Azure Detection Engineering: Log idiosyncrasies you should know about #AzureDetectionEngineering #LogIdiosyncrasies #SecurityCanaries #AzureLogs #DetectingIntrusions https://tracebit.com/blog/azure-detection-engineering-log-idiosyncrasies-you-should-know-about
Tracebit
Azure Detection Engineering: Log idiosyncrasies you should know about | Tracebit
We share a few inconsistencies found in Azure logs which make detection engineering more challenging.
Leveraging An Order of Operations Bug to Achieve RCE in Sitecore 8.x - 10.x #Assetnote #SecurityResearch #Sitecore #OrderOfOperations #AttackVector https://www.assetnote.io/resources/research/leveraging-an-order-of-operations-bug-to-achieve-rce-in-sitecore-8-x---10-x
www.assetnote.io
Leveraging An Order of Operations Bug to Achieve RCE in Sitecore 8.x - 10.x
Local file disclosure in Sitecore 8.x to 10.x that can lead to RCE (CVE-2024-46938) due to an order of operations bug within a handler responsible for reading local files.
Prototype Pollution in NASAs Open MCT CVE-2023-45282 #PrototypePollution #NASAOpenMCT #CVE2023-45282 #VisionSpace #JavaScriptVulnerability https://visionspace.com/prototype-pollution-in-nasas-open-mct-cve-2023-45282/
Visionspace
Prototype Pollution in NASAs Open MCT CVE-2023-45282
The Prototype Pollution vulnerability is specific to the JavaScript programming language. It enables an attacker to add or alter any properties of global object prototypes. Once the property is changed, the code that inherits it will use the injected property…
CVE-2024-48990-PoC: PoC for CVE-2024-48990 #GitHub #CVE #PoC #Vulnerabilities #Security https://github.com/makuga01/CVE-2024-48990-PoC
GitHub
GitHub - makuga01/CVE-2024-48990-PoC: PoC for CVE-2024-48990
PoC for CVE-2024-48990. Contribute to makuga01/CVE-2024-48990-PoC development by creating an account on GitHub.
🔥1🤯1
Writing distributed applications with Python Smart Objects as a Java RMI alternative #Python #DistributedApplications #SmartObjects #JavaRMI #Alternative https://medium.com/@__biancarosa/writing-distributed-applications-with-python-smart-objects-as-a-java-rmi-alternative-4ba9a812567d
Medium
Writing distributed applications with Python Smart Objects as a Java RMI alternative
Hello there! :)
The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access #NearestNeighborAttack #RussianAPTGruesomeLarch #CovertAccess #Wi-FiWeaponization #OrganizationSecurity https://www.volexity.com/blog/2024/11/22/the-nearest-neighbor-attack-how-a-russian-apt-weaponized-nearby-wi-fi-networks-for-covert-access/
Volexity
The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access
In early February 2022, notably just ahead of the Russian invasion of Ukraine, Volexity made a discovery that led to one of the most fascinating and complex incident investigations Volexity had ever worked. The investigation began when an alert from a custom…
Handling Cookies is a Minefield #Cookies #WebDevelopment #Programming #WebBrowsers #Standards https://grayduck.mn/2024/11/21/handling-cookies-is-a-minefield/
grayduck.mn
April King — Handling Cookies is a Minefield
Discrepancies in how browsers and libraries handle HTTP cookies, and the problems caused by such things.
Breaking out of VRChat using a Unity bug #VRChat #UnityBug #UdonSharp #Textures #Exploit https://khang06.github.io/vrcescape/
Khang's Stuff
Breaking out of VRChat using a Unity bug
Making Udon a bit too flexible.
Ruby 3.4 Universal RCE Deserialization Gadget Chain #RubyGadgetChain #RCE #Vulnerability #Deserialization #Improvements https://nastystereo.com/security/ruby-3.4-deserialization.html
CVE-2024-11477: 7-Zip Vulnerability Allows Remote Code Execution, Update Now! #7ZipVulnerability #RemoteCodeExecution #UpdateNow #CVE202411477 #CybersecurityNews https://securityonline.info/cve-2024-11477-7-zip-vulnerability-allows-remote-code-execution-update-now/
Daily CyberSecurity
CVE-2024-11477: 7-Zip Vulnerability Allows Remote Code Execution, Update Now!
7-Zip vulnerability (CVE-2024-11477): understand the risks and learn how to safeguard your systems from potential code execution attacks.
🔥2
KrbRelayEx: Kerberos Relay and Forwarder for (Fake) SMB MiTM Server #KrbRelayEx #MitM #Kerberos #SMB #HTTPADC https://github.com/decoder-it/KrbRelayEx
GitHub
GitHub - decoder-it/KrbRelayEx
Contribute to decoder-it/KrbRelayEx development by creating an account on GitHub.
Windows - Data Protection API (DPAPI) Revisited #WindowsSecurity #DataProtectionAPI #ChromiumChanges #SecurityValidation #DeviceBoundSessionCredentials https://tierzerosecurity.co.nz/2024/11/26/data-protection-windows-api-revisited.html
Tier Zero Security
Information Security Services. Offensive Security, Penetration Testing, Mobile and Application, Purple Team, Red Team
How To Use MSSQL CLR Assembly To Bypass EDR #BypassEDR #MSSQL https://blog.pyn3rd.com/2024/11/22/How-to-use-MSSQL-CLR-assembly-to-bypass-EDR/
Pyn3Rd
How To Use MSSQL CLR Assembly To Bypass EDR
BackgroundA few days ago, I dealt with a blackmail incident involving an MSSQL database, which potentially evaded EDR detection. I intend to share the entire process. Upon analyzing the situation, I f
👍3
Attacking hypervisors - A practical case #ReverseTactics #HypervisorAttack #VirtualBox #SecurityResearch #Pwn2Own https://www.reversetactics.com/publications/2024_conf_grehack_virtualbox/
Reversetactics
REverse Tactics
Presentation on the vulnerability research conducted on VirtualBox for Pwn2Own Vancouver 2024.
🔥2
The Curious Case of nltest and LmOwfPassword/NtOwfPassword #nltest #SAM #reverseengineering #hashfunction #WindowsExploits https://www.jonaslieb.de/blog/nltest-ntowfpassword/
Jonas Lieb
The Curious Case of nltest and LmOwfPassword/NtOwfPassword
I recently fiddled around with Window’s built-in command nltest and noticed that nltest /user:<username>, when executed as an Administrator, yields some interesting information about the requested user:
The two fields LmOwfPassword and NtOwfPassword spiked…
The two fields LmOwfPassword and NtOwfPassword spiked…
SSD Advisory – ksthunk.sys Integer Overflow (PE) #SSDSecureDisclosure #IntegerOverflow #Windows11 #Vulnerability #Exploitation https://ssd-disclosure.com/ssd-advisory-ksthunk-sys-integer-overflow-pe/
SSD Secure Disclosure
SSD Advisory - ksthunk.sys Integer Overflow (PE) - SSD Secure Disclosure
Summary A vulnerability in the ksthunk.sys CKSAutomationThunk::ThunkEnableEventIrp allows a local attacker to exploit an Integer Overflow vulnerability which can then be used to gain elevated privileges in the Windows operating system. The exploit was successfully…
🔥2
Clipping the Canary’s wings: Bypassing AiTM Phishing Detections #JavaScript #cookies https://insights.spotit.be/2024/06/03/clipping-the-canarys-wings-bypassing-aitm-phishing-detections/
New RustyAttr Malware Targets macOS Through Extended Attribute Abuse #MalwareAnalysis https://thehackernews.com/2024/11/new-rustyattr-malware-targets-macos.html
Redis CVE-2024-31449: How to Reproduce and Mitigate the Vulnerability #RedisCVE #VulnerabilityMitigation #RedRaysCTO #LuaScripting #UpdateRedis https://redrays.io/blog/redis-cve-2024-31449-how-to-reproduce-and-mitigate-the-vulnerability/
RedRays - Your SAP Security Solution
Redis CVE-2024-31449: How to Reproduce and Mitigate the Vulnerability
Learn about Redis CVE-2024-31449, a critical Lua vulnerability allowing remote code execution. Discover steps to protect your system, reproduce the PoC, and update Redis to mitigate risks.
Exploring the DOMPurify library: Bypasses and Fixes (1/2) #DOMPurify #Bypasses #HTML #mXSS #SecurityFixes https://mizu.re/post/exploring-the-dompurify-library-bypasses-and-fixes
mizu.re
Exploring the DOMPurify library: Bypasses and Fixes (1/2). Tags:Article - Article - Web - mXSS
🤔1😡1