Substack Domain Takeover
https://ift.tt/2lLepmF
Submitted March 02, 2025 at 04:30PM by whisperingmime
via reddit https://ift.tt/MFjugit
https://ift.tt/2lLepmF
Submitted March 02, 2025 at 04:30PM by whisperingmime
via reddit https://ift.tt/MFjugit
Blog by Joren Vrancken
Substack Domain Takeover
Substack is a popular blogging platform. It allows writers to easily create their own personal blog, with payments, comments, analytics and other advanced features. Substack empowers writers to customize their blogs by adding a custom domain.
MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client
https://ift.tt/jnaNwKQ
Submitted March 02, 2025 at 11:23PM by winhumone
via reddit https://ift.tt/t5gohX0
https://ift.tt/jnaNwKQ
Submitted March 02, 2025 at 11:23PM by winhumone
via reddit https://ift.tt/t5gohX0
seclists.org
Full Disclosure: Re: MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client
HUB Security Secures Continued Nasdaq Listing, Marking an Important Milestone
https://ift.tt/k9WP7Cq
Submitted March 03, 2025 at 01:33AM by winhumone
via reddit https://ift.tt/9wFYdZ4
https://ift.tt/k9WP7Cq
Submitted March 03, 2025 at 01:33AM by winhumone
via reddit https://ift.tt/9wFYdZ4
Understanding the AI Act and its compliance challenges
https://ift.tt/zThMKyv
Submitted March 03, 2025 at 03:54PM by sadyetfly11
via reddit https://ift.tt/bmiJGhD
https://ift.tt/zThMKyv
Submitted March 03, 2025 at 03:54PM by sadyetfly11
via reddit https://ift.tt/bmiJGhD
Help Net Security
Understanding the AI Act and its compliance challenges
David Dumont explains how organizations can leverage GDPR compliance to meet AI Act obligations on transparency and risk mitigation.
The Full Costs of a DIY Security Canary Program
https://ift.tt/Pz9425k
Submitted March 03, 2025 at 06:17PM by tracebit
via reddit https://ift.tt/1CTiJDW
https://ift.tt/Pz9425k
Submitted March 03, 2025 at 06:17PM by tracebit
via reddit https://ift.tt/1CTiJDW
Tracebit
The full costs of building your own Canary Program | Tracebit
We explore why there can be a bias to build canaries and what's actually involved for a successful security canary program.
I have an assignment to find two real websites that are vulnerable to local file inclusion. So far I couldn't find any. I used a lot of google dorks similiar to this `site:"*/file.php?file=index.php"`. Please help.
https://ift.tt/Ry6rtMW
Submitted March 03, 2025 at 09:14PM by WillJMoriartyPatriot
via reddit https://ift.tt/jgFpswf
https://ift.tt/Ry6rtMW
Submitted March 03, 2025 at 09:14PM by WillJMoriartyPatriot
via reddit https://ift.tt/jgFpswf
Massive security gaps discovered in building access systems
https://ift.tt/yX215x9
Submitted March 03, 2025 at 09:50PM by rimdig219
via reddit https://ift.tt/wsHyOP1
https://ift.tt/yX215x9
Submitted March 03, 2025 at 09:50PM by rimdig219
via reddit https://ift.tt/wsHyOP1
heise online
Massive security gaps discovered in building access systems
Cyber criminals can easily access building access systems worldwide. A study reveals the extent and causes.
Burp Variables: a Burp extension that lets you store and reuse variables in outgoing requests, similar to functionality in Postman/Insomnia/other API testing clients
https://ift.tt/kbrRG47
Submitted March 04, 2025 at 12:06AM by 0xceba
via reddit https://ift.tt/O81nXCf
https://ift.tt/kbrRG47
Submitted March 04, 2025 at 12:06AM by 0xceba
via reddit https://ift.tt/O81nXCf
portswigger.net
Burp Variables
Store and reuse variables in requests.
Hacking the Xbox 360 Hypervisor Part 2: The Bad Update Exploit
https://ift.tt/NL509y1
Submitted March 04, 2025 at 07:39AM by litheon
via reddit https://ift.tt/lERIuYO
https://ift.tt/NL509y1
Submitted March 04, 2025 at 07:39AM by litheon
via reddit https://ift.tt/lERIuYO
I Code 4 Coffee
Hacking the Xbox 360 Hypervisor Part 2: The Bad Update Exploit
Finding and exploiting bugs in the Xbox 360 hypervisor to create the "Bad Update" exploit.
Evading Detection with Payload Pipelines
https://ift.tt/whC9jSy
Submitted March 04, 2025 at 07:21AM by pracsec
via reddit https://ift.tt/ER6YQig
https://ift.tt/whC9jSy
Submitted March 04, 2025 at 07:21AM by pracsec
via reddit https://ift.tt/ER6YQig
Practical Security Analytics LLC
Bypassing AMSI and Evading AV Detection with SpecterInsight
Introduction A few weeks ago, there was a post on reddit asking for advice on how to get their AMSI bypass through Windows Defender without being detected. Recently, it has become much more difficu…
Client-Side Path Traversal - Penetesting guide | @VeryLazyTech
https://ift.tt/tQGUJkZ
Submitted March 04, 2025 at 01:21PM by Justin_coco
via reddit https://ift.tt/g2eriWn
https://ift.tt/tQGUJkZ
Submitted March 04, 2025 at 01:21PM by Justin_coco
via reddit https://ift.tt/g2eriWn
Verylazytech
Client-Side Path Traversal | VeryLazyTech
Docusnap Inventory Files Encrypted With Static Key
https://ift.tt/IC4atYk
Submitted March 04, 2025 at 02:15PM by RedTeamPentesting
via reddit https://ift.tt/F8q7Xty
https://ift.tt/IC4atYk
Submitted March 04, 2025 at 02:15PM by RedTeamPentesting
via reddit https://ift.tt/F8q7Xty
www.redteam-pentesting.de
RedTeam Pentesting - Docusnap Inventory Files Encrypted with Static Key
Inventory files created by Docusnap, containing information like installed programs, firewall rules and local administrators, are encrypted with a static key. The decryption key can be obtained easily from the .NET application, downloadable from the vendor’s…
Obfuscating API Patches to Bypass New Windows Defender Behavior Signatures
https://ift.tt/tQ7dhlV
Submitted March 04, 2025 at 04:43PM by sadyetfly11
via reddit https://ift.tt/SKfZ3zR
https://ift.tt/tQ7dhlV
Submitted March 04, 2025 at 04:43PM by sadyetfly11
via reddit https://ift.tt/SKfZ3zR
Practical Security Analytics LLC
Obfuscating API Patches to Bypass New Windows Defender Behavior Signatures
Introduction I’ve got a short post today based on some recent changes by Windows Defender. Over the weekend, I noticed that some of my unit tests began failing on code that had not been recen…
Why a push for encryption backdoors is a global security risk
https://ift.tt/CKGbr9v
Submitted March 04, 2025 at 04:31PM by slypieok
via reddit https://ift.tt/HR7cJxM
https://ift.tt/CKGbr9v
Submitted March 04, 2025 at 04:31PM by slypieok
via reddit https://ift.tt/HR7cJxM
Help Net Security
Why a push for encryption backdoors is a global security risk
Governments in the UK, US, and Europe press tech firms to weaken encryption, risking privacy and exposing sensitive data to cyber threats.
We Deliberately Exposed AWS Keys on Developer Forums: Attackers Exploited One in 10 Hours
https://ift.tt/rVqv4DA
Submitted March 04, 2025 at 05:17PM by sadyetfly11
via reddit https://ift.tt/JkdiRoX
https://ift.tt/rVqv4DA
Submitted March 04, 2025 at 05:17PM by sadyetfly11
via reddit https://ift.tt/JkdiRoX
Clutch Security
Shattering the Rotation Illusion: Part 4 - Developer Forums
Explore Clutch Security’s research on leaked AWS Access Keys in developer forums like Stack Overflow and Quora, revealing critical security…
Hybrid Analysis Deep Dive Into Allegedly AI-Generated FunkSec Ransomware
https://ift.tt/s6c3SNt
Submitted March 04, 2025 at 07:37PM by CyberMasterV
via reddit https://ift.tt/i5wkhW0
https://ift.tt/s6c3SNt
Submitted March 04, 2025 at 07:37PM by CyberMasterV
via reddit https://ift.tt/i5wkhW0
Blogspot
Hybrid Analysis Deep Dive Into Allegedly AI-Generated FunkSec Ransomware
Author(s): Vlad Pasca New Rust-based ransomware FunkSec emerges with claimed AI capabilities , potentially indicating an advanced developmen...
Community powered, shift-left, security framework
https://ift.tt/lh5WFe2
Submitted March 04, 2025 at 10:28PM by Inevitable_Explorer6
via reddit https://ift.tt/wpRKJWB
https://ift.tt/lh5WFe2
Submitted March 04, 2025 at 10:28PM by Inevitable_Explorer6
via reddit https://ift.tt/wpRKJWB
Open Source Shift Left Framework
Get Users - Open Source Shift Left Framework
Techlore video review of BusKill (Open-Source Dead Man Switch) 🔒
https://ift.tt/3sStIij
Submitted March 04, 2025 at 11:24PM by maltfield
via reddit https://ift.tt/RY5dCqU
https://ift.tt/3sStIij
Submitted March 04, 2025 at 11:24PM by maltfield
via reddit https://ift.tt/RY5dCqU
BusKill
Techlore Review - BusKill
Techlore's Video review of the BusKill Laptop Kill Cord -- a Dead Man Switch to protect the privacy of your data from thieves
!exploitable Episode Two - Enter the Matrix. SSHD exploit used by Trinity in the movie The Matrix Reloaded
https://ift.tt/vHZV1CP
Submitted March 04, 2025 at 11:57PM by nibblesec
via reddit https://ift.tt/9iRfLhF
https://ift.tt/vHZV1CP
Submitted March 04, 2025 at 11:57PM by nibblesec
via reddit https://ift.tt/9iRfLhF
Doyensec
!exploitable Episode Two - Enter the Matrix
In case you are just tuning in, Doyensec has found themselves on a cruse ship touring the Mediterranean. Unwinding, hanging out with colleagues and having some fun. Part 1 covered our journey into IoT ARM exploitation, while our next blog post, coming in…
New Method to Leverage Unsafe Reflection and Deserialisation to RCE on Rails
https://ift.tt/cmYBPAo
Submitted March 05, 2025 at 07:01AM by _PentesterLab_
via reddit https://ift.tt/1PCAa7y
https://ift.tt/cmYBPAo
Submitted March 05, 2025 at 07:01AM by _PentesterLab_
via reddit https://ift.tt/1PCAa7y
Elttam
New Method to Leverage Unsafe Reflection and Deserialisation to RCE on Rails - elttam
elttam is a globally recognised, independent information security company, renowned for our advanced technical security assessments.
Case Study: Traditional CVSS scoring missed this actively exploited vulnerability (CVE-2024-50302)
https://ift.tt/nxUOZBk
Submitted March 05, 2025 at 09:01AM by skimfl925
via reddit https://ift.tt/25XHNbd
https://ift.tt/nxUOZBk
Submitted March 05, 2025 at 09:01AM by skimfl925
via reddit https://ift.tt/25XHNbd