Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server! #ApacheHTTPServer #ConfusionAttacks #SecurityVulnerabilities https://blog.orange.tw/posts/2024-08-confusion-attacks-en/
Orange Tsai
Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server!
📌 [ 繁體中文 | English ] Hey there! This is my research on Apache HTTP Server presented at Black Hat USA 2024. Additionally, this research will also be presented at HITCON and OrangeCon. If you’re int
SQL Injection Isn't Dead — Smuggling Queries at the Protocol Level (Paul Gerste, DEF CON 32) #PDF-1.4 #DEFCON32 #SQLinjection #smugglingqueries #protocollevel https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn%27t%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf
Secure Code Review: Finding XML vulnerabilities in Code [1/2] #SecureCodeReview #XMLVulnerabilities #CyberSecurityBeginner #XXEAttack #MitigatingVulnerabilities https://www.muqsitbaig.com/blog/security-code-review-finding-xxes-in-code/
👍1
Too Many Secrets: Proprietary Encryption Protocol Analysis in VStarcam CB73 Security Camera #CryptoAnalysis #NetworkSecurity #CyberSecurity #ReverseEngineering #Decryption https://brownfinesecurity.com/blog/vstarcam-cb73-proprietary-encryption-analysis/
Brownfinesecurity
Too Many Secrets: Proprietary Encryption Protocol Analysis in VStarcam CB73 Security Camera - Brown Fine Security
👍2
Canary Infrastructure vs. Real World TTPs #CanaryInfrastructure #RealWorldTTPs #CloudSecurity #TracebitDemo #DetectionOpportunities https://tracebit.com/blog/canary-infrastructure-vs-real-world-ttps
Tracebit
Canary Infrastructure vs. Real World TTPs | Tracebit
We investigate three recent AWS security incidents and discuss how canaries could help you detect these early, and throughout the attack lifecycle.
Racing Cats to the Exit: A Boring Linux Kernel Use-After-Free #LinuxKernel #BoringVulnerability #DoSRisk #UseAfterFreeBug #RaceCondition https://accessvector.net/2022/linux-itimers-uaf
Mixing watering hole attacks with history leak via CSS #RedTeam #Research #WateringHole #Phishing #CSSLeak https://adepts.of0x.cc/css-history-leaks/
Mixing watering hole attacks with history leak via CSS |
Mixing watering hole attacks with history leak via CSS | AdeptsOf0xCC
Using CSS and social engineering to identify juicy targets when performing watering hole attacks
At Home In Your Firmware: Analysis of CVE-2024-36877 #FirmwareVulnerability #CVE-2024-36877 #SMMcorruption #MSIchipsets #SystemManagementModeexploitation https://jjensn.com/at-home-in-your-firmware/
Jjensn
At Home In Your Firmware: Analysis of CVE-2024-36877
How I exploited a SMM Memory Corruption Vulnerability in MSI firmware
MIFARE Classic: exposing the static encrypted nonce variant — I’ve got a bit more, should I throw it in? (Philippe Teuwen) #MIFARE #SmartCardHacking https://eprint.iacr.org/2024/1275.pdf
🔥2
CVE-2024-41660: A Critical Vulnerability in OpenBMC #CVE-2024-41660 #TetrelSecurity #OpenBMC #Vulnerability #Critical https://tetrelsec.com/posts/cve-2024-41660-slpd-lite/
Tetrel Security
CVE-2024-41660: A Critical Vulnerability in OpenBMC
Conquering the memory through io_uring - Analysis of CVE-2023-2598 #MemoryConquered #io_uringCVE #AnatomicalPrecision #KernelVulnerability #PowerfulExploitation https://anatomic.rip/cve-2023-2598/
a place of anatomical precision
Conquering the memory through io_uring - Analysis of CVE-2023-2598
A logic bug in io_uring leading to Local Privilege Escalation
🔥2
CVE-2024-7646: Ingress-NGINX Annotation Validation Bypass – A Deep Dive #KubernetesSecurity #ARMOPlatform #CVE20247646 #AnnotationValidationBypass #IngressNGINX https://www.armosec.io/blog/cve-2024-7646-ingress-nginx-annotation-validation-bypass/
ARMO
CVE-2024-7646: Ingress-NGINX Annotation Validation Bypass
Learn how CVE-2024-7646 allows attackers to bypass ingress-nginx validation and compromise Kubernetes clusters, and how to secure your systems
Attack of the clones: Getting RCE in Chrome’s renderer with duplicate object properties #ChromeRenderer #RCE #DuplicateObjectProperties #ObjectCorruptionBug #OriginTrials https://github.blog/security/vulnerability-research/attack-of-the-clones-getting-rce-in-chromes-renderer-with-duplicate-object-properties/
The GitHub Blog
Attack of the clones: Getting RCE in Chrome’s renderer with duplicate object properties
In this post, I'll exploit CVE-2024-3833, an object corruption bug in v8, the Javascript engine of Chrome, that allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site.
Exploiting Steam: Usual and Unusual Ways in the CEF Framework #ExploitingSteam #CEFframework #RemoteCodeExecution #CommandInjection #HistoricalVulnerabilities https://www.darknavy.org/blog/exploiting_steam_usual_and_unusual_ways_in_the_cef_framework/
DARKNAVY
Exploiting Steam: Usual and Unusual Ways in the CEF Framework
Introduction
The Chromium Embedded Framework (CEF) is an open-source framework that allows developers to embed the Chromium engine in their applications. Although CEF is widely employed in a range of popular software, including WeChat and the Epic Games Launcher…
The Chromium Embedded Framework (CEF) is an open-source framework that allows developers to embed the Chromium engine in their applications. Although CEF is widely employed in a range of popular software, including WeChat and the Epic Games Launcher…
Point Of Sale Device (POS) Penetration Testing – A Practical Guide 2023 #POS #PenetrationTesting #CyberSecurity #DataBreach #PointOfSale https://cybersecuritynews.com/pos-device-penetration-testing/
Cyber Security News
Point Of Sale Device (POS) Penetration Testing – A Practical Guide 2023
Penetration testing of point-of-sale (POS) devices is essential to ensure the security of payment systems and protect sensitive customer data
🔥2👍1
CVE-2022-22265 Samsung npu driver #SamsungCVE2022-22265 #KernelExploit #CrossCacheOperations #PageTableSpray #KernelSearch https://soez.github.io/posts/CVE-2022-22265-Samsung-npu-driver/
File-Tunnel: Tunnel TCP connections through a file #GitHub #FileTunnel #TCPconnections #FirewallBypass #RDPtunneling https://github.com/fiddyschmitt/File-Tunnel
GitHub
GitHub - fiddyschmitt/File-Tunnel: Tunnel TCP connections through a file
Tunnel TCP connections through a file. Contribute to fiddyschmitt/File-Tunnel development by creating an account on GitHub.
🔥1