Slándáil Research:
Feeds
Feeds
Search
Search Engine
Feed: Reddit /r/netsec/
Link
An Obscure Actions Workflow Vulnerability in Google’s Flank
[AI/ML Security] Scan and fix your LLM jailbreaks
A quick post on Chen’s algorithm
CVE-2024-2448: Authenticated Command Injection In Progress Kemp LoadMaster
“All Your Secrets Are Belong To Us” — A Delinea Secret Server AuthN/AuthZ Bypass
Palo Alto - Putting The Protecc In GlobalProtect (CVE-2024-3400) - watchTowr Labs
Telegram Arbitrary Code Execution via InstantView | TeleSec
How to Reduce the Risk of Using External AI Models in Your SDLC
Open RAN: Attacks against mobile operators from the outside in practice
Horus - A digital forensics / investigations assistance tool built with Python by me (repost with changes made from feedback)
PuTTY vulnerability vuln-p521-bias
[Article] Sniping at web applications to discover input-handling vulnerabilities
Fixing Typos and Breaching Microsoft’s Perimeter
Amplified exposure: How AWS flaws made Amplify IAM roles vulnerable to takeover | Datadog Security Labs
Invision Community Vulnerabilities Risk E-Commerce Websites
Customised CVE Notifier based on keywords
Why black-box testing should be discouraged
Ultimate guide to becoming a SOC analyst in 2024
Spectre v2 Exploit - Branch History Injection
Chromium developing device bound session tokens to combat session token theft techniques
Cloudflare Turnstile Update - Apache2 retirement · fin3ss3g0d/evilgophish@6bf9f29
Security headers audit tool
IP.Board 'nexus' Blind SQLi and AdminCP RCE
Seccomp Internals - pt.1
IBM QRadar - When The Attacker Controls Your Security Stack (CVE-2022-26377) - watchTowr Labs
DES/3DES algorithm illustrated
A Roadmap to Becoming an Ethical Hacker
Kaspersky analysis of the backdoor in XZ
Unpacking the Fuxnet Malware
The Hidden Economy of Open Source Software
CVE-2024-20670 Report - "New Outlook" NTLM Leak and File Execution
CVE 10.0 vulnerability in PAN-OS
Several vulnerabilities in LG WebOS. Chained, lead to RCE.
How a 9.8 critical security vulnerability in ZeroMQ was found (with mostly pure luck)
Vulnerability Management Goes Much Deeper Than Patching
PlasmaPup: Improve Active Directory your security posture. Perfect for admins in large environments wanting quick permission audits, and for large decentalized organizations where you'd like all your unit admins to be empowered to quickly audit their own OUs.
The DDoS Report: The complete guide to Distributed Denial of Service (DDoS) attacks for developers and operators
Twitter’s Clumsy Pivot to X.com Is a Gift to Phishers
Havoc C2 Framework – A Defensive Operator’s Guide
BatBadBut: You can't securely execute commands on Windows
Simple python wrapper around Terraform and Ansible to help manage and mature domains for pentesting engagements
The Distribution Problem: what's wrong with internal CAs (and what to do about it)
RUBYCARP: A Detailed Analysis of a Sophisticated Decade-Old Botnet Group
Telegram Users Warned of Potential Security Risk
Streamline Threat Hunting: Shortemall Automates Short URL Analysis with a Click
Command Injection and Backdoor Account in D-Link NAS Devices
League of legends stalkerware
Don't trust the cache :Exposing Web cache vulnerabilities
Galactical Bug Hunting: How we discovered new issues in CD Projekt Red’s Gaming Platform
Wifi credential dumping
Security Advisory: Systems with a SONIX Technology Webcam vulnerable to DLL hijacking attack allowing attackers to execute malicious DLL and escalate privileges
Diving Deeper into AI Package Hallucinations
unch 😗: Hides message with invisible Unicode characters
Gram - Self-hosted Threat Modeling Webapp
Showcasing Incinerator a Powerful Android Malware Reversing Tool
Kobold letters – Why HTML emails are a risk to your organization
Persistence - DLL Proxy Loading
Attacking Active Directory Certificate Service Part 2
Adventures in Stegoland - Adventures with a stego shellcode loader
/r/netsec's Q2 2024 Information Security Hiring Thread
XZ-actly What You Need (CVE 2024-3094): Detecting Exploitation with Oligo
IBIS hotel check-in terminal keypad-code leakage
NetScout - An OSINT tool I've been working on that finds domains, subdomains, directories and files based on a given URL
Xzbot: exploit demo for the xz backdoor (CVE-2024-3094)
Bypassing DOMPurify with good old XML
BGGP4: PleaseMom, QUANTUM, Rat?
How Complex Systems Fail
Last part of Lord Of The Ring0
From OneNote to RansomNote: An Ice Cold Intrusion
Fine-tuning Semgrep for Ruby Security: Pundit and SQL injection
What is Deception Technology? - Fidelis Security
xz/liblzma Backdoor: Open Source Nuke? Maybe Not That Bad!
ROP Emporium - ret2win Buffer Overflow Challenge
Hijacking Chatbots: Dangerous Methods Manipulating GPTs
oss-security - Backdoor in upstream xz/liblzma leading to ssh server compromise
Bref Security Audit - Shielder
Mind the Patch Gap: Exploiting an io_uring Vulnerability in Ubuntu - Exodus Intelligence
PyPI Suspends New User Registration In Wake of Large Typosquatting Campaign
After almost 7 years, new version of drozer was released
Introducing SharpConflux
Malicious Implant to remotely control Electronic Locks via WiFi
Crumbled Security: Unmasking the Cookie-Stealing Malware Threat
11 year old security bug in util-linux (Leak user passwords on Ubuntu)
“CVE-2024-21388”- Microsoft Edge’s Marketing API Exploited for Covert Extension Installation
ANSI Escape sequence injection in wall (util-linux)
Zero-days exploited in the wild jumped 50% in 2023, fueled by spyware vendors
Reversing a vulnerability in the Ichitaro Office Suite and Leveraging it into an FP overwrite for Silent Code Execution (RE walkthrough)
31 Round SHA256 Collision Proof of Concept
Flipping Pages: An analysis of a new Linux vulnerability in nf_tables and hardened exploitation techniques
Abusing MiniFilter Altitude to blind EDR
Releasing Substation v1.0
Preventing Cross-Service UDP Loops in QUIC
Linux kernel privesc proof of concept CVE-2024-1086, working on ubuntu and debian
ShadowRay: First Known Attack Campaign Targeting AI Workloads Exploited In The Wild
BlueDucky automates exploitation of Bluetooth pairing vulnerability that leads to 0-click code execution
Frida on Java applications and applets in 2024
Inside the shadowy global battle to tame the world’s most dangerous technology
GitHub - TracecatHQ/tracecat: 😼 The AI-native, open source alternative to Tines / Splunk SOAR.
ZenHammer: Rowhammer Attacks on AMD Zen-based Platforms
Metasploit Framework 6.4 Released
New OpenSecurityTraining2 class: "Architecture 1005: RISC-V Assembly" by Xeno Kovah (~28 hours)
Security Advisory: Remote Command Execution in Cisco Access Point WAP Products
Bootfuzz: MBR-based Fuzzer
GitHub - ZephrFish/ChunkyIngress: Chunking Text Ingress
Wi-Fi “First Aid” Kit
What are Honeypots, their Uses and how to set one up for networks
How to continue learning without any rewards.
Basic script to generate reverse shell payloads, generally most used in ctf.
Tool to quickly extract all URLs and paths from web pages.
Bluetooth vulnerability allows unauthorized user to record and play audio on Bluetooth speaker without user awareness
We need product security community
Side-Channel Attack on Apple M1 Chip Prefetcher (GoFetch)
Fake-SMS: A Malware Hunting Story
Unsaflok: Master Keys for dormakaba Saflok Hotel Locks
OpenBSD RCE to be released at t2.fi
CVE-2023-48788: Fortinet FortiClientEMS SQL Injection Deep Dive and IOCs
GitHub - riza/indextree: Generates the tree of the directory listing page.
One Line Backdoors in Classic ASP, Flask, Node.js, and PHP (FOSS Tool)
Threat actors leverage document publishing sites for ongoing credential and session token theft
Abusing the DHCP Administrators Group to Escalate Privileges in Windows Domains
Honeypots vs Canary Infra : Bringing Honeypots towards general adoption
Open Source - Terminal based AI Powered Ethical Hacking Assistant.
How to Emulate a Ransomware Attack
New Short Episode Podcast ft. Insane Stories from Real Penetration Tests
From Error to Entry: Cracking the Code of Password-Spraying Tools
CVE-2024-1212: Unauthenticated Command Injection In Progress Kemp LoadMaster
How Rogue ISPs Tamper With Geofeeds
Weaponizing Windows Thread Pool APIs: Proxying DLL Loads Using I/O Completion Callbacks
Microsoft AITM honeytoken: warning the victims
Bypassing USBGuard on Linux
Gaining kernel code execution on an MTE-enabled Pixel 8
Social Minefield - a higher stakes game of Minesweeper using Clickjacking
Return Oriented Programming Buffer Overflow Exploitation Part 1 - In Lab Exercise
Blind SQL Injection in update query for OSWE - PostgreSQL Database
jsmug - A PoC code for smuggling arbitrary files using insignificant bytes through JSON Smuggling
Analyzing Pipedream / Incontroller with MITRE/STIX
De4py Python RE Toolkit: v1.0.8 has been released
Two Bytes is Plenty: FortiGate RCE with CVE-2024-21762
Opening Pandora’s box - Supply Chain Insider Threats in Open Source projects
A Look at Software Composition Analysis. It’s time to ignore most of dependency alerts.
Virtual workshop - How to write Custom Security Tests for API security
[Blog and Video] Turnstiles from a hacker perspective - Part 1
Oauth implementation flaws allow access to private repos via ChatGPT plugins
Fortinet FortiWLM Multiple Vulnerabilities Deep-Dive and IOCs
IoT Penetration Testing Part 1: The Basics
The Anatomy of an ALPHA SPIDER Ransomware Attack
Microsoft Entra ID: The Complete Guide to Conditional Access Policies
Researchers trying offensive capabilities of LLM agents
Discovering Deserialization Gadget Chains in Rubyland - Include Security Research Blog
A case of missing bytes: bruteforcing your way through Jenkins’ CVE-2024-23897
Threat Modeling on a Virtual Factory Floor
Building an AITM attack tool in Cloudflare Workers (174 LOC)
Donex a new ransomware gang malware technical analysis
Google's 'BeyondCorp and the long tail of Zero Trust' article
GhostRace - Exploiting and Mitigating Speculative Race Conditions (CVE-2024-2193)
Unveiling the Ultimate Pentesting Distro: Perfectly Tailored for Ubuntu Aficionados!
Introducing WebTunnel | Tor Project
Decoding ScamClub’s Malicious VAST Attack
Patch Tuesday Diffing: CVE-2024–20696 — Windows Libarchive RCE
Malware Pulse - Proactive command and control server discovery hub
AI Powered Sensitive Information Detection
How we built an AI-Powered Multi Terrain Hacking Robot
K8s LAN Party - A Kubernetes Network Security CTF
Practical and Theoretical Attacks in the Industrial Landscape (Part 2)
Presenting Scanme: Deep Dive into Network Scanning with Golang: Building a Port Scanner
CVE-2024-28084 iwd double-free in beacon parsing
ShellFeck: A BrainF*ck Inspired Shell Obfuscation Proof-of-Concept
Introduction to LLM Security
CVE-2023-49785 SSRF in NextChat: An AI Chatbot That Lets You Talk to Anyone You Want To
New OpenSecurityTraining2 class: "Trusted Computing 1101: Introductory Trusted Platform Module (TPM) usage" by Dimi Tomov of TPM.dev
CVE-2024–23897 – Arbitrary file read in Jenkins
Analyze installed Android app for security risks in Termux using APKDeepLens
GitHub - thiagopeixoto/winsos-poc: A PoC demonstrating code execution via DLL Side-Loading in WinSxS binaries.
Undisclosed PHP Remote Code Execution / Arbitrary File Read Vulnerabilities in RaspAP
Behind the doors of a Chinese hacking company, a sordid culture fuelled by influence, alcohol and sex
Docker containers under attack in new malware campaign
pgAdmin (<=8.3) Path Traversal in Session Handling Leads to Unsafe Deserialization and Remote Code Execution (RCE) - Shielder
Git-Rotate: Leveraging GitHub Actions for Password Spraying
HappyCamper: Doubling Down On Naming Space Location Randomization (NSLR)
VMWare release patches for CVE-2024-22252, CVE-2024-22253, CVE-2024-22254 and CVE-2024-22255
Iranian Hacktivist claims responsibility for Israel academic institute hack
Introducing CloudGrappler: An Open-Source Threat Detection Tool for AWS and Azure
Source Code Disclosure in ASP.NET via Cookieless Sessions
Clickstudios Passwordstate - Potential authentication bypass issue [High Severity] (CVE-Pending)
Code injection on Android without ptrace
CVE-2024-1403: Progress OpenEdge Authentication Bypass Deep-Dive, IOCs, and Exploit
Kali NetHunter now supports Bad Bluetooth HID attacks to inject keystrokes wirelessly
Bypassing CSP with Form Hijacking
List of 39 Documented Windows Persistence Techniques
Spoofed DNS queries and IP TTL triangulation
Executed vs Loaded: a new dimension for Application Security with eBPF
Persistence – Explorer
Release alert - EMBA firmware security analyzer v1.4.0 - ICS testing Edt. is out now
Multiple vulnerabilities in RT-Thread RTOS
Relishing new Fickling features for securing ML systems
Reverse Engineering Protobuf Definitions From Compiled Binaries
Smishing with EvilGophish
Have a look at the largest vulnerability database ever! Includes English translation of CNVD, CNNVD & BDU.
Getting Bored of Cyberwar: Exploring the Role of Low-level Cybercrime Actors in the Russia-Ukraine Conflict
Planes, Ferries and Automobiles – How I Hacked Free Travel Across Iceland
On-Device Fraud on the rise: exposing a recent Copybara fraud campaign | Cleafy Labs
Persistence – Visual Studio Code Extensions
Threat Brief: WordPress Exploit Leads to Godzilla Web Shell, Discovery & New CVE
HTTP 403 bypass tool
BSidesSATX CFP is open
Dont Gamble With Risk - Quantitative Risk Modeling of Complex Event Chains
How to Make Nmap Recognize New Services
An intro to automated evasion and compilation of .NET offensive tools
How to effortlessly setup Yubikeys for SSH/GIT on WSL
SubSeekerPro
LoFP - Living off the False Positive
GitHub - teler-sh/sebel: a Go package that provides functionality for checking SSL/TLS certificates against malicious connections, by identifying and blacklisting certificates used by botnet command and control (C&C) servers.
Phrack #71: Call For Paper
RattaGATTa: Scalable Bluetooth Low-Energy Survey
Google VRP: CSP bypass to email exfiltration via Bard
DUALITY: Advanced Red Team Persistence through Self-Reinfecting DLL Backdoors for Unyielding Control
LogSnare: A web application playground for testing, preventing, and logging IDOR vulnerabilities.
Exploiting Stack Based Buffer Overflow
Celebrating Falco's Journey to CNCF Graduation
SubdoMailing Checker: Type in a domain to see if it’s been compromised by “SubdoMailers”
Glitching in 3D: Low Cost EMFI Attacks
Exploiting CSP Wildcards for Google Domains
Unauthenticated Email Enumeration via API Fuzzing
An EBPF based open source stateful linux firewall that integrates with OpenZiti Zero Trust Framework
Comparison of Enterprise SAST/DAST Products
Lazarus and the FudModule Rootkit: Beyond BYOVD with an Admin-to-Kernel Zero-Day
ThreatCheck alternative that can work with any antivirus, given a config file.
Revitalizing MouseJacking: Another Pen Test Story
Hacking Terraform state to gain code execution and privilege escalation
APT29 adopts new TTPs, according to a bunch of agencies
LOTP - Living Off the Pipeline
Data Scientists Targeted by Malicious Hugging Face ML Models with Silent Backdoor
New Server Side Prototype Pollution Gadgets Scanner from Doyensec
A growing database of InfoSec salaries for 2024 (Open Data)
CVE-2023-52161: inet-wireless daemon (iwd) APs allowed clients to connect with a NULL key, bypassing the WiFi password
Windows Sysinternals - Sysmon - A practical guide to implementation and essential tips
It's now possible to find the AWS Account ID for any S3 Bucket (private or public)
QR Code Phishing with EvilGophish
“SubdoMailing” — Thousands of Hijacked Major-Brand Subdomains Found Bombarding Users With Millions of Malicious Emails
Advanced CyberChef Techniques for Configuration Extraction - Detailed Walkthrough and Examples
Security Incident & Vulnerability Response Playbooks
Free Course: Android Forensics
Exploiting inconsistent UTF-8 handling in mbstring to bypass an XSS filter in Joomla
Join us in Seoul this May. Last chance to submit you talk for TyphoonCon 2024!
Actively exploited open redirect in Google Web Light
SEO Poisoning to Domain Control: The Gootloader Saga Continues
VNC through ssh tunnel
Go Go XSS Gadgets: Chaining a DOM Clobbering Exploit in the Wild
Wannabe Security Researcher!?!? Is the title of my very first blog post of my very first blog, I hope it to be informative for who is interested in Security and more specifically about an home assignment I received for a position of Sr. Security Researcher and how I approached it.
Continuously fuzzing Python C extensions