当前节点:rss
时间节点
2022年9月19日 17:36Stories by SAFARAS K A on Medi
Photo by Benjamin Dada on Unsplash
This is the second of the three parts of the search engines which are used by the Security Researchers.
Link to the first part: https://secpy.medium.com/30-search-engines-for-cybersecurity-researchers-part-1-of-3-faf68bfc6be8
11. DNSDumpster: Search for DNS records quickly
https://dnsdumpster.com/
An application for performing DNS reconnaissance on target networks. It provides users with information such as geographical data, host details, email addresses, and formats that can be used to learn more about the targets’ networks.
12. FullHunt: Search and discovery attack surfaces
https://fullhunt.io/
It is a database that contains all attack surfaces on the Internet, meaning it is capable of identifying all the attack surfaces on the network, monitoring them for infection, and continuously scanning them for vulnerabilities.
13. AlienVault: Extensive threat intelligence feed
https://otx.alienvault.com/
You can get a feature-rich open source SIEM with AlienVault OSSIM, Open Sourc
2022年9月19日 17:35Stories by SAFARAS K A on Medi
The services below are some of the most commonly abused services for malicious parties to “live of the land”. Each are built into Windows…
Continue reading on InfoSec Write-ups »
下面的服务是一些最常被恶意方滥用的服务。每个都嵌入了 Windows..。
继续阅读资讯安全网的文章”
2022年9月19日 17:08绿盟科技博客
2022年9月19日 15:39Seebug
作者:威胁情报团队 译者:知道创宇404实验室翻译组 原文链接:https://www.malwarebytes.com/blog/threat-intelligence/2022/09/microsoft-edges-news-feed-pushes-tech-support-scam 虽然谷歌Chrome仍然是顶级浏览器,但越来越多的用户开始使用基于Chrome源代码的Microsoft...
2022年9月19日 15:39Seebug
作者:moyun@墨云科技VLab Team 原文链接:https://mp.weixin.qq.com/s/LcgSc2lNBS6iQgHO88vmKg 近年来,使用U盘作为介质完成的网络攻击屡见不鲜。 2010年的震网病毒事件,使用了基于U盘来触发的windows 快捷方式漏洞; 2014年安全研究员在BlackHat上公布了基于U盘的BadUsb攻击,该攻击也基于U盘这个介质; ...
2022年9月19日 15:36Stories by SAFARAS K A on Medi
Welcome to the 2nd Episode of Cool Recon Techniques. We are back with some more cool recon techniques which we think hackers out there usually miss out on! If you haven’t read the first Episode here’s the link!
So here we go!!
Technique 9: Effective Google Dorking
All of us do perform Google Dorking to find sensitive secrets from Google. But here is one of the effective methods which is going to reduce your manual work. A beautiful tool created by Pentest Tools called as Google-Hacking will help us over here.
Just provide the target name and choose what you are searching for and it creates Google Dorks for you.
You can modify these dorks to create and get something much more interesting and sensitive. For example : site: target.com ext:txt got us access to some internal mails of the organization.
The above tool has only 18 dorks so in order to perform a better recon you can use another great tool i.e. Pagodo
Pagodo has a large number of dorks and also you can add a list of your customized dorks :
Tip: Try dor
2022年9月19日 15:36Stories by SAFARAS K A on Medi
How to start ethically hacking websites
Continue reading on InfoSec Write-ups »
如何开始合乎道德的黑客网站
继续阅读资讯安全网的文章”
2022年9月19日 15:36Stories by SAFARAS K A on Medi
Simple hacks!
Continue reading on InfoSec Write-ups »
简单的黑客!
继续阅读资讯安全网的文章”
2022年9月19日 15:36Stories by SAFARAS K A on Medi
This write-up for the lab JWT authentication bypass via weak signing key is part of my walk-through series for PortSwigger’s Web Security Academy.
Learning path: Advanced topics → JWT attacks
Lab: JWT authentication bypass via weak signing key | Web Security Academy
Python script: script.py
Lab description
Steps
As usual, the first step is to analyze the functionality of the lab application. In this lab, it is a blog system.
I log in with the credentials provided for the user wiener to analyze the JWT that is used by the application. In Burp I use the extension JWT Editor, which directly identifies and decodes the token:
In theory, the next step would be to check whether I can remove the signature or change the algorithm to none. However, there are dedicated labs for these two issues so I skip the checks here. Refer to my write-ups for JWT authentication bypass via flawed signature verification and JWT authentication bypass via unverified signature for details.
The theory
I store the JWT from the response in 
2022年9月19日 15:35Stories by SAFARAS K A on Medi
Photo by Benjamin Dada on Unsplash
This is the first of the three parts of the search engines which are used by the Security Researchers.
1. DeHashed: View leaked credentials
https://www.dehashed.com/
Among the most popular and advanced security and anti-fraud tools available online, DeHashed is one of the most advanced and popular. Through the DeHashed platform, users can search for and retrieve information from hacked databases. Using various hacker databases, the DeHashed platform lets users search for information published or leaked by hackers.
This platform makes it possible for users to retrieve their leaked information quickly and prevent the information from being misused by hackers or other harmful elements on the web. It’s one of the fastest and most significant data breach search engines out there. Its straightforward interface and ease of use make it popular with users who want to locate their leaked information quickly and easily.
2. Security Trails: Extensive DNS data
https://securitytrails.com/
2022年9月19日 15:35Stories by SAFARAS K A on Medi
Welcome to the 2nd Episode of Cool Recon Techniques. We are back with some more cool recon techniques which we think hackers out there usually miss out on! If you haven’t read the first Episode here’s the link!
So here we go!!
Technique 9: Effective Google Dorking
All of us do perform Google Dorking to find sensitive secrets from Google. But here is one of the effective methods which is going to reduce your manual work. A beautiful tool created by Pentest Tools called as Google-Hacking will help us over here.
Just provide the target name and choose what you are searching for and it creates Google Dorks for you.
You can modify these dorks to create and get something much more interesting and sensitive. For example : site: target.com ext:txt got us access to some internal mails of the organization.
The above tool has only 18 dorks so in order to perform a better recon you can use another great tool i.e. Pagodo
Pagodo has a large number of dorks and also you can add a list of your customized dorks :
Tip: Try dor
2022年9月19日 15:35Stories by SAFARAS K A on Medi
How to start ethically hacking websites
Continue reading on InfoSec Write-ups »
如何开始合乎道德的黑客网站
继续阅读资讯安全网的文章”
2022年9月19日 15:35Stories by SAFARAS K A on Medi
Simple hacks!
Continue reading on InfoSec Write-ups »
简单的黑客!
继续阅读资讯安全网的文章”
2022年9月19日 15:34Data Breach – Security Affairs
Threat actors leaked source code and gameplay videos of Grand Theft Auto 6 (GTA6) after they have allegedly breached Rockstar Game. Threat actors allegedly compromised Rockstar Game’s Slack server and Confluence wiki and leaked Grand Theft Auto 6 gameplay videos and source code. On September 18, 2022, threat actors that go on GTAForums as ‘teapotuberhacker’ […]
The post Alleged Grand Theft Auto 6 (GTA6) gameplay videos and source code leaked online appeared first on Security Affairs.
威胁演员泄露了《侠盗猎车手6》(GTA6)的源代码和游戏视频,据称他们已经侵入了摇滚明星游戏。据称,威胁行为者入侵了 Rockstar Game 的 Slack 服务器和 Confluence wiki,并泄露了侠盗猎车手6的游戏视频和源代码。2022年9月18日,在 GTAForums 上被称为“茶叶土豆黑客”的威胁者[ ... ]
据称是侠盗猎车手6(GTA6)的游戏视频和源代码在网上泄露首先出现在安全事务。
2022年9月19日 15:31360漏洞预警
360-CERT每日安全简报
2022年9月19日 15:31360漏洞预警
本周收录安全热点 `45` 项,话题集中在 `安全漏洞` 、 `网络攻击` 方面,涉及的组织有: `Uber ` 、 `Kimsuky ` 、 `Akamai ` 、 `Gamaredon ` 等。对此,360CERT建议使用 `360安全卫士` 进行病毒检测、使用 `360安全分析响应平台` 进行威胁流量检测,使用 `360城市级网络安全监测服务QUAKE` 进行资产测绘,做好资产自查以及预防工作,以免遭受黑客攻击。
2022年9月19日 15:09Github_POC
[GitHub]New #WordPress #0Day #BackupBuddy Plugin #LFI
[ GitHub ]最新 # WordPress # 0Day # BackupBuddy Plugin # LFI
2022年9月19日 11:08跳跳糖
去年11月Google TAG发布了一篇[1]针对MacOS的水坑攻击调查报告,在红队的攻击几乎都以windows下的压缩包投毒为主的当下 能有一起针对Mac如此精良的攻击值得好好复盘分析。
2022年9月19日 09:09Github_POC
[GitHub]A PoC for CVE-2022-2588 that triggers a WARNING
[ GitHub ] CVE-2022-2588的 PoC 触发警告
2022年9月19日 07:34CXSECURITY Database RSS Feed -
Topic: CodoForum v5.1 Remote Code Execution (RCE) Risk: High Text:# Exploit Title: CodoForum v5.1 - Remote Code Execution (RCE) # Date: 06/07/2022 # Exploit Author: Krish Pandey (@vikaran101)...
2022年9月19日 06:08Exploitalert
CodoForum v5.1 Remote Code Execution RCE
2022年9月19日 04:39malware.news
Up to EUR 20 000 for a place in private aircraft The migrants, mainly Iraqi and Iranian of Kurdish origin, boarded private aircrafts in Türkiye carrying false diplomatic passports. However, the official destinations of the trips (usually the Caribbean) were never reached. During the stopovers at different European airports, including in Austria, France and Germany, the migrants left the plane,…
Article Link: Migrant smugglers using private aircraft grounded in Belgium and Italy | Europol
1 post - 1 participant
Read full topic
这些移民主要来自伊拉克和伊朗的库尔德人,他们在土耳其乘坐私人飞机时持有伪造的外交护照。然而,这些旅行的官方目的地(通常是加勒比海地区)从未到达。在包括奥地利、法国和德国在内的不同欧洲机场停留期间,移民们离开了飞机。
文章链接: 在比利时和意大利停飞的私人飞机上的偷渡者 | 欧洲刑警组织
1名1职参与者
阅读完整主题
2022年9月19日 04:39malware.news
F&B chain notifies members of its Rewards loyalty programme that customer details, including birthdates, residential addresses, and mobile numbers, have been illegally accessed and it is working with local authorities on the security incident.
Article Link: Starbucks Singapore says customer data illegally accessed in data leak | ZDNET
1 post - 1 participant
Read full topic
F & B 连锁店通知其奖励忠诚度计划的成员,包括生日、住址和手机号码在内的客户详细信息已被非法获取,该公司正与地方当局合作处理安全事件。
文章链接: 星巴克新加坡说客户数据非法访问数据泄露 | ZDNET
1名1职参与者
阅读完整主题
2022年9月19日 04:39malware.news
An advisory co-authored by the U.S., U.K., Canada and Australia warns of an Iran-backed APT group utilizing known vulnerabilities to carry out attacks.
In a new Joint Cybersecurity Advisory, officials warned yesterday of an advanced persistent threat (APT) group backed by Iran that is utilizing vulnerabilities such as Log4j to carry out cyber attacks.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) shared a new Joint Cybersecurity Advisory, co-authored with the National Security Agency (NSA),  Department of Justice (DOJ), U.S. Cyber Command, and Department of the Treasury (DOT), yesterday. The advisory was also written in collaboration with the Australian, Canadian, and British cybersecurity agencies.
In the advisory, the co-authors warn of APT actors based in Iran that are affiliated with the state’s Islamic Revolutionary Guard Corps (IRGC). These actors have been utilizing common vulnerabilities and exposures (CVEs) to carry out malicious cyber activities since early 2021.
Here's what your 
2022年9月19日 04:39malware.news
The departments cited comments from the Cybersecurity and Infrastructure Security Agency and said a regulatory approach would have a greater impact “industry-wide” than dealing with entities case-by-case.
Article Link: Defense, Justice Call for FCC Rulemaking to Secure Internet Routing, Opposing NTIA - Nextgov
1 post - 1 participant
Read full topic
这些部门援引了网络安全和基础设施安全局(Cybersecurity and Infrastructure Security Agency)的评论,并表示,与逐案处理实体相比,监管方式将在“整个行业”产生更大的影响。
文章链接: 辩护,正义呼吁联邦通信委员会的规则制定,以确保互联网路由,反对 NTIA-Nextgov
1名1职参与者
阅读完整主题
2022年9月19日 04:39malware.news
The Biden administration on Friday launched a long-awaited federal cybersecurity grant program that will funnel up to $1 billion to state and local governments to upgrade their digital defenses.
The effort was created last November when President Joe Biden signed a $1.2 trillion infrastructure spending deal into law. It is administered by the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Emergency Management Agency (FEMA) and will award an initial tranche of $185 million directly to states before the end of the fiscal year.
“The goal of this program is to address the enormous challenge that state, local and tribal and territorial governments currently face when defending against cyber threats,” White House senior adviser and infrastructure implementation coordinator Mitch Landrieu said on a Thursday press call.
He added that the money is “truly going to reach those most in need” because the law requires that states — each of which is eligible to receive at least $2 million for new or
2022年9月19日 04:39malware.news
It is officially football season, which means you may be attending an NFL game soon. If you are, the long, tedious and not always accurate metal detectors may be a thing of the past, thanks to Evolv body scanners.
Article Link: This AI system will completely change your experience at sporting events | ZDNET
1 post - 1 participant
Read full topic
现在是正式的橄榄球赛季,这意味着你可能很快就要参加 NFL 的比赛了。如果你是的话,那么由于进化人体扫描仪的出现,那些冗长、乏味而且并不总是准确的金属探测器可能已经成为过去。
文章链接: 这个人工智能系统将完全改变你在体育赛事中的体验 | ZDNET
1名1职参与者
阅读完整主题
2022年9月19日 04:39malware.news
Nov 8, 1993.
Article Link: Being the 'B' in LGBTQIA+
1 post - 1 participant
Read full topic
1993年11月8日。
文章链接: 成为 LGBTQIA 的“ b”+ 
1名1职参与者
阅读完整主题
2022年9月19日 04:39malware.news
Friend and colleague 0xThiebaut just gave me a heads up for this interesting sample: 2056b52f8c2f62e222107e6fb6ca82708cdae73a91671d40e61aef8698e3e139
Article Link: InfoSec Handlers Diary Blog - SANS Internet Storm Center
1 post - 1 participant
Read full topic
朋友和同事0xThiebaut 刚刚提醒我这个有趣的样本: 2056b52f8c2f62e22107e6fb6ca82708cdae73a91671d40e61aef8698e3e139
文章链接: InfoSec 处理者日记博客-SANS 互联网风暴中心
1名1职参与者
阅读完整主题
2022年9月19日 04:39malware.news
In this paper
Unflattening ConfuserEx .NET Code in IDA we’re studying the ConfuserEx1 obfuscation mechanism of a Ginzo .NET sample. This class of obfuscator is known as code flatteners. We describe how it can dealt with it using a Python script within IDA Pro2, a famous reverse-engineering tool.
Code flattening is not new. ConfuserEx is the probably best known implementation of it, but it is around for native x86 samples for well over ten years.
Article Link: Unflattening ConfuserEx .NET Code in IDA
1 post - 1 participant
Read full topic
在这张纸上
不平坦的混乱。我们正在研究一个 Ginzo 的 ConfuserEx1模糊处理机制。NET 示例。这类模糊处理器被称为代码压平器。我们描述了如何在著名的逆向工程工具 IDAPro2中使用 Python 脚本来处理它。
代码扁平化并不新鲜。ConfuserEx 可能是最著名的实现,但是它在本地 x86示例中已经存在了十多年。
文章链接: 在 IDA 中展开 ConfuserEx. NET 代码
1名1职参与者
阅读完整主题
2022年9月19日 04:39malware.news
Uber confirmed on Thursday it was responding to a cybersecurity incident following reports the company had taken several internal communications and engineering systems offline after staff had been contacted by a hacker.
A person claiming to have broken into the ride-hailing company’s network contacted The New York Times with evidence of the breach, including “images of email, cloud storage and code repositories”.
They also contacted several security researchers claiming to have obtained log-in credentials for some of the company’s most sensitive business accounts.
Apparently there was an internal network share that contained powershell scripts…

"One of the powershell scripts contained the username and password for a admin user in Thycotic (PAM) Using this i was able to extract secrets for all services, DA, DUO, Onelogin, AWS, GSuite" pic.twitter.com/FhszpxxUEW
— Corben Leo (@hacker_) September 16, 2022
Following the New York Times report the company tweeted: “We are currently responding to a cybersecurity i
2022年9月19日 04:39malware.news
The Europe Commission lays out new rules governing the cybersecurity of all network-connected devices sold in the EU.
Article Link: IoT: Europe readies cybersecurity rules for smart devices - with big fines attached | ZDNET
1 post - 1 participant
Read full topic
欧盟委员会制定了管理在欧盟销售的所有网络连接设备的网络安全的新规则。
文章链接: 物联网: 欧洲准备为智能设备制定网络安全规则-附加巨额罚款 | ZDNET
1名1职参与者
阅读完整主题
2022年9月19日 04:39malware.news
A popular messaging application used by school districts across the U.S. was forced to apologize on Wednesday night after parents said an inappropriate photo was sent out.
According to the company — Seesaw — the app is used by 10 million teachers, students and parents across the U.S.
But on Wednesday night, Seesaw released a statement saying it has suffered a credential stuffing attack that allowed a malicious actor to send out an explicit message using their service. Credential stuffing is when hackers use stolen email and password sets to gain access to accounts.
The company initially shut down its messaging service on Wednesday night to investigate the incident and later reported that “specific accounts were compromised by an outside actor” when people reported that an “inappropriate image” was being sent out to parents.
@Seesaw Teachers at my school had their Seesaw accounts hacked over night. A VERY inappropriate image was sent to parents! We have tried to contact your help desk and received a message th
2022年9月19日 04:39malware.news
The release notes for IDA 8.0 mention outlined functions. What are those and how to deal with them in IDA?
Function outlining is an optimization that saves code size by identifying recurring sequences of machine code and replacing each instance of the sequence with a call to a new function that contains the identified sequence of operations. It can be considered an extension of the shared function tail optimization by sharing not only tails but arbitrary common parts of functions.
Function outlining example
For example, here’s a function from iOS’s debugserver with some calls to outlined fragments:
The first fragment contains only two instructions besides the return instruction so it may not sound like we’re saving much, but by looking at the cross-references you’ll see that it is used in many places:
So the savings accumulated across the whole program can be quite substantial.
Handling outlined functions in decompiler
If we decompile the function, the calls to outlined fragments are shown as is, and the regi
2022年9月19日 04:39malware.news
Bell Technical Solutions — a subsidiary of multibillion-dollar telecommunications giant Bell Canada — announced a data breach after a ransomware group added the company to its leak site on Thursday.
A Bell spokesperson told The Record that Bell Technical Solutions servers containing “operational company and employee information” were involved in a recent cyberattack.
Bell Technical Solutions is in charge of installing Bell services — like telephones, WiFi and cable — for residential and small business customers in Ontario and Québec.
An unknown number of customers who booked technician visits also had their names, addresses and phone numbers leaked during the incident.
“We took immediate steps to secure affected systems and we want to assure our customers that no database containing customer information such as credit and debit card numbers, banking or financial data was accessed in the incident,” the spokesperson said.
Bell Technical Solutions added that devices such as modems or set-top boxes were not impac
2022年9月19日 04:39malware.news
The FBI warned this week that cybercriminals are using publicly available information and social engineering to target healthcare payment processors and redirect payments.
The agency recounted a series of attacks in a Private Industry Notification Wednesday.
In one example from February, cybercriminals “obtained credentials from a major healthcare company,” then replaced the direct deposit information for a hospital with a checking account they had access to — stealing $3.1 million.
In another incident in April, a healthcare company discovered a cybercriminal posing as an employee had changed payment instructions to divert a vendor payment to themselves, the FBI wrote. “The cyber criminal successfully diverted approximately $840,000 dollars over two transactions prior to the discovery,“ the agency added.
But these incidents are part of a larger trend.
“From June 2018 to January 2019, cyber criminals targeted and accessed at least 65 healthcare payment processors throughout the United States to replace legitim
2022年9月19日 04:39malware.news
Jack Wallen offers up his opinion on the state of the browser wars that have produced less-than-stellar results.
Article Link: No browser is perfect. What's a user to do? | ZDNET
1 post - 1 participant
Read full topic
杰克 · 沃伦提出了他对浏览器大战的看法,这场大战导致了不太好的结果。
文章链接: 没有浏览器是完美的。用户该怎么办? | ZDNET
1名1职参与者
阅读完整主题
2022年9月19日 04:39malware.news
One of the first steps in determining your cloud security strategy should be to understand your business needs.
We’ll dive into the should bit shortly, what’s important for the framing of this post is that one of the hardest things to deal with is the varying rates of change from different teams within the business.
The cloud enables more and more teams to build solutions. Not all of these teams work at the same rate, with the same tools, or with the same level of understanding.
Your security practice needs to support all of them. At the same time.
And—if only for your sense of stability—with minimal effort.
Pace matters
If you’re a runner, you know that pacing matters. If you try to sprint a marathon, you are not going to get very far.
Building technology used to always be a marathon. A project would start by gathering requirements, make sure those were locked in, and then work for weeks or months. Over time, the typical pacing was about a year.
Then, a year after gathering the requirements, a finished produ
2022年9月19日 04:39malware.news
Article Link: Microsoft Edge security advisory (AV22-520) - Canadian Centre for Cyber Security
1 post - 1 participant
Read full topic
文章链接: Microsoft Edge 安全咨询(AV22-520)-加拿大网络安全中心
1名1职参与者
阅读完整主题
2022年9月19日 04:39malware.news
This week in malware we discovered and analyzed over seven dozen packages flagged as malicious, suspicious, or dependency confusion attacks.
Article Link: This Week in Malware - Almost 100 Packages
1 post - 1 participant
Read full topic
本周,我们在恶意软件中发现并分析了七十多个被标记为恶意、可疑或依赖性混淆攻击的软件包。
文章链接: 本周恶意软件-近100个软件包
1名1职参与者
阅读完整主题
2022年9月19日 04:39malware.news
Earlier today, Friday,16 September, Uber communications team confirmed they were investigating the extent of an active cybersecurity incident that was originally reported in the New York Times.
Article Link: Uber Hack – What we know so far
1 post - 1 participant
Read full topic
今天早些时候,9月16日,星期五,优步通信小组证实,他们正在调查一个活跃的网络安全事件的程度,最初是在纽约时报报道。
文章链接: Uber Hack-迄今为止我们所知道的
1名1职参与者
阅读完整主题
2022年9月19日 04:39malware.news
Article Link: HPE security advisory (AV22-521) - Canadian Centre for Cyber Security
1 post - 1 participant
Read full topic
文章链接: HPE 安全咨询(AV22-521)-加拿大网络安全中心
1名1职参与者
阅读完整主题
2022年9月19日 04:39malware.news
Cybersecurity firm Bitdefender published a new decryptor on Friday for LockerGoga, a strain of ransomware best known for its 2019 attack on Norwegian aluminum giant Norsk Hydro.
Bitdefender said it created the decryptor with the help of Europol, the Zürich Public Prosecutor’s Office, the Zürich Cantonal Police and the NoMoreRansom Project.
The group behind the ransomware has not been active since October 2021, when Europol worked with law enforcement agencies from Norway, France, Netherlands, Ukraine, the U.K., Germany, Switzerland and the U.S. to arrest 12 alleged members.
The Zürich Public Prosecutor’s Office said on Friday that police have spent months examining the data collected during the October 2021 raid and discovered the private keys that will unlock data from several ransomware attacks.
The group is also accused of being behind other ransomware strains like MegaCortex and Dharma. Swiss prosecutors said a decryptor for victims of MegaCortex will be released in the coming months.
“The perpetrators ar
2022年9月19日 04:38malware.news
The four-year grant program, included in last year’s infrastructure law, will help states and local communities “strengthen their cyber resilience.”
Article Link: White House Announces $1B in Cyber Funding for State and Local Governments - Nextgov
1 post - 1 participant
Read full topic
这项为期四年的拨款计划,包括在去年的基础设施法中,将帮助各州和当地社区“加强他们的网络弹性。”
文章链接: 白宫宣布向州和地方政府提供10亿美元的网络资金
1名1职参与者
阅读完整主题
2022年9月19日 04:38malware.news
When Belarusian activist Yuliana Shemetovets was offered a job as the spokesperson of the Belarusian Cyber Partisans hacktivist group, she didn’t rush to accept it. “To be honest, I was scared,” she told The Record.
She had reasons to be. Belarus is an authoritarian state in which elections are openly rigged and civil liberties are severely restricted. The country is ruled by dictator Alexander Lukashenko, who has resorted to repression and corruption to stay in power for more than 30 years.
Belarusian Cyber Partisans, meanwhile, are doing their part to overthrow Lukashenko by leaking government secrets and attacking the computer systems of enterprises that support the dictator’s regime.
Shemetovets, who moved to New York City a few years ago to study political science, has participated in anti-Lukashenko protests for more than a decade. During that time, she witnessed brutal repression of civilians and saw her friends detained for protesting unfair elections and police brutality.
During protests in 2020 when
2022年9月19日 04:38malware.news
Jack Wallen shows you how to easily manage your SSH connections in MacOS with the Termius GUI app.
Article Link: How to manage SSH connections on MacOS with Termius | ZDNET
1 post - 1 participant
Read full topic
Jack Wallen 向您展示了如何使用 Termius GUI 应用程序在 MacOS 中轻松管理 SSH 连接。
文章链接: 如何使用 Termius 在 MacOS 上管理 SSH 连接 | ZDNET
1名1职参与者
阅读完整主题
2022年9月19日 04:38malware.news
The news seems awash this week with reports of both Microsoft and Apple scrambling to patch security flaws in their products
The post Rising to the challenges of secure coding – Week in security with Tony Anscombe appeared first on WeLiveSecurity
Article Link: Rising to the challenges of secure coding – Week in security with Tony Anscombe | WeLiveSecurity
1 post - 1 participant
Read full topic
这个星期的新闻似乎铺天盖地,有报道说微软和苹果都在争先恐后地修补他们产品的安全漏洞
Tony Anscombe 的《面对安全编码的挑战——安全周》一文首先出现在 WeLiveSecurity 上
文章链接: 迎接安全编码的挑战-Tony Anscombe 的安全周 | WeLiveSecurity
1名1职参与者
阅读完整主题
2022年9月19日 04:38malware.news
Here is a video for my diary entry “Analyzing Obfuscated VBS with CyberChef”.
Article Link: InfoSec Handlers Diary Blog - SANS Internet Storm Center
1 post - 1 participant
Read full topic
这里是一个视频为我的日记条目“分析与网络厨师混淆 VBS”。
文章链接: InfoSec 处理者日记博客-SANS 互联网风暴中心
1名1职参与者
阅读完整主题
2022年9月19日 04:38malware.news
European Union lawmakers are aiming to protect journalists from member states’ targeting them with spyware following a number of high-profile incidents across the bloc.
Alongside measures promoting ownership transparency and editorial independence, the European Media Freedom Act (EMFA) proposed on Friday will introduce “strong safeguards against the use of spyware against media, journalists and their families.”
Article 4 of the regulation — an EU instrument which has direct effect without member states’ needing to reflect it with their own legislation — introduces a general prohibition on member states trying to:
“detain, sanction, intercept, subject to surveillance or search and seizure, or inspect media service providers or, if applicable, their family members, their employees or their family members, or their corporate and private premises, on the ground that they refuse to disclose information on their sources, unless this is justified by an overriding requirement in the public interest.”
It also explicit
2022年9月19日 04:38malware.news
This is a video for diary entry “Quickie: Grep & Tail -f With Notepad++”.
Article Link: InfoSec Handlers Diary Blog - SANS Internet Storm Center
1 post - 1 participant
Read full topic
这是日记条目“ Quickie: Grep & Tail-f With Notepad + +”的视频。
文章链接: InfoSec 处理者日记博客-SANS 互联网风暴中心
1名1职参与者
阅读完整主题
2022年9月19日 04:38malware.news
split-overlap.py is a tool to split a binary file in parts of a given size.
For example: split-overlap.py 1000 test.data
When test.data is a binary file with size 2500 bytes, the above command will create 2 files of 1000 bytes and one file of 500 bytes.
It’s also possible to split a file with some overlap. Like this:
The blue block represents the original file, the yellow blocks are parts of the original file without overlap, and the green blocks represent parts of the original file with some overlap.
A command to achieve this, is, for example: split-overlap.py 100M+1M dump
This will create parts of 101 MB in size, with a overlap of 1 MB.
The main reason I developed this tool, is to be able to handle very large files, like memory dumps, by tools who can not handle such large files.
Splitting up a file in smaller, equal parts is a solution, but then you run the risk (a small risk) that the pattern you are looking for, is just at the “edge”: that the file is split in such a way, that one part contains the begin
2022年9月19日 02:41Github_POC
[GitHub]Turning Your Computer Into a GPS Tracker With Apple Maps
把你的电脑变成有苹果地图的 GPS 追踪器
2022年9月19日 01:12Github_POC
An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older.
[GitHub]Unauthenticated RCE in sophos webadmin and administrative console
在 User Portal 和 Webadmin 中的身份验证绕过漏洞允许远程攻击者执行 Sophos Firewall v18.5 MR3及更老版本的代码。
[ GitHub ] Sophos webadmin 和管理控制台中未经身份验证的 RCE
2022年9月19日 01:11Github_POC
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
[GitHub]Mass exploitation scripts for 12 software which are affected by log4j rce
Apache Log4j22.0-beta9到2.15.0(不包括安全版本2.12.2、2.12.3和2.3.1)在配置、日志消息和参数中使用的 JNDI 特性不能防止攻击者控制的 LDAP 和其他 JNDI 相关端点。当启用消息查找替换时,可以控制日志消息或日志消息参数的攻击者可以执行从 LDAP 服务器加载的任意代码。在 log4j 2.15.0中,默认情况下禁用了此行为。从版本2.16.0(以及2.12.2、2.12.3和2.3.1)开始,这个功
2022年9月19日 01:11Github_POC
Windows TCP/IP Remote Code Execution Vulnerability.
[GitHub]Windows TCP/IP unauthenticated Remote Code Execution Vulnerability.
2022年9月19日 01:11Github_POC
cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.
[GitHub]PoC repro of CVE-2022-23773 in Go
Cmd/Go in Go before 1.16.14 and 1.17.x before 1.17.7可能会误解看起来像版本标记的分支名称。如果参与者应该能够创建分支但不能创建标记,那么这可能导致不正确的访问控制。
[ GitHub ] Go 中 CVE-2022-23773的 PoC 复制
2022年9月19日 01:11Github_POC
[GitHub]APPLE IOS/IPADOS UP TO 15.6.1 KERNEL LOCAL PRIVILEGE ESCALATION
2022年9月19日 01:11Github_POC
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
[GitHub]CVE-2019-0708, A tool which mass hunts for bluekeep vulnerability for exploitation.
在远程桌面服务(Remote Desktop Services)中存在一个远程代码执行漏洞,以前称为终端服务(Terminal Services) ,当一个未经身份验证的攻击者使用 RDP 连接到目标系统并发送特殊的请求时,又称为“远程桌面服务远程代码执行漏洞”。
CVE-2019-0708一个大规模搜寻蓝领脆弱性的工具。
2022年9月19日 01:11Github_POC
Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges (User or Admin), can exploit a new line injection in the configuration edition feature (e.g. mail settings) and gain arbitrary code execution on the server. This issue was addressed in version 2.5.1 by improving `UpdateConfigCommandHandler` and preventing the use of new lines characters in new configuration values. As a workaround, only allow trusted source IP addresses to access to the administration dashboard.
[GitHub]Cachet 2.4 Code Execution via Laravel Configuration Injection CVE-2021-39172
Cachet 是一个开源的状态页面系统。在版本2.5.1之前,经过身份验证的用户,不管他们有什么特权(用户或管理员) ,都可以利用配置版本特性中的新行注入(例如邮件设置) ,在服务器上获得任意的代码执行。在版本2.5.1中,通过改进“ UpdateConfigCommandHandler”并防止在新配置值中使用新行字符,解决了这个问题。作为解决方案,只允许可信源 IP 地址访问管理仪表板。
通过 Laravel 配置注入 CVE-2021-39172执行 Cachet 2.4代码
2022年9月19日 01:11Github_POC
An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field.
[GitHub]Mass Unauthenticated Remote Code Execution in DrayTek Vigor(CVE-2022-32548) botnet version
在2022年7月之前,在某些 DrayTek Vigor 路由器上发现了一个问题,比如4.3.1.1之前的 Vigor3910。/cgi-bin/wlogin.cgi 通过 aa 或 ab 字段的用户名或密码有一个缓冲区溢出。
[ GitHub ]在 DrayTek Vigor (CVE-2022-32548)僵尸网络版本中执行大量未经认证的远程代码