ÆPIC Leak - Architecturally Leaking Uninitialized Data from the Microarchitecture

https://aepicleak.com

P.S. Thx for the news dear subscriber ✌️

Attacking and Remediating Excessive Network Share Permissions in Active Directory Environments

…how to quickly inventory, exploit, and remediate network shares configured with excessive permissions at scale in Active Directory environments…:

https://www.netspi.com/blog/technical/network-penetration-testing/network-share-permissions-powerhuntshares/

OverSight

Mac malware often spies on users by recording audio and video sessions...sometimes in an undetected manner.

OverSight monitors a mac's mic and webcam, alerting the user when the internal mic is activated, or whenever a process accesses the webcam.

https://objective-see.org/products/oversight.html

#tool

Researching Xiaomi’s TEE to get to Chinese money

technical analysys

https://research.checkpoint.com/2022/researching-xiaomis-tee/

Fixing Memory Exhaustion Bugs in My Golang Web App

https://mtlynch.io/notes/picoshare-perf/

Hacking Zyxel IP cameras to gain a root shell

TLDR - Do not buy, do not use, and remove all of these devices from service immediately (IPC-3605N and the model IPC-4605N). They are so miserably insecure it took me less than a day of effort to develop a utility to remotely compromise any of them. Keep reading if you want to know how… (from Author)

Technical analysis:

http://www.hydrogen18.com/blog/hacking-zyxel-ip-cameras-pt-1.html

Open SysConf 2022 Уже в Октябре!
 
Привет, мы готовим новую - четвертую ежегодную встречу Open SysConf'22.

Уже точно есть:
— Три доклада
— Собрано половина бюджета
— Место, дата и время встречи
- Обновленный сайт sysconf.io

Обычно у большинства людей обстоятельства складываются таким образом, что вечно что-то мешает заняться спортом, сделать доклад, поучаствовать в конфе, мешают обычно работа, откладывание за завтра и тп и тд...

Собраться, поделиться знаниями, найти время для себя - это то, что нужно действительно сделать здесь и сейчас (и в Октябре)! Расправь плечи дорогой друг, подними голову и ступай смело вперед:

- https://sysconf.io
- 14 Октября, с 11:00 до 20:00, Алматы.

Зал большой, места хватит всем! Все нужные ссылки, ты найдешь на сайте. Peace ✌️.
 

Pwning Popular Desktop apps while uncovering new attack surface on Electron

https://i.blackhat.com/USA-22/Thursday/US-22-Purani-ElectroVolt-Pwning-Popular-Desktop-Apps.pdf

ebpf-process-anomaly-detection

Process behaviour anomaly detection using eBPF system call tracing and unsupervised learning Autoencoders.

https://github.com/evilsocket/ebpf-process-anomaly-detection

Envoy

Open Source Edge And Service Proxy, Designed For Cloud-native Applications

https://www.envoyproxy.io/

#tool

Online Security Certification Roadmap

https://pauljerimy.com/security-certification-roadmap/

Frontend Tracks on JetBrains Academy: Learn HTML, CSS, and JavaScript

you can entoll fre plan for self learning:

https://blog.jetbrains.com/education/2022/08/17/frontend-tracks-on-jetbrains-academy-learn-html-css-and-javanoscript/

Open BLD DNS Updating News (August’22): New BLD release, New tools and more
 
- 100% migration to KeyDB from Redis
- Automated upgrading target distros according Open BLD DNS roles (BLD infra has several BLD servers roles)
- Added Open API IP location reflector (see link below) on the S-A Lab site
- Ansible roles optimized with common variables
- BLD Server update server can merge downloaded lists without comments (plain lists)
- UptimeRobot helped to Open BLD, now you can review status page: bld-status.sys-adm.in

Note: UptimeRobot supported Open BLD DNS Project. I’m using UptimeRobot more than 10 years, it is a very useful and stable uptime monitirung servise, details

Tools:
• install-redis.sh
• install-keydb.sh
• redis-to-keydb.sh
• lib.sh
• monit2telegram.sh - local IP detection fuctionallity added to this fork
• ip reflector
• bld server

Deprecation notice:
• ⚠️ 8443 port will be disabled in the next release. Please switch your DoH to 443

Open BLD DNS Site:
• EN - https://lab.sys-adm.in/en
• RU - https://lab.sys-adm.in/ru

Sysmon 14.0 — FileBlockExecutable

https://medium.com/@olafhartong/sysmon-14-0-fileblockexecutable-13d7ba3dff3e

Systemd is the mother of all processes, responsible for bringing the Linux host up to a state where productive work can be done…

Systemd architecture: https://opensource.com/article/20/4/systemd

Когда тебе будет пизда, сделай так чтобы тебе не было больно за бесцельно прожитые годы.

When you get a death, make it so that you don't get hurt for the years spent aimlessly.

TAURI - Allow create deskot app like as Electron

Build an optimized, secure, and frontend-independent application for multi-platform deploymen.

Rust underhood:

https://tauri.app/