Point Of Sale Device (POS) Penetration Testing – A Practical Guide 2023 #POS #PenetrationTesting #CyberSecurity #DataBreach #PointOfSale https://cybersecuritynews.com/pos-device-penetration-testing/
Cyber Security News
Point Of Sale Device (POS) Penetration Testing – A Practical Guide 2023
Penetration testing of point-of-sale (POS) devices is essential to ensure the security of payment systems and protect sensitive customer data
🔥2👍1
CVE-2022-22265 Samsung npu driver #SamsungCVE2022-22265 #KernelExploit #CrossCacheOperations #PageTableSpray #KernelSearch https://soez.github.io/posts/CVE-2022-22265-Samsung-npu-driver/
File-Tunnel: Tunnel TCP connections through a file #GitHub #FileTunnel #TCPconnections #FirewallBypass #RDPtunneling https://github.com/fiddyschmitt/File-Tunnel
GitHub
GitHub - fiddyschmitt/File-Tunnel: Tunnel TCP connections through a file
Tunnel TCP connections through a file. Contribute to fiddyschmitt/File-Tunnel development by creating an account on GitHub.
🔥1
Open Broadcaster Software (OBS): Heap Overflow Vulnerability #OBS #HeapOverflow #Vulnerability #GitHub #SecurityResearch https://github.com/google/security-research/security/advisories/GHSA-mf24-5fxf-f4x5
GitHub
Open Broadcaster Software (OBS): Heap Overflow Vulnerability
### Summary
OBS (Open Broadcaster Software) is a well-known open source and cross platform software for screen recording and streaming. Unfortunately, a crafted GIF file with malicious LZW compres...
OBS (Open Broadcaster Software) is a well-known open source and cross platform software for screen recording and streaming. Unfortunately, a crafted GIF file with malicious LZW compres...
: HookChain: A new perspective for Bypassing EDR Solutions #HookChain #BypassingEDR #GitHub #Security #Innovation https://github.com/helviojunior/hookchain/
GitHub
GitHub - helviojunior/hookchain: HookChain: A new perspective for Bypassing EDR Solutions
HookChain: A new perspective for Bypassing EDR Solutions - helviojunior/hookchain
👍1
Limitations of the Kerberos Authentication System #KerberosAuthentication #Limitations https://academiccommons.columbia.edu/doi/10.7916/D84B372N
Academic Commons
Limitations of the Kerberos Authentication System
The Kerberos authentication system, a part of MIT's Project Athena, has been adopted by other organizations. Despite Kerberos's many strengths, it has a number of limitations and some weaknesses. Some are due to specifics of the MIT environment; others represent…
BOFHound: Session Integration #BOFHound #SessionIntegration #LDAPenumeration #BloodHound #AttackPathMapping https://posts.specterops.io/bofhound-session-integration-7b88b6f18423
SpecterOps
BOFHound: Session Integration - SpecterOps
In this post, we examine BOFHound-compatible BOFs and usage examples that allow an operator to take a manual and targeted approach to attack path mapping.
Lazarus Group Exploits Microsoft Zero-Days CVE-2024-38193, Patch Urgently #LazarusGroup #MicrosoftZeroDay #CVE-2024-38193 #PatchUrgently #CybersecurityNews https://securityonline.info/lazarus-group-exploits-microsoft-zero-days-cve-2024-38193-patch-urgently/
Daily CyberSecurity
Lazarus Group Exploits Microsoft Zero-Days CVE-2024-38193, Patch Urgently
Stay informed about the recent security vulnerabilities addressed by Microsoft. Explore the exploits of CVE-2024-38193 and its implications.
Web Browser Stored Credentials #WebBrowserStoredCredentials #PenetrationTestingLab #DPAPI #CredentialAccess #SharpDPAPI https://pentestlab.blog/2024/08/20/web-browser-stored-credentials/
Penetration Testing Lab
Web Browser Stored Credentials
Microsoft introduced Data Protection Application Programming Interface (DPAPI) in Windows environments as a method to encrypt and decrypt sensitive data such as credentials using the CryptProtectDa…
PoC Exploit for Windows 0-Day Flaws CVE-2024-38202 and CVE-2024-21302 Released #PoCExploit #Windows0DayFlaws #CVE202438202 #CVE202421302 #WindowsDowndate https://securityonline.info/poc-exploit-for-windows-0-day-flaws-cve-2024-38202-and-cve-2024-21302-released/
Daily CyberSecurity
PoC Exploit for Windows 0-Day Flaws CVE-2024-38202 and CVE-2024-21302 Released
Discover the details of CVE-2024-38202 and CVE-2024-21302 in Windows and how attackers can exploit them to undermine system integrity
Nice mindmap 👇 https://x.com/f4rmpoet/status/1825859077039382941?s=67
LayeredSyscall – Abusing VEH to Bypass EDRs #LayeredSyscall #VEHBypass #IndirectSyscalls #LegitimateCallStack #EthicalHacking https://whiteknightlabs.com/2024/07/31/layeredsyscall-abusing-veh-to-bypass-edrs
White Knight Labs
LayeredSyscall - Abusing VEH to Bypass EDRs | White Knight Labs
Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR hooks in Windows.
🔥1
SSRFing the Web with the Help of Copilot Studio #SSRF #Microsoft #CopilotStudio #Vulnerability #Critical https://www.tenable.com/blog/ssrfing-the-web-with-the-help-of-copilot-studio
Tenable®
SSRFing the Web with the Help of Copilot Studio
Tenable Research discovered a critical information-disclosure vulnerability in Microsoft’s Copilot Studio via a server-side request forgery (SSRF), which allowed researchers access to potentially sensitive information regarding service internals with potential…
The missing guide to the security of filesystems and file APIs (v1) https://gergelykalman.com/the-missing-guide-to-the-security-of-filesystems-and-file-apis.html
Gergely's hack blog
The missing guide to the security of filesystems and file APIs (v1)
These are the technical slides that I always have to cut from my presentations. I try to sprinkle them in, but it’s just always too much. So I decided that it’s big enough to be it’s own thing: The missing guide to the security of filesystems and …
Hacking as a pathway to building better Products #HackingInfluencesProductDesign #0ClickInstallations #EncryptedDNS #DefensiveDesign #HackersPhilosophy https://blog.thinkst.com/2024/08/hacking-as-a-pathway-to-building-better-products.html
Thinkst Thoughts
Hacking as a pathway to building better Products
Most security products are terrible. For years our industry has managed to get by because our products were mandated by someone or some regulation, and users were trained to accept that security an…
Creating a Dark Web Tor Onion Service/Website #DarkWeb #Tor #OnionService #Website #Tutorial https://charlie.fish/posts/2023/10/creating-dark-web-tor-onion-service-website/
Charlie's Blog
Creating a Dark Web Tor Onion Service/Website | Charlie's Blog
Learn how to create a dark web Tor Onion Service/Website to provide privacy and anonymity to your users.
Set Up Your Onion Service #TorProject #OnionService #SetupGuide #PrivacyTech #AnonymityTech https://community.torproject.org/onion-services/setup/
community.torproject.org
Tor Project | Set up Your Onion Service
Defend yourself against tracking and surveillance. Circumvent censorship. | Set up Your Onion Service
What are random numbers and how they are managed on Linux? #RandomNumbers #Linux #TrueRandom #Cryptography #Dieharder https://sergioprado.blog/what-are-random-numbers-and-how-they-are-managed-on-linux/
sergioprado.blog
What are random numbers and how they are managed on Linux?
In this article, we will deep dive into the major concepts behind random numbers and learn how to work with them on a Linux system.
Time-Memory Trade-Offs Sound the Death Knell for GPRS and GSM #TMTO #GPRS #GSM #Encryption #Security https://link.springer.com/chapter/10.1007/978-3-031-68385-5_7
SpringerLink
Time-Memory Trade-Offs Sound the Death Knell for GPRS and
This paper introduces a practical TMTO-based attack against GSM (A5/3) and GPRS (GEA-3), which are both technologies used in 2G mobile networks. Although designed in the 80 s, these networks are still quite active today, especially for embedded systems. While...
Exploring malicious Windows drivers (Part 2): the I/O system, IRPs, stack locations, IOCTLs and more
#ExploringWindowsDrivers #IOSystem #IRPs #IOCTLs #MaliciousDrivers https://blog.talosintelligence.com/exploring-malicious-windows-drivers-part-2/
#ExploringWindowsDrivers #IOSystem #IRPs #IOCTLs #MaliciousDrivers https://blog.talosintelligence.com/exploring-malicious-windows-drivers-part-2/
Cisco Talos Blog
Exploring malicious Windows drivers (Part 2): the I/O system, IRPs, stack locations, IOCTLs and more
As the second entry in our “Exploring malicious Windows drivers” series, we will continue where the first left off: Discussing the I/O system and IRPs.