metz/writeup_factorio: Writeup of a remote code execution in Factorio by supplying a modified save file.
Writeup of a remote code execution in Factorio by supplying a modified save file. - Valentin-Metz/writeup_factorio
Vulnerabilities on Bosch Rexroth Nutrunners May Be Abused to Stop Production Lines, Tamper with Safety-Critical Tightenings
https://ift.tt/ECSKa5Q
Submitted January 11, 2024 at 07:08PM by _vavkamil_
via reddit https://ift.tt/T7kYhgR
https://ift.tt/ECSKa5Q
Submitted January 11, 2024 at 07:08PM by _vavkamil_
via reddit https://ift.tt/T7kYhgR
Nozominetworks
Vulnerabilities on Bosch Rexroth Nutrunners May Be Abused to Stop Production Lines, Tamper with Safety-Critical Tightenings
New vulnerabilities discovered in the Bosch Rexroth NXA015S-36V-B, a popular smart nutrunner used in automotive production lines, may halt production or compromise safety.
Weaponizing Apache OFBiz CVE-2023-51467
https://ift.tt/A7b6IUM
Submitted January 11, 2024 at 08:37PM by chicksdigthelongrun
via reddit https://ift.tt/GTyhQbH
https://ift.tt/A7b6IUM
Submitted January 11, 2024 at 08:37PM by chicksdigthelongrun
via reddit https://ift.tt/GTyhQbH
VulnCheck
Weaponizing Apache OFBiz CVE-2023-51467 - Blog - VulnCheck
VulnCheck bypasses the Apache OFBiz Groovy sandbox to land a memory resident reverse shell.
Dependency Confusions in Docker and remote pwning of your infra
https://ift.tt/q4fLlRM
Submitted January 11, 2024 at 10:23PM by gquere
via reddit https://ift.tt/0vRIOh4
https://ift.tt/q4fLlRM
Submitted January 11, 2024 at 10:23PM by gquere
via reddit https://ift.tt/0vRIOh4
Critical PyTorch Supply Chain Vulnerability
https://ift.tt/vB4nCLW
Submitted January 11, 2024 at 11:19PM by IrohsLotusTile
via reddit https://ift.tt/F31wq9x
https://ift.tt/vB4nCLW
Submitted January 11, 2024 at 11:19PM by IrohsLotusTile
via reddit https://ift.tt/F31wq9x
John Stawinski IV
Playing with Fire – How We Executed a Critical Supply Chain Attack on PyTorch
Security tends to lag behind adoption, and AI/ML is no exception. Four months ago, Adnan Khan and I exploited a critical CI/CD vulnerability in PyTorch, one of the world’s leading ML platform…
Attack of the week: Airdrop tracing
https://ift.tt/NE8gx0v
Submitted January 11, 2024 at 10:31PM by feross
via reddit https://ift.tt/VmxGjhs
https://ift.tt/NE8gx0v
Submitted January 11, 2024 at 10:31PM by feross
via reddit https://ift.tt/VmxGjhs
A Few Thoughts on Cryptographic Engineering
Attack of the week: Airdrop tracing
It’s been a while since I wrote an “attack of the week” post, and the fault for this is entirely mine. I’ve been much too busy writing boring posts about Schnorr signatures!…