CVE-2024-26926 Analysis #LinuxKernel #CVE202426926 #Analysis #GitHub #SecurityVulnerabilities https://github.com/MaherAzzouzi/LinuxKernel-nday/blob/main/CVE-2024-26926/CVE_2024_26926_Analysis.pdf
GitHub
LinuxKernel-nday/CVE-2024-26926/CVE_2024_26926_Analysis.pdf at main · MaherAzzouzi/LinuxKernel-nday
Linux Kernel N-day Exploit/Analysis. Contribute to MaherAzzouzi/LinuxKernel-nday development by creating an account on GitHub.
👍1
Retrofitting encrypted firmware is a Bad Idea™ #FirmwareEncryption #PrinterHacking #WTM #Lexmark #SecurityPolicy https://haxx.in/posts/wtm-wtf/
haxx.in
Retrofitting encrypted firmware is a Bad Idea™
Lexmark decided to frustrate vulnerability researchers last minute. Let’s have a look at their new root filesystem encryption.
Introducing zizmor: now you can have beautiful clean workflows #Rust #Security #GitHubActions #workflows #development https://blog.yossarian.net/2024/10/27/Now-you-can-have-beautiful-clean-workflows
blog.yossarian.net
Introducing zizmor: now you can have beautiful clean workflows
Anatomy of an LLM RCE #LLM #RCE #Security #CodeExecution #Vulnerability https://www.cyberark.com/resources/threat-research-blog/anatomy-of-an-llm-rce
Cyberark
Anatomy of an LLM RCE
As large language models (LLMs) become more advanced and are granted additional capabilities by developers, security risks increase dramatically. Manipulated LLMs are no longer just a risk of...
Mastering Memory Exploitation: Fundamentals, Stack Overflows, Shellcode, Format String Bugs, and Heap Overflows #MemoryExploitation #Cybersecurity #Vulnerabilities #TechGuide #ExploitationTechniques https://medium.com/@verylazytech/mastering-memory-exploitation-fundamentals-stack-overflows-shellcode-format-string-bugs-and-353270ec8128
Medium
Mastering Memory Exploitation: Fundamentals, Stack Overflows, Shellcode, Format String Bugs, and Heap Overflows
In the world of cybersecurity, exploiting vulnerabilities is a technical art form that combines deep knowledge of systems with a practical…
🔥2🤔1💩1🥱1
Cracking into a Just Eat / Takeaway.com terminal with an NFC card #JustEat #Takeaway.com #NFCcard #TerminalCracking #AndroidExploit https://blog.mgdproductions.com/justeat-takeaway-terminal/
MGD Blog
Cracking into a Just Eat / Takeaway.com terminal with an NFC card
So this is a pretty interesting one, i found this one on a local marketplace for 25 dollars, so i immediately snagged it up.
After it booted up, it showed an activation screen. Looks like the previous owner has logged out.
We can't do much from this screen…
After it booted up, it showed an activation screen. Looks like the previous owner has logged out.
We can't do much from this screen…
Give Me the Green Light Part 2: Dirty Little Secrets #TrafficController #DirtyLittleSecrets #WebAppPentesting #SNMP #NTCIP https://www.redthreatsec.com/blog/give-me-the-green-light-part2-dirty-little-secrets
Red Threat
Give Me the Green Light Part 2: Dirty Little Secrets — Red Threat
A peek behind the curtain and an introduction to the protocol the Traffic Industry doesn’t want you to know about.
Exploiting a Blind Format String Vulnerability in Modern Binaries: A Case Study from Pwn2Own Ireland 2024 #ExploitSuccess #BlindExploitation #StackPointer #WritingToStack #RopChain https://www.synacktiv.com/publications/exploiting-a-blind-format-string-vulnerability-in-modern-binaries-a-case-study-from
Synacktiv
Exploiting a Blind Format String Vulnerability in Modern Binaries: A
🔥2🤯2👍1
Understanding RedLine Stealer: The Trojan Targeting Your Data #RedLineStealer #Trojan #MalwareAnalysis #DataTheft #Cybersecurity https://malwr-analysis.com/2024/08/22/understanding-redline-stealer-the-trojan-targeting-your-data/
Malware Analysis, Phishing, and Email Scams
Understanding RedLine Stealer: The Trojan Targeting Your Data
In the ever-evolving landscape of cybersecurity threats, one name has increasingly become synonymous with stealth and precision: RedLine Stealer. This malicious software, often referred to as a Tro…
Autonomous Discovery of Critical Zero-Days #ZeroPathBlog #AI #VulnerabilityDetection #DeepProgramAnalysis #AutonomousDiscovery https://zeropath.com/blog/0day-discoveries
Zeropath
Autonomous Discovery of Critical Zero-Days - ZeroPath Blog
Since July 2024, ZeroPath's tool has uncovered critical zero-day vulnerabilities—including RCE, authentication bypasses, and IDORs—in popular AI platforms and open-source projects. Our approach has identified security flaws in projects owned by Netflix, Salesforce…
32 vulnerabilities in IBM Security Verify Access #IBMSecurityVerifyAccess #Vulnerabilities #ITSecurityResearch #AuthenticationBypass #Recommendations https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html
HTTP Security Headers: A complete guide to HTTP headers #HTTPSecurityHeaders #CompleteGuide #WebSecurity #HTTPHeaders #RiskMitigation https://www.darkrelay.com/post/http-security-headers
DarkRelay
HTTP Security Headers: A complete guide to HTTP headers
Why did the HTTP security headers go to therapy? They had major 'insecurity' issues!HTTP headers are an integral part of the Hypertext Transfer Protocol (HTTP), the foundation of data communication on the World Wide Web. HTTP headers are lines of additional…
The Sophos kernel implant, ‘hack-back’ implications, CIA malware in Venezuela (podcast) #SophosKernelImplant #HackBack #CIAinVenezuela #CyberEspionage #ThreatIntelligence https://securityconversations.com/episode/the-sophos-kernel-implant-hack-back-implications-cia-malware-in-venezuela/
Security Conversations
The Sophos kernel implant, 'hack-back' implications, CIA malware in Venezuela - Security Conversations
Three Buddy Problem – Episode 19: We explore Ivan Kwiatkowski’s essay on the limits of threat intelligence, Sophos using kernel implants to surveil Chinese hackers, […]
👍1
ToxicPanda: a new banking trojan from Asia hit Europe and LATAM #ToxicPanda #BankingTrojan #Asia #Europe #LATAM https://www.cleafy.com/cleafy-labs/toxicpanda-a-new-banking-trojan-from-asia-hit-europe-and-latam
Cleafy
ToxicPanda: a new banking trojan from Asia hit Europe and LATAM | Cleafy Labs
Discover Cleafy's in-depth analysis of a new Android banking Trojan campaign, ToxicPanda, initially linked to TgToxic. Our findings reveal a sophisticated fraud operation targeting European and LATAM banks, using On-Device Fraud (ODF) tactics to execute account…
One weird trick to get the whole planet to send abuse complaints to your best friend(s) #AbuseComplaints #SpoofedIP #InternetSecurity #Infosec #TCPReset https://delroth.net/posts/spoofed-mass-scan-abuse/
CVE-2024-8956, CVE-2024-8957: How to Steal a 0-Day RCE (With a Little Help from an LLM) #GreyNoise #CVE #0Day #RCE #LLM https://www.labs.greynoise.io/grimoire/2024-10-31-sift-0-day-rce/
GreyNoise Labs
CVE-2024-8956, CVE-2024-8957: How to Steal a 0-Day RCE (With a Little Help from an LLM) – GreyNoise Labs
Wow. Nice weapon! Can I hold it? I promise not to break anything. Honest!
Parrot Anafi Drone Reverse Engineering #ParrotAnafi #DroneReverseEngineering #HardwareHacking #PacketAnalysis #AttackCapabilities https://www.hardbreak.wiki/network-analysis/protocols/application-layer/proprietary-protocols/parrot-anafi-drone-reverse-engineering
www.hardbreak.wiki
Parrot Anafi Drone Reverse Engineering | HardBreak
Remote Code Execution: The Cybercriminal’s Golden Ticket #Cybersecurity #RCE #Vulnerability #Hacking #Awareness https://medium.com/ssd-secure-disclosure/remote-code-execution-the-cybercriminals-golden-ticket-44fe2d0a6353
Medium
Remote Code Execution: The Cybercriminal’s Golden Ticket
Imagine a vulnerability so dangerous that an attacker can execute any command they want on your system from anywhere in the world. That’s…
👍1
Bypass GuardDuty Pentest Findings for the AWS CLI¶ #AWSCLI #GuardDuty #PenTest #BurpSuite #CloudSecurity https://hackingthe.cloud/aws/avoiding-detection/guardduty-pentest/
hackingthe.cloud
Bypass GuardDuty Pentest Findings for the AWS CLI - Hacking The Cloud
Prevent Kali Linux, ParrotOS, and Pentoo Linux from throwing GuardDuty alerts by modifying the User Agent string when using the AWS CLI.
Tales of the Crimson Foes - Part 1 #CrimsonFoes #BreachingUnicorns #RedTeamTales #SecurityBlog #ForgottenScroll https://therealunicornsecurity.github.io/CrimsonFoes/
therealunicornsecurity.github.io
Tales of the Crimson Foes - Part 1
The Tales of the Crimson Foes
A compilation of red team and pentest stories
A compilation of red team and pentest stories