Everything You Need to Know About jQuery and its Vulnerabilities
#trustedsec
IntroductionJavaScript is used in some way on almost all modern web applications. There are several popular libraries that websites utilize, and each come with their own pros and cons. Today, we will focus on one of the…
via TrustedSec Blog (author: Luke Bremer)
#trustedsec
IntroductionJavaScript is used in some way on almost all modern web applications. There are several popular libraries that websites utilize, and each come with their own pros and cons. Today, we will focus on one of the…
via TrustedSec Blog (author: Luke Bremer)
Automating SCCM with Ludus: A Configuration Manager for Your Configuration Manager
#specterops
via SpecterOps Team Medium (author: Zach Stein)
#specterops
via SpecterOps Team Medium (author: Zach Stein)
Medium
Automating SCCM with Ludus: A Configuration Manager for Your Configuration Manager
TL;DR: Using Ludus as the backend, and with the help of Erik at Bad Sector Labs, I present a fully customizable SCCM deployment you can…
Hands On with Chip Off Non-Volatile Memory
#trustedsec
1.1 Introduction - Why We're HereWelcome to a deep dive into desoldering Non-Volatile storage chips! At the time of publishing, this is a recreation of my own first attempts at desoldering, and intended to encourage…
via TrustedSec Blog (author: Philip DuBois)
#trustedsec
1.1 Introduction - Why We're HereWelcome to a deep dive into desoldering Non-Volatile storage chips! At the time of publishing, this is a recreation of my own first attempts at desoldering, and intended to encourage…
via TrustedSec Blog (author: Philip DuBois)
onwebkitplaybacktargetavailabilitychanged?! New exotic events in the XSS cheat sheet
#portswigger
The power of our XSS cheat sheet is we get fantastic contributions from the web security community and this update is no exception. We had valuable contributions from Mozilla to remove events that no
via PortSwigger Research
#portswigger
The power of our XSS cheat sheet is we get fantastic contributions from the web security community and this update is no exception. We had valuable contributions from Mozilla to remove events that no
via PortSwigger Research
Tips and Tricks on Creating Your First Conference Talk
#trustedsec
Have you ever attended a security conference (or any conference for that matter) and thought about giving a presentation yourself, but don't know where to start? Well, I am here to help! This blog post will guide you…
via TrustedSec Blog (author: Whitney Phillips)
#trustedsec
Have you ever attended a security conference (or any conference for that matter) and thought about giving a presentation yourself, but don't know where to start? Well, I am here to help! This blog post will guide you…
via TrustedSec Blog (author: Whitney Phillips)
Nighthawk 0.3 – Automate All the Things
#mdsec
OpSec and evasion are two of the most important factors for red team success in modern day operations, and Nighthawk continues to lead the way in innovation on this front....
via MDSec Blog (author: Admin)
#mdsec
OpSec and evasion are two of the most important factors for red team success in modern day operations, and Nighthawk continues to lead the way in innovation on this front....
via MDSec Blog (author: Admin)
Adventures in Shellcode Obfuscation! Part 1: Overview
#redsiege
by Mike Saunders, Principal Security Consultant This blog is the first in a series of articles on methods for obfuscating shellcode. I’ll be focusing on how to obfuscate […]
via RedSiege Blog (author: Red Siege)
#redsiege
by Mike Saunders, Principal Security Consultant This blog is the first in a series of articles on methods for obfuscating shellcode. I’ll be focusing on how to obfuscate […]
via RedSiege Blog (author: Red Siege)
ScriptBlock Smuggling: Spoofing PowerShell Security Logs and Bypassing AMSI Without Reflection or Patching
#bcsecurity
Note: All code samples shown in the post can be found in our repo here In recent years, PowerShell tradecraft has seen a drop in popularity among pentesters, red teams, and to some extent APTs. There are several reasons for this, but at the core, it was the introduction of [...]
via BC Security Blog (author: Hubbl3)
#bcsecurity
Note: All code samples shown in the post can be found in our repo here In recent years, PowerShell tradecraft has seen a drop in popularity among pentesters, red teams, and to some extent APTs. There are several reasons for this, but at the core, it was the introduction of [...]
via BC Security Blog (author: Hubbl3)
Let’s Clone a Cloner...To Meet My Needs
#trustedsec
It was my second Physical Penetration Test here at TrustedSec and I was paired with colleague Paul Burkeland. After arriving at the hotel, Paul stated that he needed 16 AA batteries, so we went to the local CVS. I was…
via TrustedSec Blog (author: Costa Petros)
#trustedsec
It was my second Physical Penetration Test here at TrustedSec and I was paired with colleague Paul Burkeland. After arriving at the hotel, Paul stated that he needed 16 AA batteries, so we went to the local CVS. I was…
via TrustedSec Blog (author: Costa Petros)
How Privileged Identity Management Affects Conditional Access Policies
#specterops
via SpecterOps Team Medium (author: Hope Walker)
#specterops
via SpecterOps Team Medium (author: Hope Walker)
Medium
How Privileged Identity Management Affects Conditional Access Policies
Introduction
Adventures in Shellcode Obfuscation! Part 2: Hail Caesar!
#redsiege
by Mike Saunders, Principal Security Consultant This blog is the second in a series of blogs on obfuscation techniques for hiding shellcode. You can find the rest of the series […]
via RedSiege Blog (author: Red Siege)
#redsiege
by Mike Saunders, Principal Security Consultant This blog is the second in a series of blogs on obfuscation techniques for hiding shellcode. You can find the rest of the series […]
via RedSiege Blog (author: Red Siege)
Playing Games with PCI Compliance Deadlines
#trustedsec
The new version 4.0 of the PCI DSS standard that applies to organizations that handle payment cards is now mandatory as of April 01, 2024. As a QSA, I’ve heard rumblings about organizations that moved their annual PCI…
via TrustedSec Blog (author: Chris Camejo)
#trustedsec
The new version 4.0 of the PCI DSS standard that applies to organizations that handle payment cards is now mandatory as of April 01, 2024. As a QSA, I’ve heard rumblings about organizations that moved their annual PCI…
via TrustedSec Blog (author: Chris Camejo)
Media is too big
VIEW IN TELEGRAM
Phone Switch Labs CTF – Walk-Through
#redsiege
by Douglas Berdeaux, Senior Security Consultant CTF redsiege.com/phoneswitch Getting Started Phone phreaking is the practice of exploring and hacking telephones, telephone switches, telephone test equipment, and physically exploring the telephone […]
via RedSiege Blog (author: Red Siege)
#redsiege
by Douglas Berdeaux, Senior Security Consultant CTF redsiege.com/phoneswitch Getting Started Phone phreaking is the practice of exploring and hacking telephones, telephone switches, telephone test equipment, and physically exploring the telephone […]
via RedSiege Blog (author: Red Siege)
Release v2.0 - Everything Everywhere All At Once
#bruteratel
Brute Ratel v2.0 [codename Metamorphosis] is now available for download. This release introduces significant changes compared to previous versions, so it’s strongly recommended to review this blog, the private videos, and the documentation before using it. The Badger component has undergone extensive rewrites, featuring major updates in evasion tactics and new functionalities. The server has been optimized for speed and efficiency, with significant improvements to the licensing algorithm, ensuring each license is linked to a specific host to prevent misuse. However, the license can still be transfered from one host to another while deactivating the previous one. Additionally, several minor updates have been made to the Commander, which operators will notice during operation.
via Brute Ratel C4 Blog (author: Chetan Nayak (chetan@bruteratel.com))
#bruteratel
Brute Ratel v2.0 [codename Metamorphosis] is now available for download. This release introduces significant changes compared to previous versions, so it’s strongly recommended to review this blog, the private videos, and the documentation before using it. The Badger component has undergone extensive rewrites, featuring major updates in evasion tactics and new functionalities. The server has been optimized for speed and efficiency, with significant improvements to the licensing algorithm, ensuring each license is linked to a specific host to prevent misuse. However, the license can still be transfered from one host to another while deactivating the previous one. Additionally, several minor updates have been made to the Commander, which operators will notice during operation.
via Brute Ratel C4 Blog (author: Chetan Nayak (chetan@bruteratel.com))