SlackPirate Set Sails Again! Or: How to Send the Entire “Bee Movie” Script to Your Friends in Slack
https://ift.tt/EkfBvto
Submitted January 31, 2025 at 10:44PM by Rooftoptile2
via reddit https://ift.tt/AzBeSOf
https://ift.tt/EkfBvto
Submitted January 31, 2025 at 10:44PM by Rooftoptile2
via reddit https://ift.tt/AzBeSOf
Medium
SlackPirate Set Sails Again! Or: How to Send the Entire “Bee Movie” Script to Your Friends in Slack
TLDR: SlackPirate has been defunct for a few years due to a breaking change in how the Slack client interacts with the Slack API. It has a…
Everyone knows your location: tracking myself down through in-app ads
https://ift.tt/LG8SU0C
Submitted February 01, 2025 at 03:24PM by WesternBest
via reddit https://ift.tt/XAzUD1o
https://ift.tt/LG8SU0C
Submitted February 01, 2025 at 03:24PM by WesternBest
via reddit https://ift.tt/XAzUD1o
tim.sh
Everyone knows your location
How I tracked myself down using leaked location data in the in-app ads, and what I found along the way.
Speculation Attacks on Apple M3: SLAP and FLOP
https://ift.tt/pxAlyc8
Submitted February 02, 2025 at 06:19PM by alodiasaradith07
via reddit https://ift.tt/yGHrD2n
https://ift.tt/pxAlyc8
Submitted February 02, 2025 at 06:19PM by alodiasaradith07
via reddit https://ift.tt/yGHrD2n
predictors.fail
SLAP and FLOP
The SLAP and FLOP Address and Value Prediction Attacks
How Attackers Can Bypass OPA Gatekeeper in Kubernetes Due to Rego Flaws
https://ift.tt/SN73Huz
Submitted February 03, 2025 at 11:33PM by Pale_Fly_2673
via reddit https://ift.tt/UnvfYjy
https://ift.tt/SN73Huz
Submitted February 03, 2025 at 11:33PM by Pale_Fly_2673
via reddit https://ift.tt/UnvfYjy
Aqua
OPA Gatekeeper Bypass Reveals Risks in Kubernetes Policy Engines
Research on Kubernetes policy enforcement risks and how misconfigurations in seemingly secure rules like OPA Gatekeeper enable bypassing.
Ransomware Groups Exploiting Microsoft Teams
https://ift.tt/zsiD3yL
Submitted February 04, 2025 at 12:20AM by Willsec
via reddit https://ift.tt/vsQfamn
https://ift.tt/zsiD3yL
Submitted February 04, 2025 at 12:20AM by Willsec
via reddit https://ift.tt/vsQfamn
GoSecure
24/7 managed detection, response, and expert cybersecurity services - GoSecure
We provide around-the-clock threat detection and incident response, backed by expert consulting to keep your organization secure.
Masquerade the Windows "Program Files" path with Unicode "En Quad" character.
https://ift.tt/IuWdVAM
Submitted February 04, 2025 at 08:30AM by Cold-Dinosaur
via reddit https://ift.tt/zmVNtfQ
https://ift.tt/IuWdVAM
Submitted February 04, 2025 at 08:30AM by Cold-Dinosaur
via reddit https://ift.tt/zmVNtfQ
Zerosalarium
Path masquerading: Hide in plain sight
Utilizing the new technique of Path Masquerading to spoof malicious processes to closely resemble those of antivirus/EDR programs.
8 Million Requests Later, We Made The SolarWinds Supply Chain Attack Look Amateur - watchTowr Labs
https://ift.tt/0I3Dw2O
Submitted February 04, 2025 at 04:32PM by dx7r__
via reddit https://ift.tt/qujtXcz
https://ift.tt/0I3Dw2O
Submitted February 04, 2025 at 04:32PM by dx7r__
via reddit https://ift.tt/qujtXcz
watchTowr Labs
8 Million Requests Later, We Made The SolarWinds Supply Chain Attack Look Amateur
Surprise surprise, we've done it again. We've demonstrated an ability to compromise significantly sensitive networks, including governments, militaries, space agencies, cyber security companies, supply chains, software development systems and environments…
Collabfiltrator 4.0.1 Plugin released! New SQLi DNS exfiltration capabilities available in BurpSuite. Download it from the BApp Store.
https://ift.tt/uBdDoCL
Submitted February 04, 2025 at 08:31PM by logueadam
via reddit https://ift.tt/aA0K5CO
https://ift.tt/uBdDoCL
Submitted February 04, 2025 at 08:31PM by logueadam
via reddit https://ift.tt/aA0K5CO
Top 10 (new) web hacking techniques of 2024
https://ift.tt/BZarKLq
Submitted February 04, 2025 at 09:32PM by albinowax
via reddit https://ift.tt/3AoIjgY
https://ift.tt/BZarKLq
Submitted February 04, 2025 at 09:32PM by albinowax
via reddit https://ift.tt/3AoIjgY
PortSwigger Research
Top 10 web hacking techniques of 2024
Welcome to the Top 10 Web Hacking Techniques of 2024, the 18th edition of our annual community-powered effort to identify the most innovative must-read web security research published in the last year
Now live: Our Global InfoSec Salary Index for 2025 - with full dataset in the Public Domain :)
https://ift.tt/fADBOt7
Submitted February 04, 2025 at 10:02PM by infosec-jobs
via reddit https://ift.tt/CPUW8LI
https://ift.tt/fADBOt7
Submitted February 04, 2025 at 10:02PM by infosec-jobs
via reddit https://ift.tt/CPUW8LI
foo🦍
foo🦍 ~/all coding
The career platform for coders, builders, hackers and makers.
Replacing a Space Heater Firmware over WiFi
https://ift.tt/i7RTnxw
Submitted February 05, 2025 at 03:28AM by 907jessejones
via reddit https://ift.tt/vyNmlDQ
https://ift.tt/i7RTnxw
Submitted February 05, 2025 at 03:28AM by 907jessejones
via reddit https://ift.tt/vyNmlDQ
Include Security Research Blog
Replacing a Space Heater Firmware Over WiFi - Include Security Research Blog
Our team hacks space heater firmware updates over wifi in the latest Include Security blog post. We break down, literally and figuratively, each step of the attack to demonstrate how anonymous users on the same wireless network as an affected space heater…
How to prove false statements? (Part 1)
https://ift.tt/0iBGfRz
Submitted February 05, 2025 at 03:15AM by feross
via reddit https://ift.tt/kzmItLM
https://ift.tt/0iBGfRz
Submitted February 05, 2025 at 03:15AM by feross
via reddit https://ift.tt/kzmItLM
A Few Thoughts on Cryptographic Engineering
How to prove false statements? (Part 1)
Trigger warning: incredibly wonky theoretical cryptography post (written by a non-theorist)! Also, this will be in two parts. I plan to be back with some more thoughts on practical stuff, like clou…
How to prove false statements? (Part 1)
https://ift.tt/P4eLVtT
Submitted February 05, 2025 at 04:01AM by feross
via reddit https://ift.tt/QnAE07S
https://ift.tt/P4eLVtT
Submitted February 05, 2025 at 04:01AM by feross
via reddit https://ift.tt/QnAE07S
A Few Thoughts on Cryptographic Engineering
How to prove false statements? (Part 1)
Trigger warning: incredibly wonky theoretical cryptography post (written by a non-theorist)! Also, this will be in two parts. I plan to be back with some more thoughts on practical stuff, like clou…
Certificate Transparency is now enforced in Firefox on desktop platforms starting with version 135
https://ift.tt/suLqtiO
Submitted February 05, 2025 at 09:17AM by Soatok
via reddit https://ift.tt/hGObDqP
https://ift.tt/suLqtiO
Submitted February 05, 2025 at 09:17AM by Soatok
via reddit https://ift.tt/hGObDqP
ArgFuscator.net - generate obfuscated command lines
https://ift.tt/PmVFYcK
Submitted February 07, 2025 at 01:52AM by Wietze-
via reddit https://ift.tt/mr0hXd4
https://ift.tt/PmVFYcK
Submitted February 07, 2025 at 01:52AM by Wietze-
via reddit https://ift.tt/mr0hXd4
ArgFuscator
Generate obfuscated command-line arguments for common system-native executables now with ArgFuscator.
How to prove false statements? (Part 2)
https://ift.tt/B7eTO5f
Submitted February 07, 2025 at 04:16AM by feross
via reddit https://ift.tt/JtBhsWS
https://ift.tt/B7eTO5f
Submitted February 07, 2025 at 04:16AM by feross
via reddit https://ift.tt/JtBhsWS
A Few Thoughts on Cryptographic Engineering
How to prove false statements? (Part 2)
This is the second part of a two three four-part series, which covers some recent results on “verifiable computation” and possible pitfalls that could occur there. This post won’t…
CVE-2024-55957: Local Privilege Escalation Vulnerability in Thermo Scientific™ Xcalibur™ and Foundation software
https://ift.tt/yQWDPuq
Submitted February 07, 2025 at 08:16AM by clod81
via reddit https://ift.tt/1v6w3Mp
https://ift.tt/yQWDPuq
Submitted February 07, 2025 at 08:16AM by clod81
via reddit https://ift.tt/1v6w3Mp
Tier Zero Security
Information Security Services. Offensive Security, Penetration Testing, Mobile and Application, Purple Team, Red Team
Windows Telephony Services: 2025 Patch Diffing & Analysis
https://ift.tt/mHLCMvy
Submitted February 07, 2025 at 06:37PM by SL7reach
via reddit https://ift.tt/QKXSZ7z
https://ift.tt/mHLCMvy
Submitted February 07, 2025 at 06:37PM by SL7reach
via reddit https://ift.tt/QKXSZ7z
SecureLayer7 - Offensive Security, API Scanner & Attack Surface Management
Windows Telephony Services: 2025 Patch Diffing & Analysis Part 1
Introduction At the start of 2025, on January 14th, Microsoft released over 20+ CVEs addressing Remote Code Execution (RCE) vulnerabilities in Microsoft Telephony Services,...
Certificate Ripper v2.4.0 released - tool to extract server certificates
https://ift.tt/gEQAPKm
Submitted February 06, 2025 at 04:46AM by Hakky54
via reddit https://ift.tt/o6pezPU
https://ift.tt/gEQAPKm
Submitted February 06, 2025 at 04:46AM by Hakky54
via reddit https://ift.tt/o6pezPU
GitHub
GitHub - Hakky54/certificate-ripper: 🔐 A CLI tool to extract server certificates
🔐 A CLI tool to extract server certificates. Contribute to Hakky54/certificate-ripper development by creating an account on GitHub.
Nosey Parker Explorer, an interactive TUI app for triaging secret exposures, is now Apache 2-licensed. It has helped on hundreds of offensive security engagements to quickly comb through thousands of potential findings.
https://ift.tt/4TPeWzU
Submitted February 06, 2025 at 03:59AM by exploding_nun
via reddit https://ift.tt/a5VMELm
https://ift.tt/4TPeWzU
Submitted February 06, 2025 at 03:59AM by exploding_nun
via reddit https://ift.tt/a5VMELm
GitHub
GitHub - praetorian-inc/noseyparker-explorer: Interactive results explorer and annotation tool for Nosey Parker
Interactive results explorer and annotation tool for Nosey Parker - praetorian-inc/noseyparker-explorer
Making Ghost-Servers that appear to have Unconstrained Kerberos Delegation (but alert on access attempts)
https://ift.tt/53mxhzy
Submitted February 07, 2025 at 07:51PM by ranok
via reddit https://ift.tt/wadnlTU
https://ift.tt/53mxhzy
Submitted February 07, 2025 at 07:51PM by ranok
via reddit https://ift.tt/wadnlTU
Thinkst Thoughts
Almost famous: behind the scenes of a feature that didn’t make the cut
Introduction A counterintuitive truth is that great products are defined by both the features they include, as well as those they don’t. We spend a lot of time pondering potential new features for …