Get FortiRekt, I Am The Super_Admin Now - Fortinet FortiOS Authentication Bypass CVE-2024-55591 #FortiRekt #SuperAdminNow #FortiOSBypass #CVE55591 #FortiGateWebVulnerability https://labs.watchtowr.com/get-fortirekt-i-am-the-super_admin-now-fortios-authentication-bypass-cve-2024-55591/
watchTowr Labs
Get FortiRekt, I Am The Super_Admin Now - Fortinet FortiOS Authentication Bypass CVE-2024-55591
Welcome to Monday, and what an excitingly fresh start to the week we're all having.
Grab your coffee, grab your vodka - we're diving into a currently exploited-in-the-wild critical Authentication Bypass affecting foRtinet's (we are returning the misspelling…
Grab your coffee, grab your vodka - we're diving into a currently exploited-in-the-wild critical Authentication Bypass affecting foRtinet's (we are returning the misspelling…
A Missed Opportunity: Addressing Weak Password Hashing in VxWorks #WeakPasswordHashing #VxWorks #SecurityVulnerability #VendorResponse #SecurityStandards https://sec-consult.com/blog/detail/a-missed-opportunity-addressing-weak-password-hashing-in-vxworks/
SEC Consult
A Missed Opportunity: Addressing Weak Password Hashing in VxWorks
The security of embedded systems running Real-Time Operating Systems (RTOS) like Wind River VxWorks is vital in high stakes sectors such as OT, defense, and aviation.
Phishing for Refresh Tokens #Phishing #RefreshTokens #AITM #AtticSecurity #Zolder https://zolder.io/blog/phishing-for-refresh-tokens/
Zolder - Applied Security Research
Phishing for Refresh Tokens | Zolder - Applied Security Research
leveraging AiTM and the OAuth 2.0 authorization code flow to steal access and refresh tokens. Modified AITMWorker for steal refreshtokens.
CVE-2024-46507: Yeti Platform Server-Side Template Injection (SSTI) #CVE-2024-46507 #SSTI #RCE #YetiPlatform #RhinoSecurityLabs https://rhinosecuritylabs.com/research/cve-2024-46507-yeti-server-side-template-injection-ssti/
Rhino Security Labs
CVE-2024-46507: Yeti Platform Server-Side Template Injection (SSTI)
Yeti is a Forensic Intelligence platform and pipeline for DFIR teams. Rhino Security Labs will detail 2 security flaws that, combined, lead to unauthenticated RCE.
NFCToolsGUI: A cross-platform program that interacts with PN532, supports Windows, Linux, and macOS. #NFCToolsGUI #CrossPlatform #PN532 #Windows #LinuxMacOS https://github.com/GSWXXN/NFCToolsGUI
GitHub
GitHub - GSWXXN/NFCToolsGUI: A cross-platform program that interacts with PN532, supports Windows, Linux, and macOS.
A cross-platform program that interacts with PN532, supports Windows, Linux, and macOS. - GSWXXN/NFCToolsGUI
A short Introduction to BloodHound Custom Queries #BloodHound #CustomQueries #ActiveDirectory #CypherQueries #SecurityOperations https://www.8com.de/cyber-security-blog/a-short-introduction-to-bloodhound-custom-queries
www.8com.de
A short Introduction to BloodHound Custom Queries
In this post, we’ll present custom BloodHound queries to find real-world vulnerabilities and misconfigurations in Active Directory networks.
Exploring Heap Exploitation Mechanisms: Understanding the House of Force Technique #HeapExploitation #HouseOfForce #MemoryAllocation #HeapChunks #ReallocationMechanism https://www.darkrelay.com/post/exploring-heap-exploitation-mechanisms-understanding-the-house-of-force-technique
DarkRelay
Exploring Heap Exploitation Mechanisms: Understanding the House of Force Technique
Heap exploitation techniques like House of Force demonstrate the complexities and risks associated with memory management systems.
🔥2
CRLF injection via TryAddWithoutValidation in .NET #CRLF #Injection #TryAddWithoutValidation #.NET #BinarySecurityAS https://binarysecurity.no/posts/2025/01/tryaddwithoutvalidation
Binary Security AS
CRLF injection via TryAddWithoutValidation in .NET
Binary Security was awarded two CVEs (CVE-2024-45302 and CVE-2024-51501) for header injection vulnerabilities in the RestSharp and Refit .NET libraries. This blog post outlines the research which lead to discovering these vulnerabilities.
I Found a Game Exploit That Lets Hackers Take Over Your PC #GameExploit #PCSecurity #RCEVulnerability #PS5Security #GameDevSecurity https://shalzuth.com/Blog/IFoundAGameExploit
Shalzuth
Reverse Engineering: I Found a Game Exploit That Lets Hackers Take Over Your PC
Reverse Engineering: I discovered a serious Remote Code Execution (RCE) vulnerability in a popular game that could let attackers run code on your PC. Watch how I found it, reported it, and what you can do to stay safe.
Live Chat Blog #2: Cisco Webex Connect - Access to millions of chats histories #LiveChatBlog #CiscoWebexConnect #VulnerabilityFound #AccessToCustomerChats #OrionSecurity https://www.ophionsecurity.com/post/cisco-webex-connect-vulnerability-unauthenticated-access-to-all-chats
Ophionsecurity
Live Chat Blog #2: Cisco Webex Connect - Access to millions of chats histories - Ophion Security Publications
In July 2024, we identified a vulnerability that resulted in access to millions of live customer support messages for organizations using Cisco Webex Connect.
SlackPirate Set Sails Again! Or: How to Send the Entire “Bee Movie” Script to Your Friends in Slack #SlackPirate #BeeMovieScript #SpecterOps #RedTeam #WebSecurity https://posts.specterops.io/slackpirate-set-sails-again-or-how-to-send-the-entire-bee-movie-script-to-your-friends-in-slack-d9c691ae33f5
Medium
SlackPirate Set Sails Again! Or: How to Send the Entire “Bee Movie” Script to Your Friends in Slack
TLDR: SlackPirate has been defunct for a few years due to a breaking change in how the Slack client interacts with the Slack API. It has a…
Everyone knows your location: tracking myself down through in-app ads #LocationDataLeak #AppTracking #DataBrokers #UserConsent #GeolocationTracking https://timsh.org/tracking-myself-down-through-in-app-ads/
tim.sh
Everyone knows your location
How I tracked myself down using leaked location data in the in-app ads, and what I found along the way.
SLAP (Data Speculation Attacks via Load Address Prediction on Apple Silicon) and FLOP (Breaking the Apple M3 CPU via False Load Output Predictions ) Apple CPUs speculation attacks #SLAP #FLOP #Apple #SpeculativeExecution #DataLeak https://predictors.fail/
predictors.fail
SLAP and FLOP
The SLAP and FLOP Address and Value Prediction Attacks
Ransomware Groups Exploiting Microsoft Teams #RansomwareGroups #ExploitingMicrosoftTeams #GoSecure #Cybersecurity #ProtectYourOrganization https://gosecure.ai/blog/2025/01/22/ransomware-groups-exploiting-microsoft-teams/
GoSecure
24/7 managed detection, response, and expert cybersecurity services - GoSecure
We provide around-the-clock threat detection and incident response, backed by expert consulting to keep your organization secure.
Analyzing ELF/Sshdinjector.A!tr with a Human and Artificial Analyst #FortiGuardLabs #AIanalysis #ELF/Sshdinjector #malware #ThreatResearch https://www.fortinet.com/blog/threat-research/analyzing-elf-sshdinjector-with-a-human-and-artificial-analyst
Fortinet Blog
Analyzing ELF/Sshdinjector.A!tr with a Human and Artificial Analyst
FortiGuard Labs reverse engineers a malware’s binaries to look into what the malware is actually doing.…
Nice website to check how much the infosec salaries are #GlobalSalaryIndex #Cybersecurity #InfoSec #isecjobs #TransparentData https://isecjobs.com/insights/our-global-salary-index-2025-is-now-live/
foo🦍
foo🦍 ~/all coding
The career platform for coders, builders, hackers and makers.
How to prove false statements? (Part 1) #Cryptography #RandomOracleModel #FalseStatementProof #PracticalAttacks #ZKSchemes https://blog.cryptographyengineering.com/2025/02/04/how-to-prove-false-statements-part-1/
A Few Thoughts on Cryptographic Engineering
How to prove false statements? (Part 1)
Trigger warning: incredibly wonky theoretical cryptography post (written by a non-theorist)! Also, this will be in two parts. I plan to be back with some more thoughts on practical stuff, like clou…
GPUAF - Two ways of Rooting
All Qualcomm based Android
phones https://powerofcommunity.net/poc2024/Pan%20Zhenpeng%20&%20Jheng%20Bing%20Jhong,%20GPUAF%20-%20Two%20ways%20of%20rooting%20All%20Qualcomm%20based%20Android%20phones.pdf
All Qualcomm based Android
phones https://powerofcommunity.net/poc2024/Pan%20Zhenpeng%20&%20Jheng%20Bing%20Jhong,%20GPUAF%20-%20Two%20ways%20of%20rooting%20All%20Qualcomm%20based%20Android%20phones.pdf
0x07 - Introduction to Windows Kernel Race Conditions #WindowsKernel #RaceCondition #VulnerabilityType #Exploitation #DoubleFetch https://wetw0rk.github.io/posts/0x07-introduction-to-windows-kernel-race-conditions/
wetw0rk.github.io
0x07 - Introduction to Windows Kernel Race Conditions
NEW No-Click Critical Vulnerability in Microsoft Windows: CVE-2025-21298 #MicrosoftWindows #CriticalVulnerability #CVE2025-21298 #Cybersecurity #HackersArise https://www.hackers-arise.com/post/new-no-click-critical-vulnerability-in-microsoft-windows-cve-2025-21298
Hackers Arise - EXPERT CYBERSECURITY TRAINING FOR ETHICAL HACKERS
NEW No-Click Critical Vulnerability in Microsoft Windows: CVE-2025-21298 - Hackers Arise
Welcome back, my aspiring cyberwarriors! Over the years, Microsoft Windows operating system, the world's most widely used OS, has been riddled with security vulnerabilities. As the years have gone by and Microsoft has become more security conscience, the…
🔥2
Debugging SMM with JTAG: Part 2 #DebuggingSMM #JTAG #IntelTrace #SMMEntry #LBRTrace https://www.asset-intertech.com/resources/blog/2025/02/debugging-smm-with-jtag-part-2/