OOPS! There goes the OPSEC!
https://ift.tt/t9OqpCZ
Submitted May 22, 2024 at 08:17PM by tharkun42
via reddit https://ift.tt/F8QL0uG
https://ift.tt/t9OqpCZ
Submitted May 22, 2024 at 08:17PM by tharkun42
via reddit https://ift.tt/F8QL0uG
Zetier
Oops, there goes the OPSEC
Breadcrumbs are left throughout computer systems that hackers can use to track attribution or recover sensitive information. See possible gotchas in this post.
ANSI Escape Injection Vulnerability in WinRAR (CVE-2024–33899, CVE-2024–36052)
https://ift.tt/SOhgHol
Submitted May 22, 2024 at 07:58PM by rushedcar
via reddit https://ift.tt/UMPFYpT
https://ift.tt/SOhgHol
Submitted May 22, 2024 at 07:58PM by rushedcar
via reddit https://ift.tt/UMPFYpT
Medium
ANSI Escape Injection Vulnerability in WinRAR
On 28 February 2024, RARLAB released an update for WinRAR, patching an ANSI escape sequence injection vulnerability that I had found in the…
RF Swift: A swifty RF toolbox for your needs, and it's multi-platform!
https://ift.tt/1cnHbG0
Submitted May 22, 2024 at 07:34PM by sebazzen
via reddit https://ift.tt/myfwVMe
https://ift.tt/1cnHbG0
Submitted May 22, 2024 at 07:34PM by sebazzen
via reddit https://ift.tt/myfwVMe
GitHub
GitHub - PentHertz/RF-Swift: 🚀 A powerful multi-platform RF toolbox that deploys specialized radio tools in seconds on Linux, Windows…
🚀 A powerful multi-platform RF toolbox that deploys specialized radio tools in seconds on Linux, Windows, and macOS—supporting x86_64, ARM64 (Raspberry Pi, Apple Silicon), and RISC-V architectures ...
Memory Pollution in LLMs: Understanding New AI Security Concerns
https://ift.tt/VWsuj8E
Submitted May 22, 2024 at 09:19PM by Standard_Arm_4476
via reddit https://ift.tt/RFGrfCe
https://ift.tt/VWsuj8E
Submitted May 22, 2024 at 09:19PM by Standard_Arm_4476
via reddit https://ift.tt/RFGrfCe
Boost Security Audit - Shielder
https://ift.tt/Hr7RI2t
Submitted May 22, 2024 at 08:56PM by smaury
via reddit https://ift.tt/bHGNvZL
https://ift.tt/Hr7RI2t
Submitted May 22, 2024 at 08:56PM by smaury
via reddit https://ift.tt/bHGNvZL
Shielder
Shielder - Boost Security Audit
Boost Security Audit, sponsored by Amazon Web Services (AWS), facilitated by Open Source Technology Improvement Fund (OSTIF) and performed by Shielder.
Reshaper - The guide to the ultimate Burp plugin for advanced shenanigans
https://ift.tt/JUK1ESg
Submitted May 22, 2024 at 01:21PM by ivxrehc
via reddit https://ift.tt/Z1aPOE4
https://ift.tt/JUK1ESg
Submitted May 22, 2024 at 01:21PM by ivxrehc
via reddit https://ift.tt/Z1aPOE4
Shelltrail
Reshaper - The guide to the ultimate Burp plugin for advanced shenanigans | Shelltrail
Have you ever had issues with CSRF tokens during a web assessment? Or drop data from burp to commandline for parsing? This is the guide to leverage the power of the Reshaper plugin developed by @ddwightx
CLOUD#REVERSER: An Attack Involving Threat Actors Compromising Systems Using A Sophisticated Cloud-Based Malware
https://ift.tt/eoxyNYb
Submitted May 21, 2024 at 11:51PM by -rwxr-xr--
via reddit https://ift.tt/U1C86j0
https://ift.tt/eoxyNYb
Submitted May 21, 2024 at 11:51PM by -rwxr-xr--
via reddit https://ift.tt/U1C86j0
Securonix
Analysis and Detection of CLOUD#REVERSER: An Attack Involving Threat Actors Compromising Systems Using A Sophisticated Cloud-Based…
Explore Securonix's insights on CLOUD#REVERSER, using Google Drive and Dropbox in sophisticated malware attacks and data theft.
Emotions as human detection & defence
https://ift.tt/Swqzicg
Submitted May 23, 2024 at 10:02AM by DiabloHorn
via reddit https://ift.tt/jr1kxOE
https://ift.tt/Swqzicg
Submitted May 23, 2024 at 10:02AM by DiabloHorn
via reddit https://ift.tt/jr1kxOE
DiabloHorn
Emotions as human detection & defence
Like most people working in IT or information security or just in general with computers you’ll often receive questions on how to protect against phishing attacks, scams or similar attempts t…
Nuking Weak Shellcode Hacker Hashes For Fun And Profit!
https://ift.tt/zV1R4E0
Submitted May 23, 2024 at 08:17PM by operat1ve
via reddit https://ift.tt/vtNFiy3
https://ift.tt/zV1R4E0
Submitted May 23, 2024 at 08:17PM by operat1ve
via reddit https://ift.tt/vtNFiy3
karma-x.io
Nuking Weak Shellcode Hacker Hashes For Fun And Profit
How to achieve eternal persistence in an Active Directory environment - Part 1
https://ift.tt/k59xmPg
Submitted May 24, 2024 at 02:38AM by darronofsky
via reddit https://ift.tt/a2wOUCx
https://ift.tt/k59xmPg
Submitted May 24, 2024 at 02:38AM by darronofsky
via reddit https://ift.tt/a2wOUCx
Huntandhackett
How to achieve eternal persistence in an Active Directory environment - Part 1
Explore passive techniques for surviving remediation and achieving eternal persistence in an AD environment.
Malicious PyPI packages targeting highly specific MacOS machines
https://ift.tt/WYpMSHd
Submitted May 24, 2024 at 01:56PM by thorn42
via reddit https://ift.tt/6MOYPkq
https://ift.tt/WYpMSHd
Submitted May 24, 2024 at 01:56PM by thorn42
via reddit https://ift.tt/6MOYPkq
Datadoghq
Malicious PyPI packages targeting highly specific MacOS machines
In this post, we analyze a cluster of malicious PyPI packages targeting specific MacOS machines.
[Must Read] Analysis of CVE-2023-39143 – PaperCut RCE
https://ift.tt/Al75hrW
Submitted May 24, 2024 at 06:41PM by SL7reach
via reddit https://ift.tt/upJAgYw
https://ift.tt/Al75hrW
Submitted May 24, 2024 at 06:41PM by SL7reach
via reddit https://ift.tt/upJAgYw
SecureLayer7 - Offensive Security, API Scanner & Attack Surface Management
Analysis of CVE-2023-39143 – PaperCut RCE
Overview CVE-2023-39143 is a path traversal vulnerability found in Papercut MF/NG, a print management solution. This particular CVE only affects Windows installations prior to version 22.1.3. With...
Entra ID service principals in business email compromise schemes
https://ift.tt/mweDagX
Submitted May 25, 2024 at 12:46AM by tvjust
via reddit https://ift.tt/iPSgyue
https://ift.tt/mweDagX
Submitted May 25, 2024 at 12:46AM by tvjust
via reddit https://ift.tt/iPSgyue
Red Canary
Entra ID service principals in business email compromise schemes | Red Canary
The service principals in Microsoft's Entra ID can be a boon for business email compromise, but they’re also a key log source for detection.
iGoat iOS Application - Challenge Solves Blog Post
https://ift.tt/c5hmnPy
Submitted May 25, 2024 at 09:27PM by lightgrains
via reddit https://ift.tt/p6I8Mig
https://ift.tt/c5hmnPy
Submitted May 25, 2024 at 09:27PM by lightgrains
via reddit https://ift.tt/p6I8Mig
LangChain JS Arbitrary File Read Vulnerability
https://ift.tt/kvD3ysb
Submitted May 26, 2024 at 05:03AM by Standard_Arm_4476
via reddit https://ift.tt/jFKNzqn
https://ift.tt/kvD3ysb
Submitted May 26, 2024 at 05:03AM by Standard_Arm_4476
via reddit https://ift.tt/jFKNzqn
Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 1)
https://ift.tt/Oj51ivm
Submitted May 27, 2024 at 02:21PM by cfambionics
via reddit https://ift.tt/IWUzXyx
https://ift.tt/Oj51ivm
Submitted May 27, 2024 at 02:21PM by cfambionics
via reddit https://ift.tt/IWUzXyx
Ambionics
Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 1)
A few months ago, I stumbled upon a 24 years old buffer overflow in the glibc, the base library for linux programs. Despite being reachable in multiple well-known libraries or executables, it proved rarely exploitable — while it didn't provide much leeway…
VS Code Extension: Convert Diagrams to Text Format | Better Code Documentation
https://ift.tt/cBTiXCU
Submitted May 27, 2024 at 06:53PM by mknined
via reddit https://ift.tt/KJBHZGy
https://ift.tt/cBTiXCU
Submitted May 27, 2024 at 06:53PM by mknined
via reddit https://ift.tt/KJBHZGy
Visualstudio
TexEtch - Visual Studio Marketplace
Extension for Visual Studio Code - Add beautiful diagrams drawn on draw.io to your code
Diagram to Text
Diagram to Text
Exploiting V8 at openECSC: A beginner-friendly journey from a memory corruption to a browser pwn
https://ift.tt/F0IAVEn
Submitted May 27, 2024 at 11:06PM by rebane2001
via reddit https://ift.tt/pw1g63s
https://ift.tt/F0IAVEn
Submitted May 27, 2024 at 11:06PM by rebane2001
via reddit https://ift.tt/pw1g63s
lyra's epic blog
Exploiting V8 at openECSC
A beginner-friendly journey from a memory corruption to a browser pwn.
Part 2: Threat Detection Engineering and Incident Response with AuditD and Sentinel — Combine Events by ID with Laurel before sending to Sentinel as JSON.
https://ift.tt/mEkjYCp
Submitted May 27, 2024 at 10:38PM by thattechkitten
via reddit https://ift.tt/FKnjrmC
https://ift.tt/mEkjYCp
Submitted May 27, 2024 at 10:38PM by thattechkitten
via reddit https://ift.tt/FKnjrmC
Medium
Part 2: Threat Detection Engineering and Incident Response with AuditD and Sentinel — Combine…
NOTE: This article is based off the following:
ManageEngine ADAudit - Reverse engineering Windows RPC to find CVEs - part 1 / RPC
https://ift.tt/l8jhnvx
Submitted May 28, 2024 at 12:08PM by ivxrehc
via reddit https://ift.tt/Yaj1cIz
https://ift.tt/l8jhnvx
Submitted May 28, 2024 at 12:08PM by ivxrehc
via reddit https://ift.tt/Yaj1cIz
Shelltrail
ManageEngine ADAudit - Reverse engineering Windows RPC to find CVEs - part 1 / RPC | Shelltrail
Follow along a journey to find vulnerabilities in the RPC functionaliy of ManageEngine ADAudit
Multiple vulnerabilities in Eclipse ThreadX
https://ift.tt/ycqIHV1
Submitted May 28, 2024 at 03:26PM by 0xdea
via reddit https://ift.tt/4lxKWd5
https://ift.tt/ycqIHV1
Submitted May 28, 2024 at 03:26PM by 0xdea
via reddit https://ift.tt/4lxKWd5
HN Security
Multiple vulnerabilities in Eclipse ThreadX - HN Security
Coordinated disclosure writeup about multiple vulnerabilities in Eclipse ThreadX (CVE-2024-2214, CVE-2024-2212, CVE-2024-2452).