Handling Cookies is a Minefield #Cookies #WebDevelopment #Programming #WebBrowsers #Standards https://grayduck.mn/2024/11/21/handling-cookies-is-a-minefield/
grayduck.mn
April King — Handling Cookies is a Minefield
Discrepancies in how browsers and libraries handle HTTP cookies, and the problems caused by such things.
Breaking out of VRChat using a Unity bug #VRChat #UnityBug #UdonSharp #Textures #Exploit https://khang06.github.io/vrcescape/
Khang's Stuff
Breaking out of VRChat using a Unity bug
Making Udon a bit too flexible.
Ruby 3.4 Universal RCE Deserialization Gadget Chain #RubyGadgetChain #RCE #Vulnerability #Deserialization #Improvements https://nastystereo.com/security/ruby-3.4-deserialization.html
CVE-2024-11477: 7-Zip Vulnerability Allows Remote Code Execution, Update Now! #7ZipVulnerability #RemoteCodeExecution #UpdateNow #CVE202411477 #CybersecurityNews https://securityonline.info/cve-2024-11477-7-zip-vulnerability-allows-remote-code-execution-update-now/
Daily CyberSecurity
CVE-2024-11477: 7-Zip Vulnerability Allows Remote Code Execution, Update Now!
7-Zip vulnerability (CVE-2024-11477): understand the risks and learn how to safeguard your systems from potential code execution attacks.
🔥2
KrbRelayEx: Kerberos Relay and Forwarder for (Fake) SMB MiTM Server #KrbRelayEx #MitM #Kerberos #SMB #HTTPADC https://github.com/decoder-it/KrbRelayEx
GitHub
GitHub - decoder-it/KrbRelayEx
Contribute to decoder-it/KrbRelayEx development by creating an account on GitHub.
Windows - Data Protection API (DPAPI) Revisited #WindowsSecurity #DataProtectionAPI #ChromiumChanges #SecurityValidation #DeviceBoundSessionCredentials https://tierzerosecurity.co.nz/2024/11/26/data-protection-windows-api-revisited.html
Tier Zero Security
Information Security Services. Offensive Security, Penetration Testing, Mobile and Application, Purple Team, Red Team
How To Use MSSQL CLR Assembly To Bypass EDR #BypassEDR #MSSQL https://blog.pyn3rd.com/2024/11/22/How-to-use-MSSQL-CLR-assembly-to-bypass-EDR/
Pyn3Rd
How To Use MSSQL CLR Assembly To Bypass EDR
BackgroundA few days ago, I dealt with a blackmail incident involving an MSSQL database, which potentially evaded EDR detection. I intend to share the entire process. Upon analyzing the situation, I f
👍3
Attacking hypervisors - A practical case #ReverseTactics #HypervisorAttack #VirtualBox #SecurityResearch #Pwn2Own https://www.reversetactics.com/publications/2024_conf_grehack_virtualbox/
Reversetactics
REverse Tactics
Presentation on the vulnerability research conducted on VirtualBox for Pwn2Own Vancouver 2024.
🔥2
The Curious Case of nltest and LmOwfPassword/NtOwfPassword #nltest #SAM #reverseengineering #hashfunction #WindowsExploits https://www.jonaslieb.de/blog/nltest-ntowfpassword/
Jonas Lieb
The Curious Case of nltest and LmOwfPassword/NtOwfPassword
I recently fiddled around with Window’s built-in command nltest and noticed that nltest /user:<username>, when executed as an Administrator, yields some interesting information about the requested user:
The two fields LmOwfPassword and NtOwfPassword spiked…
The two fields LmOwfPassword and NtOwfPassword spiked…
SSD Advisory – ksthunk.sys Integer Overflow (PE) #SSDSecureDisclosure #IntegerOverflow #Windows11 #Vulnerability #Exploitation https://ssd-disclosure.com/ssd-advisory-ksthunk-sys-integer-overflow-pe/
SSD Secure Disclosure
SSD Advisory - ksthunk.sys Integer Overflow (PE) - SSD Secure Disclosure
Summary A vulnerability in the ksthunk.sys CKSAutomationThunk::ThunkEnableEventIrp allows a local attacker to exploit an Integer Overflow vulnerability which can then be used to gain elevated privileges in the Windows operating system. The exploit was successfully…
🔥2
Clipping the Canary’s wings: Bypassing AiTM Phishing Detections #JavaScript #cookies https://insights.spotit.be/2024/06/03/clipping-the-canarys-wings-bypassing-aitm-phishing-detections/
New RustyAttr Malware Targets macOS Through Extended Attribute Abuse #MalwareAnalysis https://thehackernews.com/2024/11/new-rustyattr-malware-targets-macos.html
Redis CVE-2024-31449: How to Reproduce and Mitigate the Vulnerability #RedisCVE #VulnerabilityMitigation #RedRaysCTO #LuaScripting #UpdateRedis https://redrays.io/blog/redis-cve-2024-31449-how-to-reproduce-and-mitigate-the-vulnerability/
RedRays - Your SAP Security Solution
Redis CVE-2024-31449: How to Reproduce and Mitigate the Vulnerability
Learn about Redis CVE-2024-31449, a critical Lua vulnerability allowing remote code execution. Discover steps to protect your system, reproduce the PoC, and update Redis to mitigate risks.
Exploring the DOMPurify library: Bypasses and Fixes (1/2) #DOMPurify #Bypasses #HTML #mXSS #SecurityFixes https://mizu.re/post/exploring-the-dompurify-library-bypasses-and-fixes
mizu.re
Exploring the DOMPurify library: Bypasses and Fixes (1/2). Tags:Article - Article - Web - mXSS
🤔1😡1
Reverse Engineering iOS 18 Inactivity Reboot #iOS18 #InactivityReboot #ReverseEngineering #SecurityFeature #72HourReboot https://naehrdine.blogspot.com/2024/11/reverse-engineering-ios-18-inactivity.html
Blogspot
Reverse Engineering iOS 18 Inactivity Reboot
Wireless and firmware hacking, PhD life, Technology
Unpatched Remote Code Execution in Gogs #Gogs #Vulnerability #Unpatched #RemoteCodeExecution #Exploit https://fysac.github.io/posts/2024/11/unpatched-remote-code-execution-in-gogs/
Vulnerability research and more
Unpatched Remote Code Execution in Gogs
The Gogs self-hosted Git service is vulnerable to symbolic link path traversal that enables remote code execution (CVE-2024-44625). The latest version at the time of writing (0.13.0) is affected. This vulnerability is exploitable against a default install…
TCL substitution of global parameter values in Gaia Portal #TCLSubstitution #GaiaPortal #Vulnerability #MaliciousCode #Mitigation https://notes.zeronvll.com/grammelot/CheckPoint-CVE-2024-24914
ZeroNvll
TCL substitution of global parameter values in Gaia Portal
Authenticated Gaia users, at least read-only privilege, can inject code or commands by global variables through HTTP requests.
CVE-2024-0012 PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015) #CVE-2024-0012 #PAN-OS #AuthenticationBypass #ManagementWebInterface #SecurityAdvisories https://security.paloaltonetworks.com/CVE-2024-0012
Palo Alto Networks Product Security Assurance
CVE-2024-0012 PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015)
An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perfor...
ShadowDumper: Shadow Dumper is a powerful tool used to dump LSASS memory, often needed in penetration testing and red teaming #ShadowDumper #LSASSMemory #PenetrationTesting #RedTeaming #GitHubProject https://github.com/Offensive-Panda/ShadowDumper
GitHub
GitHub - Offensive-Panda/ShadowDumper: Shadow Dumper is a powerful tool used to dump LSASS memory, often needed in penetration…
Shadow Dumper is a powerful tool used to dump LSASS memory, often needed in penetration testing and red teaming. It uses multiple advanced techniques to dump memory, allowing to access sensitive da...
Reproducing CVE-2024-10979: A Step-by-Step Guide #ReproduceCVE202410979 #StepByStepGuide #SAPSecurity #Vulnerability #EducationalPurposes https://redrays.io/blog/reproducing-cve-2024-10979-a-step-by-step-guide/
RedRays - Your SAP Security Solution
Reproducing CVE-2024-10979: A Step-by-Step Guide
Discover how to reproduce CVE-2024-10979, a vulnerability in PostgreSQL's trusted PL/Perl, through this detailed step-by-step guide. Learn about the security implications and the importance of applying patches to safeguard your database systems.