Last part of Lord Of The Ring0
https://ift.tt/z3NJK9o
Submitted April 01, 2024 at 07:06PM by Idov31
via reddit https://ift.tt/8cnNaED
https://ift.tt/z3NJK9o
Submitted April 01, 2024 at 07:06PM by Idov31
via reddit https://ift.tt/8cnNaED
Bypassing DOMPurify with good old XML
https://ift.tt/AOl4h2d
Submitted April 01, 2024 at 08:33PM by toyojuni
via reddit https://ift.tt/ZmU0cBh
https://ift.tt/AOl4h2d
Submitted April 01, 2024 at 08:33PM by toyojuni
via reddit https://ift.tt/ZmU0cBh
flatt.tech
Bypassing DOMPurify with good old XML
How I could bypass DOMPurify with XML
BGGP4: PleaseMom, QUANTUM, Rat?
https://remyhax.xyz/posts/bggp4-quantum-rat/
Submitted April 01, 2024 at 07:48PM by netsecfriends
via reddit https://ift.tt/xtelr7A
https://remyhax.xyz/posts/bggp4-quantum-rat/
Submitted April 01, 2024 at 07:48PM by netsecfriends
via reddit https://ift.tt/xtelr7A
remyhax.xyz
BGGP4: PleaseMom, QUANTUM, Rat?
For this last years Binary Golf Grand Prix the goal was to:
Create the smallest self-replicating file.
Requirements:
Create the smallest self-replicating file.
Requirements:
xz/liblzma Backdoor: Open Source Nuke? Maybe Not That Bad!
https://ift.tt/SbeW2Vw
Submitted April 01, 2024 at 11:03AM by hardenedvault
via reddit https://ift.tt/VILkAoa
https://ift.tt/SbeW2Vw
Submitted April 01, 2024 at 11:03AM by hardenedvault
via reddit https://ift.tt/VILkAoa
hardenedvault.net
xz/liblzma Backdoor: Open Source Nuke? Maybe Not That Bad!
xz/liblzma Backdoor: Open Source Nuke? Maybe Not That Bad! Story Background On March 29, 2024, a report exposing a backdoor in the upstream source code of the controversial open-source project, the xz software package, was made public on the oss-security…
How Complex Systems Fail
https://ift.tt/EeCyXij
Submitted April 01, 2024 at 07:39PM by Alexander_Selkirk
via reddit https://ift.tt/t8MJm9C
https://ift.tt/EeCyXij
Submitted April 01, 2024 at 07:39PM by Alexander_Selkirk
via reddit https://ift.tt/t8MJm9C
Xzbot: exploit demo for the xz backdoor (CVE-2024-3094)
https://ift.tt/wAJp7qK
Submitted April 01, 2024 at 10:21PM by netsec_burn
via reddit https://ift.tt/bQHZmpl
https://ift.tt/wAJp7qK
Submitted April 01, 2024 at 10:21PM by netsec_burn
via reddit https://ift.tt/bQHZmpl
GitHub
GitHub - amlweems/xzbot: notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)
notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094) - amlweems/xzbot
NetScout - An OSINT tool I've been working on that finds domains, subdomains, directories and files based on a given URL
https://ift.tt/6QeYELO
Submitted April 02, 2024 at 12:38AM by lost_my_tech_account
via reddit https://ift.tt/uVPp4q0
https://ift.tt/6QeYELO
Submitted April 02, 2024 at 12:38AM by lost_my_tech_account
via reddit https://ift.tt/uVPp4q0
GitHub
GitHub - caio-ishikawa/netscout: OSINT tool that finds domains, subdomains, directories, endpoints and files for a given seed URL.
OSINT tool that finds domains, subdomains, directories, endpoints and files for a given seed URL. - caio-ishikawa/netscout
IBIS hotel check-in terminal keypad-code leakage
https://ift.tt/i5CwTtl
Submitted April 02, 2024 at 02:57PM by aunga
via reddit https://ift.tt/1wXH8gx
https://ift.tt/i5CwTtl
Submitted April 02, 2024 at 02:57PM by aunga
via reddit https://ift.tt/1wXH8gx
Pentagrid AG
IBIS hotel check-in terminal keypad-code leakage
An IBIS hotel check-in terminal leaked room door key codes of almost half of the rooms.
XZ-actly What You Need (CVE 2024-3094): Detecting Exploitation with Oligo
https://ift.tt/jazlEHs
Submitted April 02, 2024 at 11:21PM by cov_id19
via reddit https://ift.tt/wUBOgRn
https://ift.tt/jazlEHs
Submitted April 02, 2024 at 11:21PM by cov_id19
via reddit https://ift.tt/wUBOgRn
www.oligo.security
XZ-actly What You Need (CVE 2024-3094): Detecting Exploitation with Oligo | Oligo Security
See how Oligo ADR Detects Exploitation of CVE-2024-3094 (XZ backdoor in liblzma).
/r/netsec's Q2 2024 Information Security Hiring Thread
OverviewIf you have open positions at your company for information security professionals and would like to hire from the /r/netsec user base, please leave a comment detailing any open job listings at your company.We would also like to encourage you to post internship positions as well. Many of our readers are currently in school or are just finishing their education.Please reserve top level comments for those posting open positions.Rules & GuidelinesInclude the company name in the post. If you want to be topsykret, go recruit elsewhere. Include the geographic location of the position along with the availability of relocation assistance or remote work.If you are a third party recruiter, you must disclose this in your posting.Please be thorough and upfront with the position details.Use of non-hr'd (realistic) requirements is encouraged.While it's fine to link to the position on your companies website, provide the important details in the comment.Mention if applicants should apply officially through HR, or directly through you.Please clearly list citizenship, visa, and security clearance requirements.You can see an example of acceptable posts by perusing past hiring threads.FeedbackFeedback and suggestions are welcome, but please don't hijack this thread (use moderator mail instead.)
Submitted April 03, 2024 at 12:23AM by netsec_burn
via reddit https://ift.tt/ykG2YMK
OverviewIf you have open positions at your company for information security professionals and would like to hire from the /r/netsec user base, please leave a comment detailing any open job listings at your company.We would also like to encourage you to post internship positions as well. Many of our readers are currently in school or are just finishing their education.Please reserve top level comments for those posting open positions.Rules & GuidelinesInclude the company name in the post. If you want to be topsykret, go recruit elsewhere. Include the geographic location of the position along with the availability of relocation assistance or remote work.If you are a third party recruiter, you must disclose this in your posting.Please be thorough and upfront with the position details.Use of non-hr'd (realistic) requirements is encouraged.While it's fine to link to the position on your companies website, provide the important details in the comment.Mention if applicants should apply officially through HR, or directly through you.Please clearly list citizenship, visa, and security clearance requirements.You can see an example of acceptable posts by perusing past hiring threads.FeedbackFeedback and suggestions are welcome, but please don't hijack this thread (use moderator mail instead.)
Submitted April 03, 2024 at 12:23AM by netsec_burn
via reddit https://ift.tt/ykG2YMK
Adventures in Stegoland - Adventures with a stego shellcode loader
https://ift.tt/Pknq0wg
Submitted April 03, 2024 at 06:56AM by clod81
via reddit https://ift.tt/NoyVLiB
https://ift.tt/Pknq0wg
Submitted April 03, 2024 at 06:56AM by clod81
via reddit https://ift.tt/NoyVLiB
Tier Zero Security
Information Security Services. Offensive Security, Penetration Testing, Mobile and Application, Purple Team, Red Team
Attacking Active Directory Certificate Service Part 3
https://ift.tt/gcxSZEK
Submitted April 03, 2024 at 11:45AM by Accomplished-Mud1210
via reddit https://ift.tt/RpLvV1w
https://ift.tt/gcxSZEK
Submitted April 03, 2024 at 11:45AM by Accomplished-Mud1210
via reddit https://ift.tt/RpLvV1w
RingBuffer's Blog
Attacking AD Certificate Services – Part 3 – RingBuffer's Blog
Attacking Active Directory Certificate Service (ADCS) Part 3 focusing on performing the privilege escalation using vulnerable AD CS service in Windows Domain.
Attacking Active Directory Certificate Service Part 2
https://ift.tt/Hl6M9dO
Submitted April 03, 2024 at 11:45AM by Accomplished-Mud1210
via reddit https://ift.tt/Hz6xMgP
https://ift.tt/Hl6M9dO
Submitted April 03, 2024 at 11:45AM by Accomplished-Mud1210
via reddit https://ift.tt/Hz6xMgP
RingBuffer's Blog
Attacking AD Certificate Services – Part 2 – RingBuffer's Blog
Attacking Active Directory Certificate Service (ADCS) Part 2 - Focusing on uncovering some critical assets using certify and leveraging Windows Data Protection API
Attacking Active Directory Certificate Service Part 1
https://ift.tt/tSbHXjN
Submitted April 03, 2024 at 11:44AM by Accomplished-Mud1210
via reddit https://ift.tt/LKzg4mw
https://ift.tt/tSbHXjN
Submitted April 03, 2024 at 11:44AM by Accomplished-Mud1210
via reddit https://ift.tt/LKzg4mw
RingBuffer's Blog
Attacking AD Certificate Services – Part 1 – RingBuffer's Blog
This blog covers Enumerating the AD services and attacking AD CS in windows environment.
Persistence - DLL Proxy Loading
https://ift.tt/TcqohQz
Submitted April 03, 2024 at 01:23PM by netbiosX
via reddit https://ift.tt/5y8Fl9t
https://ift.tt/TcqohQz
Submitted April 03, 2024 at 01:23PM by netbiosX
via reddit https://ift.tt/5y8Fl9t
Penetration Testing Lab
Persistence – DLL Proxy Loading
DLL Proxy Loading is a technique which an arbitrary DLL exports the same functions as the legitimate DLL and forwards the calls to the legitimate DLL in an attempt to not disrupt the execution flow…
Kobold letters – Why HTML emails are a risk to your organization
https://ift.tt/SreE8O9
Submitted April 03, 2024 at 09:06PM by lutrasecurity
via reddit https://ift.tt/cP9BuMY
https://ift.tt/SreE8O9
Submitted April 03, 2024 at 09:06PM by lutrasecurity
via reddit https://ift.tt/cP9BuMY
Lutrasecurity
Kobold letters – Lutra Security
Anyone who has had to deal with HTML emails on a technical level has probably reached the point where they wanted to quit their job or just set fire to all the mail clients due to their inconsistent implementations. But HTML emails are not just a source of…
Showcasing Incinerator a Powerful Android Malware Reversing Tool
https://ift.tt/Nzu5tQK
Submitted April 03, 2024 at 09:44PM by WiseTuna
via reddit https://ift.tt/KkbGBeE
https://ift.tt/Nzu5tQK
Submitted April 03, 2024 at 09:44PM by WiseTuna
via reddit https://ift.tt/KkbGBeE
Boschko Security Blog
Incinerator: The Ultimate Android Malware Reversing Tool
Master Android malware reversal with ease using Incinerator, your trusted ally in the fight against threat actors for experts and novices alike.
Gram - Self-hosted Threat Modeling Webapp
https://ift.tt/ZUmxRXq
Submitted April 04, 2024 at 01:22AM by Tethik
via reddit https://ift.tt/U4dKHuX
https://ift.tt/ZUmxRXq
Submitted April 04, 2024 at 01:22AM by Tethik
via reddit https://ift.tt/U4dKHuX
GitHub
GitHub - klarna-incubator/gram: Gram is Klarna's own threat model diagramming tool
Gram is Klarna's own threat model diagramming tool - klarna-incubator/gram
unch 😗: Hides message with invisible Unicode characters
https://ift.tt/tFfMJYD
Submitted April 04, 2024 at 03:55AM by dwisiswant0
via reddit https://ift.tt/Z1SoICJ
https://ift.tt/tFfMJYD
Submitted April 04, 2024 at 03:55AM by dwisiswant0
via reddit https://ift.tt/Z1SoICJ
GitHub
GitHub - dwisiswant0/unch: Hides message with invisible Unicode characters
Hides message with invisible Unicode characters. Contribute to dwisiswant0/unch development by creating an account on GitHub.
Diving Deeper into AI Package Hallucinations
https://ift.tt/Nt2iJpW
Submitted April 05, 2024 at 01:40PM by mowaptpop
via reddit https://ift.tt/vFmDutw
https://ift.tt/Nt2iJpW
Submitted April 05, 2024 at 01:40PM by mowaptpop
via reddit https://ift.tt/vFmDutw
www.lasso.security
Diving Deeper into AI Package Hallucinations
Lass Security's recent research on AI Package Hallucinations extends the attack technique to GPT-3.5-Turbo, GPT-4, Gemini Pro (Bard), and Coral (Cohere).
Security Advisory: Systems with a SONIX Technology Webcam vulnerable to DLL hijacking attack allowing attackers to execute malicious DLL and escalate privileges
https://ift.tt/Rmy9TiU
Submitted April 05, 2024 at 02:03PM by usdAG
via reddit https://ift.tt/lpbGkj5
https://ift.tt/Rmy9TiU
Submitted April 05, 2024 at 02:03PM by usdAG
via reddit https://ift.tt/lpbGkj5
usd HeroLab
usd-2023-0029 - usd HeroLab
Advisory ID: usd-2023-0029 | Product: SONIX Technology Webcam | Vulnerability Type: CWE 732 - Incorrect Permission Assignment for Critical Resource