Everyday Ghidra: Symbols — Prenoscription Lenses for Reverse Engineers — Part 1
https://ift.tt/LfqQkje
Submitted May 08, 2024 at 06:36PM by onlinereadme
via reddit https://ift.tt/GnfuTx3
https://ift.tt/LfqQkje
Submitted May 08, 2024 at 06:36PM by onlinereadme
via reddit https://ift.tt/GnfuTx3
Medium
Everyday Ghidra: Symbols — Prenoscription Lenses for Reverse Engineers — Part 1
In reverse engineering a closed-source binary using Ghidra or other software reverse engineering frameworks, a key objective is to…
Systematic VPN Detection
https://ift.tt/mSV1Ekl
Submitted May 08, 2024 at 08:25PM by incolumitas
via reddit https://ift.tt/fm6WTyn
https://ift.tt/mSV1Ekl
Submitted May 08, 2024 at 08:25PM by incolumitas
via reddit https://ift.tt/fm6WTyn
ipapi.is
ipapi.is - Detecting VPN Services
ipapi.is offers precise IP data via a user-friendly API, encompassing geolocation, ASN data, hosting detection, VPN detection, and proxy detection.
AI-Exploits: 4 new exploits released for major AI tools - Gradio, BentoML, FastAPI, AnythingLLM
https://ift.tt/cLDaoOH
Submitted May 08, 2024 at 09:51PM by FlyingTriangle
via reddit https://ift.tt/msEWiqd
https://ift.tt/cLDaoOH
Submitted May 08, 2024 at 09:51PM by FlyingTriangle
via reddit https://ift.tt/msEWiqd
Palo Alto Networks Blog
Network Security - Palo Alto Networks Blog
Secure your enterprise against tomorrow's threats, today. Protect users, applications and data anywhere with intelligent network security from Palo Alto Networks.
mlcsec/SharpGraphView: Microsoft Graph API post-exploitation toolkit
https://ift.tt/Ycz5g6X
Submitted May 09, 2024 at 12:32AM by Frequent_Passenger82
via reddit https://ift.tt/aVW7jIZ
https://ift.tt/Ycz5g6X
Submitted May 09, 2024 at 12:32AM by Frequent_Passenger82
via reddit https://ift.tt/aVW7jIZ
GitHub
GitHub - mlcsec/SharpGraphView: Microsoft Graph API post-exploitation toolkit
Microsoft Graph API post-exploitation toolkit. Contribute to mlcsec/SharpGraphView development by creating an account on GitHub.
E2E Security Testing via exploratory Testing
https://ift.tt/G5hmEte
Submitted May 09, 2024 at 11:32AM by samsbp97
via reddit https://ift.tt/LdzUQAF
https://ift.tt/G5hmEte
Submitted May 09, 2024 at 11:32AM by samsbp97
via reddit https://ift.tt/LdzUQAF
Random Access Memory
E2E Security Testing via exploratory Testing
How exploratory testing helps in driving the success factor of security testing
AWS CloudQuarry: Digging for Secrets in Public AMIs
https://ift.tt/Y6U9qBO
Submitted May 09, 2024 at 05:14PM by _TheTime_
via reddit https://ift.tt/I34UzLG
https://ift.tt/Y6U9qBO
Submitted May 09, 2024 at 05:14PM by _TheTime_
via reddit https://ift.tt/I34UzLG
Security Café
AWS CloudQuarry: Digging for Secrets in Public AMIs
Money, secrets and mass exploitation: This research unveils a quarry of sensitive data stored in public AMIs. Digging through each AMI we managed to collect 500 GB of credentials, private repositor…
Minecraft Source Pack Becomes Gateway for zEus Stealer Distribution
https://ift.tt/kO8qCie
Submitted May 09, 2024 at 10:40PM by goki7
via reddit https://ift.tt/OQerp3g
https://ift.tt/kO8qCie
Submitted May 09, 2024 at 10:40PM by goki7
via reddit https://ift.tt/OQerp3g
CyberInsider
Minecraft Source Pack Becomes Gateway for zEus Stealer Distribution
Fortinet's FortiGuard Labs researchers have uncovered a zEus stealer malware dissemination method involving a crafted Minecraft source pack.
apk.sh v1.0.9 is out! Making reverse engineering Android apps easier!
https://ift.tt/Am6aweJ
Submitted May 10, 2024 at 03:01AM by recovo_recovo
via reddit https://ift.tt/rnXvP6M
https://ift.tt/Am6aweJ
Submitted May 10, 2024 at 03:01AM by recovo_recovo
via reddit https://ift.tt/rnXvP6M
GitHub
GitHub - ax/apk.sh: Makes reverse engineering Android apps easier, automating repetitive tasks like pulling, decoding, rebuilding…
Makes reverse engineering Android apps easier, automating repetitive tasks like pulling, decoding, rebuilding and patching an APK. - ax/apk.sh
Digging for SSRF in NextJS apps
https://ift.tt/MHoKWwF
Submitted May 10, 2024 at 04:09AM by Mempodipper
via reddit https://ift.tt/lFJYMfK
https://ift.tt/MHoKWwF
Submitted May 10, 2024 at 04:09AM by Mempodipper
via reddit https://ift.tt/lFJYMfK
www.assetnote.io
Digging for SSRF in NextJS apps
At Assetnote, we encounter sites running NextJS extremely often; in this blog post we will detail some common misconfigurations we find in NextJS websites, along with a vulnerability we found in the framework.
SSL/TLS, part 3: Toy TLS 1.2 client in ~1600 SLOC of Python.
https://ift.tt/Cm17OlU
Submitted May 10, 2024 at 04:54PM by yurichev
via reddit https://ift.tt/YDrxQzh
https://ift.tt/Cm17OlU
Submitted May 10, 2024 at 04:54PM by yurichev
via reddit https://ift.tt/YDrxQzh
Kinsing Demystified - A Comprehensive Technical Guide
https://ift.tt/A5dWMkH
Submitted May 10, 2024 at 06:14PM by Pale_Fly_2673
via reddit https://ift.tt/TIX84c3
https://ift.tt/A5dWMkH
Submitted May 10, 2024 at 06:14PM by Pale_Fly_2673
via reddit https://ift.tt/TIX84c3
Unmasking Adversary Cloud Defense Evasion Strategies: Modify Cloud Compute Infrastructure Part 1
https://ift.tt/keI3EW5
Submitted May 10, 2024 at 08:59PM by permis0
via reddit https://ift.tt/CrNzsJf
https://ift.tt/keI3EW5
Submitted May 10, 2024 at 08:59PM by permis0
via reddit https://ift.tt/CrNzsJf
permiso.io
Unmasking Adversary Cloud Defense Evasion Strategies: Modify Cloud Compute Infrastructure Part 1
The MITRE ATT&CK Cloud Matrix for Enterprise includes a broad spectrum of tactics and techniques that adversaries use in cloud computing environments. This blog post focuses on techniques related to adversary attempt to modify cloud account's compute service…
Parallel-Committees": A Novelle Secure and High-Performance Distributed Database Architecture
https://ift.tt/3fHgh56
Submitted May 11, 2024 at 02:05AM by SS41BR
via reddit https://ift.tt/tsSJPkG
https://ift.tt/3fHgh56
Submitted May 11, 2024 at 02:05AM by SS41BR
via reddit https://ift.tt/tsSJPkG
ResearchGate
(PDF) Novel Fault-Tolerant, Self-Configurable, Scalable, Secure, Decentralized, and High-Performance Distributed Database Replication…
PDF | Describing the originality of the PhD work: *Main contribution and achievement of the thesis: The primary contribution of this thesis is the... | Find, read and cite all the research you need on ResearchGate
Lumma Stealer Malware Analysis
https://ift.tt/3ibD0uc
Submitted May 12, 2024 at 02:03AM by AdvancedFinish6896
via reddit https://ift.tt/p85lCu2
https://ift.tt/3ibD0uc
Submitted May 12, 2024 at 02:03AM by AdvancedFinish6896
via reddit https://ift.tt/p85lCu2
16 years of CVE-2008-0166 - Debian OpenSSL Bug - breaking DKIM and BIMI in 2024
https://ift.tt/IyfOJbL
Submitted May 12, 2024 at 04:59PM by hannob
via reddit https://ift.tt/Ulpe3gy
https://ift.tt/IyfOJbL
Submitted May 12, 2024 at 04:59PM by hannob
via reddit https://ift.tt/Ulpe3gy
16years.secvuln.info
16 years of CVE-2008-0166 - Debian OpenSSL Bug
Many DKIM setups used cryptographic keys vulnerable to the 2008 Debian OpenSSL Bug (CVE-2008-0166) in 2024.
Fuzz just about anything (network, GUI, editors, compilers, etc.) with Program Environment Fuzzing
https://ift.tt/R6ES0V4
Submitted May 13, 2024 at 09:11AM by zoomT
via reddit https://ift.tt/fjCxvqO
https://ift.tt/R6ES0V4
Submitted May 13, 2024 at 09:11AM by zoomT
via reddit https://ift.tt/fjCxvqO
GitHub
GitHub - GJDuck/EnvFuzz: Fuzz anything with Program Environment Fuzzing
Fuzz anything with Program Environment Fuzzing. Contribute to GJDuck/EnvFuzz development by creating an account on GitHub.
[KIS-2024-04] Cacti <= 1.2.26 Remote Code Execution Vulnerability
https://ift.tt/Yo92kRN
Submitted May 13, 2024 at 02:33PM by eg1x
via reddit https://ift.tt/T39mWFf
https://ift.tt/Yo92kRN
Submitted May 13, 2024 at 02:33PM by eg1x
via reddit https://ift.tt/T39mWFf
Karmainsecurity
Cacti <= 1.2.26 (import.php) Remote Code Execution Vulnerability | Karma(In)Security
This is the personal website of Egidio Romano, a very curious guy from Sicily, Italy. He's a computer security enthusiast, particularly addicted to webapp security.
TrollPersist
https://ift.tt/qWE4ps9
Submitted May 13, 2024 at 10:33PM by cybersectroll
via reddit https://ift.tt/numFAIB
https://ift.tt/qWE4ps9
Submitted May 13, 2024 at 10:33PM by cybersectroll
via reddit https://ift.tt/numFAIB
GitHub
GitHub - cybersectroll/SharpPersistSD
Contribute to cybersectroll/SharpPersistSD development by creating an account on GitHub.
cybersectroll/SharpPersistSD
https://ift.tt/W3uU425
Submitted May 14, 2024 at 12:38AM by cybersectroll
via reddit https://ift.tt/gp0XBm5
https://ift.tt/W3uU425
Submitted May 14, 2024 at 12:38AM by cybersectroll
via reddit https://ift.tt/gp0XBm5
GitHub
GitHub - cybersectroll/SharpPersistSD
Contribute to cybersectroll/SharpPersistSD development by creating an account on GitHub.
Pwnie Award Nominated Songs
https://www.youtube.com/playlist?list=PLuoKBCfw80oKXW0nQABYqiRQRs5BQUo4Q
Submitted May 14, 2024 at 01:25AM by seyyid_
via reddit https://ift.tt/7d1Bkfc
https://www.youtube.com/playlist?list=PLuoKBCfw80oKXW0nQABYqiRQRs5BQUo4Q
Submitted May 14, 2024 at 01:25AM by seyyid_
via reddit https://ift.tt/7d1Bkfc
Reddit
From the netsec community on Reddit: Pwnie Award Nominated Songs
Posted by seyyid_ - 5 votes and 0 comments
Response Filter Denial of Service (RFDoS): shut down a website by triggering WAF rule
https://ift.tt/gP120qH
Submitted May 14, 2024 at 12:00PM by theMiddleBlue
via reddit https://ift.tt/MQujLIr
https://ift.tt/gP120qH
Submitted May 14, 2024 at 12:00PM by theMiddleBlue
via reddit https://ift.tt/MQujLIr
Sicuranext Blog
Response Filter Denial of Service (RFDoS): shut down a website by triggering WAF rule
TL;DR: Basically, if a target website is protected by a WAF using the OWASP Core Rule Set or Comodo Rule Set or Atomicorp Rule Set, you can send the string ORA-1234 or OracleDrive or ASL-CONFIG-FILE in a comment, product review, registration form, e-commerce…