A quick post on Chen’s algorithm
https://ift.tt/Uz8kPSA
Submitted April 17, 2024 at 05:01AM by feross
via reddit https://ift.tt/DysHBLz
https://ift.tt/Uz8kPSA
Submitted April 17, 2024 at 05:01AM by feross
via reddit https://ift.tt/DysHBLz
A Few Thoughts on Cryptographic Engineering
A quick post on Chen’s algorithm
Update (April 19): Yilei Chen announced the discovery of a bug in the algorithm, which he does not know how to fix. This was independently discovered by Hongxun Wu and Thomas Vidick. At present, th…
[AI/ML Security] Scan and fix your LLM jailbreaks
https://ift.tt/floCsKQ
Submitted April 17, 2024 at 03:24PM by rukhrunnin
via reddit https://ift.tt/4UxLEGH
https://ift.tt/floCsKQ
Submitted April 17, 2024 at 03:24PM by rukhrunnin
via reddit https://ift.tt/4UxLEGH
mindgard.ai
Find and Mitigate an LLM Jailbreak - Mindgard
Learn how to identify, mitigate, and protect your AI/LLM from jailbreak attacks. This guide helps secure your AI applications from vulnerabilities and reputational damage.
An Obscure Actions Workflow Vulnerability in Google’s Flank
https://ift.tt/HBJXIUN
Submitted April 18, 2024 at 12:30AM by louis11
via reddit https://ift.tt/JT8IpOb
https://ift.tt/HBJXIUN
Submitted April 18, 2024 at 12:30AM by louis11
via reddit https://ift.tt/JT8IpOb
Adnan Khan's Blog
An Obscure Actions Workflow Vulnerability in Google's Flank
Introduction
Recently, I reported a “Pwn Request” vulnerability in Google’s Flank repository. Flank is described as a “Massively parallel Android and iOS test runner for Firebase Test Lab” and is an official Google open source project.
The vulnerability…
Recently, I reported a “Pwn Request” vulnerability in Google’s Flank repository. Flank is described as a “Massively parallel Android and iOS test runner for Firebase Test Lab” and is an official Google open source project.
The vulnerability…
Element Android CVE-2024-26131, CVE-2024-26132 - Never Take Intents From Strangers - Shielder
https://ift.tt/x2ZbNhU
Submitted April 18, 2024 at 02:56PM by smaury
via reddit https://ift.tt/x2ymBu5
https://ift.tt/x2ZbNhU
Submitted April 18, 2024 at 02:56PM by smaury
via reddit https://ift.tt/x2ymBu5
Shielder
Shielder - Element Android CVE-2024-26131, CVE-2024-26132 - Never Take Intents From Strangers
A writeup about two intent-based Android vulnerabilities CVE-2024-26131 and CVE-2024-26132 in Element (Matrix).
Breaking Custom Encryption Using Frida (Mobile Application Pentesting)
https://ift.tt/HWPUxoZ
Submitted April 18, 2024 at 04:22PM by Waste-Kick-6814
via reddit https://ift.tt/vy3Rueb
https://ift.tt/HWPUxoZ
Submitted April 18, 2024 at 04:22PM by Waste-Kick-6814
via reddit https://ift.tt/vy3Rueb
Cognisys Group Labs
Breaking Custom Encryption Using Frida (Mobile Application Pentesting)
Overview
Introducing Cloud Console Cartographer: An Open-Source Tool To Help Security Teams Easily Understand Log Events Generated by AWS Console Activity
https://ift.tt/HRKVnsO
Submitted April 18, 2024 at 07:32PM by permis0
via reddit https://ift.tt/8LipODK
https://ift.tt/HRKVnsO
Submitted April 18, 2024 at 07:32PM by permis0
via reddit https://ift.tt/8LipODK
permiso.io
Introducing Cloud Console Cartographer: An Open-Source Tool To Help Security Teams Easily Understand Log Events Generated by AWS…
Cloud Console Cartographer is an open-source tool that is built to help security teams distill the noise of events generated in cloud logs by activity in AWS console. Could Console Cartographer maps the myriad of events generated in cloud logs to a consolidated…
On Windows Registry by researcher who got 50+ CVEs there
https://ift.tt/o84AUJR
Submitted April 18, 2024 at 10:37PM by gynvael
via reddit https://ift.tt/SOIs5Qv
https://ift.tt/o84AUJR
Submitted April 18, 2024 at 10:37PM by gynvael
via reddit https://ift.tt/SOIs5Qv
Blogspot
The Windows Registry Adventure #1: Introduction and research results
Posted by Mateusz Jurczyk, Google Project Zero In the 20-month period between May 2022 and December 2023, I thoroughly audited the Win...
How Hackers Sniff Passwords
https://ift.tt/2szeT8l
Submitted April 19, 2024 at 04:12PM by danishlogon1
via reddit https://ift.tt/aQK2whT
https://ift.tt/2szeT8l
Submitted April 19, 2024 at 04:12PM by danishlogon1
via reddit https://ift.tt/aQK2whT
HackProofHacks
How Hackers Use Wireshark for Password Sniffing: What does Wireshark do? - HackProofHacks
Hey there, let's dive deep into the world of password sniffing and understand how hackers operate to steal sensitive information like login credentials.
EvilLsassTwin - PPL Bypass, Fast 12MB In-Memory Dumps
https://ift.tt/LgmEn0X
Submitted April 19, 2024 at 08:55PM by EphReborn
via reddit https://ift.tt/mdaKxTC
https://ift.tt/LgmEn0X
Submitted April 19, 2024 at 08:55PM by EphReborn
via reddit https://ift.tt/mdaKxTC
GitHub
Nimperiments/EvilLsassTwin at main · RePRGM/Nimperiments
Various one-off pentesting projects written in Nim. Updates happen on a whim. - RePRGM/Nimperiments
Backdooring Dotnet Applications
https://ift.tt/P9dauBO
Submitted April 19, 2024 at 11:57PM by lightgrains
via reddit https://ift.tt/RQTrLig
https://ift.tt/P9dauBO
Submitted April 19, 2024 at 11:57PM by lightgrains
via reddit https://ift.tt/RQTrLig
Chronicles of a F/OSS tool (Arachni)
https://ift.tt/yMnsJPe
Submitted April 20, 2024 at 02:33PM by tasos_laskos
via reddit https://ift.tt/jSgnsw6
https://ift.tt/yMnsJPe
Submitted April 20, 2024 at 02:33PM by tasos_laskos
via reddit https://ift.tt/jSgnsw6
Ecsypno
The Arachni Chronicles
A story of curiosity, experimentation, development, million euro deal, fraudsters, abandonment and revitalization.
From the inception of the F/OSS Arachni WebAppSec scanner to the opening of Ecsypno’s doors with its flagship product Codename SCNR.
From the inception of the F/OSS Arachni WebAppSec scanner to the opening of Ecsypno’s doors with its flagship product Codename SCNR.
Commercial successor to the Arachni WebAppSec scanner
https://ift.tt/N9uY1KS
Submitted April 20, 2024 at 05:59PM by tasos_laskos
via reddit https://ift.tt/UOK3GaN
https://ift.tt/N9uY1KS
Submitted April 20, 2024 at 05:59PM by tasos_laskos
via reddit https://ift.tt/UOK3GaN
Ecsypno
Codename SCNR
A modern, versatile, high-performace, modular, scalable and easy to integrate WebAppSec DAST scanner.
Codename RKN: The first WebApp attack surface mapper
https://ift.tt/4RLfoe0
Submitted April 20, 2024 at 09:25PM by tasos_laskos
via reddit https://ift.tt/Jt79oRy
https://ift.tt/4RLfoe0
Submitted April 20, 2024 at 09:25PM by tasos_laskos
via reddit https://ift.tt/Jt79oRy
Ecsypno
Codename RKN
Explore the Codename SCNR DAST/IAST web application security scanner and our F/OSS projects.
Introducing MalStatWare: Revolutionizing Malware Analysis with Automation! 💻🔒
https://ift.tt/tl3hyJa
Submitted April 21, 2024 at 06:51AM by OSTEsayed
via reddit https://ift.tt/zV4xqwj
https://ift.tt/tl3hyJa
Submitted April 21, 2024 at 06:51AM by OSTEsayed
via reddit https://ift.tt/zV4xqwj
GitHub
GitHub - OSTEsayed/OSTE-MalStatWare: MalStatWare automates malware analysis with Python. Extract key details like file size, type…
MalStatWare automates malware analysis with Python. Extract key details like file size, type, hash, path, and digital signature. It analyzes headers, APIs, and strings, giving quick insights for th...
AppView 1.0.0 is released! Instrument, Observe, Secure your deployments with no code modification.
https://appview.org/
Submitted April 21, 2024 at 10:57PM by algo9
via reddit https://ift.tt/QRNxk1p
https://appview.org/
Submitted April 21, 2024 at 10:57PM by algo9
via reddit https://ift.tt/QRNxk1p
appview.org
AppView is an open source instrumentation utility for any application, regardless of its runtime, with no code modification required. Collect only the data you need for full observability of your applications, systems and infrastructure.
How easy I made $$$$
https://ift.tt/upV9WoT
Submitted April 23, 2024 at 03:05PM by anasbetis94
via reddit https://ift.tt/DUw1Hca
https://ift.tt/upV9WoT
Submitted April 23, 2024 at 03:05PM by anasbetis94
via reddit https://ift.tt/DUw1Hca
Medium
How easy I made $$$$
Good morning!
An Analysis of the DHEat DoS Against SSH in Cloud Environments
https://ift.tt/RI2U05S
Submitted April 23, 2024 at 03:53PM by therealjoetesta
via reddit https://ift.tt/IJBnqDO
https://ift.tt/RI2U05S
Submitted April 23, 2024 at 03:53PM by therealjoetesta
via reddit https://ift.tt/IJBnqDO
Dauthi - MDM Authentication Framework
https://ift.tt/3TwNu09
Submitted April 23, 2024 at 06:37PM by emptynebuli
via reddit https://ift.tt/gD19Mkl
https://ift.tt/3TwNu09
Submitted April 23, 2024 at 06:37PM by emptynebuli
via reddit https://ift.tt/gD19Mkl
GitHub
GitHub - emptynebuli/dauthi: dauthi is a tool that takes advantage of API functionality across a variety of MDM solutions to perform…
dauthi is a tool that takes advantage of API functionality across a variety of MDM solutions to perform user enumeration and single-factor authentication attacks. Additionally, the framework offers...
BlackBerry MDM Has Some Authentication Flaws
https://ift.tt/0fyQFcl
Submitted April 23, 2024 at 06:36PM by emptynebuli
via reddit https://ift.tt/Vq1v4iM
https://ift.tt/0fyQFcl
Submitted April 23, 2024 at 06:36PM by emptynebuli
via reddit https://ift.tt/Vq1v4iM
Into the Abyss
BlackBerry MDM Has Some Authentication Flaws
After detailing authentication issues with VMWare’s Airwatch and Ivanti’s MobileIron, I began to search other popular Mobile Device Management (MDM) tools for similar logic flaws. One of my primary targets for this effort was the BlackBerry MDM. Black who…
CVE-2024-2389: Command Injection Vulnerability In Progress Flowmon
https://ift.tt/jd0cmQ9
Submitted April 23, 2024 at 09:15PM by hackers_and_builders
via reddit https://ift.tt/tuT8r9m
https://ift.tt/jd0cmQ9
Submitted April 23, 2024 at 09:15PM by hackers_and_builders
via reddit https://ift.tt/tuT8r9m
Rhino Security Labs
CVE-2024-2389: Command Injection Vulnerability In Progress Flowmon
CVE-2024-2389 unauthenticated command injection vulnerability found in Progress Flowmon server.
Nation-State Threat Actors Renew Publications to npm
https://ift.tt/bIdKWvh
Submitted April 24, 2024 at 07:21AM by louis11
via reddit https://ift.tt/BPHcKZI
https://ift.tt/bIdKWvh
Submitted April 24, 2024 at 07:21AM by louis11
via reddit https://ift.tt/BPHcKZI
Phylum Research | Software Supply Chain Security
Nation-State Threat Actors Renew Publications to npm | Phylum
North Korean threat actors return to npm with a new attack. Phylum detects malicious packages targeting macOS and Windows. Protect your software supply chain.