How I detected sensitive data leaks, such as log leaks in open source projects using Piiano Flows
https://ift.tt/kvRhC0t
Submitted January 10, 2024 at 02:48PM by slyms483
via reddit https://ift.tt/qosXbCO
https://ift.tt/kvRhC0t
Submitted January 10, 2024 at 02:48PM by slyms483
via reddit https://ift.tt/qosXbCO
Piiano
How I Detected Log Leaks in Open Source Projects
Explore how to detect and prevent log leaks in open-source projects such as Shopizer, Killbill, and Teammates, using a Piiano Flows scanner.
Unauthenticated RCE in Adobe Coldfusion – CVE-2023-26360
https://ift.tt/6Xoic2g
Submitted January 10, 2024 at 05:59PM by SL7reach
via reddit https://ift.tt/iAwn05E
https://ift.tt/6Xoic2g
Submitted January 10, 2024 at 05:59PM by SL7reach
via reddit https://ift.tt/iAwn05E
SecureLayer7 - Offensive Security, API Scanner & Attack Surface Management
Unauthenticated RCE in Adobe Coldfusion – CVE-2023-26360
Overview CVE-2023-263060 was exploited in the wild in Adobe ColdFusion product, a commercial application server for rapid web application development. The vulnerability affects both the 2018 and...
Detecting Office365 AiTM attacks using a canary in Azure
https://ift.tt/uzRJTEN
Submitted January 10, 2024 at 07:08PM by nindustries
via reddit https://ift.tt/Q9AaZzR
https://ift.tt/uzRJTEN
Submitted January 10, 2024 at 07:08PM by nindustries
via reddit https://ift.tt/Q9AaZzR
ironpeak.be
Detecting AiTM attacks in Azure - ironPeak Blog
How to detect Adversary-in-the-Middle attacks in Office365 logon pages using hidden canaries.
secator: the pentester's swiss knife
https://ift.tt/S0KUcpf
Submitted January 10, 2024 at 09:38PM by freelabz
via reddit https://ift.tt/5deshjF
https://ift.tt/S0KUcpf
Submitted January 10, 2024 at 09:38PM by freelabz
via reddit https://ift.tt/5deshjF
GitHub
GitHub - freelabz/secator: secator - the pentester's swiss knife
secator - the pentester's swiss knife. Contribute to freelabz/secator development by creating an account on GitHub.
KB CVE-2023-46805 (Authentication Bypass) & CVE-2024-21887 (Command Injection) for Ivanti Connect Secure and Ivanti Policy Secure Gateways
https://ift.tt/l9tvabw
Submitted January 11, 2024 at 12:19AM by TheDarthSnarf
via reddit https://ift.tt/FoxcSW4
https://ift.tt/l9tvabw
Submitted January 11, 2024 at 12:19AM by TheDarthSnarf
via reddit https://ift.tt/FoxcSW4
Analysis of an Info Stealer — Chapter 2: The iOS App
https://ift.tt/v4t6d1S
Submitted January 11, 2024 at 01:30AM by _Fr4_
via reddit https://ift.tt/KaWSFzq
https://ift.tt/v4t6d1S
Submitted January 11, 2024 at 01:30AM by _Fr4_
via reddit https://ift.tt/KaWSFzq
Medium
Analysis of an Info Stealer — Chapter 2: The iOS App
Introduction
Enhance your security posture with this LLM-powered tool: Prioritize and mitigate vulnerabilities efficiently using NIST and CISA insights. Stay ahead, save time, and reduce risk. Chat with a specific CVE-ID or request the most exploited vulnerabilities to prioritize your patch management efforts.
https://ift.tt/ue5CmcR
Submitted January 11, 2024 at 02:14AM by otto_r
via reddit https://ift.tt/453jazh
https://ift.tt/ue5CmcR
Submitted January 11, 2024 at 02:14AM by otto_r
via reddit https://ift.tt/453jazh
ChatGPT
ChatGPT - Patch Tuesday - Vulnerability Insights & Guidance
A conversational AI system that listens, learns, and challenges
Hey guys! Can someone help me identify what we see here in this picture
https://ibb.co/gvTNbqK
Submitted January 11, 2024 at 01:55AM by Shr3wd
via reddit https://ift.tt/bliCfKp
https://ibb.co/gvTNbqK
Submitted January 11, 2024 at 01:55AM by Shr3wd
via reddit https://ift.tt/bliCfKp
Breaking the Flash Encryption Feature of Espressif’s Parts
https://ift.tt/3EqnKXZ
Submitted January 11, 2024 at 06:47AM by Kefused
via reddit https://ift.tt/0rtc5hX
https://ift.tt/3EqnKXZ
Submitted January 11, 2024 at 06:47AM by Kefused
via reddit https://ift.tt/0rtc5hX
Courk's Blog
Breaking the Flash Encryption Feature of Espressif's Parts
I recently read the Unlimited Results: Breaking Firmware Encryption of ESP32-V3 paper. This paper is about breaking the firmware encryption feature of the ESP32 SoC using a Side-Channel attack. This was an interesting read, and soon, I wanted to try to reproduce…
Crafting Malicious Pluggable Authentication Modules for Persistence, Privilege Escalation, and Lateral Movement | RoseSecurity Research
https://ift.tt/7CrdSgb
Submitted January 11, 2024 at 09:00AM by RoseSec_
via reddit https://ift.tt/YNBxK8s
https://ift.tt/7CrdSgb
Submitted January 11, 2024 at 09:00AM by RoseSec_
via reddit https://ift.tt/YNBxK8s
A collection of weggli patterns for C/C++ vulnerability research
https://ift.tt/B9uimeI
Submitted January 11, 2024 at 01:56PM by 0xdea
via reddit https://ift.tt/fzPZsL8
https://ift.tt/B9uimeI
Submitted January 11, 2024 at 01:56PM by 0xdea
via reddit https://ift.tt/fzPZsL8
hn security
A collection of weggli patterns for C/C++ vulnerability research - hn security
“No one cares about the old […]
Writeup of a [RCE] in Factorio by supplying a modified save file.
https://ift.tt/v9T6EDa
Submitted January 11, 2024 at 03:40PM by moviuro
via reddit https://ift.tt/JVuYXRb
https://ift.tt/v9T6EDa
Submitted January 11, 2024 at 03:40PM by moviuro
via reddit https://ift.tt/JVuYXRb
GitHub
GitHub - Valentin-Metz/writeup_factorio: Writeup of a remote code execution in Factorio by supplying a modified save file.
Writeup of a remote code execution in Factorio by supplying a modified save file. - Valentin-Metz/writeup_factorio
Vulnerabilities on Bosch Rexroth Nutrunners May Be Abused to Stop Production Lines, Tamper with Safety-Critical Tightenings
https://ift.tt/ECSKa5Q
Submitted January 11, 2024 at 07:08PM by _vavkamil_
via reddit https://ift.tt/T7kYhgR
https://ift.tt/ECSKa5Q
Submitted January 11, 2024 at 07:08PM by _vavkamil_
via reddit https://ift.tt/T7kYhgR
Nozominetworks
Vulnerabilities on Bosch Rexroth Nutrunners May Be Abused to Stop Production Lines, Tamper with Safety-Critical Tightenings
New vulnerabilities discovered in the Bosch Rexroth NXA015S-36V-B, a popular smart nutrunner used in automotive production lines, may halt production or compromise safety.
Weaponizing Apache OFBiz CVE-2023-51467
https://ift.tt/A7b6IUM
Submitted January 11, 2024 at 08:37PM by chicksdigthelongrun
via reddit https://ift.tt/GTyhQbH
https://ift.tt/A7b6IUM
Submitted January 11, 2024 at 08:37PM by chicksdigthelongrun
via reddit https://ift.tt/GTyhQbH
VulnCheck
Weaponizing Apache OFBiz CVE-2023-51467 - Blog - VulnCheck
VulnCheck bypasses the Apache OFBiz Groovy sandbox to land a memory resident reverse shell.
Dependency Confusions in Docker and remote pwning of your infra
https://ift.tt/q4fLlRM
Submitted January 11, 2024 at 10:23PM by gquere
via reddit https://ift.tt/0vRIOh4
https://ift.tt/q4fLlRM
Submitted January 11, 2024 at 10:23PM by gquere
via reddit https://ift.tt/0vRIOh4
Critical PyTorch Supply Chain Vulnerability
https://ift.tt/vB4nCLW
Submitted January 11, 2024 at 11:19PM by IrohsLotusTile
via reddit https://ift.tt/F31wq9x
https://ift.tt/vB4nCLW
Submitted January 11, 2024 at 11:19PM by IrohsLotusTile
via reddit https://ift.tt/F31wq9x
John Stawinski IV
Playing with Fire – How We Executed a Critical Supply Chain Attack on PyTorch
Security tends to lag behind adoption, and AI/ML is no exception. Four months ago, Adnan Khan and I exploited a critical CI/CD vulnerability in PyTorch, one of the world’s leading ML platform…
Attack of the week: Airdrop tracing
https://ift.tt/NE8gx0v
Submitted January 11, 2024 at 10:31PM by feross
via reddit https://ift.tt/VmxGjhs
https://ift.tt/NE8gx0v
Submitted January 11, 2024 at 10:31PM by feross
via reddit https://ift.tt/VmxGjhs
A Few Thoughts on Cryptographic Engineering
Attack of the week: Airdrop tracing
It’s been a while since I wrote an “attack of the week” post, and the fault for this is entirely mine. I’ve been much too busy writing boring posts about Schnorr signatures!…
Introducing Exploit Observer — More than Shodan Exploits, Less than Vulners
https://ift.tt/fhpH4ty
Submitted January 12, 2024 at 08:37AM by glatisantbeast
via reddit https://ift.tt/qRYef42
https://ift.tt/fhpH4ty
Submitted January 12, 2024 at 08:37AM by glatisantbeast
via reddit https://ift.tt/qRYef42
Medium
Introducing Exploit Observer — More than Shodan Exploits, Less than Vulners
I’m going to tell you how Exploit Observer has revolutionized the ways of automated exploit discovery & analysis at A.R.P. Syndicate.
Talkback Intro: A smart infosec resource aggregator
https://ift.tt/7IbAdDs
Submitted January 12, 2024 at 11:38AM by thinkV
via reddit https://ift.tt/de1imsI
https://ift.tt/7IbAdDs
Submitted January 12, 2024 at 11:38AM by thinkV
via reddit https://ift.tt/de1imsI
Elttam
Keeping up with the Pwnses
elttam is an independent security company providing research-driven security assessment services. We combine pragmatism and deep technical insight to help our customers secure their most important assets.
unblob project update - Filesystem sandboxing, nice UI, and pattern auto-identification.
https://ift.tt/mXUVbTk
Submitted January 12, 2024 at 01:35PM by g_e_r_h_a_r_d
via reddit https://ift.tt/STXjYEN
https://ift.tt/mXUVbTk
Submitted January 12, 2024 at 01:35PM by g_e_r_h_a_r_d
via reddit https://ift.tt/STXjYEN
ONEKEY
Explore our blog 👉️ for the latest UNBLOB insights.
Including new features, bug fixes, and more that have landed in UNBLOB in the second half of 2023.
Utilizing Unit testing Frameworks as a Vulnerability Scanner
https://ift.tt/7ChWrfm
Submitted January 12, 2024 at 12:53PM by 0xcrypto
via reddit https://ift.tt/mMFDBcC
https://ift.tt/7ChWrfm
Submitted January 12, 2024 at 12:53PM by 0xcrypto
via reddit https://ift.tt/mMFDBcC