Effective Incident Response
https://ift.tt/ArP2sD6
Submitted September 03, 2025 at 07:22PM by EssJayJay
via reddit https://ift.tt/pERuqcg
https://ift.tt/ArP2sD6
Submitted September 03, 2025 at 07:22PM by EssJayJay
via reddit https://ift.tt/pERuqcg
Marshal madness: A brief history of Ruby deserialization exploits
https://ift.tt/7dFAYtv
Submitted September 03, 2025 at 07:20PM by Gallus
via reddit https://ift.tt/j7n4C2G
https://ift.tt/7dFAYtv
Submitted September 03, 2025 at 07:20PM by Gallus
via reddit https://ift.tt/j7n4C2G
The Trail of Bits Blog
Marshal madness: A brief history of Ruby deserialization exploits
This post traces the decade-long evolution of Ruby Marshal deserialization exploits, demonstrating how security researchers have repeatedly bypassed patches and why fundamental changes to the Ruby ecosystem are needed rather than continued patch-and-hope…
Guide pour relayer NTLM sur HTTP - l'exemple de GLPI
https://ift.tt/gXxiKNM
Submitted September 04, 2025 at 03:32PM by MobetaSec
via reddit https://ift.tt/cv4VKhO
https://ift.tt/gXxiKNM
Submitted September 04, 2025 at 03:32PM by MobetaSec
via reddit https://ift.tt/cv4VKhO
Mobeta
Guide pour relayer NTLM sur HTTP - l'exemple de GLPI | Mobeta
Apprenez à relayer NTLM sur HTTP via GLPI en pentest interne. Guide technique avec ntlmrelayx, Impacket et recommandations sécurité.
Free Interactive 3D Security Awareness Exercises (Better Alternative to Boring Yearly Training)
https://ift.tt/uR4aF3T
Submitted September 04, 2025 at 05:35PM by maksim36ua
via reddit https://ift.tt/2WRGLA1
https://ift.tt/uR4aF3T
Submitted September 04, 2025 at 05:35PM by maksim36ua
via reddit https://ift.tt/2WRGLA1
RansomLeak Security Awareness
Interactive 3D Security Awareness Training
RansomLeak is an interactive 3D security awareness training platform built to use in your LMS via SCORM.
MeetC2 - A serverless command & control (C2) framework that leverages Google Calendar APIs, as a communication channel.
https://ift.tt/j6ZtpAW
Submitted September 04, 2025 at 05:25PM by SkyFallRobin
via reddit https://ift.tt/zXMDh9j
https://ift.tt/j6ZtpAW
Submitted September 04, 2025 at 05:25PM by SkyFallRobin
via reddit https://ift.tt/zXMDh9j
Medium
MeetC2 a.k.a Meeting C2
Background: Modern adversaries increasingly hide command-and-control (C2) traffic inside cloud services. We built this proof of concept…
Exploit development for IBM i - turning blind AS/400 command execution into a proper shell
https://ift.tt/B21GqKj
Submitted September 04, 2025 at 05:14PM by dn3t
via reddit https://ift.tt/uH2sCdk
https://ift.tt/B21GqKj
Submitted September 04, 2025 at 05:14PM by dn3t
via reddit https://ift.tt/uH2sCdk
Silent Signal Techblog
Exploit development for IBM i
Because we can!
BYOVD: Leveraging Raw Disk Reads to Bypass EDR
https://ift.tt/kJo123w
Submitted September 04, 2025 at 09:48PM by Dr_Mantis_Tobbogon
via reddit https://ift.tt/1xjK42J
https://ift.tt/kJo123w
Submitted September 04, 2025 at 09:48PM by Dr_Mantis_Tobbogon
via reddit https://ift.tt/1xjK42J
Medium
Leveraging Raw Disk Reads to Bypass EDR
Drivers are a common part of every Windows environment, and many of them provide low-level functionality. This blog details how to connect…
CVE-2025-53149: Heap-based buffer overflow in Windows Kernel Streaming
https://ift.tt/t7VdsEo
Submitted September 04, 2025 at 09:51PM by Void_Sec
via reddit https://ift.tt/uBAoaVt
https://ift.tt/t7VdsEo
Submitted September 04, 2025 at 09:51PM by Void_Sec
via reddit https://ift.tt/uBAoaVt
Crowdfense
Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver - CVE-2025-53149 - Crowdfense
Technical deep-dive into CVE-2025-53149, a heap-based buffer overflow in the Windows Kernel Streaming WOW Thunk Service driver (ksthunk.sys).
Subverting code integrity checks to locally backdoor Signal, 1Password, Slack, and more
https://ift.tt/Q0W8uqf
Submitted September 04, 2025 at 11:23PM by ChemicalImaginary319
via reddit https://ift.tt/fFMCo7G
https://ift.tt/Q0W8uqf
Submitted September 04, 2025 at 11:23PM by ChemicalImaginary319
via reddit https://ift.tt/fFMCo7G
The Trail of Bits Blog
Subverting code integrity checks to locally backdoor Signal, 1Password, Slack, and more
A vulnerability in Electron applications allows attackers to bypass code integrity checks by tampering with V8 heap snapshot files, enabling local backdoors in applications like Signal, 1Password, and Slack.
My Favorite Exclusive-Or
https://ift.tt/ILy42Hh
Submitted September 05, 2025 at 01:14AM by sqli
via reddit https://ift.tt/24Q6gaZ
https://ift.tt/ILy42Hh
Submitted September 05, 2025 at 01:14AM by sqli
via reddit https://ift.tt/24Q6gaZ
Awfulsec
Awful Security Engineering
Manipulating India’s Stock Market: The GST Portal Data Leak
https://ift.tt/PZoply0
Submitted September 05, 2025 at 04:15AM by LuD1161
via reddit https://ift.tt/q6UXZfd
https://ift.tt/PZoply0
Submitted September 05, 2025 at 04:15AM by LuD1161
via reddit https://ift.tt/q6UXZfd
Medium
Manipulating India’s Stock Market: The GST Portal Data Leak
Imagine if you could peek into the books of India’s biggest companies — before quarterly earnings were announced. By simply looking at…
MeetC2: Covert C2 framework
https://ift.tt/WlKnkO5
Submitted September 05, 2025 at 08:16AM by shantanu14g
via reddit https://ift.tt/YSEqfGk
https://ift.tt/WlKnkO5
Submitted September 05, 2025 at 08:16AM by shantanu14g
via reddit https://ift.tt/YSEqfGk
Medium
MeetC2 a.k.a Meeting C2
Background: Modern adversaries increasingly hide command-and-control (C2) traffic inside cloud services. We built this proof of concept…
Intercepting Thick Client TCP and TLS Traffic
https://ift.tt/UQGXVb3
Submitted September 05, 2025 at 07:09PM by Ano_F
via reddit https://ift.tt/Lr7vmNC
https://ift.tt/UQGXVb3
Submitted September 05, 2025 at 07:09PM by Ano_F
via reddit https://ift.tt/Lr7vmNC
Medium
Intercepting Thick Client TCP and TLS Traffic
Intercepting and analysing the traffic is one of the important parts of the pentest, whether it’s a mobile, web or desktop application. On…
TLS NoVerify: Bypass All The Things
https://f0rw4rd.github.io/posts/tls-noverify-bypass-all-the-things/
Submitted September 05, 2025 at 11:21PM by _f0rw4rd_
via reddit https://ift.tt/M9X6Aez
https://f0rw4rd.github.io/posts/tls-noverify-bypass-all-the-things/
Submitted September 05, 2025 at 11:21PM by _f0rw4rd_
via reddit https://ift.tt/M9X6Aez
f0rw4rd
TLS NoVerify: Bypass All The Things
Learn how to bypass TLS certificate validation on Linux using LD_PRELOAD for security research and debugging of embedded systems and native applications
The GhostAction Campaign: 3,325 Secrets Stolen Through Compromised GitHub Workflows
https://ift.tt/yEU9Zzq
Submitted September 06, 2025 at 12:19AM by mabote
via reddit https://ift.tt/8lBpFLz
https://ift.tt/yEU9Zzq
Submitted September 06, 2025 at 12:19AM by mabote
via reddit https://ift.tt/8lBpFLz
GitGuardian Blog - Take Control of Your Secrets Security
The GhostAction Campaign: 3,325 Secrets Stolen Through Compromised GitHub Workflows
On September 5, 2025, GitGuardian discovered GhostAction, a massive supply chain attack affecting 327 GitHub users across 817 repositories. Attackers injected malicious workflows that exfiltrated 3,325 secrets, including PyPI, npm, and DockerHub tokens via…
Stealthy Persistence With Non-Existent Executable File
https://ift.tt/ecF5YlQ
Submitted September 06, 2025 at 12:30PM by Cold-Dinosaur
via reddit https://ift.tt/dZYy8v7
https://ift.tt/ecF5YlQ
Submitted September 06, 2025 at 12:30PM by Cold-Dinosaur
via reddit https://ift.tt/dZYy8v7
Zerosalarium
Stealthy Persistence With Non-Existent Executable File
Exploiting the mechanism that automatically searches for additional executable files when Windows detects that the requested file does not exist
High boy gadget for hackers
https://highboy.com.br/
Submitted September 06, 2025 at 07:42PM by NeighborhoodOdd1886
via reddit https://ift.tt/mX9kxWl
https://highboy.com.br/
Submitted September 06, 2025 at 07:42PM by NeighborhoodOdd1886
via reddit https://ift.tt/mX9kxWl
High Boy
High Boy - Advanced Hardware Hacking Tool
The ultimate device for pentesters and security enthusiasts. RF, NFC, BLE, and IoT analysis in one platform.
From Theory to Practice: How Small Language Models Are Revolutionizing Human Risk Psychology
https://ift.tt/P1frvWa
Submitted September 07, 2025 at 04:22AM by kaolay
via reddit https://ift.tt/6eBZuAN
https://ift.tt/P1frvWa
Submitted September 07, 2025 at 04:22AM by kaolay
via reddit https://ift.tt/6eBZuAN
Medium
From Theory to Practice: How Small Language Models Are Revolutionizing Cybersecurity Psychology
The human element continues to be cybersecurity’s weakest link. Despite organizations spending over $150 billion annually on security…
Worldcoin Advances Quantum-Secure AMPC With UTEC Peru
https://ift.tt/r7lWM6n
Submitted September 07, 2025 at 12:26PM by woltan_4
via reddit https://ift.tt/HNeAKsu
https://ift.tt/r7lWM6n
Submitted September 07, 2025 at 12:26PM by woltan_4
via reddit https://ift.tt/HNeAKsu
blockchainreporter
Worldcoin Advances Quantum-Secure AMPC With UTEC Peru
Worldcoin joins UTEC Peru to advance AMPC-driven quantum-secure technology to enhance privacy and academic validation for decentralized digital identity.
The Salesloft-Drift Breach: Analyzing the Biggest SaaS Breach of 2025
https://ift.tt/acf6sOH
Submitted September 07, 2025 at 12:47PM by woltan_4
via reddit https://ift.tt/T4WcHqL
https://ift.tt/acf6sOH
Submitted September 07, 2025 at 12:47PM by woltan_4
via reddit https://ift.tt/T4WcHqL
New OpenSecurityTraining2 class: "Bluetooth 2222: Bluetooth reconnaissance with Blue2thprinting" (~8 hours)
https://ost2.fyi/BT2222
Submitted September 07, 2025 at 07:32PM by OpenSecurityTraining
via reddit https://ift.tt/Ze6O9qF
https://ost2.fyi/BT2222
Submitted September 07, 2025 at 07:32PM by OpenSecurityTraining
via reddit https://ift.tt/Ze6O9qF
p.ost2.fyi
Bluetooth 2222: Bluetooth reconnaissance with Blue2thprinting
This class teaches Bluetooth reconnaissance & device identification using the Blue2thprinting software.