Exploit development for IBM i - turning blind AS/400 command execution into a proper shell
https://ift.tt/B21GqKj
Submitted September 04, 2025 at 05:14PM by dn3t
via reddit https://ift.tt/uH2sCdk
https://ift.tt/B21GqKj
Submitted September 04, 2025 at 05:14PM by dn3t
via reddit https://ift.tt/uH2sCdk
Silent Signal Techblog
Exploit development for IBM i
Because we can!
BYOVD: Leveraging Raw Disk Reads to Bypass EDR
https://ift.tt/kJo123w
Submitted September 04, 2025 at 09:48PM by Dr_Mantis_Tobbogon
via reddit https://ift.tt/1xjK42J
https://ift.tt/kJo123w
Submitted September 04, 2025 at 09:48PM by Dr_Mantis_Tobbogon
via reddit https://ift.tt/1xjK42J
Medium
Leveraging Raw Disk Reads to Bypass EDR
Drivers are a common part of every Windows environment, and many of them provide low-level functionality. This blog details how to connect…
CVE-2025-53149: Heap-based buffer overflow in Windows Kernel Streaming
https://ift.tt/t7VdsEo
Submitted September 04, 2025 at 09:51PM by Void_Sec
via reddit https://ift.tt/uBAoaVt
https://ift.tt/t7VdsEo
Submitted September 04, 2025 at 09:51PM by Void_Sec
via reddit https://ift.tt/uBAoaVt
Crowdfense
Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver - CVE-2025-53149 - Crowdfense
Technical deep-dive into CVE-2025-53149, a heap-based buffer overflow in the Windows Kernel Streaming WOW Thunk Service driver (ksthunk.sys).
Subverting code integrity checks to locally backdoor Signal, 1Password, Slack, and more
https://ift.tt/Q0W8uqf
Submitted September 04, 2025 at 11:23PM by ChemicalImaginary319
via reddit https://ift.tt/fFMCo7G
https://ift.tt/Q0W8uqf
Submitted September 04, 2025 at 11:23PM by ChemicalImaginary319
via reddit https://ift.tt/fFMCo7G
The Trail of Bits Blog
Subverting code integrity checks to locally backdoor Signal, 1Password, Slack, and more
A vulnerability in Electron applications allows attackers to bypass code integrity checks by tampering with V8 heap snapshot files, enabling local backdoors in applications like Signal, 1Password, and Slack.
My Favorite Exclusive-Or
https://ift.tt/ILy42Hh
Submitted September 05, 2025 at 01:14AM by sqli
via reddit https://ift.tt/24Q6gaZ
https://ift.tt/ILy42Hh
Submitted September 05, 2025 at 01:14AM by sqli
via reddit https://ift.tt/24Q6gaZ
Awfulsec
Awful Security Engineering
Manipulating India’s Stock Market: The GST Portal Data Leak
https://ift.tt/PZoply0
Submitted September 05, 2025 at 04:15AM by LuD1161
via reddit https://ift.tt/q6UXZfd
https://ift.tt/PZoply0
Submitted September 05, 2025 at 04:15AM by LuD1161
via reddit https://ift.tt/q6UXZfd
Medium
Manipulating India’s Stock Market: The GST Portal Data Leak
Imagine if you could peek into the books of India’s biggest companies — before quarterly earnings were announced. By simply looking at…
MeetC2: Covert C2 framework
https://ift.tt/WlKnkO5
Submitted September 05, 2025 at 08:16AM by shantanu14g
via reddit https://ift.tt/YSEqfGk
https://ift.tt/WlKnkO5
Submitted September 05, 2025 at 08:16AM by shantanu14g
via reddit https://ift.tt/YSEqfGk
Medium
MeetC2 a.k.a Meeting C2
Background: Modern adversaries increasingly hide command-and-control (C2) traffic inside cloud services. We built this proof of concept…
Intercepting Thick Client TCP and TLS Traffic
https://ift.tt/UQGXVb3
Submitted September 05, 2025 at 07:09PM by Ano_F
via reddit https://ift.tt/Lr7vmNC
https://ift.tt/UQGXVb3
Submitted September 05, 2025 at 07:09PM by Ano_F
via reddit https://ift.tt/Lr7vmNC
Medium
Intercepting Thick Client TCP and TLS Traffic
Intercepting and analysing the traffic is one of the important parts of the pentest, whether it’s a mobile, web or desktop application. On…
TLS NoVerify: Bypass All The Things
https://f0rw4rd.github.io/posts/tls-noverify-bypass-all-the-things/
Submitted September 05, 2025 at 11:21PM by _f0rw4rd_
via reddit https://ift.tt/M9X6Aez
https://f0rw4rd.github.io/posts/tls-noverify-bypass-all-the-things/
Submitted September 05, 2025 at 11:21PM by _f0rw4rd_
via reddit https://ift.tt/M9X6Aez
f0rw4rd
TLS NoVerify: Bypass All The Things
Learn how to bypass TLS certificate validation on Linux using LD_PRELOAD for security research and debugging of embedded systems and native applications
The GhostAction Campaign: 3,325 Secrets Stolen Through Compromised GitHub Workflows
https://ift.tt/yEU9Zzq
Submitted September 06, 2025 at 12:19AM by mabote
via reddit https://ift.tt/8lBpFLz
https://ift.tt/yEU9Zzq
Submitted September 06, 2025 at 12:19AM by mabote
via reddit https://ift.tt/8lBpFLz
GitGuardian Blog - Take Control of Your Secrets Security
The GhostAction Campaign: 3,325 Secrets Stolen Through Compromised GitHub Workflows
On September 5, 2025, GitGuardian discovered GhostAction, a massive supply chain attack affecting 327 GitHub users across 817 repositories. Attackers injected malicious workflows that exfiltrated 3,325 secrets, including PyPI, npm, and DockerHub tokens via…
Stealthy Persistence With Non-Existent Executable File
https://ift.tt/ecF5YlQ
Submitted September 06, 2025 at 12:30PM by Cold-Dinosaur
via reddit https://ift.tt/dZYy8v7
https://ift.tt/ecF5YlQ
Submitted September 06, 2025 at 12:30PM by Cold-Dinosaur
via reddit https://ift.tt/dZYy8v7
Zerosalarium
Stealthy Persistence With Non-Existent Executable File
Exploiting the mechanism that automatically searches for additional executable files when Windows detects that the requested file does not exist
High boy gadget for hackers
https://highboy.com.br/
Submitted September 06, 2025 at 07:42PM by NeighborhoodOdd1886
via reddit https://ift.tt/mX9kxWl
https://highboy.com.br/
Submitted September 06, 2025 at 07:42PM by NeighborhoodOdd1886
via reddit https://ift.tt/mX9kxWl
High Boy
High Boy - Advanced Hardware Hacking Tool
The ultimate device for pentesters and security enthusiasts. RF, NFC, BLE, and IoT analysis in one platform.
From Theory to Practice: How Small Language Models Are Revolutionizing Human Risk Psychology
https://ift.tt/P1frvWa
Submitted September 07, 2025 at 04:22AM by kaolay
via reddit https://ift.tt/6eBZuAN
https://ift.tt/P1frvWa
Submitted September 07, 2025 at 04:22AM by kaolay
via reddit https://ift.tt/6eBZuAN
Medium
From Theory to Practice: How Small Language Models Are Revolutionizing Cybersecurity Psychology
The human element continues to be cybersecurity’s weakest link. Despite organizations spending over $150 billion annually on security…
Worldcoin Advances Quantum-Secure AMPC With UTEC Peru
https://ift.tt/r7lWM6n
Submitted September 07, 2025 at 12:26PM by woltan_4
via reddit https://ift.tt/HNeAKsu
https://ift.tt/r7lWM6n
Submitted September 07, 2025 at 12:26PM by woltan_4
via reddit https://ift.tt/HNeAKsu
blockchainreporter
Worldcoin Advances Quantum-Secure AMPC With UTEC Peru
Worldcoin joins UTEC Peru to advance AMPC-driven quantum-secure technology to enhance privacy and academic validation for decentralized digital identity.
The Salesloft-Drift Breach: Analyzing the Biggest SaaS Breach of 2025
https://ift.tt/acf6sOH
Submitted September 07, 2025 at 12:47PM by woltan_4
via reddit https://ift.tt/T4WcHqL
https://ift.tt/acf6sOH
Submitted September 07, 2025 at 12:47PM by woltan_4
via reddit https://ift.tt/T4WcHqL
New OpenSecurityTraining2 class: "Bluetooth 2222: Bluetooth reconnaissance with Blue2thprinting" (~8 hours)
https://ost2.fyi/BT2222
Submitted September 07, 2025 at 07:32PM by OpenSecurityTraining
via reddit https://ift.tt/Ze6O9qF
https://ost2.fyi/BT2222
Submitted September 07, 2025 at 07:32PM by OpenSecurityTraining
via reddit https://ift.tt/Ze6O9qF
p.ost2.fyi
Bluetooth 2222: Bluetooth reconnaissance with Blue2thprinting
This class teaches Bluetooth reconnaissance & device identification using the Blue2thprinting software.
New iOS/macOS Critical DNG Image Processing Memory Corruption Exploitation Tutorial
https://ift.tt/Mr6iOa0
Submitted September 08, 2025 at 02:13AM by pwnguide
via reddit https://ift.tt/KEi1C3X
https://ift.tt/Mr6iOa0
Submitted September 08, 2025 at 02:13AM by pwnguide
via reddit https://ift.tt/KEi1C3X
killerPID-BOF
https://ift.tt/41EavSB
Submitted September 08, 2025 at 07:29AM by clod81
via reddit https://ift.tt/LEW7A0K
https://ift.tt/41EavSB
Submitted September 08, 2025 at 07:29AM by clod81
via reddit https://ift.tt/LEW7A0K
Tier Zero Security
Information Security Services. Offensive Security, Penetration Testing, Mobile and Application, Purple Team, Red Team
Using AI Agents for Code Auditing: Full Walkthrough on Finding Security Bugs in a Rust REST Server with Hound
https://ift.tt/AIP5FNJ
Submitted September 08, 2025 at 08:28AM by Rude_Ad3947
via reddit https://ift.tt/GFB1a60
https://ift.tt/AIP5FNJ
Submitted September 08, 2025 at 08:28AM by Rude_Ad3947
via reddit https://ift.tt/GFB1a60
Medium
Hunting for Security Bugs in Code with AI Agents: A Full Walkthrough
In my previous article, I introduced Hound, an open-source code auditing tool that models the cognitive and organizational processes of…
GitHub Actions: A Cloudy Day for Security - Part 1
https://ift.tt/f9GQtSN
Submitted September 08, 2025 at 12:10PM by BinarySecurity
via reddit https://ift.tt/sAEUhHJ
https://ift.tt/f9GQtSN
Submitted September 08, 2025 at 12:10PM by BinarySecurity
via reddit https://ift.tt/sAEUhHJ
Binary Security AS
GitHub Actions: A Cloudy Day for Security - Part 1
Binary Security spend a lot of time testing and securing CI/CD setups, especially GitHub Actions. In this two-part series we cover some of the many security considerations when using GitHub Actions, with a focus on securing your CI/CD pipeline against adversaries…
Windows Defender's vulnerability: Break The Protective Shell Of Windows Defender With The Folder Redirect Technique
https://ift.tt/6JroCz7
Submitted September 08, 2025 at 07:17PM by Cold-Dinosaur
via reddit https://ift.tt/nc4KqjN
https://ift.tt/6JroCz7
Submitted September 08, 2025 at 07:17PM by Cold-Dinosaur
via reddit https://ift.tt/nc4KqjN
Zerosalarium
Break The Protective Shell Of Windows Defender With The Folder Redirect Technique
Exploiting vulnerability in the update mechanism of Windows Defender by using a symbolic link folder. Destroying or injecting code into Defender