🔰 #Apple Patches Tens of Code Execution Vulnerabilities in #mac OS @hacklido
http://feedproxy.google.com/~r/Securityweek/~3/Vyfzpsbhj6o/apple-patches-tens-code-execution-vulnerabilities-macos
Updates released this week by Apple for its macOS operating systems patch a total of 59 vulnerabilities, including roughly 30 that could lead to the execution of arbitrary code.
read more (https://www.securityweek.com/apple-patches-tens-code-execution-vulnerabilities-macos)
http://feedproxy.google.com/~r/Securityweek/~3/Vyfzpsbhj6o/apple-patches-tens-code-execution-vulnerabilities-macos
Updates released this week by Apple for its macOS operating systems patch a total of 59 vulnerabilities, including roughly 30 that could lead to the execution of arbitrary code.
read more (https://www.securityweek.com/apple-patches-tens-code-execution-vulnerabilities-macos)
🔰 #Nmap for Pentester: Host Discovery @hacklido
https://www.hackingarticles.in/nmap-for-pentester-host-discovery/
Nmap has become one of the most popular tools in network scanning by leaving other scanners behind. Many times the hosts in some organisations are secured using #firewalls or intrusion prevention systems which result in the failure of #scanning due to the present set of rules which are used to block network traffic. In Nmap,... Continue reading →
The post Nmap for Pentester: Host Discovery (https://www.hackingarticles.in/nmap-for-pentester-host-discovery/) appeared first on Hacking Articles (https://www.hackingarticles.in/).
https://www.hackingarticles.in/nmap-for-pentester-host-discovery/
Nmap has become one of the most popular tools in network scanning by leaving other scanners behind. Many times the hosts in some organisations are secured using #firewalls or intrusion prevention systems which result in the failure of #scanning due to the present set of rules which are used to block network traffic. In Nmap,... Continue reading →
The post Nmap for Pentester: Host Discovery (https://www.hackingarticles.in/nmap-for-pentester-host-discovery/) appeared first on Hacking Articles (https://www.hackingarticles.in/).
Hacking Articles
Nmap for Pentester: Host Discovery
Learn how to use Nmap for host discovery, a crucial step in penetration testing and network scanning techniques.
🔰 #RAM - Generated #Wi-Fi Signals Allow Data Exfiltration From Air-Gapped Systems
@hacklido
http://feedproxy.google.com/~r/Securityweek/~3/s4lK4X-XQnU/ram-generated-wi-fi-signals-allow-data-exfiltration-air-gapped-systems
Covert Wi-Fi signals generated by DDR SDRAM #hardware can be leveraged to exfiltrate data from air-gapped computers, a researcher claims.
read more
(https://www.securityweek.com/ram-generated-wi-fi-signals-allow-data-exfiltration-air-gapped-systems)
@hacklido
http://feedproxy.google.com/~r/Securityweek/~3/s4lK4X-XQnU/ram-generated-wi-fi-signals-allow-data-exfiltration-air-gapped-systems
Covert Wi-Fi signals generated by DDR SDRAM #hardware can be leveraged to exfiltrate data from air-gapped computers, a researcher claims.
read more
(https://www.securityweek.com/ram-generated-wi-fi-signals-allow-data-exfiltration-air-gapped-systems)
🔰 Restler #Fuzzer : #API Fuzzing #Tool For Automatically Testing #Cloud Services @hacklido
https://kalilinuxtutorials.com/restler-fuzzer/
RESTler is the first stateful #REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services. For a given cloud service with an OpenAPI/Swagger specification, RESTler analyzes its entire specification, and then generates and executes tests that exercise the service through its REST API. […]
The post Restler Fuzzer : API Fuzzing Tool For Automatically Testing Cloud Services (https://kalilinuxtutorials.com/restler-fuzzer/) appeared first on Kali Linux Tutorials (https://kalilinuxtutorials.com/).
https://kalilinuxtutorials.com/restler-fuzzer/
RESTler is the first stateful #REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services. For a given cloud service with an OpenAPI/Swagger specification, RESTler analyzes its entire specification, and then generates and executes tests that exercise the service through its REST API. […]
The post Restler Fuzzer : API Fuzzing Tool For Automatically Testing Cloud Services (https://kalilinuxtutorials.com/restler-fuzzer/) appeared first on Kali Linux Tutorials (https://kalilinuxtutorials.com/).
Kali Linux Tutorials
Restler Fuzzer : API Fuzzing Tool For Automatically Testing Cloud Services
RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability
🔰 This overlooked feature in Visual Studio Code can speed release time @hacklido
http://techgenix.com/visual-studio-code-release-time/
Visual Studio Code is a big help when writing ARM templates. This Quick Tip spotlights a feature that can find problems before they cause headaches.
The post This overlooked feature in Visual Studio Code can speed release time (http://techgenix.com/visual-studio-code-release-time/) appeared first on TechGenix (http://techgenix.com/).
http://techgenix.com/visual-studio-code-release-time/
Visual Studio Code is a big help when writing ARM templates. This Quick Tip spotlights a feature that can find problems before they cause headaches.
The post This overlooked feature in Visual Studio Code can speed release time (http://techgenix.com/visual-studio-code-release-time/) appeared first on TechGenix (http://techgenix.com/).
🔰 New model #parsing #DNS data @hacklido
https://github.com/odedshimon/BruteShark/releases/tag/v1.1.3
https://github.com/odedshimon/BruteShark/releases/tag/v1.1.3
GitHub
Release New Module: Parsing DNS Data · odedshimon/BruteShark
New Module Release: DNS Module.
The module Enables to parse DNS queries.
DNS data also shown in the Network Map user window.
Thanks to @BrendanGrant for implementing this module!
The module Enables to parse DNS queries.
DNS data also shown in the Network Map user window.
Thanks to @BrendanGrant for implementing this module!
🔰 googleprojectzero/Jackalope
#Binary, coverage-guided #fuzzer for #Windows and #mac OS
Language: C++
Stars: 183 Issues: 0 Forks: 17 @hacklido
https://github.com/googleprojectzero/Jackalope
#Binary, coverage-guided #fuzzer for #Windows and #mac OS
Language: C++
Stars: 183 Issues: 0 Forks: 17 @hacklido
https://github.com/googleprojectzero/Jackalope
GitHub
GitHub - googleprojectzero/Jackalope: Binary, coverage-guided fuzzer for Windows, macOS, Linux and Android
Binary, coverage-guided fuzzer for Windows, macOS, Linux and Android - googleprojectzero/Jackalope
https://github.com/mildlytested/Wild-West---SOC-Core-Skills---Notes
🔰 Everything you need to know about #SOC - Credits - BHIS Team
Wonderful Notes 📝 Feel free to check it out.
🔰 Everything you need to know about #SOC - Credits - BHIS Team
Wonderful Notes 📝 Feel free to check it out.
GitHub
GitHub - mildlytested/Wild-West---SOC-Core-Skills---Notes: links collected from SOC Core Skills class
links collected from SOC Core Skills class. Contribute to mildlytested/Wild-West---SOC-Core-Skills---Notes development by creating an account on GitHub.
Hello hackers 👾 - need support
We are glad to inform you guys that we will be starting a free for all cybersecurity and ethical hacking forum. It won't be like raidforums or blackhat stuffs, it's purely white and professional forum. Forum will be under the name of @hacklido . We always wanted to create one like for both aspiring and professional hackers to share and gain knowledge.
Now, starting a forum seemed to be easier for us but financially it seems big in front of us... We are trying our best to arrange the finance and we are working on it ( admins came up to put their money ☺️ ) still any kind of donation will be really really helpful in helping us to headstart. So you can donate whatever the amount you wish. Donors will get special privileges and unique username theming/ unique profile covering privileges and will be shed spotlight throughout the journey of the forum. Make sure you become a part of history 😉. You can reach @Admiralarjun for donations.
You can expect forum to be live by June 1st week. We are planning to complete the forum within 3 months. ❤️ Until that donations are widely welcomed.
What you get out of this forum?
-> As a reader - from side of hacklido we will try our best bringing professionals and other content creators to post quality contents.
-> As a content creator - if you wish to create contents like blog posts and stuffs? We got your back. You can post unlimited articles there abosolutely for free.
And we also want to make one thing clear, hacklido's forum will not display ads unless and until the situation of shutting it down appears. So, the forum will be funded and running only by donations.
Why are you waiting for? Speak about your donation to @admiralarjun
Lemme sum up -
->We need your help by the way of donations to start a new forum. You can donate whatever the amount you want.
-> Donors will get special and unique privileges on the forum and community spotlight throughout the forum's journey.
After donation the user will get access to beta version of forum to play around too.
We are glad to inform you guys that we will be starting a free for all cybersecurity and ethical hacking forum. It won't be like raidforums or blackhat stuffs, it's purely white and professional forum. Forum will be under the name of @hacklido . We always wanted to create one like for both aspiring and professional hackers to share and gain knowledge.
Now, starting a forum seemed to be easier for us but financially it seems big in front of us... We are trying our best to arrange the finance and we are working on it ( admins came up to put their money ☺️ ) still any kind of donation will be really really helpful in helping us to headstart. So you can donate whatever the amount you wish. Donors will get special privileges and unique username theming/ unique profile covering privileges and will be shed spotlight throughout the journey of the forum. Make sure you become a part of history 😉. You can reach @Admiralarjun for donations.
You can expect forum to be live by June 1st week. We are planning to complete the forum within 3 months. ❤️ Until that donations are widely welcomed.
What you get out of this forum?
-> As a reader - from side of hacklido we will try our best bringing professionals and other content creators to post quality contents.
-> As a content creator - if you wish to create contents like blog posts and stuffs? We got your back. You can post unlimited articles there abosolutely for free.
And we also want to make one thing clear, hacklido's forum will not display ads unless and until the situation of shutting it down appears. So, the forum will be funded and running only by donations.
Why are you waiting for? Speak about your donation to @admiralarjun
Lemme sum up -
->We need your help by the way of donations to start a new forum. You can donate whatever the amount you want.
-> Donors will get special and unique privileges on the forum and community spotlight throughout the forum's journey.
After donation the user will get access to beta version of forum to play around too.
🔰 #CVE -2020-16842: @hacklido
#CSRF protection #bypass in iTop (ITSM & CMDB) ( #PoC )
https://sysdream.com/news/lab/2020-12-14-cve-2020-16842-csrf-protection-bypass-in-itop
🔰 #CVE-2020-17527: @hacklido
Tomcat Information Leak
https://bz.apache.org/bugzilla/show_bug.cgi?id=64830
#CSRF protection #bypass in iTop (ITSM & CMDB) ( #PoC )
https://sysdream.com/news/lab/2020-12-14-cve-2020-16842-csrf-protection-bypass-in-itop
🔰 #CVE-2020-17527: @hacklido
Tomcat Information Leak
https://bz.apache.org/bugzilla/show_bug.cgi?id=64830
🔰 Coordinated disclosure of #XML round-trip vulnerabilities in Go’s standard library ( #CVE -2020-29509, CVE-2020-29510, CVE-2020-29511) @hacklido
https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities
https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities
🔰Common #Nginx misconfigurations that leave your web $server open to attack @hacklido
https://blog.detectify.com/2020/11/10/common-nginx-misconfigurations/
https://blog.detectify.com/2020/11/10/common-nginx-misconfigurations/
Blog Detectify
Common Nginx misconfigurations - Blog Detectify
Detectify analyzed 50,000 unique Nginx configuration files on GitHub and reported some common misconfigurations.
🔰 #CVE -2020-15680: @hacklido
Leaking Browser (Chrome, Firefox, Edge)
URL/Protocol Handlers (#PoC)
https://www.fortinet.com/blog/threat-research/leaking-browser-url-protocol-handlers?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+fortinet%2Fblog%2Fthreat-research+%28Fortinet+Threat+Research+Blog%29
Leaking Browser (Chrome, Firefox, Edge)
URL/Protocol Handlers (#PoC)
https://www.fortinet.com/blog/threat-research/leaking-browser-url-protocol-handlers?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+fortinet%2Fblog%2Fthreat-research+%28Fortinet+Threat+Research+Blog%29
Fortinet Blog
Leaking Browser URL/Protocol Handlers
FortiGuard Labs uncovers two information disclosure vulnerabilities affecting three web browsers. Read more to learn how an attacker could identify the presence of applications that may be installe…
🔰 A Map of #Computer_Science Basics ;)
https://www.reddit.com/r/computerscience/comments/khbiwd/a_map_of_computer_science_basics/?utm_medium=android_app&utm_source=share
https://www.reddit.com/r/computerscience/comments/khbiwd/a_map_of_computer_science_basics/?utm_medium=android_app&utm_source=share
Reddit
From the computerscience community on Reddit: A Map of Computer Science Basics ;)
Explore this post and more from the computerscience community
If you have developer level of knowledge in: CSS, JS, PHP, LESS and UI/UX design kindly ping @admiralarjun. Nothing like a paid work, just try to contribute towards our forum development. Please don't ping for any other topics other than this. ❤️ Thanks.
🔰 Root Cause Analysis of a #Heap -Based #Buffer_Overflow in #GNU Readline @hacklido
https://insinuator.net/2020/12/root-cause-analysis-of-a-heap-based-buffer-overflow-in-gnu-readline
https://insinuator.net/2020/12/root-cause-analysis-of-a-heap-based-buffer-overflow-in-gnu-readline
Insinuator.net
Root Cause Analysis of a Heap-Based Buffer Overflow in GNU Readline
In the last blog post, we discussed how fuzzers determine the uniqueness of a crash. In this blog post, we discuss how we can manually triage a crash and determine the root cause. As an example, we use a heap-based buffer overflow I found in GNU readline…