NFS Security: Identifying and Exploiting Misconfigurations #NFSSecurity #ISMS #InfoSecRiskManagement #BusinessContinuity #SecurityAwareness https://www.hvs-consulting.de/en/nfs-security-identifying-and-exploiting-misconfigurations/
HvS-Consulting
NFS Security: Identifying and Exploiting Misconfigurations | HvS-Consulting
Understand security features, misconfigurations and technical attacks on NFS shares.
Volkswagen’s bad streak: We know where your car is #VolkswagenDataBreach #CCCInvestigation #DataPrivacy #Cybersecurity #ProtectYourself https://reynardsec.com/en/volkswagens-bad-streak-we-know-where-your-car-is/
ReynardSec
Volkswagen's bad streak: We know where your car is - ReynardSec
Volkswagen has landed in hot water once again. A recent investigation by the Chaos Computer Club (CCC) reveals that the company has been systematically collecting and storing movement data from hundreds of thousands of vehicles across its brands (VW, Audi…
Simple Prompts to get the System Prompts #AIWrappers #Security #SystemPrompts #Research #Blog https://eval.blog/blog/simple-prompts-to-get-the-system-prompts/
eval.blog
Simple Prompts to get the System Prompts
Exploring prompt injection techniques to extract hidden system prompts from popular AI wrappers and chatbots.
From Arbitrary File Write to RCE in Restricted Rails apps #ArbitraryFileWrite #RCE #RailsApps #Bootsnap #ExploitationPossibilities https://blog.convisoappsec.com/en/from-arbitrary-file-write-to-rce-in-restricted-rails-apps/
Conviso AppSec
From Arbitrary File Write to RCE in Restricted Rails apps
We describe a technique that can be used to achieve remote code execution (RCE) from an arbitrary file write vulnerability by abusing the cache mechanism of Bootsnap.
Directory Traversal (Path Traversal) #DirectoryTraversal #PathTraversal #OWASP #SourceCodeReview #SSTI https://blog.projectasuras.com/OWASP/Path-Traversal/1
CVE-2024-54819 - I Librarian Server Side Request Forgery #CVE202454819 #ILibrarian #SSRF #Cybersecurity #Vulnerability https://www.partywave.site/show/research/CVE-2024-54819_-_I_Librarian_Server_Side_Request_Forgery
www.partywave.site
cve-2024-54819-i-librarian-server-side-request-forgery
Discover cve-2024-54819-i-librarian-server-side-request-forgery article on partywave.
👍1
Command Injection in apmcfgupload endpoint for DrayTek Gateway Devices #Notion #AllinOne #Workspace #Notes #Tasks https://netsecfish.notion.site/Command-Injection-in-apmcfgupload-endpoint-for-DrayTek-Gateway-Devices-1676b683e67c8040b7f1f0ffe29ce18f
netsecfish on Notion
Command Injection in `apmcfgupload` endpoint for DrayTek Gateway Devices | Notion
Summary
CVE-2024-49113: LdapNightmare is a PoC tool that tests a vulnerable Windows Server against CVE-2024-49113 #PoC #LdapNightmare #CVE202449113 #SafeBreachLabs #WindowsServerVulnerability https://github.com/SafeBreach-Labs/CVE-2024-49113
GitHub
GitHub - SafeBreach-Labs/CVE-2024-49113: LdapNightmare is a PoC tool that tests a vulnerable Windows Server against CVE-2024-49113
LdapNightmare is a PoC tool that tests a vulnerable Windows Server against CVE-2024-49113 - SafeBreach-Labs/CVE-2024-49113
Remote Code Execution (RCE) Exploits – How Hackers Exploit from Home #RCEExploits #HackersAtHome #OcsalyAcademy #CybersecurityThreats #StaySafe https://ocsaly.com/how-hackers-exploit-calibre-and-what-you-can-do-about-it/
TMI — Too Much Information. The less you reveal the better! #TMI #UserEnumerationVulnerability #InformationDisclosure #SecureProgramming #ProtectUserData https://medium.com/@aleksamajkic/too-much-information-the-less-you-reveal-the-better-163dabb7f89f
Medium
TMI — Too Much Information. The less you reveal the better!
A short overview of frequently overlooked vulnerability with real world examples
RustPotato: A Rust implementation of GodPotato — abusing SeImpersonate to gain SYSTEM privileges. Includes a TCP-based reverse shell and indirect NTAPI for various operations. #RustPotato #GodPotato #SeImpersonate #SYSTEMPrivileges #ReverseShell https://github.com/safedv/RustPotato
GitHub
GitHub - safedv/RustPotato: A Rust implementation of GodPotato — abusing SeImpersonate to gain SYSTEM privileges. Includes a TCP…
A Rust implementation of GodPotato — abusing SeImpersonate to gain SYSTEM privileges. Includes a TCP-based reverse shell and indirect NTAPI for various operations. - safedv/RustPotato
Backdooring Your Backdoors - Another $20 Domain, More Governments #Backdoors #DomainExploitation #GovernmentCompromised #WebShells #CyberSecurityResearch https://labs.watchtowr.com/more-governments-backdoors-in-your-backdoors/
watchTowr Labs
Backdooring Your Backdoors - Another $20 Domain, More Governments
After the excitement of our .MOBI research, we were left twiddling our thumbs. As you may recall, in 2024, we demonstrated the impact of an unregistered domain when we subverted the TLS/SSL CA process for verifying domain ownership to give ourselves the ability…
PoC Exploit Released For OpenSSH Arbitrary Code Execution Vulnerability #OpenSSH #Vulnerability #PoCExploit #CyberSecurity #RemoteCodeExecution https://cybersecuritynews.com/regresshion-code-execution-vulnerability/
Cyber Security News
PoC Exploit Released For OpenSSH Arbitrary Code Execution Vulnerability
A proof-of-concept (PoC) exploit for the critical OpenSSH vulnerability CVE-2024-6387, also known as "regreSSHion," has been released, raising alarms across the cybersecurity community.
Comment obtenir une injection SQL « time-based blind » et automatiser en modifiant SQLMAP ? #TimeBasedSQLInjection #BlindSQLInjection #ModifyingSQLMap #CyberSecurity #DataExfiltration https://www.hackmosphere.fr/time-based-blind-sql-injection/
Hackmosphere
Time-based Blind SQL Injection et modification de SQLMAP
Time-based blind SQL injection : Découvrez comment cette faille se distingue par sa capacité à exfiltrer des données sans activer d'alerte.
Exploiting SSTI in a Modern Spring Boot Application (3.3.4) #SSTI #SpringBoot #Pentesting #RCE #Exploit https://modzero.com/en/blog/spring_boot_ssti/
Modzero
Exploiting SSTI in a Modern Spring Boot Application (3.3.4)
First tokens: The Achilles’ heel of LLMs #LLM #AssistantPrefill #WebSecurity #SafetyAlignment #AISecurity https://www.invicti.com/blog/security-labs/first-tokens-the-achilles-heel-of-llms/
Invicti
First Tokens: The Achilles’ Heel of LLMs
The Assistant Prefill feature available in many LLMs can open up models to jailbreaking, including the possibility of persistent prefills to bypass LLM safety alignments.
Gayfemboy: A Botnet Deliver Through a Four-Faith Industrial Router 0-day Exploit. #Gayfemboy #Botnet #0dayExploit #CyberThreatInsight #DDoSAttack https://blog.xlab.qianxin.com/gayfemboy-en/
奇安信 X 实验室
Gayfemboy: A Botnet Deliver Through a Four-Faith Industrial Router 0-day Exploit.
Overview
Countless script kiddies, dreaming of getting rich, rush into the DDoS black-market industry armed with Mirai source code, imagining they can make a fortune with botnets. Reality, however, is harsh—these individuals arrive full of ambition but…
Countless script kiddies, dreaming of getting rich, rush into the DDoS black-market industry armed with Mirai source code, imagining they can make a fortune with botnets. Reality, however, is harsh—these individuals arrive full of ambition but…
🤷2👍1
$2m laundered: the YouTube crypto tutorials’ huge scam (investigation) #CryptoScam #YouTubeTutorialScam #MillionDollarLaundering #Investigation #StaySafe https://medium.com/@tim.sh/2m-laundered-the-youtube-crypto-tutorials-huge-scam-investigation-8f4a0a3c92d8
Medium
$2m laundered: the YouTube crypto tutorials’ huge scam (investigation)
How 1 youtube video turned out to be a part of a million dollar scam scheme
🤯1
How We Cracked a 512-Bit DKIM Key for Less Than $8 in the Cloud #512BitDKIM #CloudCracking #ASN1DER #RSAKeys #EmailVerification https://dmarcchecker.app/articles/crack-512-bit-dkim-rsa-key
Memory Allocators 101 - Write a simple memory allocator #MemoryAllocators #SimpleMemoryAllocator #Malloc #Free #HeaderAllocation https://arjunsreedharan.org/post/148675821737/memory-allocators-101-write-a-simple-memory
Tumblr
Memory Allocators 101 - Write a simple memory allocator
Code related to this article: github.com/arjun024/memalloc
This article is about writing a simple memory allocator in C.
We will implement malloc(), calloc(), realloc() and free().
This is a beginner...
This article is about writing a simple memory allocator in C.
We will implement malloc(), calloc(), realloc() and free().
This is a beginner...
🤯3🔥1