Jorkle's OSCP Guide
https://ift.tt/JVmDqnj
Submitted September 26, 2024 at 02:14AM by jorkle0895
via reddit https://ift.tt/e5qI8tp
https://ift.tt/JVmDqnj
Submitted September 26, 2024 at 02:14AM by jorkle0895
via reddit https://ift.tt/e5qI8tp
The Weekly Jorkle
Jorkle's OSCP Guide
Introduction Hello Folks, Today I am providing an all-encompassing OSCP preparation guide containing the advice and resources I wish I had when I started this path towards the OSCP. If you have any questions relating to OSCP preparation or anything else,…
Critical Vulnerabilities Discovered in Automated Tank Gauge Systems - Impact can range from DoS to physical damage.
https://ift.tt/cOJ4Nl5
Submitted September 26, 2024 at 04:17AM by JollyCartoonist3702
via reddit https://ift.tt/TLMcKgu
https://ift.tt/cOJ4Nl5
Submitted September 26, 2024 at 04:17AM by JollyCartoonist3702
via reddit https://ift.tt/TLMcKgu
Bitsight
Critical Vulnerabilities Discovered in Automated Tank Gauge Systems | Bitsight
Recent investigation by Bitsight TRACE has discovered multiple critical 0-day vulnerabilities across six ATG systems from five different vendors.
Hacking Kia: Remotely Controlling Cars With Just a License Plate
https://ift.tt/AXnKSZB
Submitted September 26, 2024 at 09:26PM by Titokhan
via reddit https://ift.tt/uYRkMnz
https://ift.tt/AXnKSZB
Submitted September 26, 2024 at 09:26PM by Titokhan
via reddit https://ift.tt/uYRkMnz
samcurry.net
Hacking Kia: Remotely Controlling Cars With Just a License Plate
On June 11th, 2024, we discovered a set of vulnerabilities in Kia vehicles that allowed remote control over key functions using only a license plate. These attacks could be executed remotely on any hardware-equipped vehicle in about 30 seconds, regardless…
Unath RCE in CUPS which triggers after a print job - affects most desktop linux flavors
https://ift.tt/jHvaQqL
Submitted September 27, 2024 at 02:17AM by FlyingTriangle
via reddit https://ift.tt/NyQjlZL
https://ift.tt/jHvaQqL
Submitted September 27, 2024 at 02:17AM by FlyingTriangle
via reddit https://ift.tt/NyQjlZL
evilsocket
Attacking UNIX Systems via CUPS, Part I
Hello friends, this is the first of two, possibly three (if and when I have time to finish the Windows research) writeups. We will start with targeting GNU/Linux systems with an RCE. As someone who’s
DNS poisoning in 30M domains caused by the Great Firewall
https://ift.tt/ofNO3sx
Submitted September 27, 2024 at 07:26PM by albinowax
via reddit https://ift.tt/KOGXg9w
https://ift.tt/ofNO3sx
Submitted September 27, 2024 at 07:26PM by albinowax
via reddit https://ift.tt/KOGXg9w
www.assetnote.io
Insecurity through Censorship: Vulnerabilities Caused by The Great Firewall
We detail several practical client-side attacks that can result from DNS poisoning observed for domains hosted in China. These attacks impact every domain on the Internet that uses a nameserver located in China, and it's estimated that more than 30 million…
Probing Slack Workspaces for Authentication Information and other Treats
https://ift.tt/ug2OFmx
Submitted September 28, 2024 at 01:54PM by TheAlphaBravo
via reddit https://ift.tt/xcCRZnl
https://ift.tt/ug2OFmx
Submitted September 28, 2024 at 01:54PM by TheAlphaBravo
via reddit https://ift.tt/xcCRZnl
PaperMtn
Probing Slack Workspaces for Authentication Information and other Treats
Did you know that Slack provides some surprising information about a workspace to unauthenticated callers? Slack Watchman knows, and in this post I’m going to show you the information you can enume…
The most powerful combination of React ecosystem tools in 2024!
https://ift.tt/Lr4gsCG
Submitted September 29, 2024 at 09:49AM by Several_Relation_920
via reddit https://ift.tt/gA8BSrf
https://ift.tt/Lr4gsCG
Submitted September 29, 2024 at 09:49AM by Several_Relation_920
via reddit https://ift.tt/gA8BSrf
Medium
The most powerful combination of React ecosystem tools in 2024!
After years of continuous evolution, React has built an extremely rich and powerful ecosystem. This article will list the most powerful technology stack combinations for React development in 2024…
Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 3)
https://ift.tt/xQ0ZJfW
Submitted September 30, 2024 at 01:13PM by cfambionics
via reddit https://ift.tt/IynMAPS
https://ift.tt/xQ0ZJfW
Submitted September 30, 2024 at 01:13PM by cfambionics
via reddit https://ift.tt/IynMAPS
Ambionics
Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 3)
In this blog post, we will explore how we can exploit CNEXT, but blind, covering the cases where we have a file read primitive, but cannot get the output.
Finding classes for exploiting Unsafe Reflection vulnerabilities in Java with Joern
https://ift.tt/7vYLR5i
Submitted September 30, 2024 at 09:15PM by sercurity
via reddit https://ift.tt/Upo0KFC
https://ift.tt/7vYLR5i
Submitted September 30, 2024 at 09:15PM by sercurity
via reddit https://ift.tt/Upo0KFC
Conviso AppSec
Finding classes for exploiting Unsafe Reflection / Unchecked Class Instantiation vulnerabilities in Java with Joern
During a penetration test, we found a Java application vulnerable to insecure reflection. How could we automate the process to find good classes?
WhoYouCalling - A tool to get a pcap per process and much more!
https://ift.tt/scpuPtM
Submitted September 30, 2024 at 01:51AM by Radiant-Savings-7114
via reddit https://ift.tt/uqCz9na
https://ift.tt/scpuPtM
Submitted September 30, 2024 at 01:51AM by Radiant-Savings-7114
via reddit https://ift.tt/uqCz9na
GitHub
GitHub - H4NM/WhoYouCalling: Records an executable's network activity into a Full Packet Capture file (.pcap) and much more.
Records an executable's network activity into a Full Packet Capture file (.pcap) and much more. - H4NM/WhoYouCalling
Vesta Admin Takeover: Exploiting Reduced Seed Entropy in bash $RANDOM
https://ift.tt/5x0BaSF
Submitted October 01, 2024 at 02:49PM by adrian_rt
via reddit https://ift.tt/qdR8wnl
https://ift.tt/5x0BaSF
Submitted October 01, 2024 at 02:49PM by adrian_rt
via reddit https://ift.tt/qdR8wnl
Cyber Security Services - London
Vesta Admin Takeover: Exploiting Reduced Seed Entropy in bash $RANDOM
Vesta admin takeover. Exploiting reduced seed entropy in bash $RANDOM to guess the admin's password reset token
Exploiting trust: Weaponizing permissive CORS configurations
https://ift.tt/pu3ZYAW
Submitted October 01, 2024 at 07:19PM by AlmondOffSec
via reddit https://ift.tt/QpNTwaG
https://ift.tt/pu3ZYAW
Submitted October 01, 2024 at 07:19PM by AlmondOffSec
via reddit https://ift.tt/QpNTwaG
Outpost24
Exploiting trust: Weaponizing permissive CORS configurations
Find out whether you’re underestimating Cross-Origin Resource Sharing (CORS) vulnerabilities in our latest research.
Zimbra - Remote Command Execution (CVE-2024-45519)
https://ift.tt/D0IpRZq
Submitted October 01, 2024 at 07:18PM by AlmondOffSec
via reddit https://ift.tt/XQNYuhB
https://ift.tt/D0IpRZq
Submitted October 01, 2024 at 07:18PM by AlmondOffSec
via reddit https://ift.tt/XQNYuhB
projectdiscovery.io
Zimbra - Remote Command Execution (CVE-2024-45519) — ProjectDiscovery Blog
Zimbra, a widely used email and collaboration platform, recently released a critical security update addressing a severe vulnerability in its postjournal service. This vulnerability, identified as CVE-2024-45519, allows unauthenticated attackers to execute…
Exploiting AMD atdcm64a.sys arbitrary pointer dereference - Part 2
https://ift.tt/M0S16yw
Submitted October 02, 2024 at 01:39PM by 0xdea
via reddit https://ift.tt/a1q04Lk
https://ift.tt/M0S16yw
Submitted October 02, 2024 at 01:39PM by 0xdea
via reddit https://ift.tt/a1q04Lk
hn security
Exploiting AMD atdcm64a.sys arbitrary pointer dereference - Part 2 - hn security
Welcome back! We concluded the previous […]
HTTP Parameter Pollution in 2024!
https://ift.tt/RxNgWVm
Submitted October 02, 2024 at 02:02PM by AlmondOffSec
via reddit https://ift.tt/6QdZKr1
https://ift.tt/RxNgWVm
Submitted October 02, 2024 at 02:02PM by AlmondOffSec
via reddit https://ift.tt/6QdZKr1
Medium
HTTP Parameter Pollution in 2024 !
Hi after going through all the Black Hat and DEFCON web security researches in 2024 , I noticed that the easiest way to break web apps is…
Class Pollution in Ruby: A Deep Dive into Exploiting Recursive Merges
https://ift.tt/dZWAeVG
Submitted October 02, 2024 at 11:24PM by nibblesec
via reddit https://ift.tt/H18GT4z
https://ift.tt/dZWAeVG
Submitted October 02, 2024 at 11:24PM by nibblesec
via reddit https://ift.tt/H18GT4z
Reverse Engineering and Dismantling Kekz Headphones
https://ift.tt/hSNziT5
Submitted October 03, 2024 at 01:21AM by doitsukara
via reddit https://ift.tt/HmsuvUL
https://ift.tt/hSNziT5
Submitted October 03, 2024 at 01:21AM by doitsukara
via reddit https://ift.tt/HmsuvUL
Blog
Reverse Engineering and Dismantling Kekz Headphones
Close to a year ago, I stumbled upon the Kekz Headphones, which seemed like an interesting approach on the whole digital audio device space. They claimed to work without any internet connection and all of the content already on the headphones itself. They…
When AI Gets Hijacked: Exploiting Hosted Models for Dark Roleplaying
https://ift.tt/F4N8Yo9
Submitted October 03, 2024 at 07:28PM by permis0
via reddit https://ift.tt/wljvYGQ
https://ift.tt/F4N8Yo9
Submitted October 03, 2024 at 07:28PM by permis0
via reddit https://ift.tt/wljvYGQ
permiso.io
Hijacking AI infrastructure with non-human identities like access tokens
Permiso has found that some attackers are using hijacked LLM infrastructure to power highly inappropriate AI chatbot services. In this article we will explain the methods we are observing attackers use when performing LLMJacking/LLMHijacking in AWS, why…
/r/netsec's Q4 2024 Information Security Hiring Thread
OverviewIf you have open positions at your company for information security professionals and would like to hire from the /r/netsec user base, please leave a comment detailing any open job listings at your company.We would also like to encourage you to post internship positions as well. Many of our readers are currently in school or are just finishing their education.Please reserve top level comments for those posting open positions.Rules & GuidelinesInclude the company name in the post. If you want to be topsykret, go recruit elsewhere. Include the geographic location of the position along with the availability of relocation assistance or remote work.If you are a third party recruiter, you must disclose this in your posting.Please be thorough and upfront with the position details.Use of non-hr'd (realistic) requirements is encouraged.While it's fine to link to the position on your companies website, provide the important details in the comment.Mention if applicants should apply officially through HR, or directly through you.Please clearly list citizenship, visa, and security clearance requirements.You can see an example of acceptable posts by perusing past hiring threads.FeedbackFeedback and suggestions are welcome, but please don't hijack this thread (use moderator mail instead.)
Submitted October 03, 2024 at 09:19PM by netsec_burn
via reddit https://ift.tt/mF0EjOV
OverviewIf you have open positions at your company for information security professionals and would like to hire from the /r/netsec user base, please leave a comment detailing any open job listings at your company.We would also like to encourage you to post internship positions as well. Many of our readers are currently in school or are just finishing their education.Please reserve top level comments for those posting open positions.Rules & GuidelinesInclude the company name in the post. If you want to be topsykret, go recruit elsewhere. Include the geographic location of the position along with the availability of relocation assistance or remote work.If you are a third party recruiter, you must disclose this in your posting.Please be thorough and upfront with the position details.Use of non-hr'd (realistic) requirements is encouraged.While it's fine to link to the position on your companies website, provide the important details in the comment.Mention if applicants should apply officially through HR, or directly through you.Please clearly list citizenship, visa, and security clearance requirements.You can see an example of acceptable posts by perusing past hiring threads.FeedbackFeedback and suggestions are welcome, but please don't hijack this thread (use moderator mail instead.)
Submitted October 03, 2024 at 09:19PM by netsec_burn
via reddit https://ift.tt/mF0EjOV
Reddit
From the netsec community on Reddit
Explore this post and more from the netsec community
Pwning LLaMA.cpp RPC Server with CVE-2024-42478 and CVE-2024-42479
https://ift.tt/GqY5c4d
Submitted October 04, 2024 at 05:43AM by pwntheplanet
via reddit https://ift.tt/kmeOfpQ
https://ift.tt/GqY5c4d
Submitted October 04, 2024 at 05:43AM by pwntheplanet
via reddit https://ift.tt/kmeOfpQ
( ͡◕ _ ͡◕)👌
Pwning LLaMA.cpp RPC Server
Built your portable pentesting lab with Pi-Tail that is controlled only by your smartphone
https://ift.tt/xzwJDYT
Submitted October 04, 2024 at 12:53PM by barakadua131
via reddit https://ift.tt/g1yW2iF
https://ift.tt/xzwJDYT
Submitted October 04, 2024 at 12:53PM by barakadua131
via reddit https://ift.tt/g1yW2iF
Mobile Hacker
Portable Hacking Lab: Control The Smallest Kali Linux With a Smartphone
This guide shows you how to set up a headless Pi-Tail, controlled entirely from your smartphone via SSH or VNC. This compact and cost-effective setup is perfect for on-the-go Wi-Fi pentesting, network scanning, and vulnerability assessments.