Extending Burp Suite for fun and profit – The Montoya way – Part 5 #BurpSuite #ExtensionDevelopment #Security #MontoyaWay #Part5 https://security.humanativaspa.it/extending-burp-suite-for-fun-and-profit-the-montoya-way-part-5/
HN Security
Extending Burp Suite for fun and profit - The Montoya way - Part 5 - HN Security
Setting up the environment + Hello World Inspecting and tampering HTTP requests and responses Inspecting and tampering WebSocket messages Creating […]
Beyond the @ Symbol: Exploiting the Flexibility of Email Addresses For Offensive Purposes #EmailExploitation #MailCleanerVulnerabilities #OSCommandInjection #CrossSiteScripting #EmailSecurity https://modzero.com/en/blog/beyond_the_at_symbol/
Restructuring the Binary Ninja Decompiler #BinaryNinja #Decompiler #ControlFlow #Improvements #Readability https://binary.ninja/2024/06/19/restructuring-the-decompiler.html
Binary Ninja
Binary Ninja - Restructuring the Binary Ninja Decompiler
Binary Ninja is a modern reverse engineering platform with a scriptable and extensible decompiler.
🔥1
Analysis of CVE-2024-25065: Apache OFBiz Security bypass #CVE-2024-25065 #ApacheOFBiz #SecurityBypass #UnauthorizedAccess #PenetrationTesting https://blog.securelayer7.net/security-bypass-in-apache-ofbiz/
SecureLayer7 - Offensive Security, API Scanner & Attack Surface Management
Analysis of CVE-2024-25065: Apache OFBiz Security bypass
Introduction CVE-2024-25065 is a vulnerability that exists in Apache OFBiz before version 18.12.12. It is a path traversal vulnerability that allows authentication bypass through the contextPath...
Zip Slip meets Artifactory: A Bug Bounty Story #ZipSlip #Artifactory #BugBounty #SecurityVulnerability #RemoteCodeExecution https://karmainsecurity.com/zip-slip-meets-artifactory-a-bug-bounty-story
Karmainsecurity
Zip Slip meets Artifactory: A Bug Bounty Story | Karma(In)Security
This is the personal website of Egidio Romano, a very curious guy from Sicily, Italy. He's a computer security enthusiast, particularly addicted to webapp security.
Understanding Protected Management Frames (PMF) in Wi-Fi #PMF #ProtectedManagementFrames #WiFiSecurity #ManagementFrames #TheXero https://www.thexero.co.uk/blog/Understanding-PMF
Two bluetooth vulnerabilities in Windows #WindowsBluetoothVulnerabilities #CVE202324871 #CVE202323388 #RCE #LPE https://ynwarcs.github.io/z-btadv-cves
###
Two bluetooth vulnerabilities in Windows
Reverse engineering eBPF programs #eBPF #ReverseEngineering #Security #Kubernetes #ARMOPlatform https://www.armosec.io/blog/ebpf-reverse-engineering-programs/
ARMO
Reverse Engineering eBPF Programs: A Deep Dive
Explore how eBPF technology works by reverse engineering eBPF-based programs. Learn about its internals, benefits, and applications in modern computing
🔥1
New Diamorphine rootkit variant seen undetected in the wild #NewDiamorphine #RootkitVariant #UndetectedInTheWild #AvastThreatLabs #LinuxKernel https://decoded.avast.io/davidalvarez/new-diamorphine-rootkit-variant-seen-undetected-in-the-wild/
Gendigital
New Diamorphine rootkit variant seen undetected in the wild
Advanced Features of New Diamorphine
Why nested deserialization is harmful: Magento XXE (CVE-2024-34102) #MagentoCVE #XXE #NestedDeserialization #SecurityResearch #BreakingNews https://www.assetnote.io/resources/research/why-nested-deserialization-is-harmful-magento-xxe-cve-2024-34102
www.assetnote.io
Why nested deserialization is harmful: Magento XXE (CVE-2024-34102)
A critical, pre-authentication XML entity injection issue in Magento / Adobe Commerce (CVE-2024-34102), which Adobe rated as CVSS 9.8.
Fuzzing scripting languages' interpreters' native functions using AFL++ to find memory corruption and more #Fuzzing #ScriptingLanguages #AFL++ #MemoryCorruption #BugClasses https://joshua.hu/aflplusplus-fuzzing-scripting-languages-natively
Joshua.Hu Joshua Rogers’ Scribbles
Fuzzing scripting languages’ interpreters’ native functions using AFL++ to find memory corruption and more
Fuzzing applications needs no introduction, and I have written about some interesting problems related to fuzzing in the past [0][1][2][3]. At scale, fuzzing has traditionally focused on compiled binaries and detecting crashes and other memory corruption…
Postviewer V3 - Racing All The Way To Glory #PostviewerV3 #RacingGlory #TechChallenge #XSSVulnerability #GoogleCTF https://eyald.com/posts/postviewer-v3-writeup
Eyald
Postviewer V3 - Racing All The Way To Glory - Eyal D.
Bytecode Breakdown: Unraveling Factorio's Lua Security Flaws #LuaSecurityFlaws #MemoryCorruption #BytecodeBreakdown #FactorioGame #LuaExploitation https://memorycorruption.net/posts/rce-lua-factorio/
memorycorruption.net
Bytecode Breakdown: Unraveling Factorio's Lua Security Flaws
Dynamic languages are safe from memory corruptions bugs, right?
👍1🥱1
regreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems (CVE-2024-6387) # QualysSecurityAdvisory #OpenSSHVulnerability #RCE #glibc #LinuxVulnerability https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt
👍1🔥1🥱1
I know that feeling ... https://x.com/nas_bench/status/1807821365338083642?s=52
Evolution of Wi-Fi Security - From WEP to WPA3 #EvolutionOfWiFiSecurity #WEPtoWPA3 #SecurityChallenges #WPA3Benefits #VulnerabilitiesMitigation https://www.thexero.co.uk/blog/evolution-of-wifi-security-from-wep-to-wpa3
You Can’t Always Win Racing the (Key)cloak #CyberArk #IdentitySecurity https://www.cyberark.com/resources/threat-research-blog/you-cant-always-win-racing-the-keycloak
Cyberark
You Can’t Always Win Racing the (Key)cloak
Web Race Conditions – Success and Failure – a Keycloak Case Study In today’s connected world, many organizations’ “keys to the kingdom” are held in identity and access management (IAM) solutions;...
Toolchain Necromancy: Past Mistakes Haunting ASLR #ASLR #KernelIssues #BinutilsFixes https://grsecurity.net/toolchain_necromancy_past_mistakes_haunting_aslr
grsecurity.net
Toolchain Necromancy: Past Mistakes Haunting ASLR
This blog extends on earlier work from January by Justin Miller involving hugepage-related changes to the memory management interfaces in the Linux kernel and how they affected ASLR. In this blog, the damage from an old change to binutils is brought into…
👍1
ASLRn’t: How memory alignment broke library ASLR #ASLR #memoryalignment #libraryASLR #Ubuntu #kernelbroken https://zolutal.github.io/aslrnt/
zolutal's blog
ASLRn’t: How memory alignment broke library ASLR
As it turns out, on recent Ubuntu, Arch, Fedora, and likely other distro’s releases, with kernel versions >=5.18, library ASLR is literally broken for 32-bit libraries of at least 2MB in size, on certain filesystems. Also, ASLR’s entropy on 64-bit libraries…
🔥1
Exploiting Client-Side Path Traversal to Perform Cross-Site Request Forgery - Introducing CSPT2CSRF #CSPT2CSRF #ClientSidePathTraversal #CrossSiteRequestForgery #WebSecurity #Research https://blog.doyensec.com/2024/07/02/cspt2csrf.html
Doyensec
Exploiting Client-Side Path Traversal to Perform Cross-Site Request Forgery - Introducing CSPT2CSRF
To provide users with a safer browsing experience, the IETF proposal named “Incrementally Better Cookies” set in motion a few important changes to address Cross-Site Request Forgery (CSRF) and other client-side issues. Soon after, Chrome and other major browsers…
👍2