AWS introduced same RCE vulnerability three times in four years
https://ift.tt/NV2eIkT
Submitted January 04, 2025 at 04:47PM by ranker_
via reddit https://ift.tt/KT7orWz
https://ift.tt/NV2eIkT
Submitted January 04, 2025 at 04:47PM by ranker_
via reddit https://ift.tt/KT7orWz
Remote Code Execution (RCE) Exploits | CVE-2024-6782 | Ocsaly Academy
https://ift.tt/xOo8tAI
Submitted January 05, 2025 at 08:07AM by ocsaly
via reddit https://ift.tt/B0oeiYH
https://ift.tt/xOo8tAI
Submitted January 05, 2025 at 08:07AM by ocsaly
via reddit https://ift.tt/B0oeiYH
Software Defined Radio Training (Online 9+Hours) - CSDR+ - Ocsaly Academy
https://ift.tt/Di30cwm
Submitted January 05, 2025 at 08:06AM by ocsaly
via reddit https://ift.tt/QjefSma
https://ift.tt/Di30cwm
Submitted January 05, 2025 at 08:06AM by ocsaly
via reddit https://ift.tt/QjefSma
Metasploitable 3 Walkthrough
https://ift.tt/lp2mwvV
Submitted January 06, 2025 at 04:27AM by SL7reach
via reddit https://ift.tt/XGDSdT2
https://ift.tt/lp2mwvV
Submitted January 06, 2025 at 04:27AM by SL7reach
via reddit https://ift.tt/XGDSdT2
SecureLayer7 - Offensive Security, API Scanner & Attack Surface Management
Metasploitable3 Walkthrough: Penetration Testing (Part 1)
Metasploitable3 is an updated version of Metasploitable2, developed to provide a more realistic environment for practicing advanced penetration testing techniques. This version introduces new...
Argo Workflows - Uncovering the Hidden Misconfigurations
https://ift.tt/O8YMW0Q
Submitted January 06, 2025 at 04:43PM by eranvak
via reddit https://ift.tt/q7jLEYx
https://ift.tt/O8YMW0Q
Submitted January 06, 2025 at 04:43PM by eranvak
via reddit https://ift.tt/q7jLEYx
www.evasec.io
Argo Workflows - Uncovering the Hidden Misconfigurations | E.V.A
Misconfigured Argo Workflows may result in a massive supply chain attack
The less you reveal the better! A short overview of frequently overlooked User Enumeration Vulnerability
https://ift.tt/EmDXIZh
Submitted January 07, 2025 at 01:45AM by 42-is-the-number
via reddit https://ift.tt/2KyiXY4
https://ift.tt/EmDXIZh
Submitted January 07, 2025 at 01:45AM by 42-is-the-number
via reddit https://ift.tt/2KyiXY4
Medium
TMI — Too Much Information. The less you reveal the better!
A short overview of frequently overlooked vulnerability with real world examples
SMB3 Kernel Server (ksmbd) fuzzing and vulns
https://ift.tt/60sF7cH
Submitted January 07, 2025 at 09:15PM by nibblesec
via reddit https://ift.tt/jJcKe7T
https://ift.tt/60sF7cH
Submitted January 07, 2025 at 09:15PM by nibblesec
via reddit https://ift.tt/jJcKe7T
Scanning the Entire Internet on Port 80
https://ift.tt/1fqS23t
Submitted January 07, 2025 at 10:01PM by DaSapien
via reddit https://ift.tt/OPkW4ro
https://ift.tt/1fqS23t
Submitted January 07, 2025 at 10:01PM by DaSapien
via reddit https://ift.tt/OPkW4ro
RedHunt Labs
Open Port Chronicle: What Port 80 Revealed About The Internet (Wave 12)
Explore what Port 80 revealed about the internet in Project Resonance (Wave 12) and the insights gained from this key web traffic gateway.
SYN Spoof Scanner - a simple tool to perform SYN port scan with spoofed source IPs for offensive deception
https://ift.tt/cnOFNw4
Submitted January 08, 2025 at 02:02PM by eitot8
via reddit https://ift.tt/IwZBOHe
https://ift.tt/cnOFNw4
Submitted January 08, 2025 at 02:02PM by eitot8
via reddit https://ift.tt/IwZBOHe
Tier Zero Security
Information Security Services. Offensive Security, Penetration Testing, Mobile and Application, Purple Team, Red Team
Help Net Security - A FOSS tool to analyse IOC
https://ift.tt/Re1ldvO
Submitted January 08, 2025 at 05:14PM by stan_frbd
via reddit https://ift.tt/cGqVLT7
https://ift.tt/Re1ldvO
Submitted January 08, 2025 at 05:14PM by stan_frbd
via reddit https://ift.tt/cGqVLT7
Help Net Security
Cyberbro: Open-source tool extracts IoCs and checks their reputation
Cyberbro is an open-source application that extracts IoCs from garbage input and checks their reputation using multiple services.
Backdooring Your Backdoors - Another $20 Domain, More Governments - watchTowr Labs
https://ift.tt/OESkp87
Submitted January 08, 2025 at 04:42PM by dx7r__
via reddit https://ift.tt/uLcQ4P1
https://ift.tt/OESkp87
Submitted January 08, 2025 at 04:42PM by dx7r__
via reddit https://ift.tt/uLcQ4P1
watchTowr Labs
Backdooring Your Backdoors - Another $20 Domain, More Governments
After the excitement of our .MOBI research, we were left twiddling our thumbs. As you may recall, in 2024, we demonstrated the impact of an unregistered domain when we subverted the TLS/SSL CA process for verifying domain ownership to give ourselves the ability…
Magic/Tragic Email Links: Don't make them the only option
https://ift.tt/MKj74SN
Submitted January 08, 2025 at 07:46PM by gepeto42
via reddit https://ift.tt/dTQvDmq
https://ift.tt/MKj74SN
Submitted January 08, 2025 at 07:46PM by gepeto42
via reddit https://ift.tt/dTQvDmq
Recyclebin.zip
Magic/Tragic Email Links: Don't make them the only option
Subnoscription websites now like to use magic email links for login. They are extremely annoying.
Top 10 web hacking techniques of 2024: nominations open
https://ift.tt/FPNMx2X
Submitted January 09, 2025 at 01:56PM by nibblesec
via reddit https://ift.tt/i9lcE0p
https://ift.tt/FPNMx2X
Submitted January 09, 2025 at 01:56PM by nibblesec
via reddit https://ift.tt/i9lcE0p
PortSwigger Research
Top 10 web hacking techniques of 2024: nominations open
Nominations are now open for the top 10 new web hacking techniques of 2024! Every year, security researchers from all over the world share their latest findings via blog posts, presentations, PoCs, an
Bypassing File Upload Restrictions To Exploit Client-Side Path Traversal (CSPT, CSPT2CSRF)
https://ift.tt/zsRUZSF
Submitted January 09, 2025 at 01:55PM by nibblesec
via reddit https://ift.tt/rGZFt4a
https://ift.tt/zsRUZSF
Submitted January 09, 2025 at 01:55PM by nibblesec
via reddit https://ift.tt/rGZFt4a
Abuse a time-based SQL injection by customizing SQLMAP
https://ift.tt/0UL1Cp3
Submitted January 09, 2025 at 03:01PM by Hackmosphere
via reddit https://ift.tt/aIcgYVj
https://ift.tt/0UL1Cp3
Submitted January 09, 2025 at 03:01PM by Hackmosphere
via reddit https://ift.tt/aIcgYVj
Hackmosphere
Time-based Blind SQL Injection et modification de SQLMAP
Time-based blind SQL injection : Découvrez comment cette faille se distingue par sa capacité à exfiltrer des données sans activer d'alerte.
WorstFit: Unveiling Hidden Transformers in Windows ANSI!
https://ift.tt/O3sXyxv
Submitted January 09, 2025 at 09:40PM by albinowax
via reddit https://ift.tt/fpmaE8N
https://ift.tt/O3sXyxv
Submitted January 09, 2025 at 09:40PM by albinowax
via reddit https://ift.tt/fpmaE8N
Orange Tsai
WorstFit: Unveiling Hidden Transformers in Windows ANSI!
📌 This is a cross-post from DEVCORE. The research was first published at Black Hat Europe 2024. Personally, I would like to thank splitline, the co-author of this research & article, whose help
Do Secure-By-Design Pledges Come With Stickers? - Ivanti Connect Secure RCE (CVE-2025-0282) - watchTowr Labs
https://ift.tt/AkXehRK
Submitted January 10, 2025 at 07:05AM by dx7r__
via reddit https://ift.tt/Dsd54np
https://ift.tt/AkXehRK
Submitted January 10, 2025 at 07:05AM by dx7r__
via reddit https://ift.tt/Dsd54np
watchTowr Labs
Do Secure-By-Design Pledges Come With Stickers? - Ivanti Connect Secure RCE (CVE-2025-0282)
Did you have a good break? Have you had a chance to breathe? Wake up.
It’s 2025, and the chaos continues.
Haha, see what we did? We wrote the exact same thing in 2024 because 2024 was exactly the same.
As an industry, we are on GroundHog day -
It’s 2025, and the chaos continues.
Haha, see what we did? We wrote the exact same thing in 2024 because 2024 was exactly the same.
As an industry, we are on GroundHog day -
Exploiting SSTI in a Modern Spring Boot Application (3.3.4)
https://ift.tt/KwxzvGp
Submitted January 10, 2025 at 02:18PM by parzel
via reddit https://ift.tt/9ONDTJR
https://ift.tt/KwxzvGp
Submitted January 10, 2025 at 02:18PM by parzel
via reddit https://ift.tt/9ONDTJR
Modzero
Exploiting SSTI in a Modern Spring Boot Application (3.3.4) / modzero
How to jailbreak most/all LLMs using Assistant Prefill
https://ift.tt/iaTDkfg
Submitted January 10, 2025 at 08:53PM by Ok_Information1453
via reddit https://ift.tt/Q0MCHJn
https://ift.tt/iaTDkfg
Submitted January 10, 2025 at 08:53PM by Ok_Information1453
via reddit https://ift.tt/Q0MCHJn
Invicti
First Tokens: The Achilles’ Heel of LLMs
The Assistant Prefill feature available in many LLMs can open up models to jailbreaking, including the possibility of persistent prefills to bypass LLM safety alignments.
ACE up the sleeve: Hacking into Apple's new USB-C Controller
https://ift.tt/jRH3PGT
Submitted January 10, 2025 at 11:01PM by Titokhan
via reddit https://ift.tt/IrsTEPg
https://ift.tt/jRH3PGT
Submitted January 10, 2025 at 11:01PM by Titokhan
via reddit https://ift.tt/IrsTEPg
media.ccc.de
ACE up the sleeve:
With the iPhone 15 & iPhone 15 Pro, Apple switched their iPhone to USB-C and introduced a new USB-C controller: The ACE3, a powerful, ver...
Gayfemboy: A Botnet Deliver Through a Four-Faith Industrial Router 0-day Exploit.
https://ift.tt/czW2fXb
Submitted January 11, 2025 at 06:02AM by LordAlfredo
via reddit https://ift.tt/gHhw7fW
https://ift.tt/czW2fXb
Submitted January 11, 2025 at 06:02AM by LordAlfredo
via reddit https://ift.tt/gHhw7fW
奇安信 X 实验室
Gayfemboy: A Botnet Deliver Through a Four-Faith Industrial Router 0-day Exploit.
Overview
Countless noscript kiddies, dreaming of getting rich, rush into the DDoS black-market industry armed with Mirai source code, imagining they can make a fortune with botnets. Reality, however, is harsh—these individuals arrive full of ambition but…
Countless noscript kiddies, dreaming of getting rich, rush into the DDoS black-market industry armed with Mirai source code, imagining they can make a fortune with botnets. Reality, however, is harsh—these individuals arrive full of ambition but…