Preventing the worst supply chain attack you can imagine in the Python ecosystem
https://ift.tt/6ITCmhz
Submitted July 11, 2024 at 09:43PM by SRMish3
via reddit https://ift.tt/T6x4Rli
https://ift.tt/6ITCmhz
Submitted July 11, 2024 at 09:43PM by SRMish3
via reddit https://ift.tt/T6x4Rli
JFrog
Binary secret scanning helped us prevent (what might have been) the worst supply chain attack you can imagine
The JFrog Security Research team has recently discovered and reported a leaked access token with administrator access to Python’s, PyPI’s and Python Software Foundation’s GitHub repositories, which was leaked in a public Docker container hosted on Docker…
SaladCat: open-source and highly scalable password cracking using gamer GPUs
https://ift.tt/gQUZLrV
Submitted July 11, 2024 at 09:37PM by JetSetKyle
via reddit https://ift.tt/fdicBOp
https://ift.tt/gQUZLrV
Submitted July 11, 2024 at 09:37PM by JetSetKyle
via reddit https://ift.tt/fdicBOp
A Race to the Bottom - Database Transactions Undermining Your AppSec
https://ift.tt/uc6Eajz
Submitted July 11, 2024 at 10:35PM by nibblesec
via reddit https://ift.tt/eE5ymMc
https://ift.tt/uc6Eajz
Submitted July 11, 2024 at 10:35PM by nibblesec
via reddit https://ift.tt/eE5ymMc
CORS: the ultimate guide
https://ift.tt/BZvai3S
Submitted July 12, 2024 at 01:02AM by imaibou
via reddit https://ift.tt/oEe5vJi
https://ift.tt/BZvai3S
Submitted July 12, 2024 at 01:02AM by imaibou
via reddit https://ift.tt/oEe5vJi
Introduction to Hardware Hacking with a Raspberry Pi: Software Configuration
https://ift.tt/adnpWOZ
Submitted July 12, 2024 at 06:07PM by wrongbaud
via reddit https://ift.tt/vDEgPVL
https://ift.tt/adnpWOZ
Submitted July 12, 2024 at 06:07PM by wrongbaud
via reddit https://ift.tt/vDEgPVL
Voidstar Security Research Blog
Hardware Hacking with a Raspberry Pi - Configuring the PiFex
SharpHound Detection
https://ift.tt/wf5u8gO
Submitted July 15, 2024 at 06:35PM by netbiosX
via reddit https://ift.tt/ARVkl31
https://ift.tt/wf5u8gO
Submitted July 15, 2024 at 06:35PM by netbiosX
via reddit https://ift.tt/ARVkl31
Purple Team
SharpHound Detection
BloodHound is an attack path management solution which can discover hidden relationships in Active Directory by performing data analysis to identify paths in the domain that will lead to lateral mo…
Getting Started with Hollow Process Injection for beginners to intermediate
https://ift.tt/6L4uBvq
Submitted July 15, 2024 at 10:31PM by Altrntiv-to-security
via reddit https://ift.tt/smW6xyL
https://ift.tt/6L4uBvq
Submitted July 15, 2024 at 10:31PM by Altrntiv-to-security
via reddit https://ift.tt/smW6xyL
DARKRELAY
Hollow Process Injection
Unlike process injection, hollow process injection suspends a legitimate process, overwrites its existing code section with malicious code,
MailGoose: Your Solution to Curb E-mail Spoofing
https://ift.tt/CiEBAYW
Submitted July 15, 2024 at 11:24PM by kazet1234
via reddit https://ift.tt/H1z9JSo
https://ift.tt/CiEBAYW
Submitted July 15, 2024 at 11:24PM by kazet1234
via reddit https://ift.tt/H1z9JSo
cert.pl
MailGoose: Your Solution to Curb E-mail Spoofing
Protect organizations in your constituency from e-mail spoofing with our tool – mailgoose. In Poland it has already been used by over 25,000 users!
Security's Achilles' Heel: Vulnerable Drivers on the Prowl
https://ift.tt/gNdqReS
Submitted July 16, 2024 at 01:35AM by thewatcher_
via reddit https://ift.tt/5w47RX2
https://ift.tt/gNdqReS
Submitted July 16, 2024 at 01:35AM by thewatcher_
via reddit https://ift.tt/5w47RX2
Security Joes
Security's Achilles' Heel: Vulnerable Drivers on the Prowl
A notable trend in cyber threats nowadays is the exploitation of vulnerabilities in drivers through the Bring Your Own Vulnerable Driver (BYOVD) technique. BYOVD poses a significant risk as it allows attackers to bypass security measures and gain unrestricted…
Collateral Damage: Kernel exploit for Xbox SystemOS using CVE-2024-30088
https://ift.tt/XRvNhW7
Submitted July 16, 2024 at 02:21AM by Titokhan
via reddit https://ift.tt/79qo06e
https://ift.tt/XRvNhW7
Submitted July 16, 2024 at 02:21AM by Titokhan
via reddit https://ift.tt/79qo06e
GitHub
GitHub - exploits-forsale/collateral-damage: Kernel exploit for Xbox SystemOS using CVE-2024-30088
Kernel exploit for Xbox SystemOS using CVE-2024-30088 - exploits-forsale/collateral-damage
What Do the Developers Think of Your Security Program?
https://ift.tt/thqYCDX
Submitted July 15, 2024 at 10:22PM by Spriffy
via reddit https://ift.tt/hOdCpBK
https://ift.tt/thqYCDX
Submitted July 15, 2024 at 10:22PM by Spriffy
via reddit https://ift.tt/hOdCpBK
Meetup
Login to Meetup | Meetup
Not a Meetup member yet? Log in and find groups that host online or in person events and meet people in your local community who share your interests.
Pwn2Own: Pivoting from WAN to LAN to Attack a Synology BC500 IP Camera (Part 2)
https://ift.tt/EuzkNT6
Submitted July 16, 2024 at 04:47PM by sh0n1z
via reddit https://ift.tt/oJQw9sV
https://ift.tt/EuzkNT6
Submitted July 16, 2024 at 04:47PM by sh0n1z
via reddit https://ift.tt/oJQw9sV
Claroty
Pwn2Own: Pivoting from WAN to LAN to Attack a Synology BC500 IP Camera, Part 2
Team82 demonstrates an attack exploiting a remote code execution vulnerability in Synology BC 500 IP cameras. This attack is part of a broader research project that involved exploiting a TP-Link ER605 router, and pivoting from there to the local network to…
XenForo <= 2.2.15 RCE via CSRF (CVE-2024-38457, CVE-2024-38458)
https://ift.tt/Z8VjB0R
Submitted July 16, 2024 at 06:40PM by eg1x
via reddit https://ift.tt/tXKEsPr
https://ift.tt/Z8VjB0R
Submitted July 16, 2024 at 06:40PM by eg1x
via reddit https://ift.tt/tXKEsPr
Karmainsecurity
XenForo <= 2.2.15 (Widget::actionSave) Cross-Site Request Forgery Vulnerability | Karma(In)Security
This is the personal website of Egidio Romano, a very curious guy from Sicily, Italy. He's a computer security enthusiast, particularly addicted to webapp security.
Local Privilege Escalation vulnerability found (CVE-2024-39708) in Delinea Privilege Manager (formerly Thycotic Privilege Manager).
https://www.cyberark.com/resources/threat-research-blog/identity-crisis-the-curious-case-of-a-delinea-local-privilege-escalation-vulnerability
Submitted July 17, 2024 at 05:08AM by jat0369
via reddit https://ift.tt/9FvD1bC
https://www.cyberark.com/resources/threat-research-blog/identity-crisis-the-curious-case-of-a-delinea-local-privilege-escalation-vulnerability
Submitted July 17, 2024 at 05:08AM by jat0369
via reddit https://ift.tt/9FvD1bC
Cyberark
Identity Crisis: The Curious Case of a Delinea Local Privilege Escalation Vulnerability
During a recent customer engagement, the CyberArk Red Team discovered and exploited an Elevation of Privilege (EoP) vulnerability (CVE-2024-39708) in Delinea Privilege Manager (formerly Thycotic...
How to Bypass Golang SSL Verification
https://ift.tt/Uhy6GQv
Submitted July 17, 2024 at 04:47AM by jat0369
via reddit https://ift.tt/GTbNYnf
https://ift.tt/Uhy6GQv
Submitted July 17, 2024 at 04:47AM by jat0369
via reddit https://ift.tt/GTbNYnf
Cyberark
How to Bypass Golang SSL Verification
Golang applications that use HTTPS requests have a built-in SSL verification feature enabled by default. In our work, we often encounter an application that uses Golang HTTPS requests, and we have...
Furry hacking group SiegedSec announces breach of 2 Israeli companies
https://ift.tt/R01dnVl
Submitted July 17, 2024 at 09:11AM by Evropa_TheLastBattle
via reddit https://ift.tt/skuSPJD
https://ift.tt/R01dnVl
Submitted July 17, 2024 at 09:11AM by Evropa_TheLastBattle
via reddit https://ift.tt/skuSPJD
The Daily Dot
‘Tip of the iceberg’: Furry hacking group SiegedSec announces breach of 2 Israeli companies
'This is only the tip of the iceberg of what we're working on.'
Leveraging Automated Firmware Analysis with the Open-Source Firmware Analyzer EMBA
https://ift.tt/mHqvP34
Submitted July 17, 2024 at 06:27PM by _m-1-k-3_
via reddit https://ift.tt/FfhlIN6
https://ift.tt/mHqvP34
Submitted July 17, 2024 at 06:27PM by _m-1-k-3_
via reddit https://ift.tt/FfhlIN6
Medium
Leveraging Automated Firmware Analysis with the Open-Source Firmware Analyzer EMBA
The Internet of Things (IoT) ecosystem as well as critical infrastructure represents a rapidly growing technology field that connects…
Windows Installer Custom Actions Privilege Escalation Vulnerability
https://ift.tt/57znNhc
Submitted July 18, 2024 at 01:20PM by nibblesec
via reddit https://ift.tt/R3Ihqzp
https://ift.tt/57znNhc
Submitted July 18, 2024 at 01:20PM by nibblesec
via reddit https://ift.tt/R3Ihqzp
Attacking Connection Tracking Frameworks as used by VPN
https://ift.tt/3OwJ9WL
Submitted July 18, 2024 at 01:47PM by fo0
via reddit https://ift.tt/BcJux4w
https://ift.tt/3OwJ9WL
Submitted July 18, 2024 at 01:47PM by fo0
via reddit https://ift.tt/BcJux4w
Respotter - a honeypot for Responder
https://ift.tt/qjaYBsy
Submitted July 18, 2024 at 02:37AM by doctormay6
via reddit https://ift.tt/Es3ZpJ9
https://ift.tt/qjaYBsy
Submitted July 18, 2024 at 02:37AM by doctormay6
via reddit https://ift.tt/Es3ZpJ9
GitHub
GitHub - lawndoc/Respotter: Respotter is a Responder honeypot. Detect Responder in your environment as soon as it's spun up.
Respotter is a Responder honeypot. Detect Responder in your environment as soon as it's spun up. - lawndoc/Respotter
/r/netsec's Q3 2024 Information Security Hiring Thread
OverviewIf you have open positions at your company for information security professionals and would like to hire from the /r/netsec user base, please leave a comment detailing any open job listings at your company.We would also like to encourage you to post internship positions as well. Many of our readers are currently in school or are just finishing their education.Please reserve top level comments for those posting open positions.Rules & GuidelinesInclude the company name in the post. If you want to be topsykret, go recruit elsewhere. Include the geographic location of the position along with the availability of relocation assistance or remote work.If you are a third party recruiter, you must disclose this in your posting.Please be thorough and upfront with the position details.Use of non-hr'd (realistic) requirements is encouraged.While it's fine to link to the position on your companies website, provide the important details in the comment.Mention if applicants should apply officially through HR, or directly through you.Please clearly list citizenship, visa, and security clearance requirements.You can see an example of acceptable posts by perusing past hiring threads.FeedbackFeedback and suggestions are welcome, but please don't hijack this thread (use moderator mail instead.)
Submitted July 19, 2024 at 06:57PM by netsec_burn
via reddit https://ift.tt/HKfrbky
OverviewIf you have open positions at your company for information security professionals and would like to hire from the /r/netsec user base, please leave a comment detailing any open job listings at your company.We would also like to encourage you to post internship positions as well. Many of our readers are currently in school or are just finishing their education.Please reserve top level comments for those posting open positions.Rules & GuidelinesInclude the company name in the post. If you want to be topsykret, go recruit elsewhere. Include the geographic location of the position along with the availability of relocation assistance or remote work.If you are a third party recruiter, you must disclose this in your posting.Please be thorough and upfront with the position details.Use of non-hr'd (realistic) requirements is encouraged.While it's fine to link to the position on your companies website, provide the important details in the comment.Mention if applicants should apply officially through HR, or directly through you.Please clearly list citizenship, visa, and security clearance requirements.You can see an example of acceptable posts by perusing past hiring threads.FeedbackFeedback and suggestions are welcome, but please don't hijack this thread (use moderator mail instead.)
Submitted July 19, 2024 at 06:57PM by netsec_burn
via reddit https://ift.tt/HKfrbky
Reddit
From the netsec community on Reddit
Explore this post and more from the netsec community