Is this come kind of hack attempt?
The NGINX access.log of my VPS is showing a curiosity....
NIST Releases Version 2.0 of Landmark Cybersecurity Framework (www.nist.gov)
Who Comes Up with this Stuff? Interviewing Authors to Understand How They Produce Security Advice (www.usenix.org)
cross-posted from: lemmy.capebreton.social/post/397946...
EdgeRouters's & AirCube's vulnerability allows LAN attackers to cause the service to overflow an internal heap and potentially execute arbitrary code (ssd-disclosure.com)
Pentest Mapper Burp Suite extension 1.7 is released. (github.com)
A Burp Suite Extension for Application Penetration Testing to map flows and vulnerabilities - GitHub - Anof-cyber/Pentest-Mapper: A Burp Suite Extension for Application Penetration Testing to map flows and vulnerabilities
A Journey Into Hacking Google Search Appliance | DEVCORE (devco.re)
The Google Search Appliance (hereinafter referred to as GSA) is an enterprise search device launched by Google in 2002, used for indexing and retrieving internal or public network information
Introducing Slinky Cat - Living off the AD Land (labs.lares.com)
Slinky Cat has been developed to automate some of the methods introduced in living off the land and to supplement ScrapingKit. To help security and IT teams reduce their AD exposures and uncover quick wins and fixes designed for pen-testers and defenders alike.
The five-day job: A BlackByte ransomware intrusion case study (www.microsoft.com)
In a recent investigation by Microsoft Incident Response of a BlackByte 2.0 ransomware attack, we found that the threat actor progressed through the full attack chain, from initial access to impact, in less than five days, causing significant business disruption for the victim organization.
Windows Installer arbitrary content manipulation Elevation of Privilege (CVE-2020-0911) (offsec.almond.consulting)
Hunting for Bitwarden master passwords stored in memory (redmaple.tech)
Cyber security, technology, and secure digital transformation consultancy run by genuine experts
LDAP Queries for Offensive and Defensive Operations (www.politoinc.com)
The intention of this post is to provide basic queries for targeted AD DS information gathering used in penetration testing. The reader can
Extending Burp Suite for fun and profit - The Montoya way - Part 1 (security.humanativaspa.it)
-> Setting up the environment + […]
[CVE-2022-43684] - Insecure Access Control to Full Administrator Takeover in ServiceNow Instances (x64.sh)
ServiceNow Insecure Access Control leading to Administrator Account Takeover - CVE-2022-43684
Open Source CSP Report Listener (github.com)
Contribute to metlo-labs/csp-report-listener development by creating an account on GitHub.
