Hashing Phone Numbers For 2-Factor Authentication https://theabbie.github.io/blog/2FA-phone-number-hashing
TheAbbie
Hashing Phone Numbers For 2-Factor Authentication
With the rise of internet and increasing risks of getting hacked, it's more than necessary nowadays that we have an extra layer of security on our accounts, since password alone is not enough. Thus, using Phone numbers for 2FA sounds much more secure, but…
👎1🤡1
Starlink星链破解那些事 https://radioactive.blog/2023/06/23/starlink_hacking/
CVE-2023-26258 – Remote Code Execution in ArcServe UDP Backup https://www.mdsec.co.uk/2023/06/cve-2023-26258-remote-code-execution-in-arcserve-udp-backup/
MDSec
CVE-2023-26258 - Remote Code Execution in ArcServe UDP Backup - MDSec
Overview During a recent adversary simulation, the MDSec ActiveBreach red team were performing a ransomware scenario, with a key objective set on compromising the organisation’s backup infrastructure. As part of...
How Residential Proxies and CAPTCHA-Solving Services Become Agents of Abuse https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/how-residential-proxies-and-captcha-solving-services-become-agents-of-abuse
Trendmicro
How Residential Proxies and CAPTCHA-Solving Services Become Agents of Abuse
This article, the first of a two-part series, provides insights on how abusers and cybercriminals use residential proxies and CAPTCHA-solving services to enable bots, scrapers, and stuffers, and proposes security countermeasures for organizations.
🤨1
Android SELinux Internals Part I https://8ksec.io/android-selinux-internals-part-i-8ksec-blogs/
8kSec - 8kSec is a cybersecurity research & training company. We provide high-quality training & consulting services.
Android SELinux Internals Part I | 8kSec Blogs - 8kSec
In Android SELinux internals Part 1 blog, explore how it provides security on Android devices and ways to bypass it. Read more to learn!
❤1👍1
How-to: Reversing and debugging ISAPI modules https://www.skullsecurity.org/2023/how-to-reversing-and-debugging-isapi-modules
SkullSecurity Blog
How-to: Reversing and debugging ISAPI modules
Recently, I had the privilege to write a detailed analysis of CVE-2023-34362, which is series of several vulnerabilities in the MOVEit file transfer application that lead to remote code execution. One of the several vulnerabilities involved an ISAPI module…
Solving Hex-Rays Challenge with Triton and TritonDSE https://farena.in/symbolic%20execution/triton/hexrays-challenge-triton/
Eduardo Blázquez's Personal Webpage
Solving Hex-Rays Challenge with Triton and TritonDSE
Triton is a library for doing Symbolic Execution, useful for doing common CTF challenges and analyzing obfuscations. TritonDSE is a library built on top of Triton which provides easy and customizable Dynamic Symbolic Execution Capabilities
In-Memory Disassembly for EDR/AV Unhooking https://signal-labs.com/analysis-of-edr-hooks-bypasses-amp-our-rust-sample/
Signal Labs
In-Memory Disassembly for EDR/AV Unhooking | Advanced Offensive Cybersecurity Training
We’ll walk through the hooks of a particular AV (Sophos AV) and determine why many of the public methods fail, and how we created our Rust PoC to work against the self-protection techniques of similar hooking engines.
👍1
GHSL-2023-139: Use After Free (UAF) in accountsservice - CVE-2023-3297 https://securitylab.github.com/advisories/GHSL-2023-139_accountsservice/
GitHub Security Lab
GHSL-2023-139: Use After Free (UAF) in accountsservice - CVE-2023-3297
An unprivileged local attacker can trigger a use-after-free vulnerability in accountsservice by sending a D-Bus message to the accounts-daemon process.
How I Got Hired On Google's Red Team https://grahamhelton.com/blog/jobs/
👏1🤡1
Technical Details of CVE-2023-30990 - Unauthenticated RCE in IBM i DDM Service https://blog.silentsignal.eu/2023/07/03/ibm-i-dde-vulnerability-cve-2023-30990/
Silent Signal Techblog
Technical Details of CVE-2023-30990 - Unauthenticated RCE in IBM i DDM Service
Because we can!
👍1
Everyone Knows SAP, Everyone Uses SAP,
Everyone Uses RFC, No One Knows RFC:
From RFC to RCE 16 Years Later https://sec-consult.com/fileadmin/user_upload/sec-consult/Dynamisch/Blogartikel/2023_06/SEC_Consult_Whitepaper_SAP_RFC_Vulnerability_Research_From_RFC_To_RCE.pdf
Everyone Uses RFC, No One Knows RFC:
From RFC to RCE 16 Years Later https://sec-consult.com/fileadmin/user_upload/sec-consult/Dynamisch/Blogartikel/2023_06/SEC_Consult_Whitepaper_SAP_RFC_Vulnerability_Research_From_RFC_To_RCE.pdf
💩1
Hunting for Nginx Alias Traversals in the wild https://labs.hakaioffsec.com/nginx-alias-traversal/
Hakai
Vulnerability Research
The Linux Kernel Module Programming Guide (updated for Linux kernel 5.x) https://sysprog21.github.io/lkmpg/
Published CVSS v4.0: Common Vulnerability Scoring System Version 4.0 https://www.first.org/cvss/v4-0/
FIRST — Forum of Incident Response and Security Teams
Common Vulnerability Scoring System
👍1🤔1
Useful guide for learning Makefiles https://makefiletutorial.com
👌1
PoCs to help learning how to get SYSTEM privilege https://github.com/daem0nc0re/PrivFu/tree/main/ArtsOfGetSystem
GitHub
PrivFu/ArtsOfGetSystem at main · daem0nc0re/PrivFu
Kernel mode WinDbg extension and PoCs for token privilege investigation. - daem0nc0re/PrivFu
👏1
Visualizing Android Code Coverage Pt.1 https://datalocaltmp.github.io/visualizing-android-code-coverage-pt-1.html
/data/local/tmp
Visualizing Android Code Coverage Pt.1
Decompilers are essential when reverse engineering Android applications and binaries; unfortunately with static analysis it’s up to the reverse engineer to determine which of these complex paths to investigate.
The WAF efficacy framework: measuring the effectiveness of your WAF https://www.fastly.com/blog/the-waf-efficacy-framework-measuring-the-effectiveness-of-your-waf
Fastly
Fastly | Fastly
Our new WAF efficacy framework provides a standardized way to measure the effectiveness of a WAF’s detection capabilities through continuous verification and validation. Here’s how it works.