Story of a Pentester Recruitment 2025
https://ift.tt/4VlcPiv
Submitted January 14, 2025 at 07:33PM by buherator
via reddit https://ift.tt/Gt4giUe
https://ift.tt/4VlcPiv
Submitted January 14, 2025 at 07:33PM by buherator
via reddit https://ift.tt/Gt4giUe
Silent Signal Techblog
Story of a Pentester Recruitment 2025
Because we can!
Millions of Accounts Vulnerable due to Google’s OAuth Flaw
https://ift.tt/XbTr7DH
Submitted January 14, 2025 at 10:14PM by wifihack
via reddit https://ift.tt/wDnFBAL
https://ift.tt/XbTr7DH
Submitted January 14, 2025 at 10:14PM by wifihack
via reddit https://ift.tt/wDnFBAL
Trufflesecurity
Millions of Accounts Vulnerable due to Google’s OAuth Flaw ◆ Truffle Security Co.
Millions of Americans can have their data stolen right now because of a deficiency in Google’s “Sign in with Google” authentication flow. If you’ve worked for a startup in the past - especially one that has since shut down - you might be vulnerable.
Command Line Underdog: WMIC in Action -- How to use wmic as an alternate shell in a pinch
https://ift.tt/VaycXuL
Submitted January 14, 2025 at 09:45PM by oddvarmoe
via reddit https://ift.tt/O3kI18R
https://ift.tt/VaycXuL
Submitted January 14, 2025 at 09:45PM by oddvarmoe
via reddit https://ift.tt/O3kI18R
New Microsoft OLE Vulnerability, Exploitable via Email
https://ift.tt/H1lnvUg
Submitted January 15, 2025 at 01:11AM by LordAlfredo
via reddit https://ift.tt/zkoUZE2
https://ift.tt/H1lnvUg
Submitted January 15, 2025 at 01:11AM by LordAlfredo
via reddit https://ift.tt/zkoUZE2
Laser Fault Injection on a Budget: RP2350 Edition
https://ift.tt/fSDtUC3
Submitted January 15, 2025 at 01:56AM by Titokhan
via reddit https://ift.tt/qVyCwlB
https://ift.tt/fSDtUC3
Submitted January 15, 2025 at 01:56AM by Titokhan
via reddit https://ift.tt/qVyCwlB
Courk's Blog
Laser Fault Injection on a Budget: RP2350 Edition
In August 2024, Raspberry Pi introduced the RP2350 microcontroller. This part iterates over the RP2040 and comes with numerous new features. These include security-related capabilities, such as a Secure Boot implementation. A couple of days after this announcement…
RCE in rsync, CVE-2024-12084 (and 5 more vulnerabilities)
https://ift.tt/qQ7zDES
Submitted January 15, 2025 at 04:06AM by thenickdude
via reddit https://ift.tt/N3JneSP
https://ift.tt/qQ7zDES
Submitted January 15, 2025 at 04:06AM by thenickdude
via reddit https://ift.tt/N3JneSP
PSIRT | FortiGuard Labs - CVE-2024-55591 Exploited in the wild - Report Provides IoC
https://ift.tt/jdFniQ8
Submitted January 15, 2025 at 02:55PM by stan_frbd
via reddit https://ift.tt/YSk2oXP
https://ift.tt/jdFniQ8
Submitted January 15, 2025 at 02:55PM by stan_frbd
via reddit https://ift.tt/YSk2oXP
FortiGuard Labs
PSIRT | FortiGuard Labs
None
From arbitrary pointer dereference to arbitrary read/write in latest Windows 11
https://ift.tt/hlYF0zZ
Submitted January 15, 2025 at 02:35PM by 0xdea
via reddit https://ift.tt/NPgFHyl
https://ift.tt/hlYF0zZ
Submitted January 15, 2025 at 02:35PM by 0xdea
via reddit https://ift.tt/NPgFHyl
hn security
From arbitrary pointer dereference to arbitrary read/write in latest Windows 11 - hn security
In the last part of this […]
An independent security researcher collaborating with SSD Secure Disclosure has identified a critical RCE vulnerability in Palo Alto Expedition.
https://ift.tt/njgNIMZ
Submitted January 15, 2025 at 04:50PM by SSDisclosure
via reddit https://ift.tt/FuC6xKq
https://ift.tt/njgNIMZ
Submitted January 15, 2025 at 04:50PM by SSDisclosure
via reddit https://ift.tt/FuC6xKq
SSD Secure Disclosure
SSD Advisory - Palo Alto Expedition RCE (regionsDiscovery) - SSD Secure Disclosure
Summary A vulnerability in Palo Alto Expedition allows remote attackers who can reach the web interface to execute arbitrary code. Credit An independent security researcher working with SSD Secure Disclosure. Vendor Response Palo Alto has released the following…
Heap Exploitation Training
https://ift.tt/S4Y1hWA
Submitted January 14, 2025 at 08:52PM by mdulin2
via reddit https://ift.tt/7wrPiWc
https://ift.tt/S4Y1hWA
Submitted January 14, 2025 at 08:52PM by mdulin2
via reddit https://ift.tt/7wrPiWc
GitHub
GitHub - SecurityInnovation/glibc_heap_exploitation_training: The resources for glibc Malloc heap exploitation course by Maxwell…
The resources for glibc Malloc heap exploitation course by Maxwell Dulin and Security Innovation. - SecurityInnovation/glibc_heap_exploitation_training
baitroute: A web honeypot library to create vulnerable-looking endpoints to detect and mislead attackers
https://ift.tt/OiLmDTa
Submitted January 14, 2025 at 08:57PM by utku1337
via reddit https://ift.tt/astDA05
https://ift.tt/OiLmDTa
Submitted January 14, 2025 at 08:57PM by utku1337
via reddit https://ift.tt/astDA05
GitHub
GitHub - utkusen/baitroute: A web honeypot library to create vulnerable-looking endpoints to detect and mislead attackers
A web honeypot library to create vulnerable-looking endpoints to detect and mislead attackers - utkusen/baitroute
EvilKnievelnoVNC: scalable and semi-automated MFA-Phishing via "browser-in-the-middle"
https://ift.tt/b5EUYJV
Submitted January 13, 2025 at 09:30PM by vollbit
via reddit https://ift.tt/VgjOs3z
https://ift.tt/b5EUYJV
Submitted January 13, 2025 at 09:30PM by vollbit
via reddit https://ift.tt/VgjOs3z
GitHub
GitHub - ms101/EvilKnievelnoVNC: Weaponized EvilnoVNC: Scalable and semi-automated MFA-Phishing
Weaponized EvilnoVNC: Scalable and semi-automated MFA-Phishing - ms101/EvilKnievelnoVNC
2024 CVEs in Review – Vulnerability Blog
https://ift.tt/1TQ28vS
Submitted January 15, 2025 at 09:14PM by vulnerabilityblog
via reddit https://ift.tt/A1JgsOT
https://ift.tt/1TQ28vS
Submitted January 15, 2025 at 09:14PM by vulnerabilityblog
via reddit https://ift.tt/A1JgsOT
Vulnerability Blog
2024 CVEs in Review
Now that 2024 has come to its conclusion, I’ve decided to kick off a post outlining some observations, trends, and insights for the CVEs published. As always more information is available in …
Essential BBOT Commands for Recon
https://ift.tt/0n4iy8s
Submitted January 16, 2025 at 02:33AM by AdInfinite1760
via reddit https://ift.tt/AP65GQy
https://ift.tt/0n4iy8s
Submitted January 16, 2025 at 02:33AM by AdInfinite1760
via reddit https://ift.tt/AP65GQy
Gcollazo
Essential BBOT Commands for Recon
Karmada Security Audit - Shielder
https://ift.tt/rvxsELa
Submitted January 16, 2025 at 09:38PM by smaury
via reddit https://ift.tt/Ddj6EPa
https://ift.tt/rvxsELa
Submitted January 16, 2025 at 09:38PM by smaury
via reddit https://ift.tt/Ddj6EPa
Shielder
Shielder - Karmada Security Audit
Karmada Security Audit, sponsored by the CNCF (Cloud Native Computing Foundation), facilitated by Open Source Technology Improvement Fund (OSTIF) and performed by Shielder.
How to Create Vulnerable-Looking Endpoints to Detect and Mislead Attackers
https://ift.tt/IV0U8Y9
Submitted January 16, 2025 at 10:29PM by utku1337
via reddit https://ift.tt/Qs8TcKD
https://ift.tt/IV0U8Y9
Submitted January 16, 2025 at 10:29PM by utku1337
via reddit https://ift.tt/Qs8TcKD
Utku Sen’s Substack
How to Create Vulnerable-Looking Endpoints to Detect and Mislead Attackers
BaitRoute is a web honeypot project that serves realistic, vulnerable-looking endpoints to detect vulnerability scans and mislead attackers by providing false positive results.
PoC for CVE-2025-0282 published (Ivanti Connect Secure stack bof)
https://ift.tt/VWJ3F49
Submitted January 16, 2025 at 10:23PM by Acceptable_Exit_9695
via reddit https://ift.tt/tIGxZEB
https://ift.tt/VWJ3F49
Submitted January 16, 2025 at 10:23PM by Acceptable_Exit_9695
via reddit https://ift.tt/tIGxZEB
AttackerKB
CVE-2025-0282 | AttackerKB
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gatewa…
Microsoft Configuration Manager (ConfigMgr / SCCM) 2403 Unauthenticated SQL injections (CVE-2024-43468)
https://ift.tt/KjruZdC
Submitted January 16, 2025 at 11:59PM by AlmondOffSec
via reddit https://ift.tt/eSZLkhR
https://ift.tt/KjruZdC
Submitted January 16, 2025 at 11:59PM by AlmondOffSec
via reddit https://ift.tt/eSZLkhR
Synacktiv
Microsoft Configuration Manager (ConfigMgr) 2403 Unauthenticated SQL injections
The Role of Emulators in OT Research
https://ift.tt/ekGw84y
Submitted January 17, 2025 at 12:56AM by derp6996
via reddit https://ift.tt/1Q8WSmx
https://ift.tt/ekGw84y
Submitted January 17, 2025 at 12:56AM by derp6996
via reddit https://ift.tt/1Q8WSmx
A publicly available OpenCTI connector for IoC analysis FOSS tool
https://ift.tt/qOPuInz
Submitted January 17, 2025 at 02:04AM by stan_frbd
via reddit https://ift.tt/Mrlm5jU
https://ift.tt/qOPuInz
Submitted January 17, 2025 at 02:04AM by stan_frbd
via reddit https://ift.tt/Mrlm5jU
Finding SSRFs in Azure DevOps
https://ift.tt/TMr8OJD
Submitted January 17, 2025 at 02:23PM by cbagdude
via reddit https://ift.tt/hHa3CuW
https://ift.tt/TMr8OJD
Submitted January 17, 2025 at 02:23PM by cbagdude
via reddit https://ift.tt/hHa3CuW
Binary Security AS
Finding SSRFs in Azure DevOps
Binary Security found three SSRF vulnerabilities in Azure DevOps that we reported to Microsoft. This blog post outlines the way we identified these vulnerabilities, and demonstrates exploitation techniques using DNS rebinding and CRLF injection.