Diffrent Cloud Providers IPRanges Lists
List all IP ranges from: Google (Cloud & GoogleBot), Bing (Bingbot), Amazon (AWS), Microsoft (Azure), Oracle (Cloud), DigitalOcean, GitHub, Facebook (Meta), Twitter and Linode with daily updates:
— https://github.com/lord-alfred/ipranges
List all IP ranges from: Google (Cloud & GoogleBot), Bing (Bingbot), Amazon (AWS), Microsoft (Azure), Oracle (Cloud), DigitalOcean, GitHub, Facebook (Meta), Twitter and Linode with daily updates:
— https://github.com/lord-alfred/ipranges
GitHub
GitHub - lord-alfred/ipranges: 🔨 List all IP ranges from: Google (Cloud & GoogleBot), Bing (Bingbot), Amazon (AWS), Microsoft,…
🔨 List all IP ranges from: Google (Cloud & GoogleBot), Bing (Bingbot), Amazon (AWS), Microsoft, Oracle (Cloud), GitHub, Facebook (Meta), OpenAI (GPTBot) and other with daily updates. - lord...
/ After scanned every package on PyPi and found 57 live AWS keys
from organisations like:
- Amazon themselves
- Intel
- Stanford, Portland and Louisiana University
- The Australian Government
- ...
https://tomforb.es/i-scanned-every-package-on-pypi-and-found-57-live-aws-keys/
from organisations like:
- Amazon themselves
- Intel
- Stanford, Portland and Louisiana University
- The Australian Government
- ...
https://tomforb.es/i-scanned-every-package-on-pypi-and-found-57-live-aws-keys/
Setting up your bug bounty noscripts with Python and Bash — The subdomain monitoring bot
https://www.codelivly.com/setting-up-your-bug-bounty-noscripts-with-python-and-bash/
https://www.codelivly.com/setting-up-your-bug-bounty-noscripts-with-python-and-bash/
Codelivly
Setting up your bug bounty noscripts with Python and Bash — The subdomain monitoring bot - Codelivly
Bug bounty programs have become increasingly popular in recent years, with companies offering rewards to hackers and security researchers who can find vulnerabilities in their systems. While there are many tools available to help with bug hunting, writing…
Forwarded from Sys-Admin InfoSec
/ Can You Trust Your VSCode Extensions?
https://blog.aquasec.com/can-you-trust-your-vscode-extensions
https://blog.aquasec.com/can-you-trust-your-vscode-extensions
Aqua
Can You Trust Your VSCode Extensions?
Aqua Nautilus breaks down how VSCode extensions can easily be impersonated by attackers who hide malicious code through tactics like typosquatting
Disclosing a New Vulnerability in JWT Secret Poisoning (CVE-2022-23529)
— https://unit42.paloaltonetworks.com/jsonwebtoken-vulnerability-cve-2022-23529/
— https://unit42.paloaltonetworks.com/jsonwebtoken-vulnerability-cve-2022-23529/
Unit 42
Security Issue in JWT Secret Poisoning (Updated)
We discovered a new high-severity vulnerability (CVE-2022-23529) in the popular JsonWebToken open source project.
Как выполнить единожды Linux logon скрипт
https://sys-adm.in/systadm/999-kak-vypolnit-edinozhdy-linux-logon-skript.html
https://sys-adm.in/systadm/999-kak-vypolnit-edinozhdy-linux-logon-skript.html
sys-adm.in
Как выполнить единожды Linux logon скрипт - Для сисадминов и не только
Sys-Adm.in - Сайт для сисадминов и не только. Здесь собраны различные материалы основанные на личной практике. Блог Евгения Гончарова.
Threema-PST22.pdf
413.9 KB
Three Lessons From Threema: Analysis of a Secure Messenger
On the Security Vulnerabilities of Text-to-SQL Models
attack with AI
https://arxiv.org/pdf/2211.15363.pdf
attack with AI
https://arxiv.org/pdf/2211.15363.pdf
1300+ domains are hosting a webpage that impersonates the official AnyDesk website (added to Open BLD)
— https://www.bleepingcomputer.com/news/security/over-1-300-fake-anydesk-sites-push-vidar-info-stealing-malware/
— https://www.bleepingcomputer.com/news/security/over-1-300-fake-anydesk-sites-push-vidar-info-stealing-malware/
lab.sys-adm.in
Sys-Admin Laboratory
Open Sys-Admin BLD DNS - Focus on information for free with adblocking and implicit cybersecurity threat prevention.
Bitdefender-PR-Whitepaper-EyeSpyVPN-creat625-en-EN.pdf
8.6 MB
EyeSpy - Spyware Delivered in VPN Installers
https://www.bitdefender.com/blog/labs/eyespy-iranian-spyware-delivered-in-vpn-installers/
https://www.bitdefender.com/blog/labs/eyespy-iranian-spyware-delivered-in-vpn-installers/
Detect-ad-ml-algorithm.pdf
398.8 KB
Detecting Adversarial Advertisements in the Wild
MSI's (in)Secure Boot
I decided to setup Secure Boot on my new desktop with a help of sbctl. Unfortunately I have found that my firmware was… accepting every OS image I gave it, no matter if it was trusted or not...
bypass seBoot on msi:
https://dawidpotocki.com/en/2023/01/13/msi-insecure-boot/
I decided to setup Secure Boot on my new desktop with a help of sbctl. Unfortunately I have found that my firmware was… accepting every OS image I gave it, no matter if it was trusted or not...
bypass seBoot on msi:
https://dawidpotocki.com/en/2023/01/13/msi-insecure-boot/
Abusing a GitHub Codespaces Feature For Malware Delivery
https://www.trendmicro.com/en_us/research/23/a/abusing-github-codespaces-for-malware-delivery.html
https://www.trendmicro.com/en_us/research/23/a/abusing-github-codespaces-for-malware-delivery.html
Trend Micro
Abusing a GitHub Codespaces Feature For Malware Delivery
Proof of Concept (POC): We investigate one of the GitHub Codespaces’ real-time code development and collaboration features that attackers can abuse for cloud-based trusted malware delivery. Once exploited, malicious actors can abuse legitimate GitHub accounts…
How Orca Found Server-Side Request Forgery (SSRF) Vulnerabilities in Four Different Azure Services
https://orca.security/resources/blog/ssrf-vulnerabilities-in-four-azure-services/
https://orca.security/resources/blog/ssrf-vulnerabilities-in-four-azure-services/
Orca Security
How Orca Found Server-Side Request Forgery (SSRF) Vulnerabilities in Four Different Azure Services
In this blog, we will describe how we found 4 different SSRF vulnerabilities and were able to take advantage of these flaws in some of the Azure Services.
How to develop game on free gobot engine from scratch tutorial
https://m.youtube.com/watch?v=iDEcP8Mc-7s&list=PLS9MbmO_ssyDk79j9ewONxV88fD5e_o5d
#game #develop
https://m.youtube.com/watch?v=iDEcP8Mc-7s&list=PLS9MbmO_ssyDk79j9ewONxV88fD5e_o5d
#game #develop
YouTube
Godot 3 Tutorial Series -- Introduction
Godot 3 is finally here and of course it's time for GameFromScratch to update our tutorial series to the latest and greatest version of Godot. We are going to be covering all aspects of Godot development. 2D, 3D, Physics, Importing, Exporting, C#, VisualScript…
Sudoedit allowing a local attacker to append arbitrary entries to the list of files to process
https://ubuntu.com/security/CVE-2023-22809
P.S. thx for the link @clevergod : ✌️
https://ubuntu.com/security/CVE-2023-22809
P.S. thx for the link @clevergod : ✌️
Ubuntu
CVE-2023-22809 | Ubuntu
Ubuntu is an open source software operating system that runs from the desktop, to the cloud, to all your internet connected things.
Malware development: persistence - part 21. Recycle Bin, My Documents COM extension handler. Simple C++ example.
— https://cocomelonc.github.io/persistence/2023/01/19/malware-pers-21.html
— https://cocomelonc.github.io/persistence/2023/01/19/malware-pers-21.html
cocomelonc
Malware development: persistence - part 21. Recycle Bin, My Documents COM extension handler. Simple C++ example.
﷽