$1000 Bug using simple Graphql Introspection query https://infosecwriteups.com/1000-bug-using-simple-graphql-introspection-query-b68da8260877
Medium
$1000 Bug using simple Graphql Introspection query
Welcome to my blog! In this post, I will be discussing my experience in the security testing of an application’s implementation of…
PoC released for Microsoft WordPad CVE-2023-36563 flaw exploited in attacks https://securityonline.info/poc-released-for-microsoft-wordpad-cve-2023-36563-flaw-exploited-in-attacks/
Cybersecurity News
PoC released for Microsoft WordPad CVE-2023-36563 flaw exploited in attacks
Not only does it address CVE-2023-36563, but it also patches up two more zero-day vulnerabilities that hackers have been exploiting
🔥1
Do you know Scapy? You can test it from your own browser https://scapy.net/?try=1
Unpatched NGINX ingress controller bugs can be abused to steal Kubernetes cluster secrets https://www.theregister.com/2023/10/30/unpatched_nginx_ingress_controller_bugs/
The Register
Unpatched NGINX ingress controller bugs can be abused to steal Kubernetes cluster secrets
Just tricks, no treats with these 3 vulns
Nice website to find all DNS records for a domain name https://www.nslookup.io/
NsLookup.io
DNS Lookup Tool – Check DNS Records and Nameservers
Explore fast and reliable DNS lookup tools, domain information, and essential network utilities all in one place on NSLookup.io.
Trail of Bits Blog https://blog.trailofbits.com/2023/10/30/the-issue-with-ats-in-apples-macos-and-ios/
The Trail of Bits Blog
The issue with ATS in Apple’s macOS and iOS
Trail of Bits is publicly disclosing a vulnerability (CVE-2023-38596) that affects iOS, iPadOS, and tvOS before version 17, macOS before version 14, and watchOS before version 10. The flaw resides in Apple’s App Transport Security (ATS) protocol handling.…
👍2
How The Tables Have Turned: An analysis of two new Linux vulnerabilities in nf_tables https://blog.dbouman.nl/2022/04/02/How-The-Tables-Have-Turned-CVE-2022-1015-1016/
David's Blog
How The Tables Have Turned: An analysis of two new Linux vulnerabilities in nf_tables
Analysis and exploitation of Linux kernel vulnerabilities CVE-2022-1015 and CVE-2022-1016. I talk about how I found these vulnerabilities, explain the internals of nf_tables and come up with an local privilege escalation exploitation strategy.
Red vs. Blue: Kerberos Ticket Times, Checksums, and You! https://trustedsec.com/blog/red-vs-blue-kerberos-ticket-times-checksums-and-you
TrustedSec
Red vs. Blue: Kerberos Ticket Times, Checksums, and You!
As we dove into our research of building IOAs, we often found ourselves examining ticket times and checksums and were repeatedly surprised by the lack of…
Hacking Some More Secure USB Flash Drives (Part I) https://blog.syss.com/posts/hacking-usb-flash-drives-part-1/
SySS Tech Blog
Hacking Some More Secure USB Flash Drives (Part I)
During a research project in the beginning of 2022, SySS IT security expert Matthias Deeg found several security vulnerabilities in different tested USB flash drives with AES hardware encryption.
🔥2
Hacking Some More Secure USB Flash Drives (Part II) https://blog.syss.com/posts/hacking-usb-flash-drives-part-2/
SySS Tech Blog
Hacking Some More Secure USB Flash Drives (Part II)
In the second article of this series, SySS IT security expert Matthias Deeg presents security vulnerabilities found in another crypto USB flash drive with AES hardware encryption.
Windows CE Reaches End of Life, If Not End of Sales https://tech.slashdot.org/story/23/10/30/1722236/windows-ce-reaches-end-of-life-if-not-end-of-sales
tech.slashdot.org
Windows CE Reaches End of Life, If Not End of Sales
Microsoft's dedicated OS for embedded and pocket devices, Windows CE, has reached the end of its support lifetime. From a report: Windows CE -- and there's never been an official explanation of what the WinCE-inducing name stood for -- debuted in November…
Microsoft announces Security Copilot early access program https://www.bleepingcomputer.com/news/microsoft/microsoft-announces-security-copilot-early-access-program/
BleepingComputer
Microsoft announces Security Copilot early access program
Microsoft announced this week that its ChatGPT-like Security Copilot AI assistant is now available in early access for some customers.
Project Flash update: Advancing Azure Virtual Machine availability monitoring https://azure.microsoft.com/en-us/blog/project-flash-update-advancing-azure-virtual-machine-availability-monitoring/
Microsoft Azure Blog
Project Flash update: Advancing Azure Virtual Machine availability monitoring | Microsoft Azure Blog
Sharing the latest advancements in improving VM availability monitoring for customers with Project Flash. Learn more.
Fixing the Volume on my Bluetooth Earbuds: A bit of reverse engineering goes a long way https://blog.ornx.net/post/bluetooth-volume-fix/
norn's blog
Fixing the Volume on my Bluetooth Earbuds
A bit of reverse engineering goes a long way
👍3
Lateral Movement: Abuse the Power of DCOM Excel Application https://posts.specterops.io/lateral-movement-abuse-the-power-of-dcom-excel-application-3c016d0d9922
Medium
Lateral Movement: Abuse the Power of DCOM Excel Application
In this post, we will talk about an interesting lateral movement technique called ActivateMicrosoftApp() method within the distributed…
33 Protection Products: Strong Defense against Ransomware and Data Stealers https://www.av-test.org/en/news/33-protection-products-strong-defense-against-ransomware-and-data-stealers/
www.av-test.org
33 Protection Products: Strong Defense against Ransomware and Data Stealers
The list of companies, universities, colleges or facilities such as hospitals and public administrations subject to attack is growing longer and longer. Classic protection products or corporate solutions must harness all their protective techniques to fend…
CVE Crowd: web app that tracks CVE mentions on Mastodon https://cvecrowd.com/
Cvecrowd
CVE Crowd | Crowd Intelligence on CVEs
Keep track of actively discussed CVEs and integrate them into your application or business!
DOM-based race condition: racing in the browser for fun https://blog.ryotak.net/post/dom-based-race-condition/
blog.ryotak.net
DOM-based race condition: racing in the browser for fun
Disclaimer
All projects mentioned in this blog post have been contacted, and I confirmed that the behavior described in this article is either working as intended, already fixed, or will not be fixed.
TL;DR
The browser loads elements in the HTML from top…
All projects mentioned in this blog post have been contacted, and I confirmed that the behavior described in this article is either working as intended, already fixed, or will not be fixed.
TL;DR
The browser loads elements in the HTML from top…
Cisco IOS XE CVE-2023-20198: Deep Dive and POC https://www.horizon3.ai/cisco-ios-xe-cve-2023-20198-deep-dive-and-poc/
Horizon3.ai
Cisco IOS XE CVE-2023-20198: Deep Dive and POC
Previously, we explored the patch for CVE-2023-20273 and CVE-2023-20198 affecting Cisco IOS XE and identified some likely vectors an attacker might have used to exploit these vulnerabilities.
How to use John the Ripper for Windows Password Cracking https://www.keshavxplore.in/2023/10/how-to-use-john-ripper-for-windows-passwords-cracking.html
Keshav Xplore
How to use John the Ripper for Windows Password Cracking
Discover John the Ripper's password-cracking prowess. Crack Windows 10, 8, and 7 passwords and extract hashes with ease.
"The EKS Cluster Games" — a cloud security Capture The Flag (CTF) event https://www.wiz.io/blog/announcing-the-eks-cluster-games
wiz.io
Announcing the EKS Cluster Games | Wiz Blog
Test your investigation skills and K8s knowledge in a new Wiz-sponsored CTF event: the EKS Cluster Games!