Hermit: Deterministic Linux for Controlled Testing and Software Bug-finding
https://developers.facebook.com/blog/post/2022/11/22/hermit-deterministic-linux-testing/
https://developers.facebook.com/blog/post/2022/11/22/hermit-deterministic-linux-testing/
Meta for Developers
Hermit: Deterministic Linux for Controlled Testing and Software Bug-finding
Facebook For Developers
CVE-2021-40662 Chamilo LMS 1.11.14 RCE
This article is about my third CVE that I got for finding a Remote Code Execution in a popular Learning Management Software named “Chamilo LMS”.
https://hacklido.com/d/90-cve-2021-40662-chamilo-lms-11114-rce
This article is about my third CVE that I got for finding a Remote Code Execution in a popular Learning Management Software named “Chamilo LMS”.
https://hacklido.com/d/90-cve-2021-40662-chamilo-lms-11114-rce
HACKLIDO
CVE-2021-40662 Chamilo LMS 1.11.14 RCE
This is Febin, a Security Researcher. This article is about my third CVE that I got for finding a Remote Code Execution in a popular Learning Management...
teamcity_whitepaper_cloud_cost.pdf
468.4 KB
15 Ways to Optimize Your Cloud CI/CD Costs
Python 3.11: New Features That You Will Truly Enjoy
https://towardsdatascience.com/python-3-11-new-features-that-you-will-truly-enjoy-9fd67882fdf
https://towardsdatascience.com/python-3-11-new-features-that-you-will-truly-enjoy-9fd67882fdf
poc_sec_experts_attacked.pdf
978 KB
How security professionals are being attacked: A study of malicious CVE proof of
concept exploits in GitHub
concept exploits in GitHub
heap_detective
This tool uses the taint analysis technique for static analysis and aims to identify points of heap memory usage vulnerabilities in C and C++ languages. The tool uses a common approach in the first phase of static analysis, using tokenization to collect information.
https://github.com/CoolerVoid/heap_detective
This tool uses the taint analysis technique for static analysis and aims to identify points of heap memory usage vulnerabilities in C and C++ languages. The tool uses a common approach in the first phase of static analysis, using tokenization to collect information.
https://github.com/CoolerVoid/heap_detective
Spotify’s Launched Vulnerability Management Platform
Just for information, in the article I didn’t find links to Kitsune:
https://engineering.atspotify.com/2022/11/spotifys-vulnerability-management-platform/
Just for information, in the article I didn’t find links to Kitsune:
https://engineering.atspotify.com/2022/11/spotifys-vulnerability-management-platform/
Spotify Engineering
Spotify’s Vulnerability Management Platform
Spotify’s Vulnerability Management Platform - Spotify Engineering
Google Chrome High CVE-2022-4135: Heap buffer overflow in GPU
https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html
https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html
Chrome Releases
Stable Channel Update for Desktop
The Stable channel has been updated to 107.0.5304.121 for Mac and Linux and 107.0.5304.121/.122 for Windows , which will roll out over the...
Preparing for DoS (Denial of Service) attacks_V2.pdf
148.4 KB
Denial of service (DoS) Preparing for DoS attacks
5 simple illustrated steps from ncsc (2020)
5 simple illustrated steps from ncsc (2020)
Hijacking service workers via DOM Clobbering
https://portswigger.net/research/hijacking-service-workers-via-dom-clobbering
https://portswigger.net/research/hijacking-service-workers-via-dom-clobbering
PortSwigger Research
Hijacking service workers via DOM Clobbering
In this post, we'll briefly review how service worker hijacking works, then introduce a variant that can be triggered via DOM clobbering thanks to a quirk in document.getElementById(). Understanding s
Fibratus - A modern tool for Windows kernel exploration and observability with a focus on security
— https://github.com/rabbitstack/fibratus
— https://github.com/rabbitstack/fibratus
GitHub
GitHub - rabbitstack/fibratus: Adversary tradecraft detection, protection, and hunting
Adversary tradecraft detection, protection, and hunting - GitHub - rabbitstack/fibratus: Adversary tradecraft detection, protection, and hunting
RE2 Regex Testing in Google Docs
I recently found out about RE2 - fast regular expression library, but where can I testing this? And boom - google docs allowing testing regex with
I recently found out about RE2 - fast regular expression library, but where can I testing this? And boom - google docs allowing testing regex with
REGEXMATCH fuction.Memory Safe Languages in Android 13
https://security.googleblog.com/2022/12/memory-safe-languages-in-android-13.html
https://security.googleblog.com/2022/12/memory-safe-languages-in-android-13.html
Google Online Security Blog
Memory Safe Languages in Android 13
Posted by Jeffrey Vander Stoep For more than a decade, memory safety vulnerabilities have consistently represented more than 65% of vulne...
Coercer
A python noscript to automatically coerce a Windows server to authenticate on an arbitrary machine through 9 methods.
https://github.com/p0dalirius/Coercer
A python noscript to automatically coerce a Windows server to authenticate on an arbitrary machine through 9 methods.
https://github.com/p0dalirius/Coercer
GitHub
GitHub - p0dalirius/Coercer: A python noscript to automatically coerce a Windows server to authenticate on an arbitrary machine through…
A python noscript to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods. - p0dalirius/Coercer