ThreatCheck alternative that can work with any antivirus, given a config file.
https://ift.tt/euX0MSL
Submitted February 28, 2024 at 05:00PM by Immediate-Fruit3833
via reddit https://ift.tt/ZFx4CAd
https://ift.tt/euX0MSL
Submitted February 28, 2024 at 05:00PM by Immediate-Fruit3833
via reddit https://ift.tt/ZFx4CAd
GitHub
GitHub - MultSec/MultCheck: Identifies bad bytes from static analysis with any Anti-Virus scanner.
Identifies bad bytes from static analysis with any Anti-Virus scanner. - MultSec/MultCheck
Lazarus and the FudModule Rootkit: Beyond BYOVD with an Admin-to-Kernel Zero-Day
https://ift.tt/EjQLse4
Submitted February 28, 2024 at 06:58PM by stashing_the_smack
via reddit https://ift.tt/qBKuYcw
https://ift.tt/EjQLse4
Submitted February 28, 2024 at 06:58PM by stashing_the_smack
via reddit https://ift.tt/qBKuYcw
Avast Threat Labs
Lazarus and the FudModule Rootkit: Beyond BYOVD with an Admin-to-Kernel Zero-Day - Avast Threat Labs
The Lazarus Group is back with an upgraded variant of their FudModule rootkit, this time enabled by a zero-day admin-to-kernel vulnerability for CVE-2024-21338. Read this blog for a detailed analysis of this rootkit variant and learn more about several new…
Comparison of Enterprise SAST/DAST Products
https://ift.tt/djeAqRJ
Submitted February 29, 2024 at 02:26AM by bcdefense
via reddit https://ift.tt/soULgMh
https://ift.tt/djeAqRJ
Submitted February 29, 2024 at 02:26AM by bcdefense
via reddit https://ift.tt/soULgMh
GitHub
GitHub - bcdannyboy/EnterpriseSASTDASTProductLandscape: Analysis of the Enterprise SAST/DAST product landscape
Analysis of the Enterprise SAST/DAST product landscape - bcdannyboy/EnterpriseSASTDASTProductLandscape
An EBPF based open source stateful linux firewall that integrates with OpenZiti Zero Trust Framework
https://ift.tt/oQ56bKn
Submitted February 29, 2024 at 04:50AM by e_secure5592
via reddit https://ift.tt/790BtLd
https://ift.tt/oQ56bKn
Submitted February 29, 2024 at 04:50AM by e_secure5592
via reddit https://ift.tt/790BtLd
GitHub
GitHub - netfoundry/zfw: An EBPF based IP4/IPv6 firewall with integrations for OpenZiti edge-routers and tunnellers
An EBPF based IP4/IPv6 firewall with integrations for OpenZiti edge-routers and tunnellers - netfoundry/zfw
Unauthenticated Email Enumeration via API Fuzzing
https://ift.tt/VMHFWK1
Submitted February 29, 2024 at 09:41AM by Zestyclose-Welder-33
via reddit https://ift.tt/TXuexDm
https://ift.tt/VMHFWK1
Submitted February 29, 2024 at 09:41AM by Zestyclose-Welder-33
via reddit https://ift.tt/TXuexDm
Jineesh AK
Unauthenticated Email Enumeration via API Fuzzing
Introduction
Exploiting CSP Wildcards for Google Domains
https://ift.tt/GjlfI6o
Submitted February 29, 2024 at 05:07PM by 6W99ocQnb8Zy17
via reddit https://ift.tt/4UyHrKJ
https://ift.tt/GjlfI6o
Submitted February 29, 2024 at 05:07PM by 6W99ocQnb8Zy17
via reddit https://ift.tt/4UyHrKJ
attackshipsonfi.re
Exploiting CSP Wildcards for Google Domains
TL;DR The Google developer documentation includes CSP examples which use domain wildcards (which have been widely cut & pasted), and additionally there are numerous endpoints within the Google eTLDs which are vulnerable to Javanoscript XSS.
Glitching in 3D: Low Cost EMFI Attacks
https://ift.tt/Bjt3pYo
Submitted February 29, 2024 at 08:16PM by wrongbaud
via reddit https://ift.tt/LK6b0Fq
https://ift.tt/Bjt3pYo
Submitted February 29, 2024 at 08:16PM by wrongbaud
via reddit https://ift.tt/LK6b0Fq
SubdoMailing Checker: Type in a domain to see if it’s been compromised by “SubdoMailers”
https://ift.tt/HQinR3b
Submitted March 01, 2024 at 12:18AM by pinpepnet
via reddit https://ift.tt/8YS257p
https://ift.tt/HQinR3b
Submitted March 01, 2024 at 12:18AM by pinpepnet
via reddit https://ift.tt/8YS257p
Guardio
SubdoMailing Checker Tool | Guardio
Use Guardio's checker tool to find out if your domain has been compromised by SubdoMailers
Celebrating Falco's Journey to CNCF Graduation
https://ift.tt/ZuPFTzp
Submitted March 01, 2024 at 03:38AM by Hallow_Rose
via reddit https://ift.tt/CrnGzMO
https://ift.tt/ZuPFTzp
Submitted March 01, 2024 at 03:38AM by Hallow_Rose
via reddit https://ift.tt/CrnGzMO
Sysdig
Falco's Journey to CNCF graduation
In February 2024, Falco graduated within the Cloud Native Computing Foundation (CNCF). Graduation marks an important milestone for a journey...
Exploiting Stack Based Buffer Overflow
https://ift.tt/IJ0Rsb2
Submitted March 01, 2024 at 12:26PM by Accomplished-Mud1210
via reddit https://ift.tt/lZ1O2H7
https://ift.tt/IJ0Rsb2
Submitted March 01, 2024 at 12:26PM by Accomplished-Mud1210
via reddit https://ift.tt/lZ1O2H7
RingBuffer's Blog
Buffer Overflow : Exploiting Easy RM to MP3 Converter
Buffer Overflow Demonstration on Exploiting Easy RM to MP3 Converter
LogSnare: A web application playground for testing, preventing, and logging IDOR vulnerabilities.
https://ift.tt/g23Tvpr
Submitted March 01, 2024 at 06:50PM by Seaerkin2
via reddit https://ift.tt/95duxiZ
https://ift.tt/g23Tvpr
Submitted March 01, 2024 at 06:50PM by Seaerkin2
via reddit https://ift.tt/95duxiZ
GitHub
GitHub - sea-erkin/log-snare: LogSnare: A playground for testing, preventing, and logging IDOR vulnerabilities.
LogSnare: A playground for testing, preventing, and logging IDOR vulnerabilities. - sea-erkin/log-snare
Google VRP: CSP bypass to email exfiltration via Bard
https://ift.tt/VL61KeD
Submitted March 01, 2024 at 08:25PM by poltess0
via reddit https://ift.tt/wfP19FY
https://ift.tt/VL61KeD
Submitted March 01, 2024 at 08:25PM by poltess0
via reddit https://ift.tt/wfP19FY
www.landh.tech
We Hacked Google A.I. for $50,000 - Lupin & Holmes
Phrack #71: Call For Paper
http://www.phrack.org
Submitted March 02, 2024 at 03:05PM by loselasso
via reddit https://ift.tt/qdLKfQp
http://www.phrack.org
Submitted March 02, 2024 at 03:05PM by loselasso
via reddit https://ift.tt/qdLKfQp
Phrack
Introduction
Click to read the article on phrack
LoFP - Living off the False Positive
https://ift.tt/yo8RdKl
Submitted March 02, 2024 at 08:38PM by adityatelange
via reddit https://ift.tt/pfIUx8K
https://ift.tt/yo8RdKl
Submitted March 02, 2024 at 08:38PM by adityatelange
via reddit https://ift.tt/pfIUx8K
Br0K3Nlab
LoFP
Living off the False Positive!
GitHub - teler-sh/sebel: a Go package that provides functionality for checking SSL/TLS certificates against malicious connections, by identifying and blacklisting certificates used by botnet command and control (C&C) servers.
https://ift.tt/zaWfmYj
Submitted March 02, 2024 at 07:34PM by dwisiswant0
via reddit https://ift.tt/4qsrCeD
https://ift.tt/zaWfmYj
Submitted March 02, 2024 at 07:34PM by dwisiswant0
via reddit https://ift.tt/4qsrCeD
GitHub
GitHub - teler-sh/sebel: Checks SSL/TLS certificates for potential malicious connections by detecting and blocking certificates…
Checks SSL/TLS certificates for potential malicious connections by detecting and blocking certificates used by botnet command and control (C&C) servers. - teler-sh/sebel
SubSeekerPro
https://ift.tt/AcsHC8P
Submitted March 03, 2024 at 12:14PM by TheArtHacker34
via reddit https://ift.tt/A4fBQo5
https://ift.tt/AcsHC8P
Submitted March 03, 2024 at 12:14PM by TheArtHacker34
via reddit https://ift.tt/A4fBQo5
GitHub
GitHub - SonfireOP68/SubSeekerPro
Contribute to SonfireOP68/SubSeekerPro development by creating an account on GitHub.
How to effortlessly setup Yubikeys for SSH/GIT on WSL
https://ift.tt/gYlFfwP
Submitted March 03, 2024 at 12:53PM by KaanSK
via reddit https://ift.tt/wmE5yRl
https://ift.tt/gYlFfwP
Submitted March 03, 2024 at 12:53PM by KaanSK
via reddit https://ift.tt/wmE5yRl
Threatzer
Effortless SSH/GIT Security with Yubikey FIDO2 Interface on WSL | Threatzer OÜ
Yubikeys, FIDO2 and WSL Windows Subsystem for Linux (WSL), especially its second iteration (WSL2), offers a seamless way to run Linux distributions directly within Windows. This brings the familiar Linux environment and its powerful tools right to your fingertips…
An intro to automated evasion and compilation of .NET offensive tools
https://ift.tt/vkzC8e3
Submitted March 03, 2024 at 02:01PM by clod81
via reddit https://ift.tt/foTFqwx
https://ift.tt/vkzC8e3
Submitted March 03, 2024 at 02:01PM by clod81
via reddit https://ift.tt/foTFqwx
Tier Zero Security
Information Security Services. Offensive Security, Penetration Testing, Mobile and Application, Purple Team, Red Team
RattaGATTa: Scalable Bluetooth Low-Energy Survey
https://ift.tt/kYJgzxr
Submitted March 02, 2024 at 02:32AM by netsecfriends
via reddit https://ift.tt/LImEMTV
https://ift.tt/kYJgzxr
Submitted March 02, 2024 at 02:32AM by netsecfriends
via reddit https://ift.tt/LImEMTV
GreyNoise Labs
GreyNoise Labs - RattaGATTa: Scalable Bluetooth Low-Energy Survey
Phase 1: Using a pool of collectors to scan and connect to BTLE devices, shedding light on the intricacies of hardware, radio frequency challenges, and the importance of rate-limiting algorithms.
DUALITY: Advanced Red Team Persistence through Self-Reinfecting DLL Backdoors for Unyielding Control
https://ift.tt/1eP8NdR
Submitted March 01, 2024 at 07:51PM by b1x3r
via reddit https://ift.tt/SkKpdhl
https://ift.tt/1eP8NdR
Submitted March 01, 2024 at 07:51PM by b1x3r
via reddit https://ift.tt/SkKpdhl
AON
DUALITY - Part 1
DUALITY: Advanced Red Team Persistence through Self-Reinfecting DLL Backdoors for Unyielding Control
How to Make Nmap Recognize New Services
https://ift.tt/Ob563vq
Submitted March 04, 2024 at 12:52AM by Salmiakkilakritsi
via reddit https://ift.tt/t0Pi6hk
https://ift.tt/Ob563vq
Submitted March 04, 2024 at 12:52AM by Salmiakkilakritsi
via reddit https://ift.tt/t0Pi6hk
Shufflingbytes
How to Make Nmap Recognize New Services
Step-by-step instructions for extending nmap service detection capabilities