The Path to Memory Safety is Inevitable
https://ift.tt/fZzugXk
Submitted May 07, 2025 at 08:49PM by citypw
via reddit https://ift.tt/4t5QwbJ
https://ift.tt/fZzugXk
Submitted May 07, 2025 at 08:49PM by citypw
via reddit https://ift.tt/4t5QwbJ
hardenedlinux.org
The Path to Memory Safety is Inevitable
Santizer is the most effective way to enhance the memory safety. Fuzzer helps as well! Fil-C...
CVE-2024-11477- 7-Zip ZSTD Buffer Overflow Vulnerability - Crowdfense
https://ift.tt/vujZDGX
Submitted May 08, 2025 at 08:44PM by Void_Sec
via reddit https://ift.tt/OkF1a6U
https://ift.tt/vujZDGX
Submitted May 08, 2025 at 08:44PM by Void_Sec
via reddit https://ift.tt/OkF1a6U
Crowdfense
CVE-2024-11477- 7-Zip ZSTD Buffer Overflow Vulnerability - Crowdfense
CVE-2024-11477, a buffer overflow vulnerability in 7-Zip's ZSTD decompression algorithm; explore the technical details.
SCIM Hunting. Finding bugs in SCIM implementations
https://ift.tt/hUzQuDE
Submitted May 09, 2025 at 02:24AM by nibblesec
via reddit https://ift.tt/JUW1v0f
https://ift.tt/hUzQuDE
Submitted May 09, 2025 at 02:24AM by nibblesec
via reddit https://ift.tt/JUW1v0f
Doyensec
SCIM Hunting - Beyond SSO
Single Sign-On (SSO) related bugs have gotten an incredible amount of hype and a lot of amazing public disclosures in recent years. Just to cite a few examples:
Stealthy .NET Malware: Hiding Malicious Payloads as Bitmap Resources
https://ift.tt/M5VvtJj
Submitted May 10, 2025 at 04:34AM by Super_Weather3575
via reddit https://ift.tt/4Pg6QpV
https://ift.tt/M5VvtJj
Submitted May 10, 2025 at 04:34AM by Super_Weather3575
via reddit https://ift.tt/4Pg6QpV
Unit 42
Stealthy .NET Malware: Hiding Malicious Payloads as Bitmap Resources
Unit 42 details a new malware obfuscation technique where threat actors hide malware in bitmap resources within .NET applications. These deliver payloads like Agent Tesla or XLoader. Unit 42 details a new malware obfuscation technique where threat actors…
The Honeynet Workshop Conference 2025 is in June in Prague.
https://ift.tt/oQGb1kg
Submitted May 11, 2025 at 02:12AM by sebagarcia
via reddit https://ift.tt/oDiUERd
https://ift.tt/oQGb1kg
Submitted May 11, 2025 at 02:12AM by sebagarcia
via reddit https://ift.tt/oDiUERd
One-Click RCE in ASUS’s Preinstalled Driver Software
https://ift.tt/pmH13x8
Submitted May 11, 2025 at 02:13PM by AlmondOffSec
via reddit https://ift.tt/gkp91cG
https://ift.tt/pmH13x8
Submitted May 11, 2025 at 02:13PM by AlmondOffSec
via reddit https://ift.tt/gkp91cG
Mrbruh
MrBruh's Epic Blog
One-Click RCE in ASUS’s Preinstalled Driver Software Introduction This story begins with a conversation about new PC parts.
After ignoring the advice from my friend, I bought a new ASUS motherboard for my PC. I was a little concerned about having a BIOS that…
After ignoring the advice from my friend, I bought a new ASUS motherboard for my PC. I was a little concerned about having a BIOS that…
How I ruined my vacation by reverse engineering WSC
https://ift.tt/4l8OMEI
Submitted May 12, 2025 at 04:49PM by AlmondOffSec
via reddit https://ift.tt/nhTKLE7
https://ift.tt/4l8OMEI
Submitted May 12, 2025 at 04:49PM by AlmondOffSec
via reddit https://ift.tt/nhTKLE7
blog.es3n1n.eu
How I ruined my vacation by reverse engineering WSC
In this post I will briefly describe the journey I went through while implementing defendnot.
Even though this is most likely not what you expected to see here, but rather than going into full technical details on how everything works, I will describe what…
Even though this is most likely not what you expected to see here, but rather than going into full technical details on how everything works, I will describe what…
Statistical Analysis to Detect Uncommon Code
https://ift.tt/9IzWd3K
Submitted May 12, 2025 at 07:57PM by FoxInTheRedBox
via reddit https://ift.tt/GJwEInX
https://ift.tt/9IzWd3K
Submitted May 12, 2025 at 07:57PM by FoxInTheRedBox
via reddit https://ift.tt/GJwEInX
I built Mithra: a security scanner for LLM-integrated APIs (detects prompt injection, DAN..)
https://mithrasec.com
Submitted May 12, 2025 at 10:55PM by 1337kadir
via reddit https://ift.tt/Wpzfkjw
https://mithrasec.com
Submitted May 12, 2025 at 10:55PM by 1337kadir
via reddit https://ift.tt/Wpzfkjw
Mithrasec
Mithra LLM Scanner
Scan LLM-Integrated APIs in Minutes
Azure Managed Identities Abuse: Security Research - Defense strategies
https://ift.tt/GLJVNXq
Submitted May 13, 2025 at 06:21PM by HunterHex1123
via reddit https://ift.tt/tWgNV9y
https://ift.tt/GLJVNXq
Submitted May 13, 2025 at 06:21PM by HunterHex1123
via reddit https://ift.tt/tWgNV9y
www.hunters.security
Detecting Azure Managed Identity Abuse: Threat Hunting Techniques
Discover how to detect and hunt Azure Managed Identity abuse using real-world scenarios, log correlations, and high-fidelity detection queries.
[CVE-2025-47916] Invision Community <= 5.0.6 (customCss) Remote Code Execution
https://ift.tt/Dhlrg7f
Submitted May 14, 2025 at 06:05PM by eg1x
via reddit https://ift.tt/SEOhrPB
https://ift.tt/Dhlrg7f
Submitted May 14, 2025 at 06:05PM by eg1x
via reddit https://ift.tt/SEOhrPB
Karmainsecurity
Invision Community <= 5.0.6 (customCss) Remote Code Execution Vulnerability | Karma(In)Security
This is the personal website of Egidio Romano, a very curious guy from Sicily, Italy. He's a computer security enthusiast, particularly addicted to webapp security.
Integrate LDAP into Keycloak to modernize rather than delete it
https://ift.tt/E0tyOI8
Submitted May 14, 2025 at 07:41PM by Will-from-CloudIAM
via reddit https://ift.tt/eu9Antw
https://ift.tt/E0tyOI8
Submitted May 14, 2025 at 07:41PM by Will-from-CloudIAM
via reddit https://ift.tt/eu9Antw
Cloud-Iam
LDAP, Keycloak, and Modern IAM: Integrating LDAP into a scalable, secure IAM architecture with Keycloak
Modernize your user management while preserving your LDAP with Keycloak. Instead of replacing your LDAP, it's often wiser to reposition it as a source of truth, orchestrated by a modern IAM solution. Keycloak stands out because it can natively federate with…
Expression Payloads Meet Mayhem - Ivanti EPMM Unauth RCE Chain (CVE-2025-4427 and CVE-2025-4428) - watchTowr Labs
https://ift.tt/QGLMVT4
Submitted May 15, 2025 at 08:25PM by dx7r__
via reddit https://ift.tt/eWMTrzZ
https://ift.tt/QGLMVT4
Submitted May 15, 2025 at 08:25PM by dx7r__
via reddit https://ift.tt/eWMTrzZ
watchTowr Labs
Expression Payloads Meet Mayhem - Ivanti EPMM Unauth RCE Chain (CVE-2025-4427 and CVE-2025-4428)
Keeping your ears to the ground and eyes wide open for the latest vulnerability news at watchTowr is a given. Despite rummaging through enterprise code looking for 0days on a daily basis, our interest was piqued this week when news of fresh vulnerabilities…
Commit Stomping - Manipulating Git Histories to Obscure the Truth
https://ift.tt/RruLYyb
Submitted May 16, 2025 at 03:52AM by Fit-Cut9562
via reddit https://ift.tt/C8k0S5o
https://ift.tt/RruLYyb
Submitted May 16, 2025 at 03:52AM by Fit-Cut9562
via reddit https://ift.tt/C8k0S5o
ZephrSec - Adventures In Information Security
Commit Stomping
Manipulating Git Histories to Obscure the Truth
Announcing the Official Parity Release of Volatility 3!
https://ift.tt/s3XGYHg
Submitted May 16, 2025 at 09:04PM by transt
via reddit https://ift.tt/Sts8Cdf
https://ift.tt/s3XGYHg
Submitted May 16, 2025 at 09:04PM by transt
via reddit https://ift.tt/Sts8Cdf
The Volatility Foundation - Promoting Accessible Memory Analysis Tools Within the Memory Forensics Community
Announcing the Official Parity Release of Volatility 3!
Visit the post for more.
Skitnet(Bossnet) Malware Analysis
https://ift.tt/OtNw7GP
Submitted May 16, 2025 at 10:01PM by small_talk101
via reddit https://ift.tt/G4pus7I
https://ift.tt/OtNw7GP
Submitted May 16, 2025 at 10:01PM by small_talk101
via reddit https://ift.tt/G4pus7I
Stateful Connection With Spoofed Source IP — NetImpostor
https://ift.tt/dsomTBP
Submitted May 18, 2025 at 03:37AM by tasty-pepperoni
via reddit https://ift.tt/KWVeIBP
https://ift.tt/dsomTBP
Submitted May 18, 2025 at 03:37AM by tasty-pepperoni
via reddit https://ift.tt/KWVeIBP
Medium
Stateful Connection With Spoofed Source IP — NetImpostor
Overview
Frida 17 is out
https://ift.tt/CRnHbYq
Submitted May 18, 2025 at 05:33PM by oleavr
via reddit https://ift.tt/TdM0FXN
https://ift.tt/CRnHbYq
Submitted May 18, 2025 at 05:33PM by oleavr
via reddit https://ift.tt/TdM0FXN
Frida • A world-class dynamic instrumentation toolkit
Frida 17.0.0 Released
Observe and reprogram running programs on Windows, macOS, GNU/Linux, iOS, watchOS, tvOS, Android, FreeBSD, and QNX
[Guide] Web Application Hacking: Where Do I Even Start? (Mind Map + Beginner Roadmap)
https://ift.tt/VerNuZE
Submitted May 19, 2025 at 12:05AM by Affectionate-Theme19
via reddit https://ift.tt/4PXsJdO
https://ift.tt/VerNuZE
Submitted May 19, 2025 at 12:05AM by Affectionate-Theme19
via reddit https://ift.tt/4PXsJdO
Medium
Web Application Hacking: Where do I Even Start?
If you’re stepping into the world of bug bounty hunting, penetration testing, or just want to level up your web hacking skills, you’re…
VM somenoe with exp
https://ift.tt/AwYvRQO
Submitted May 19, 2025 at 01:31AM by silentshadovvvvvv
via reddit https://ift.tt/0urk7H2
https://ift.tt/AwYvRQO
Submitted May 19, 2025 at 01:31AM by silentshadovvvvvv
via reddit https://ift.tt/0urk7H2
O2 VoLTE: locating any customer with a phone call
https://ift.tt/KZjf2Us
Submitted May 19, 2025 at 02:07AM by ChingDat
via reddit https://ift.tt/owT2BFL
https://ift.tt/KZjf2Us
Submitted May 19, 2025 at 02:07AM by ChingDat
via reddit https://ift.tt/owT2BFL
mastdatabase.co.uk
O2 VoLTE: locating any customer with a phone call
Privacy is dead: For multiple months, any O2 customer has had their location exposed to call initiators without their knowledge.