Telegram Web Link
bootg.com
»
United States
»
Information Security
» Telegram Web
Information Security
https://github.com/zeronetworks/rpcfirewall
GitHub
GitHub - zeronetworks/rpcfirewall
Contribute to zeronetworks/rpcfirewall development by creating an account on GitHub.
Information Security
https://www.intruder.io/research/practical-http-header-smuggling
www.intruder.io
Practical HTTP Header Smuggling: Sneaking Past Reverse Proxies to Attack AWS and Beyond
Modern web applications typically rely on chains of multiple servers, which forward HTTP requests to one another. The attack surface created by this forwarding is increasingly receiving more attention, including the recent popularisation of cache poisoning...
Information Security
https://ajxchapman.github.io/security/2021/11/10/practical-security-recommendations-for-startups.html
Alex Chapman’s Blog
Practical Security Recommendations for Start-ups with Limited Budgets
Hi, my name is Alex, I’ve been an IT security professional since 2007 and I’ve recently entered the start-up world with my project bughuntr.io. In putting together this project, security has been a primary concern for me. This is both due to my background…
Information Security
https://zerodayengineering.com/projects/slides/ZDE2021_AdvancedSimplePwn2Own2021.pdf
Information Security
https://thalium.github.io/blog/posts/fuzzing-microsoft-rdp-client-using-virtual-channels/
Information Security
https://securityonline.info/skrull-run-malware-on-the-victim-using-the-process-ghosting-technique/
Cybersecurity News
Skrull: run malware on the victim using the Process Ghosting technique
Skrull is a malware DRM. It generates launchers that can run malware on the victim using the Process Ghosting technique
Information Security
https://haxx.in/posts/pwning-tipc/
https://github.com/ohnonoyesyes/CVE-2021-43267
haxx.in
Exploiting CVE-2021-43267
Exploiting a heap overflow in the TIPC subsystem of the Linux kernel. In this post we’ll exploit a N-day vulnerability (CVE-2021-43267) originally discovered by Max van Amerongen.
Information Security
https://billdemirkapi.me/abusing-windows-implementation-of-fork-for-stealthy-memory-operations/
Bill Demirkapi's Blog
Abusing Windows’ Implementation of Fork() for Stealthy Memory Operations
Note: Another researcher recently tweeted about the technique discussed in this blog post, this is addressed in the last section of the blog (warning, spoilers!). To access information about a running process, developers generally have to open a handle to…
Information Security
http://archive.volgactf.ru/volgactf_2021/slides/VolgaCTF_2021_Stupin_Bobrov.pdf
Information Security
https://www.lunasec.io/docs/blog/log4j-zero-day/
Information Security
https://github.com/cube0x0/noPac
GitHub
GitHub - cube0x0/noPac: CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter.
CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter. - cube0x0/noPac
Information Security
https://www.veracode.com/blog/research/exploiting-jndi-injections-java
Veracode
Exploiting JNDI Injections in Java | Veracode
Java Naming and Directory Interface (JNDI) is a Java API that allows clients to discover and look up data and objects via a name. These objects can be stored in different naming or directory services, such as Remote Method Invocation (RMI), Common Object…
Information Security
https://revers.engineering/applied-re-accelerated-assembly-p1/
Reverse Engineering
Applied Reverse Engineering: Accelerated Assembly [P1] - Reverse Engineering
Part 1 of the x86_64 assembly crash course for people looking to learn how to reverse engineer, read assembly, and understand how exploits work.
Information Security
https://youst.in/posts/cache-poisoning-at-scale/
Information Security
https://und3rf10w.github.io/posts/2022/01/08/shlyuz-1-influences.html
Und3rf10w
Shlyuz Implant Framework: Part 1 - Influences
Overview I’m excited to finally discuss and share the Proof-of-Concept code for an implant framework I wrote called Shlyuz (шлюз). Shlyuz takes a number of design queues from the Assassin Implant developed by the Central Intelligence Agency as described in…
Information Security
https://github.com/gtworek/PSBits/tree/master/EnableAllParentPrivileges
GitHub
PSBits/EnableAllParentPrivileges at master · gtworek/PSBits
Simple (relatively) things allowing you to dig a bit deeper than usual. - gtworek/PSBits
Information Security
https://medium.com/@frycos/searching-for-deserialization-protection-bypasses-in-microsoft-exchange-cve-2022-21969-bfa38f63a62d
Medium
Searching for Deserialization Protection Bypasses in Microsoft Exchange (CVE-2022–21969)
This story begins with a series of fails, but why? That is because of my special relationship with the Microsoft Exchange codebase…
Information Security
https://codewhitesec.blogspot.com/2021/09/citrix-sharefile-rce-cve-2021-22941.html?m=1
Blogspot
CODE WHITE | Blog: RCE in Citrix ShareFile Storage Zones Controller (CVE-2021-22941) – A Walk-Through
Citrix ShareFile Storage Zones Controller uses a fork of the third party library NeatUpload. Versions before 5.11.20 are affected by a rela...
Information Security
https://omespino.com/write-up-private-bug-bounty-rce-in-ec2-instance-via-ssh-with-private-key-exposed-on-public-github-repository-xx000-usd/
Information Security
https://medium.com/@emil.lerner/leaking-uninitialized-memory-from-fastly-83327bcbee1f
Medium
A story of leaking uninitialized memory from Fastly
The post go through a QUIC (HTTP/3) implementation bug in the H2O webserver. The bug is interesting as it affected Fastly, a well-known…
2024/10/01 08:24:28
Back to Top
HTML Embed Code:
TW
HK
DE
US
CA
RU
NO
CN
UA
SG
YE
IN
SA
FR
IQ
UK
EG