Security Operations

578 readers
1 users here now

A place for all things Cyber Security, from questions, rants, and stories, to the latest attacks, vulnerabilities, and zero days.

founded 2 years ago
MODERATORS
L3s
listing: all - local
301
3
Windows Installer arbitrary content manipulation Elevation of Privilege (CVE-2020-0911) (offsec.almond.consulting)
submitted 2 years ago by L4s to c/secops
0 comments fedilink
302
1
Extending Burp Suite for fun and profit - The Montoya way - Part 1 (security.humanativaspa.it)
submitted 2 years ago by L4s to c/secops
0 comments fedilink
 
 

-> Setting up the environment + […]

303
4
Hunting for Bitwarden master passwords stored in memory (redmaple.tech)
submitted 2 years ago by L4s to c/secops
0 comments fedilink
 
 

Cyber security, technology, and secure digital transformation consultancy run by genuine experts

304
1
[CVE-2022-43684] - Insecure Access Control to Full Administrator Takeover in ServiceNow Instances (x64.sh)
submitted 2 years ago by L4s to c/secops
0 comments fedilink
 
 

ServiceNow Insecure Access Control leading to Administrator Account Takeover - CVE-2022-43684

305
0
Open Source CSP Report Listener (github.com)
submitted 2 years ago by L4s to c/secops
0 comments fedilink
 
 

Contribute to metlo-labs/csp-report-listener development by creating an account on GitHub.

306
2
Technical Details of CVE-2023-30990 - Unauthenticated RCE in IBM i DDM Service (blog.silentsignal.eu)
submitted 2 years ago by L4s to c/secops
0 comments fedilink
 
 

Because we can!

307
2
Fully Undetected shellcode loader featuring EDR killer PoC (github.com)
submitted 2 years ago by L4s to c/secops
0 comments fedilink
 
 

Native Syscalls Shellcode Injector. Contribute to florylsk/RecycledInjector development by creating an account on GitHub.

308
3
How I Hacked CASIO F-91W digital watch - Bringing NFC contactless payment capability to a true classic. (medium.com)
submitted 2 years ago by L4s to c/secops
1 comments fedilink
309
-2
Huobi's Leaky Bucket Risked Massive Crypto Breach (phillips.technology)
submitted 2 years ago by L4s to c/secops
0 comments fedilink
 
 

"The exchange risked users' assets by leaving a file containing AWS credentials in an open S3 bucket for years."

310
1
Attacking GraphQL APIs (portswigger.net)
submitted 2 years ago by L4s to c/secops
0 comments fedilink
 
 

In this section we'll look at how to test GraphQL APIs. GraphQL vulnerabilities generally arise due to implementation and design flaws. For example, the ...

311
3
0-day vulnerability found in Netskope leading to a Local Privilege Escalation. (hdwsec.fr)
submitted 2 years ago by L4s to c/secops
1 comments fedilink
312
1
Frida 16.1.0 is out w/ a brand new backend that supports instrumenting barebone targets — ranging from microcontrollers all the way to the iOS kernel on Corellium, allowing you to instantly inject ... (frida.re)
submitted 2 years ago by L4s to c/secops
0 comments fedilink
 
 

Observe and reprogram running programs on Windows, macOS, GNU/Linux, iOS, watchOS, tvOS, Android, FreeBSD, and QNX

313
3
CVE-2023-26258 - Remote Code Execution in ArcServe UDP Backup @MDSecLabs (www.mdsec.co.uk)
submitted 2 years ago by L4s to c/secops
0 comments fedilink
314
3
A deep dive on how Camaro Dragon utilized USB flash drives to infect a EU heath system (research.checkpoint.com)
submitted 2 years ago by L4s to c/secops
0 comments fedilink
 
 

Latest Research by our Team

315
1
ParaForge: A BurpSuite extension to create a custom word-list of endpoint and parameters for enumeration and fuzzing (github.com)
submitted 2 years ago by L4s to c/secops
0 comments fedilink
 
 

A BurpSuite extension to create a custom word-list of endpoint and parameters for enumeration and fuzzing - GitHub - Anof-cyber/ParaForge: A BurpSuite extension to create a custom word-list of endpoint and parameters for enumeration and fuzzing

316
1
Introducing DNS Analyzer: A Burp Suite extension for finding DNS vulnerabilities in web applications (sec-consult.com)
submitted 2 years ago by L4s to c/secops
0 comments fedilink
 
 

A brand-new Burp Suite extension for discovering DNS vulnerabilities in web applications.

317
3
Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel. (github.com)
submitted 2 years ago by L4s to c/secops
0 comments fedilink
 
 

Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel. - GitHub - Idov31/Jormungandr: Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.

318
3
Fileless command execution for Lateral Movement in Nim (github.com)
submitted 2 years ago by L4s to c/secops
0 comments fedilink
 
 

Fileless Command Execution for Lateral Movement in Nim - GitHub - frkngksl/NimExec: Fileless Command Execution for Lateral Movement in Nim