SolarWinds has released an updated advisory for the additional SuperNova malware discovered to have been distributed through the company's network management platform.

https://www.bleepingcomputer.com/news/security/solarwinds-releases-updated-advisory-for-new-supernova-malware/

Third edition of US Army bug bounty program prepared for deployment.

https://portswigger.net/daily-swig/third-edition-of-us-army-bug-bounty-program-prepared-for-deployment #UnitedStates

Pwn write-ups from IceCTF

https://gitlab.com/hkraw/ctf_/-/wikis/Ice-CTF/story-shell-frozen-daintree-christmascarol(1,2)-2020

Bug? No, Telegram exposing its users' precise location is a feature working as 'expected'

Messaging app makes inadvertent oversharing too easy

A researcher who noted that using the "People Nearby" feature of popular messaging app Telegram exposed the exact location of the user has been told that it's working as expected.

Folk who activate this feature see a list of other users within a few miles to "quickly add people nearby... and discover local group chats."

Using a utility that fakes the location of an Android device, Ahmed Hassan was able to discover the distance of individuals from three different points, and then use trilateration to pinpoint exactly where they were. He was able to retrieve exact home addresses using this method, which is not technically difficult.

https://www.theregister.com/2021/01/05/telegram_location_people_nearby/

Getting root on a 4G LTE mobile hotspot (Alcatel MW41)
https://alex.studer.dev/2021/01/04/mw41-1

The Defense Digital Service (DDS) and HackerOne today announced the launch of DDS’s eleventh bug bounty program with HackerOne and the third with the U.S. Department of the Army. Hack the Army 3.0 is a time-bound, hacker-powered security test aimed at surfacing vulnerabilities so they can be resolved before they are exploited by adversaries. The bug bounty program is open to both military and civilian participants and will run from January 6, 2021 through February 17, 2021.

https://www.hackerone.com/press-release/defense-digital-service-kicks-third-hack-army-bug-bounty-challenge-hackerone

Hello friends ! This user is a scammer.

Introduces itself as the administrator of @freedom_fox Private Channel !
But he is lying

▶️ pwn.college

pwn.college is a first-stage education platform for students (and other interested parties) to learn about, and practice, core cybersecurity concepts in a hands-on fashion.

ASU’s Fall 2020 CSE466 class :

Module 0: Introduction
Module 1: Program Misuse
Module 2: Shellcode
Module 3: Sandboxing
Module 4: Binary Reverse Engineering
Module 5: Memory Errors
Module 6: Exploitation
Module 7: Return Oriented Programming
Module 8: Kernel Introduction
Module 9: Dynamic Allocator Misuse
Module 10: Race Conditions
Module 11: Advanced Exploitation
Module 12: Automatic Vulnerability Discovery

🌐 Website

@securebyte

Hack your APIs: interview with Corey Ball - API security expert https://portswigger.net/blog/hack-your-apis-interview-with-corey-ball-api-security-expert

CTF in Hacking: How to get started into Capture the Flag / Bug Hunting | Hacker101 CTF

A capture the flag (CTF) contest is a special kind of cyber security competition designed to challenge its participants to solve computer security problems and/or capture and defend computer systems.


#youtube #hacker101 #tutorials
https://thdrksdhckr.blogspot.com/2021/01/ctf-in-hacking-how-to-get-started-into.html

Laravel <= v8.4.2 debug mode: Remote code execution

https://www.ambionics.io/blog/laravel-debug-rce