TeamTNT Reemerged with New Aggressive Cloud Campaign https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign
Aqua
TeamTNT Reemerged with New Aggressive Cloud Campaign
The botnet run by TeamTNT has set its sights on Docker and Kubernetes environments, Redis servers, Postgres databases, Hadoop clusters, Tomcat and others.
A Deep Dive into Penetration Testing of macOS Applications (Part 1) https://www.cyberark.com/resources/all-blog-posts/a-deep-dive-into-penetration-testing-of-macos-applications-part-1
Cyberark
A Deep Dive into Penetration Testing of macOS Applications (Part 1)
Introduction As many of us know, there are a lot of guides and information on penetration testing applications on Windows and Linux. Unfortunately, a step-by-step guide doesn’t exist in the macOS...
Introducing jswzl: In-depth JavaScript analysis for web security testers https://www.jswzl.io/post/introducing-jswzl-in-depth-js-analysis-for-web-security-testers
www.jswzl.io
Introducing jswzl: In-depth JavaScript analysis for web security testers · jswzl
For the last year, I’ve been working hard on creating what I believe to be the next stage in the evolution of tooling for penetration testers, web application security testers, security analysts, and security engineers—in short, anyone who spends time testing…
👍3
Beyond the Marketing: Assessing Anti-Bot Platforms through a Hacker's Lens https://blog.umasi.dev/antibots-1
🔥1
CVE-2023-38408: Remote Code Execution in OpenSSH's forwarded ssh-agent https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt
Windows kernel driver static reverse using IDA and GHIDRA https://v1k1ngfr.github.io/winkernel-reverse-ida-ghidra/
vegvisir
Windows kernel driver static reverse using IDA and GHIDRA
Some notes for Windows drivers reversing with IDA and GHIDRA
Comprehensive analysis of initial attack samples exploiting CVE-2023-23397 vulnerability https://securelist.com/analysis-of-attack-samples-exploiting-cve-2023-23397/110202/
Securelist
Comprehensive analysis of initial attack samples exploiting CVE-2023-23397 vulnerability
We will highlight the key points and then focus on the initial use of the CVE-2023-23397 vulnerability by attackers before it became public.
The Unexpected “0” Master ID for Account Data Manipulation https://infosecwriteups.com/the-unexpected-0-master-id-for-account-data-manipulation-1cb69112de38
Medium
The Unexpected “0” Master ID for Account Data Manipulation
A simple story when Allah allowed me to successfully achieve P1 through a broken access control issue using an unexpected master ID of “0”.
The Death of Infosec Twitter https://www.cyentia.com/the-death-of-infosec-twitter/
Cyentia Institute | Data-Driven Cybersecurity Research
The Death of Infosec Twitter | Cyentia Institute
"Infosec Twitter," a vibrant community of security practitioners, known for its insight, inspiration, and entertainment, is coming to an end.
Okta’s Trusted Origins: A Continued Cacophony of Security Issues https://medium.com/@chaim_sanders/oktas-trusted-origins-a-continued-cacophony-of-security-issues-f4a1bf1c1898
Medium
Okta’s Trusted Origins: A Continued Cacophony of Security Issues
Every week, almost without fail, I come across one thing that confuses, entertains, or most commonly infuriates me. I’ve decided to keep a…
Analysis of CVE-2023-3519 in Citrix ADC and NetScaler Gateway https://blog.assetnote.io/2023/07/21/citrix-CVE-2023-3519-analysis/
Cobalt Strike and Outflank Security Tooling: Friends in Evasive Places https://www.cobaltstrike.com/blog/cobalt-strike-and-outflank-friends-evasive-places
Cobalt Strike
Cobalt Strike and Outflank Security Tooling: Friends in Evasive Places
This blog provides an update of the technical strategy of Cobalt Strike and Outflank's OST individually before giving a glimpse into the future of the two combined.
Exploring Android Heap allocations in jemalloc 'new' https://www.synacktiv.com/publications/exploring-android-heap-allocations-in-jemalloc-new
Synacktiv
Exploring Android Heap allocations in jemalloc 'new'
Container Escape to Shadow Admin: GKE Autopilot Vulnerabilities https://unit42.paloaltonetworks.com/gke-autopilot-vulnerabilities/
Unit 42
Container Escape to Shadow Admin: GKE Autopilot Vulnerabilities
We disclosed several GKE Autopilot vulnerabilities and attack techniques to Google. The issues are now fixed – we provide a technical analysis.
Zenbleed Vulnerability Affects AMD Zen2 Processors, Sensitive Data at Risk https://securitydailyreview.com/zenbleed-vulnerability-affects-amd-zen2-processors-sensitive-data-at-risk/
Security Daily Review
Zenbleed Vulnerability Affects AMD Zen2 Processors, Sensitive Data At Risk | Security Spotlight | Security Daily Review
Google's security researcher, Tavis Ormandy, recently uncovered a critical vulnerability affecting AMD Zen2 CPUs. This flaw, tracked as CVE-2023-20593, could
Code Kept Secret for Years Reveals Its Flaw—a Backdoor https://www.wired.com/story/tetra-radio-encryption-backdoor/
WIRED
Code Kept Secret for Years Reveals Its Flaw—a Backdoor
A secret encryption cipher baked into radio systems used by critical infrastructure workers, police, and others around the world is finally seeing sunlight. Researchers say it isn’t pretty.
PE-Obfuscator: PE obfuscator with Evasion in mind https://securityonline.info/pe-obfuscator-pe-obfuscator-with-evasion-in-mind/
Cybersecurity News
PE-Obfuscator: PE obfuscator with Evasion in mind
PE obfuscator with Evasion in mind needs Admin Privilege in order to load the RTCore64 driver. Drop RTCore64 to the disk
HTB: Derailed https://0xdf.gitlab.io/2023/07/22/htb-derailed.html
0xdf hacks stuff
HTB: Derailed
Derailed starts with a Ruby on Rails web notes application. I’m able to create notes, and to flag notes for review by an admin. The general user input is relatively locked down as far as cross site noscripting, but I’ll find a buffer overflow in the webassembly…