I know that feeling ... https://x.com/nas_bench/status/1807821365338083642?s=52
Evolution of Wi-Fi Security - From WEP to WPA3 #EvolutionOfWiFiSecurity #WEPtoWPA3 #SecurityChallenges #WPA3Benefits #VulnerabilitiesMitigation https://www.thexero.co.uk/blog/evolution-of-wifi-security-from-wep-to-wpa3
You Can’t Always Win Racing the (Key)cloak #CyberArk #IdentitySecurity https://www.cyberark.com/resources/threat-research-blog/you-cant-always-win-racing-the-keycloak
Cyberark
You Can’t Always Win Racing the (Key)cloak
Web Race Conditions – Success and Failure – a Keycloak Case Study In today’s connected world, many organizations’ “keys to the kingdom” are held in identity and access management (IAM) solutions;...
Toolchain Necromancy: Past Mistakes Haunting ASLR #ASLR #KernelIssues #BinutilsFixes https://grsecurity.net/toolchain_necromancy_past_mistakes_haunting_aslr
grsecurity.net
Toolchain Necromancy: Past Mistakes Haunting ASLR
This blog extends on earlier work from January by Justin Miller involving hugepage-related changes to the memory management interfaces in the Linux kernel and how they affected ASLR. In this blog, the damage from an old change to binutils is brought into…
👍1
ASLRn’t: How memory alignment broke library ASLR #ASLR #memoryalignment #libraryASLR #Ubuntu #kernelbroken https://zolutal.github.io/aslrnt/
zolutal's blog
ASLRn’t: How memory alignment broke library ASLR
As it turns out, on recent Ubuntu, Arch, Fedora, and likely other distro’s releases, with kernel versions >=5.18, library ASLR is literally broken for 32-bit libraries of at least 2MB in size, on certain filesystems. Also, ASLR’s entropy on 64-bit libraries…
🔥1
Exploiting Client-Side Path Traversal to Perform Cross-Site Request Forgery - Introducing CSPT2CSRF #CSPT2CSRF #ClientSidePathTraversal #CrossSiteRequestForgery #WebSecurity #Research https://blog.doyensec.com/2024/07/02/cspt2csrf.html
Doyensec
Exploiting Client-Side Path Traversal to Perform Cross-Site Request Forgery - Introducing CSPT2CSRF
To provide users with a safer browsing experience, the IETF proposal named “Incrementally Better Cookies” set in motion a few important changes to address Cross-Site Request Forgery (CSRF) and other client-side issues. Soon after, Chrome and other major browsers…
👍2
fileless-elf-exec: Execute ELF files without dropping them on disk #ExecuteELF #FilelessExecution #GitHubProject #ELFfiles #PythonScript https://github.com/nnsee/fileless-elf-exec
GitHub
GitHub - nnsee/fileless-elf-exec: Execute ELF files without dropping them on disk
Execute ELF files without dropping them on disk. Contribute to nnsee/fileless-elf-exec development by creating an account on GitHub.
👍1
Let's Make & Crack a PRNG in Go! #PRNG #MersenneTwister #GoProgramming https://vaktibabat.github.io/posts/PRNG_In_Go/
Vaktibabat
Let’s Make & Crack a PRNG in Go!
Intro Hi everyone! Oftentimes, when programming things that are supposed to be secure, we hear stuff about only using Cryptographically Secure PRNGs (CSPRNGs), and not just any old random-number generating function such as Python’s random module or PHP’s…
Securing Developer Tools: Unpatched Code Vulnerabilities in Gogs (1/2) #SecureDeveloperTools #GogsVulnerabilities #CleanCode #SonarSecurity #ProtectYourself https://www.sonarsource.com/blog/securing-developer-tools-unpatched-code-vulnerabilities-in-gogs-1/
Sonarsource
Unpatched Gogs Vulnerabilities: SSH Argument Injection (1/2)
We discovered 4 critical code vulnerabilities in Gogs, a source code hosting solution, which are still unpatched. Read about the details and how to protect yourself.
App-Level eBPF Applications - User vs. Kernel Probes #eBPFApplications #UserVsKernelProbes #OligoSecurity #ApplicationVisibility #PerformanceTradeoffs https://www.oligo.security/blog/app-level-ebpf-applications
www.oligo.security
App-Level eBPF Applications - User vs. Kernel Probes | Oligo Security
When running the diversity of applications required today to power our many tools and platforms, the need for more granular application-level visibility, has become critical for many engineering teams.
Universal Code Execution by Chaining Messages in Browser Extensions #UniversalCodeExecution #BrowserExtensions #VulnerabilityDisclosure #SameOriginPolicy #NativeMessaging https://spaceraccoon.dev/universal-code-execution-browser-extensions/
spaceraccoon.dev
Universal Code Execution by Chaining Messages in Browser Extensions
By chaining various messaging APIs in browsers and browser extensions, I demonstrate how we can jump from web pages to “universal code execution”, breaking both Same Origin Policy and the browser sandbox. I provide two new vulnerability disclosures affecting…
angr for real-world use cases #angr #realworld #debugging #windows #programanalysis https://plowsec.github.io/angr-introspection-2024.html
plowsec.github.io
angr for real-world use cases
My experiences using angr for real-world use cases in 2024, and extending it to diagnose problems / show what it’s doing
The Current State of Browser Cookies #BrowserCookies #CyberArk #DataSecurity #MozillaFirefox #GoogleChrome https://www.cyberark.com/resources/threat-research-blog/the-current-state-of-browser-cookies
Cyberark
The Current State of Browser Cookies
What Are Cookies When you hear “cookies,” you may initially think of the delicious chocolate chip ones. However, web cookies function quite differently than their crumbly-baked counterparts....
WhatsUp Gold SetAdminPassword Privilege EscalationCVE-2024-5009 #WhatsUpGold #SetAdminPassword #PrivilegeEscalation #TeamTraining #Exploits https://summoning.team/blog/progress-whatsup-gold-privesc-setadminpassword-cve-2024-5009/
Summoning Team
WhatsUp Gold SetAdminPassword Privilege Escalation
Lets analyze a privilege escalation which I found targeting progress whatsup gold, this is the story of CVE-2024-5009
WhatsUp Gold Pre-Auth RCE GetFileWithoutZip PrimitiveCVE-2024-4885 #WhatsUpGold #PreAuthRCE #GetFileWithoutZip #PrimitiveSummoning #TeamTraining https://summoning.team/blog/progress-whatsup-gold-rce-cve-2024-4885/
Summoning Team
WhatsUp Gold Pre-Auth RCE GetFileWithoutZip Primitive
I discovered an unauthenticated path traversal against the latest version of progress whatsup gold and turned it into a pre-auth RCE, following is how I did it, this is the story of CVE-2024-4885
Critical RCE Vulnerabilities in OpenSSH (CVE-2024-6387, CVE-2024-6409) - How to Detect and Mitigate #OpenSSH #CriticalVulnerabilities #RemoteCodeExecution #DetectAndMitigate #OligoSecurity https://www.oligo.security/blog/critical-openssh-vulnerability-cve-2024-6387-regresshion
www.oligo.security
Critical RCE Vulnerabilities in OpenSSH (CVE-2024-6387, CVE-2024-6409) - How to Detect and Mitigate | Oligo Security
Discover the critical OpenSSH RCE vulnerabilities (CVE-2024-6387, CVE-2024-6409) and learn detection and mitigation steps to protect your servers from potential exploits.
CORS: the ultimate guide #CORS #AJAX #SOP #CORSrules #CORSsecurity https://www.devsecurely.com/blog/2024/06/cors-the-ultimate-guide
Devsecurely
CORS: the ultimate guide | Devsecurely
A simple and concrete guide on the world of CORS. It explain what it is, how it works, and how to set it up to protect your website.
👍2
Pwntools 101 - Pwndbg & Buffer Overflows #Pwntools #Pwndbg #BufferOverflows #ArchCloudLabs #ExploitDevelopment https://www.archcloudlabs.com/projects/pwntools-bof/
Arch Cloud Labs
Pwntools 101 - Pwndbg & Buffer Overflows
About The Project Pwndbg and Pwntools are Python frameworks for automating different parts of exploit development. These frameworks are highly popular amongst CTF players as they simplify and accelerate the creation of Proof of Concept (PoC) scripts for memory…