poc_sec_experts_attacked.pdf
978 KB
How security professionals are being attacked: A study of malicious CVE proof of
concept exploits in GitHub
concept exploits in GitHub
heap_detective
This tool uses the taint analysis technique for static analysis and aims to identify points of heap memory usage vulnerabilities in C and C++ languages. The tool uses a common approach in the first phase of static analysis, using tokenization to collect information.
https://github.com/CoolerVoid/heap_detective
This tool uses the taint analysis technique for static analysis and aims to identify points of heap memory usage vulnerabilities in C and C++ languages. The tool uses a common approach in the first phase of static analysis, using tokenization to collect information.
https://github.com/CoolerVoid/heap_detective
Spotify’s Launched Vulnerability Management Platform
Just for information, in the article I didn’t find links to Kitsune:
https://engineering.atspotify.com/2022/11/spotifys-vulnerability-management-platform/
Just for information, in the article I didn’t find links to Kitsune:
https://engineering.atspotify.com/2022/11/spotifys-vulnerability-management-platform/
Spotify Engineering
Spotify’s Vulnerability Management Platform
Spotify’s Vulnerability Management Platform - Spotify Engineering
Google Chrome High CVE-2022-4135: Heap buffer overflow in GPU
https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html
https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html
Chrome Releases
Stable Channel Update for Desktop
The Stable channel has been updated to 107.0.5304.121 for Mac and Linux and 107.0.5304.121/.122 for Windows , which will roll out over the...
Preparing for DoS (Denial of Service) attacks_V2.pdf
148.4 KB
Denial of service (DoS) Preparing for DoS attacks
5 simple illustrated steps from ncsc (2020)
5 simple illustrated steps from ncsc (2020)
Hijacking service workers via DOM Clobbering
https://portswigger.net/research/hijacking-service-workers-via-dom-clobbering
https://portswigger.net/research/hijacking-service-workers-via-dom-clobbering
PortSwigger Research
Hijacking service workers via DOM Clobbering
In this post, we'll briefly review how service worker hijacking works, then introduce a variant that can be triggered via DOM clobbering thanks to a quirk in document.getElementById(). Understanding s
Fibratus - A modern tool for Windows kernel exploration and observability with a focus on security
— https://github.com/rabbitstack/fibratus
— https://github.com/rabbitstack/fibratus
GitHub
GitHub - rabbitstack/fibratus: Adversary tradecraft detection, protection, and hunting
Adversary tradecraft detection, protection, and hunting - GitHub - rabbitstack/fibratus: Adversary tradecraft detection, protection, and hunting
RE2 Regex Testing in Google Docs
I recently found out about RE2 - fast regular expression library, but where can I testing this? And boom - google docs allowing testing regex with
I recently found out about RE2 - fast regular expression library, but where can I testing this? And boom - google docs allowing testing regex with
REGEXMATCH fuction.Memory Safe Languages in Android 13
https://security.googleblog.com/2022/12/memory-safe-languages-in-android-13.html
https://security.googleblog.com/2022/12/memory-safe-languages-in-android-13.html
Google Online Security Blog
Memory Safe Languages in Android 13
Posted by Jeffrey Vander Stoep For more than a decade, memory safety vulnerabilities have consistently represented more than 65% of vulne...
Coercer
A python noscript to automatically coerce a Windows server to authenticate on an arbitrary machine through 9 methods.
https://github.com/p0dalirius/Coercer
A python noscript to automatically coerce a Windows server to authenticate on an arbitrary machine through 9 methods.
https://github.com/p0dalirius/Coercer
GitHub
GitHub - p0dalirius/Coercer: A python noscript to automatically coerce a Windows server to authenticate on an arbitrary machine through…
A python noscript to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods. - p0dalirius/Coercer
PhpStorm 2022.3: PHP 8.2, New UI (Beta), Code Vision, Redis Support, Quick-Fixes Preview, and More
https://blog.jetbrains.com/phpstorm/2022/12/phpstorm-2022-3-whats-new/
https://blog.jetbrains.com/phpstorm/2022/12/phpstorm-2022-3-whats-new/
The JetBrains Blog
PhpStorm 2022.3: PHP 8.2, New UI (Beta), Code Vision, Redis Support, Quick-Fixes Preview, and More | The PhpStorm Blog
PhpStorm 2022.3 is now available! This major update brings a preview of the new UI, complete PHP 8.2 support, Redis support in database tools, Code Vision for PHP, quick-fix preview, Xdebug config
Re-using Ansible artifacts
https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_reuse.html#playbooks-reuse
https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_reuse.html#playbooks-reuse