Detecting Office365 AiTM attacks using a canary in Azure
https://ift.tt/uzRJTEN
Submitted January 10, 2024 at 07:08PM by nindustries
via reddit https://ift.tt/Q9AaZzR
https://ift.tt/uzRJTEN
Submitted January 10, 2024 at 07:08PM by nindustries
via reddit https://ift.tt/Q9AaZzR
ironpeak.be
Detecting AiTM attacks in Azure - ironPeak Blog
How to detect Adversary-in-the-Middle attacks in Office365 logon pages using hidden canaries.
secator: the pentester's swiss knife
https://ift.tt/S0KUcpf
Submitted January 10, 2024 at 09:38PM by freelabz
via reddit https://ift.tt/5deshjF
https://ift.tt/S0KUcpf
Submitted January 10, 2024 at 09:38PM by freelabz
via reddit https://ift.tt/5deshjF
GitHub
GitHub - freelabz/secator: secator - the pentester's swiss knife
secator - the pentester's swiss knife. Contribute to freelabz/secator development by creating an account on GitHub.
KB CVE-2023-46805 (Authentication Bypass) & CVE-2024-21887 (Command Injection) for Ivanti Connect Secure and Ivanti Policy Secure Gateways
https://ift.tt/l9tvabw
Submitted January 11, 2024 at 12:19AM by TheDarthSnarf
via reddit https://ift.tt/FoxcSW4
https://ift.tt/l9tvabw
Submitted January 11, 2024 at 12:19AM by TheDarthSnarf
via reddit https://ift.tt/FoxcSW4
Analysis of an Info Stealer — Chapter 2: The iOS App
https://ift.tt/v4t6d1S
Submitted January 11, 2024 at 01:30AM by _Fr4_
via reddit https://ift.tt/KaWSFzq
https://ift.tt/v4t6d1S
Submitted January 11, 2024 at 01:30AM by _Fr4_
via reddit https://ift.tt/KaWSFzq
Medium
Analysis of an Info Stealer — Chapter 2: The iOS App
Introduction
Enhance your security posture with this LLM-powered tool: Prioritize and mitigate vulnerabilities efficiently using NIST and CISA insights. Stay ahead, save time, and reduce risk. Chat with a specific CVE-ID or request the most exploited vulnerabilities to prioritize your patch management efforts.
https://ift.tt/ue5CmcR
Submitted January 11, 2024 at 02:14AM by otto_r
via reddit https://ift.tt/453jazh
https://ift.tt/ue5CmcR
Submitted January 11, 2024 at 02:14AM by otto_r
via reddit https://ift.tt/453jazh
ChatGPT
ChatGPT - Patch Tuesday - Vulnerability Insights & Guidance
A conversational AI system that listens, learns, and challenges
Hey guys! Can someone help me identify what we see here in this picture
https://ibb.co/gvTNbqK
Submitted January 11, 2024 at 01:55AM by Shr3wd
via reddit https://ift.tt/bliCfKp
https://ibb.co/gvTNbqK
Submitted January 11, 2024 at 01:55AM by Shr3wd
via reddit https://ift.tt/bliCfKp
Breaking the Flash Encryption Feature of Espressif’s Parts
https://ift.tt/3EqnKXZ
Submitted January 11, 2024 at 06:47AM by Kefused
via reddit https://ift.tt/0rtc5hX
https://ift.tt/3EqnKXZ
Submitted January 11, 2024 at 06:47AM by Kefused
via reddit https://ift.tt/0rtc5hX
Courk's Blog
Breaking the Flash Encryption Feature of Espressif's Parts
I recently read the Unlimited Results: Breaking Firmware Encryption of ESP32-V3 paper. This paper is about breaking the firmware encryption feature of the ESP32 SoC using a Side-Channel attack. This was an interesting read, and soon, I wanted to try to reproduce…
Crafting Malicious Pluggable Authentication Modules for Persistence, Privilege Escalation, and Lateral Movement | RoseSecurity Research
https://ift.tt/7CrdSgb
Submitted January 11, 2024 at 09:00AM by RoseSec_
via reddit https://ift.tt/YNBxK8s
https://ift.tt/7CrdSgb
Submitted January 11, 2024 at 09:00AM by RoseSec_
via reddit https://ift.tt/YNBxK8s
A collection of weggli patterns for C/C++ vulnerability research
https://ift.tt/B9uimeI
Submitted January 11, 2024 at 01:56PM by 0xdea
via reddit https://ift.tt/fzPZsL8
https://ift.tt/B9uimeI
Submitted January 11, 2024 at 01:56PM by 0xdea
via reddit https://ift.tt/fzPZsL8
hn security
A collection of weggli patterns for C/C++ vulnerability research - hn security
“No one cares about the old […]
Writeup of a [RCE] in Factorio by supplying a modified save file.
https://ift.tt/v9T6EDa
Submitted January 11, 2024 at 03:40PM by moviuro
via reddit https://ift.tt/JVuYXRb
https://ift.tt/v9T6EDa
Submitted January 11, 2024 at 03:40PM by moviuro
via reddit https://ift.tt/JVuYXRb
GitHub
GitHub - Valentin-Metz/writeup_factorio: Writeup of a remote code execution in Factorio by supplying a modified save file.
Writeup of a remote code execution in Factorio by supplying a modified save file. - Valentin-Metz/writeup_factorio
Vulnerabilities on Bosch Rexroth Nutrunners May Be Abused to Stop Production Lines, Tamper with Safety-Critical Tightenings
https://ift.tt/ECSKa5Q
Submitted January 11, 2024 at 07:08PM by _vavkamil_
via reddit https://ift.tt/T7kYhgR
https://ift.tt/ECSKa5Q
Submitted January 11, 2024 at 07:08PM by _vavkamil_
via reddit https://ift.tt/T7kYhgR
Nozominetworks
Vulnerabilities on Bosch Rexroth Nutrunners May Be Abused to Stop Production Lines, Tamper with Safety-Critical Tightenings
New vulnerabilities discovered in the Bosch Rexroth NXA015S-36V-B, a popular smart nutrunner used in automotive production lines, may halt production or compromise safety.
Weaponizing Apache OFBiz CVE-2023-51467
https://ift.tt/A7b6IUM
Submitted January 11, 2024 at 08:37PM by chicksdigthelongrun
via reddit https://ift.tt/GTyhQbH
https://ift.tt/A7b6IUM
Submitted January 11, 2024 at 08:37PM by chicksdigthelongrun
via reddit https://ift.tt/GTyhQbH
VulnCheck
Weaponizing Apache OFBiz CVE-2023-51467 - Blog - VulnCheck
VulnCheck bypasses the Apache OFBiz Groovy sandbox to land a memory resident reverse shell.
Dependency Confusions in Docker and remote pwning of your infra
https://ift.tt/q4fLlRM
Submitted January 11, 2024 at 10:23PM by gquere
via reddit https://ift.tt/0vRIOh4
https://ift.tt/q4fLlRM
Submitted January 11, 2024 at 10:23PM by gquere
via reddit https://ift.tt/0vRIOh4
Critical PyTorch Supply Chain Vulnerability
https://ift.tt/vB4nCLW
Submitted January 11, 2024 at 11:19PM by IrohsLotusTile
via reddit https://ift.tt/F31wq9x
https://ift.tt/vB4nCLW
Submitted January 11, 2024 at 11:19PM by IrohsLotusTile
via reddit https://ift.tt/F31wq9x
John Stawinski IV
Playing with Fire – How We Executed a Critical Supply Chain Attack on PyTorch
Security tends to lag behind adoption, and AI/ML is no exception. Four months ago, Adnan Khan and I exploited a critical CI/CD vulnerability in PyTorch, one of the world’s leading ML platform…
Attack of the week: Airdrop tracing
https://ift.tt/NE8gx0v
Submitted January 11, 2024 at 10:31PM by feross
via reddit https://ift.tt/VmxGjhs
https://ift.tt/NE8gx0v
Submitted January 11, 2024 at 10:31PM by feross
via reddit https://ift.tt/VmxGjhs
A Few Thoughts on Cryptographic Engineering
Attack of the week: Airdrop tracing
It’s been a while since I wrote an “attack of the week” post, and the fault for this is entirely mine. I’ve been much too busy writing boring posts about Schnorr signatures!…
Introducing Exploit Observer — More than Shodan Exploits, Less than Vulners
https://ift.tt/fhpH4ty
Submitted January 12, 2024 at 08:37AM by glatisantbeast
via reddit https://ift.tt/qRYef42
https://ift.tt/fhpH4ty
Submitted January 12, 2024 at 08:37AM by glatisantbeast
via reddit https://ift.tt/qRYef42
Medium
Introducing Exploit Observer — More than Shodan Exploits, Less than Vulners
I’m going to tell you how Exploit Observer has revolutionized the ways of automated exploit discovery & analysis at A.R.P. Syndicate.
Talkback Intro: A smart infosec resource aggregator
https://ift.tt/7IbAdDs
Submitted January 12, 2024 at 11:38AM by thinkV
via reddit https://ift.tt/de1imsI
https://ift.tt/7IbAdDs
Submitted January 12, 2024 at 11:38AM by thinkV
via reddit https://ift.tt/de1imsI
Elttam
Keeping up with the Pwnses
elttam is an independent security company providing research-driven security assessment services. We combine pragmatism and deep technical insight to help our customers secure their most important assets.
unblob project update - Filesystem sandboxing, nice UI, and pattern auto-identification.
https://ift.tt/mXUVbTk
Submitted January 12, 2024 at 01:35PM by g_e_r_h_a_r_d
via reddit https://ift.tt/STXjYEN
https://ift.tt/mXUVbTk
Submitted January 12, 2024 at 01:35PM by g_e_r_h_a_r_d
via reddit https://ift.tt/STXjYEN
ONEKEY
Explore our blog 👉️ for the latest UNBLOB insights.
Including new features, bug fixes, and more that have landed in UNBLOB in the second half of 2023.
Utilizing Unit testing Frameworks as a Vulnerability Scanner
https://ift.tt/7ChWrfm
Submitted January 12, 2024 at 12:53PM by 0xcrypto
via reddit https://ift.tt/mMFDBcC
https://ift.tt/7ChWrfm
Submitted January 12, 2024 at 12:53PM by 0xcrypto
via reddit https://ift.tt/mMFDBcC
Keeping up with the Pwnses
https://ift.tt/7IbAdDs
Submitted January 12, 2024 at 05:22PM by thinkV
via reddit https://ift.tt/7pJVhz3
https://ift.tt/7IbAdDs
Submitted January 12, 2024 at 05:22PM by thinkV
via reddit https://ift.tt/7pJVhz3
Elttam
Keeping up with the Pwnses
elttam is an independent security company providing research-driven security assessment services. We combine pragmatism and deep technical insight to help our customers secure their most important assets.
How to Leverage Internal Proxies for Lateral Movement, Firewall Evasion, and Trust Exploitation
https://ift.tt/ZHyYCwk
Submitted January 12, 2024 at 07:36PM by pracsec
via reddit https://ift.tt/yMVApkH
https://ift.tt/ZHyYCwk
Submitted January 12, 2024 at 07:36PM by pracsec
via reddit https://ift.tt/yMVApkH
Practical Security Analytics LLC
How to Leverage Internal Proxies for Lateral Movement, Firewall Evasion, and Trust Exploitation
Overview The primary tactic we will be exploring in this post is the use of proxies inside of a target network. There are a lot of different types of proxies for both offense and defense. This post…