Telegram Web Link
bootg.com
»
United States
»
Information Security
» Telegram Web
Information Security
https://securitylab.github.com/advisories/GHSL-2020-214_223-onedev
GitHub Security Lab
GHSL-2020-214_223: 10 CVEs in OneDev ranging from pre-auth Remote Code Execution (RCE) to Arbitrary File Read/Write
Multiple vulnerabilities were found in the OneDev project ranging from pre-auth Remote Code Execution (RCE) to Arbitrary File Read/Write
Information Security
https://github.com/cncf/sig-security/blob/master/security-whitepaper/CNCF_cloud-native-security-whitepaper-Nov2020.pdf
#Cloud
Information Security
https://www.intezer.com/blog/research/how-we-hacked-azure-functions-and-escaped-docker/
Intezer
How We Escaped Docker in Azure Functions
New vulnerability could allow an attacker to escalate privileges and escape the Azure Functions Docker container to the Docker host.
Information Security
https://blog.0patch.com/2021/01/windows-installer-local-privilege.html
0Patch
Windows Installer Local Privilege Escalation 0day Gets a Micropatch
by Mitja Kolsek, the 0patch Team [Update 2/9/2021: February 2021 Windows Updates included an official fix for this vulnerability and ass...
Information Security
https://googleprojectzero.blogspot.com/2021/01/a-look-at-imessage-in-ios-14.html
Blogspot
A Look at iMessage in iOS 14
Posted By Samuel Groß, Project Zero On December 20, Citizenlab published “ The Great iPwn ”, detailing how “Journalists [were] Hacked ...
Information Security
https://www.blackarrow.net/from-n-day-exploit-to-kerberos-eop-in-linux-environments/
Tarlogic Security
From N-day exploit to Kerberos EoP in Linux environments
Kerberos on Linux. Performing an attack with 0-day vulnerabilities for elevation of privilege with kerberos on Linux
Information Security
https://theori.io/research/escaping-chrome-sandbox
#Chrome
#Sandbox
Information Security
https://blog.ret2.io/2019/08/28/sia-coin-dns-rebinding
RET2 Systems Blog
A Cryptocurrency Heist, Starring Your Web Browser
Beneath the surface, the modern web is made possible only through a growing labryinth of technology standards. Standards are designed to govern the interoper...
Information Security
https://blog.blazeinfosec.com/attack-of-the-clones-github-desktop-remote-code-execution/
Information Security
https://github.com/Ruia-ruia/sudoHeapOverflow
GitHub
Ruia-ruia/sudoHeapOverflow
After getting a crash such that rbx was mangled... I spent the weekend adjusting and tweaking the malicious inputs to get it to work. It was honestly just trial n error so nothing clever on my part...
Information Security
https://spaceraccoon.dev/applying-offensive-reverse-engineering-to-facebook-gameroom
spaceraccoon.dev
Applying Offensive Reverse Engineering to Facebook Gameroom
Late last year, I was invited to Facebook’s Bountycon event, which is an invitation-only application security conference with a live-hacking segment. Although participants could submit vulnerabilities for any Facebook asset, Facebook invited us to focus on…
Information Security
https://pullerjsecu.medium.com/how-i-was-able-to-turn-a-xss-into-a-account-takeover-ae0c478640e7
Medium
How I was able to Turn a XSS into a Account Takeover
To begin,this is a vulnerability that I found during a bug bounty engagement.I would split this into two parts, or two separate…
Information Security
https://research.nccgroup.com/2021/02/02/investigating-potential-security-vulnerability-manifestation-through-various-analyses-inferences-regarding-internet-rfcs-and-how-rfc-security-might-be-improved/
NCC Group Research
Investigating Potential Security Vulnerability Manifestation through Various Analyses & Inferences Regarding Internet RFCs (and…
Overview RFCs have played a pivotal role in helping to formalise ideas and requirements for much of the Internet’s design and engineering. They have facilitated peer review amongst engineers,…
Information Security
https://jub0bs.com/posts/2021-01-29-great-samesite-confusion/
Jub0Bs
The great SameSite confusion
In this post, I dissect a common misconception about the SameSite cookie attribute and I explore its potential impact on Web security.
TL;DR ¶ The SameSite cookie attribute is not well understood. Conflating site and origin is a common but harmful mistake.…
Information Security
https://github.com/forrest-orr/ExploitDev/blob/master/Exploits/Re-creations/Forrest_Orr_CVE-2020-0674_32bit.html
GitHub
forrest-orr/ExploitDev
Various ASM, C and C++ tools, shellcodes and exploit experiments. - forrest-orr/ExploitDev
Information Security
https://a13xp0p0v.github.io/2020/11/30/slab-quarantine.html
Alexander Popov
Linux kernel heap quarantine versus use-after-free exploits
It's 2020. Quarantines are everywhere – and here I'm writing about one, too. But this quarantine is of a different kind. In this article I'll describe the Linux Kernel Heap Quarantine that I developed for mitigating kernel use-after-free exploitation.
Information Security
https://docs.google.com/presentation/d/1O7MxvbIfRcPSlbyZbFxD-fAR34XlquQSlRAHPb2kR4E/edit#slide=id.g5d0d863a9e_0_2
Google Docs
State of DNS Rebinding DEF CON
State of DNS Rebinding Attack & Prevention Techniques and the Singularity of Origin Gérald Doussot & Roger Meyer | DEF CON 27 Today we are going to discuss the current state of DNS rebinding including recent attack & prevention techniques. We will discuss…
Information Security
https://ajinabraham.com/blog/detecting-zero-days-in-software-supply-chain-with-static-and-dynamic-analysis
Ajin Abraham
Detecting zero days in software supply chain with static and dynamic analysis
This blog shares some ideas about detecting zero-days in the software supply chain even before they get flagged by your typical Software Composition Analysis (SCA) or Dependency checking tools. Also shares the proof of concept code to detect malicious behavior…
Information Security
https://sourque.dev/writeups/htbq21/wafflesorder/
Information Security
https://luemmelsec.github.io/Relaying-101/
luemmelsec.github.io
Relaying 101
Hello fellas, or as we say in Germany: “Hallo Freunde der fettfreien Leberwurst.”
In today’s blog-post we´ll be talking about relaying attacks, or more precisely about NTLM relaying attacks. So let´s get started.
As you already know I am new to the pentest…
2024/10/02 02:41:15
Back to Top
HTML Embed Code:
TW
HK
DE
US
CA
RU
NO
CN
UA
SG
YE
IN
SA
FR
IQ
UK
EG