Introducing SignSaboteur: forge signed web tokens with ease
#portswigger
Signed web tokens are widely used for stateless authentication and authorization throughout the web. The most popular format is JSON Web Tokens (JWT) which we've already covered in depth, but beyond t
via PortSwigger Research
#portswigger
Signed web tokens are widely used for stateless authentication and authorization throughout the web. The most popular format is JSON Web Tokens (JWT) which we've already covered in depth, but beyond t
via PortSwigger Research
Hijacking GitHub runners to compromise the organization
#synacktiv
via Synacktiv Blog (author: Hugo Vincent)
#synacktiv
via Synacktiv Blog (author: Hugo Vincent)
Assumed Breach: The Evolution of Offensive Security Testing
#trustedsec
The goal of this post is singular: inform you (innocent reader, client, or competitor) about how we at TrustedSec are attempting to meet specific industry needs that have been growing over time pertaining to Assumed…
via TrustedSec Blog (author: Jason Lang)
#trustedsec
The goal of this post is singular: inform you (innocent reader, client, or competitor) about how we at TrustedSec are attempting to meet specific industry needs that have been growing over time pertaining to Assumed…
via TrustedSec Blog (author: Jason Lang)
Inside the iOS bug that made deleted photos reappear
#synacktiv
via Synacktiv Blog (author: Webmaster)
#synacktiv
via Synacktiv Blog (author: Webmaster)
Refining your HTTP perspective, with bambdas
#portswigger
When you open a HTTP request or response, what do you instinctively look for? Suspicious parameter names? CORS headers? Some clue as to the request's origin or underlying purpose? A single HTTP messag
via PortSwigger Research
#portswigger
When you open a HTTP request or response, what do you instinctively look for? Suspicious parameter names? CORS headers? Some clue as to the request's origin or underlying purpose? A single HTTP messag
via PortSwigger Research
From Theory to Practice: Leveraging Systems Engineering for Cyber Risk Management
#bcsecurity
Bridging the Gap: Applying Systems Engineering to Organizational Cyber Risk Management Recently, while discussing cyber risk management with a customer, they made the observation that there is a lot of training for top-level risk management in the shape of things like CISSP that focuses on building policy. There is also [...]
via BC Security Blog (author: Hubbl3)
#bcsecurity
Bridging the Gap: Applying Systems Engineering to Organizational Cyber Risk Management Recently, while discussing cyber risk management with a customer, they made the observation that there is a lot of training for top-level risk management in the shape of things like CISSP that focuses on building policy. There is also [...]
via BC Security Blog (author: Hubbl3)
Missing: Data Classification
#trustedsec
Picked Last AgainData Classification is generally missing from many Information Security programs, unfortunately. The growth and maturity of most security programs is typically organic and follows in the wake of the…
via TrustedSec Blog (author: Rockie Brockway)
#trustedsec
Picked Last AgainData Classification is generally missing from many Information Security programs, unfortunately. The growth and maturity of most security programs is typically organic and follows in the wake of the…
via TrustedSec Blog (author: Rockie Brockway)
Fun With JWT X5u
#redsiege
by Senior Security Consultant Douglas Berdeaux On a recent web application penetration test engagement, I came across a JSON Web Token (JWT) that contained an x5u header parameter. I almost […]
via RedSiege Blog (author: Red Siege)
#redsiege
by Senior Security Consultant Douglas Berdeaux On a recent web application penetration test engagement, I came across a JSON Web Token (JWT) that contained an x5u header parameter. I almost […]
via RedSiege Blog (author: Red Siege)
EDR Internals for macOS and Linux
#outflank
Many public blogs and conference talks have covered Windows telemetry sources like kernel callbacks and ETW, but few mention macOS and Linux equivalents. Although most security professionals may not be surprised by this lack of coverage, one should not overlook these platforms. For example, developers using macOS often have privileged cloud accounts or access to intellectual property like source code. Linux servers may host sensitive databases or customer-facing applications. Defenders must have confidence in their tools for these systems, and attackers must understand how to evade them. This post dives into endpoint security products on macOS and Linux to understand their capabilities and identify weaknesses.
Endpoint detection and response (EDR) agents comprise multiple sensors: components that collect events from one or more telemetry sources. The agent formats raw telemetry data into a standard format and then forwards it to a log aggregator.
via Outflank Blog (author: Kyle Avery)
#outflank
Many public blogs and conference talks have covered Windows telemetry sources like kernel callbacks and ETW, but few mention macOS and Linux equivalents. Although most security professionals may not be surprised by this lack of coverage, one should not overlook these platforms. For example, developers using macOS often have privileged cloud accounts or access to intellectual property like source code. Linux servers may host sensitive databases or customer-facing applications. Defenders must have confidence in their tools for these systems, and attackers must understand how to evade them. This post dives into endpoint security products on macOS and Linux to understand their capabilities and identify weaknesses.
Endpoint detection and response (EDR) agents comprise multiple sensors: components that collect events from one or more telemetry sources. The agent formats raw telemetry data into a standard format and then forwards it to a log aggregator.
via Outflank Blog (author: Kyle Avery)
🔥2
Essential Steps for Management to Maximize the Value of a Penetration Test Report
#redsiege
by Tim Medin, CEO Penetration testing is a critical component of a well-rounded cybersecurity strategy. Pen testing identifies vulnerabilities before malicious actors can exploit them. However, the true value of […]
via RedSiege Blog (author: Red Siege)
#redsiege
by Tim Medin, CEO Penetration testing is a critical component of a well-rounded cybersecurity strategy. Pen testing identifies vulnerabilities before malicious actors can exploit them. However, the true value of […]
via RedSiege Blog (author: Red Siege)
Introducing The Shelf
#trustedsec
As an independent security consulting firm, we develop many custom capabilities over time. What happens when we decide that a capability no longer suits our needs to successfully execute tests for our customers?…
via TrustedSec Blog (author: Christopher Paschen)
#trustedsec
As an independent security consulting firm, we develop many custom capabilities over time. What happens when we decide that a capability no longer suits our needs to successfully execute tests for our customers?…
via TrustedSec Blog (author: Christopher Paschen)
One Phish Two Phish, Red Teams Spew Phish
#specterops
via SpecterOps Team Medium (author: Forrest Kasler)
#specterops
via SpecterOps Team Medium (author: Forrest Kasler)
SpecterOps
One Phish Two Phish, Red Teams Spew Phish - SpecterOps
PHISHING SCHOOL How to Give your Phishing Domains a Reputation Boost “Armed with the foreknowledge of my own death, I knew the giant couldn’t kill me. All the same, I preferred to keep my bones unbroken” — Big Phish When we send out our phishing emails, we…
👍1
WHFB and Entra ID : Say Hello to your new cache flow
#synacktiv
via Synacktiv Blog (author: Webmaster)
#synacktiv
via Synacktiv Blog (author: Webmaster)
#tip
Found script that extracts all secrets from Jenkins, not just the root scope like most of hacktricks-like notes offers.
Found script that extracts all secrets from Jenkins, not just the root scope like most of hacktricks-like notes offers.
import com.cloudbees.plugins.credentials.Credentials
Set<Credentials> allCredentials = new HashSet<Credentials>();
def creds = com.cloudbees.plugins.credentials.CredentialsProvider.lookupCredentials(
com.cloudbees.plugins.credentials.Credentials.class
);
allCredentials.addAll(creds)
Jenkins.instance.getAllItems(com.cloudbees.hudson.plugins.folder.Folder.class).each{ f ->
creds = com.cloudbees.plugins.credentials.CredentialsProvider.lookupCredentials(
com.cloudbees.plugins.credentials.Credentials.class, f)
allCredentials.addAll(creds)
}
for (c in allCredentials) {
println(c.id)
if (c.properties.username) {
println(" description: " + c.description)
}
if (c.properties.username) {
println(" username: " + c.username)
}
if (c.properties.password) {
println(" password: " + c.password)
}
if (c.properties.passphrase) {
println(" passphrase: " + c.passphrase)
}
if (c.properties.secret) {
println(" secret: " + c.secret)
}
if (c.properties.privateKeySource) {
println(" privateKey: " + c.getPrivateKey())
}
println("")
}
🆒1
Everything You Need to Know About jQuery and its Vulnerabilities
#trustedsec
IntroductionJavaScript is used in some way on almost all modern web applications. There are several popular libraries that websites utilize, and each come with their own pros and cons. Today, we will focus on one of the…
via TrustedSec Blog (author: Luke Bremer)
#trustedsec
IntroductionJavaScript is used in some way on almost all modern web applications. There are several popular libraries that websites utilize, and each come with their own pros and cons. Today, we will focus on one of the…
via TrustedSec Blog (author: Luke Bremer)
Automating SCCM with Ludus: A Configuration Manager for Your Configuration Manager
#specterops
via SpecterOps Team Medium (author: Zach Stein)
#specterops
via SpecterOps Team Medium (author: Zach Stein)
Medium
Automating SCCM with Ludus: A Configuration Manager for Your Configuration Manager
TL;DR: Using Ludus as the backend, and with the help of Erik at Bad Sector Labs, I present a fully customizable SCCM deployment you can…