It's now possible to find the AWS Account ID for any S3 Bucket (private or public)
https://ift.tt/IRkANmc
Submitted February 26, 2024 at 08:52PM by tracebit
via reddit https://ift.tt/eDY65x7
https://ift.tt/IRkANmc
Submitted February 26, 2024 at 08:52PM by tracebit
via reddit https://ift.tt/eDY65x7
Tracebit
How to find the AWS Account ID of any S3 Bucket
A technique to find the Account ID of a private S3 bucket.
QR Code Phishing with EvilGophish
https://ift.tt/GEcv7KP
Submitted February 26, 2024 at 08:28PM by fin3ss3g0d
via reddit https://ift.tt/6Rsoel9
https://ift.tt/GEcv7KP
Submitted February 26, 2024 at 08:28PM by fin3ss3g0d
via reddit https://ift.tt/6Rsoel9
fin3ss3g0d's Blog -
QR Code Phishing with EvilGophish - fin3ss3g0d's Blog
In the evolving landscape of cybersecurity, adversaries are continually seeking innovative methods to bypass traditional security measures. One such method gaining traction is the use of QR codes. At first glance, QR codes appear as benign tools for quick…
Advanced CyberChef Techniques for Configuration Extraction - Detailed Walkthrough and Examples
https://ift.tt/kASs2xO
Submitted February 26, 2024 at 08:00PM by Embeere
via reddit https://ift.tt/ldUMPH0
https://ift.tt/kASs2xO
Submitted February 26, 2024 at 08:00PM by Embeere
via reddit https://ift.tt/ldUMPH0
Embee Research
Advanced CyberChef Techniques For Malware Analysis - Detailed Walkthrough and Examples
Advanced CyberChef techniques using Registers, Regex and Flow Control
Windows Sysinternals - Sysmon - A practical guide to implementation and essential tips
https://ift.tt/GxuKotb
Submitted February 27, 2024 at 02:14AM by clod81
via reddit https://ift.tt/T7P2aDu
https://ift.tt/GxuKotb
Submitted February 27, 2024 at 02:14AM by clod81
via reddit https://ift.tt/T7P2aDu
Tier Zero Security
Information Security Services. Offensive Security, Penetration Testing, Mobile and Application, Purple Team, Red Team
CVE-2023-52161: inet-wireless daemon (iwd) APs allowed clients to connect with a NULL key, bypassing the WiFi password
https://ift.tt/weyTsWk
Submitted February 27, 2024 at 03:40AM by supernetworks
via reddit https://ift.tt/u85oKXx
https://ift.tt/weyTsWk
Submitted February 27, 2024 at 03:40AM by supernetworks
via reddit https://ift.tt/u85oKXx
Top10Vpn
New WiFi Authentication Vulnerabilities Discovered
Two new WiFi vulnerabilities allow hackers to trick you into connecting to fake hotspots and steal your data, and join secure networks without the password.
A growing database of InfoSec salaries for 2024 (Open Data)
https://ift.tt/KW2bjRL
Submitted February 27, 2024 at 07:24PM by infosec-jobs
via reddit https://ift.tt/kyZbiGz
https://ift.tt/KW2bjRL
Submitted February 27, 2024 at 07:24PM by infosec-jobs
via reddit https://ift.tt/kyZbiGz
isecjobs.com
The Global InfoSec / Cybersecurity Salary Index for 2024
An open database of salaries in the InfoSec / Cybersecurity space.
Podcast: Lockbit the largest ransomware gang hacked
https://ift.tt/fio8tHr
Submitted February 27, 2024 at 08:05PM by ShadowStackRE
via reddit https://ift.tt/kWYZ3ts
https://ift.tt/fio8tHr
Submitted February 27, 2024 at 08:05PM by ShadowStackRE
via reddit https://ift.tt/kWYZ3ts
New Server Side Prototype Pollution Gadgets Scanner from Doyensec
https://ift.tt/pvWuh0l
Submitted February 27, 2024 at 09:23PM by ds_at
via reddit https://ift.tt/vEVOKZz
https://ift.tt/pvWuh0l
Submitted February 27, 2024 at 09:23PM by ds_at
via reddit https://ift.tt/vEVOKZz
Data Scientists Targeted by Malicious Hugging Face ML Models with Silent Backdoor
https://ift.tt/rRGfoCm
Submitted February 27, 2024 at 09:32PM by SRMish3
via reddit https://ift.tt/XSjfTq2
https://ift.tt/rRGfoCm
Submitted February 27, 2024 at 09:32PM by SRMish3
via reddit https://ift.tt/XSjfTq2
JFrog
Data Scientists Targeted by Malicious Hugging Face ML Models with Silent Backdoor
Is Hugging Face the target of model-based attacks? See a detailed explanation of the attack mechanism and what is required to identify real threats >
APT29 adopts new TTPs, according to a bunch of agencies
https://ift.tt/fiwomqN
Submitted February 28, 2024 at 04:10AM by Betterworldguys
via reddit https://ift.tt/YNgjTmV
https://ift.tt/fiwomqN
Submitted February 28, 2024 at 04:10AM by Betterworldguys
via reddit https://ift.tt/YNgjTmV
CyberTalk
NCSC warns of new TTPs employed by APT 29 - CyberTalk
A recent advisory from the U.K. National Cyber Security Centre (NCSC) and international partners details the recently developed tactics...
LOTP - Living Off the Pipeline
https://ift.tt/zo5f0MO
Submitted February 28, 2024 at 03:42AM by fproulx
via reddit https://ift.tt/B9l7aPd
https://ift.tt/zo5f0MO
Submitted February 28, 2024 at 03:42AM by fproulx
via reddit https://ift.tt/B9l7aPd
Hacking Terraform state to gain code execution and privilege escalation
https://ift.tt/NGiLAkV
Submitted February 28, 2024 at 10:04AM by dagrz-cloudsec
via reddit https://ift.tt/9YwfSa5
https://ift.tt/NGiLAkV
Submitted February 28, 2024 at 10:04AM by dagrz-cloudsec
via reddit https://ift.tt/9YwfSa5
Plerion
Hacking Terraform State for Privilege Escalation - Plerion
What can an attacker do if they can edit Terraform state? The answer should be 'nothing' but is actually 'take over your CI/CD pipeline'.
Revitalizing MouseJacking: Another Pen Test Story
https://ift.tt/7Lg2eOi
Submitted February 28, 2024 at 04:43PM by needmorejava
via reddit https://ift.tt/usHReWz
https://ift.tt/7Lg2eOi
Submitted February 28, 2024 at 04:43PM by needmorejava
via reddit https://ift.tt/usHReWz
Brackish Security
MouseJacking (With Flipper Zero): Tales from Pen Testing Trenches - Brackish Security
As a continuation in our series of penetration testing stories (who doesn’t love those) we bring you MouseJacking (With Flipper Zero). Check out the first blog post in the series here here. In this engagement, we were successfully able to compromise a network…
ThreatCheck alternative that can work with any antivirus, given a config file.
https://ift.tt/euX0MSL
Submitted February 28, 2024 at 05:00PM by Immediate-Fruit3833
via reddit https://ift.tt/ZFx4CAd
https://ift.tt/euX0MSL
Submitted February 28, 2024 at 05:00PM by Immediate-Fruit3833
via reddit https://ift.tt/ZFx4CAd
GitHub
GitHub - MultSec/MultCheck: Identifies bad bytes from static analysis with any Anti-Virus scanner.
Identifies bad bytes from static analysis with any Anti-Virus scanner. - MultSec/MultCheck
Lazarus and the FudModule Rootkit: Beyond BYOVD with an Admin-to-Kernel Zero-Day
https://ift.tt/EjQLse4
Submitted February 28, 2024 at 06:58PM by stashing_the_smack
via reddit https://ift.tt/qBKuYcw
https://ift.tt/EjQLse4
Submitted February 28, 2024 at 06:58PM by stashing_the_smack
via reddit https://ift.tt/qBKuYcw
Avast Threat Labs
Lazarus and the FudModule Rootkit: Beyond BYOVD with an Admin-to-Kernel Zero-Day - Avast Threat Labs
The Lazarus Group is back with an upgraded variant of their FudModule rootkit, this time enabled by a zero-day admin-to-kernel vulnerability for CVE-2024-21338. Read this blog for a detailed analysis of this rootkit variant and learn more about several new…
Comparison of Enterprise SAST/DAST Products
https://ift.tt/djeAqRJ
Submitted February 29, 2024 at 02:26AM by bcdefense
via reddit https://ift.tt/soULgMh
https://ift.tt/djeAqRJ
Submitted February 29, 2024 at 02:26AM by bcdefense
via reddit https://ift.tt/soULgMh
GitHub
GitHub - bcdannyboy/EnterpriseSASTDASTProductLandscape: Analysis of the Enterprise SAST/DAST product landscape
Analysis of the Enterprise SAST/DAST product landscape - bcdannyboy/EnterpriseSASTDASTProductLandscape
An EBPF based open source stateful linux firewall that integrates with OpenZiti Zero Trust Framework
https://ift.tt/oQ56bKn
Submitted February 29, 2024 at 04:50AM by e_secure5592
via reddit https://ift.tt/790BtLd
https://ift.tt/oQ56bKn
Submitted February 29, 2024 at 04:50AM by e_secure5592
via reddit https://ift.tt/790BtLd
GitHub
GitHub - netfoundry/zfw: An EBPF based IP4/IPv6 firewall with integrations for OpenZiti edge-routers and tunnellers
An EBPF based IP4/IPv6 firewall with integrations for OpenZiti edge-routers and tunnellers - netfoundry/zfw
Unauthenticated Email Enumeration via API Fuzzing
https://ift.tt/VMHFWK1
Submitted February 29, 2024 at 09:41AM by Zestyclose-Welder-33
via reddit https://ift.tt/TXuexDm
https://ift.tt/VMHFWK1
Submitted February 29, 2024 at 09:41AM by Zestyclose-Welder-33
via reddit https://ift.tt/TXuexDm
Jineesh AK
Unauthenticated Email Enumeration via API Fuzzing
Introduction
Exploiting CSP Wildcards for Google Domains
https://ift.tt/GjlfI6o
Submitted February 29, 2024 at 05:07PM by 6W99ocQnb8Zy17
via reddit https://ift.tt/4UyHrKJ
https://ift.tt/GjlfI6o
Submitted February 29, 2024 at 05:07PM by 6W99ocQnb8Zy17
via reddit https://ift.tt/4UyHrKJ
attackshipsonfi.re
Exploiting CSP Wildcards for Google Domains
TL;DR The Google developer documentation includes CSP examples which use domain wildcards (which have been widely cut & pasted), and additionally there are numerous endpoints within the Google eTLDs which are vulnerable to Javanoscript XSS.
Glitching in 3D: Low Cost EMFI Attacks
https://ift.tt/Bjt3pYo
Submitted February 29, 2024 at 08:16PM by wrongbaud
via reddit https://ift.tt/LK6b0Fq
https://ift.tt/Bjt3pYo
Submitted February 29, 2024 at 08:16PM by wrongbaud
via reddit https://ift.tt/LK6b0Fq
SubdoMailing Checker: Type in a domain to see if it’s been compromised by “SubdoMailers”
https://ift.tt/HQinR3b
Submitted March 01, 2024 at 12:18AM by pinpepnet
via reddit https://ift.tt/8YS257p
https://ift.tt/HQinR3b
Submitted March 01, 2024 at 12:18AM by pinpepnet
via reddit https://ift.tt/8YS257p
Guardio
SubdoMailing Checker Tool | Guardio
Use Guardio's checker tool to find out if your domain has been compromised by SubdoMailers