onwebkitplaybacktargetavailabilitychanged?! New exotic events in the XSS cheat sheet
#portswigger
The power of our XSS cheat sheet is we get fantastic contributions from the web security community and this update is no exception. We had valuable contributions from Mozilla to remove events that no
via PortSwigger Research
#portswigger
The power of our XSS cheat sheet is we get fantastic contributions from the web security community and this update is no exception. We had valuable contributions from Mozilla to remove events that no
via PortSwigger Research
Tips and Tricks on Creating Your First Conference Talk
#trustedsec
Have you ever attended a security conference (or any conference for that matter) and thought about giving a presentation yourself, but don't know where to start? Well, I am here to help! This blog post will guide you…
via TrustedSec Blog (author: Whitney Phillips)
#trustedsec
Have you ever attended a security conference (or any conference for that matter) and thought about giving a presentation yourself, but don't know where to start? Well, I am here to help! This blog post will guide you…
via TrustedSec Blog (author: Whitney Phillips)
Nighthawk 0.3 – Automate All the Things
#mdsec
OpSec and evasion are two of the most important factors for red team success in modern day operations, and Nighthawk continues to lead the way in innovation on this front....
via MDSec Blog (author: Admin)
#mdsec
OpSec and evasion are two of the most important factors for red team success in modern day operations, and Nighthawk continues to lead the way in innovation on this front....
via MDSec Blog (author: Admin)
Adventures in Shellcode Obfuscation! Part 1: Overview
#redsiege
by Mike Saunders, Principal Security Consultant This blog is the first in a series of articles on methods for obfuscating shellcode. I’ll be focusing on how to obfuscate […]
via RedSiege Blog (author: Red Siege)
#redsiege
by Mike Saunders, Principal Security Consultant This blog is the first in a series of articles on methods for obfuscating shellcode. I’ll be focusing on how to obfuscate […]
via RedSiege Blog (author: Red Siege)
ScriptBlock Smuggling: Spoofing PowerShell Security Logs and Bypassing AMSI Without Reflection or Patching
#bcsecurity
Note: All code samples shown in the post can be found in our repo here In recent years, PowerShell tradecraft has seen a drop in popularity among pentesters, red teams, and to some extent APTs. There are several reasons for this, but at the core, it was the introduction of [...]
via BC Security Blog (author: Hubbl3)
#bcsecurity
Note: All code samples shown in the post can be found in our repo here In recent years, PowerShell tradecraft has seen a drop in popularity among pentesters, red teams, and to some extent APTs. There are several reasons for this, but at the core, it was the introduction of [...]
via BC Security Blog (author: Hubbl3)
Let’s Clone a Cloner...To Meet My Needs
#trustedsec
It was my second Physical Penetration Test here at TrustedSec and I was paired with colleague Paul Burkeland. After arriving at the hotel, Paul stated that he needed 16 AA batteries, so we went to the local CVS. I was…
via TrustedSec Blog (author: Costa Petros)
#trustedsec
It was my second Physical Penetration Test here at TrustedSec and I was paired with colleague Paul Burkeland. After arriving at the hotel, Paul stated that he needed 16 AA batteries, so we went to the local CVS. I was…
via TrustedSec Blog (author: Costa Petros)
How Privileged Identity Management Affects Conditional Access Policies
#specterops
via SpecterOps Team Medium (author: Hope Walker)
#specterops
via SpecterOps Team Medium (author: Hope Walker)
Medium
How Privileged Identity Management Affects Conditional Access Policies
Introduction
Adventures in Shellcode Obfuscation! Part 2: Hail Caesar!
#redsiege
by Mike Saunders, Principal Security Consultant This blog is the second in a series of blogs on obfuscation techniques for hiding shellcode. You can find the rest of the series […]
via RedSiege Blog (author: Red Siege)
#redsiege
by Mike Saunders, Principal Security Consultant This blog is the second in a series of blogs on obfuscation techniques for hiding shellcode. You can find the rest of the series […]
via RedSiege Blog (author: Red Siege)
Playing Games with PCI Compliance Deadlines
#trustedsec
The new version 4.0 of the PCI DSS standard that applies to organizations that handle payment cards is now mandatory as of April 01, 2024. As a QSA, I’ve heard rumblings about organizations that moved their annual PCI…
via TrustedSec Blog (author: Chris Camejo)
#trustedsec
The new version 4.0 of the PCI DSS standard that applies to organizations that handle payment cards is now mandatory as of April 01, 2024. As a QSA, I’ve heard rumblings about organizations that moved their annual PCI…
via TrustedSec Blog (author: Chris Camejo)
Media is too big
VIEW IN TELEGRAM
Phone Switch Labs CTF – Walk-Through
#redsiege
by Douglas Berdeaux, Senior Security Consultant CTF redsiege.com/phoneswitch Getting Started Phone phreaking is the practice of exploring and hacking telephones, telephone switches, telephone test equipment, and physically exploring the telephone […]
via RedSiege Blog (author: Red Siege)
#redsiege
by Douglas Berdeaux, Senior Security Consultant CTF redsiege.com/phoneswitch Getting Started Phone phreaking is the practice of exploring and hacking telephones, telephone switches, telephone test equipment, and physically exploring the telephone […]
via RedSiege Blog (author: Red Siege)
Release v2.0 - Everything Everywhere All At Once
#bruteratel
Brute Ratel v2.0 [codename Metamorphosis] is now available for download. This release introduces significant changes compared to previous versions, so it’s strongly recommended to review this blog, the private videos, and the documentation before using it. The Badger component has undergone extensive rewrites, featuring major updates in evasion tactics and new functionalities. The server has been optimized for speed and efficiency, with significant improvements to the licensing algorithm, ensuring each license is linked to a specific host to prevent misuse. However, the license can still be transfered from one host to another while deactivating the previous one. Additionally, several minor updates have been made to the Commander, which operators will notice during operation.
via Brute Ratel C4 Blog (author: Chetan Nayak (chetan@bruteratel.com))
#bruteratel
Brute Ratel v2.0 [codename Metamorphosis] is now available for download. This release introduces significant changes compared to previous versions, so it’s strongly recommended to review this blog, the private videos, and the documentation before using it. The Badger component has undergone extensive rewrites, featuring major updates in evasion tactics and new functionalities. The server has been optimized for speed and efficiency, with significant improvements to the licensing algorithm, ensuring each license is linked to a specific host to prevent misuse. However, the license can still be transfered from one host to another while deactivating the previous one. Additionally, several minor updates have been made to the Commander, which operators will notice during operation.
via Brute Ratel C4 Blog (author: Chetan Nayak (chetan@bruteratel.com))
Investing to deliver more
#portswigger
We are excited to announce a strategic investment from Brighton Park Capital (BPC), a leading growth equity firm with a track record of scaling innovative technology companies. This partnership will e
via PortSwigger Blog
#portswigger
We are excited to announce a strategic investment from Brighton Park Capital (BPC), a leading growth equity firm with a track record of scaling innovative technology companies. This partnership will e
via PortSwigger Blog
Ring Around The Regex: Lessons learned from fuzzing regex libraries (Part 1)
#secretclub
Okay, if you’re reading this, you probably know what fuzzing is. As an incredibly reductive summary: fuzzing is an automated, random testing process which tries to explore the state space (e.g., different interpretations of the input or behaviour) of a program under test (PUT; sometimes also SUT, DUT, etc.). Fuzzing is often celebrated as one of the most effective ways to find bugs in programs due to its inherently random nature, which defies human expectation or bias1. The strategy has found countless security-critical bugs (think tens or hundreds of thousands) over its 30-odd-years of existence, and yet faces regular suspicion from industry and academia alike. Mostly. Fuzzers can be overfit to certain applications, intentionally or not. ↩
via Secret Club (author: addison)
#secretclub
Okay, if you’re reading this, you probably know what fuzzing is. As an incredibly reductive summary: fuzzing is an automated, random testing process which tries to explore the state space (e.g., different interpretations of the input or behaviour) of a program under test (PUT; sometimes also SUT, DUT, etc.). Fuzzing is often celebrated as one of the most effective ways to find bugs in programs due to its inherently random nature, which defies human expectation or bias1. The strategy has found countless security-critical bugs (think tens or hundreds of thousands) over its 30-odd-years of existence, and yet faces regular suspicion from industry and academia alike. Mostly. Fuzzers can be overfit to certain applications, intentionally or not. ↩
via Secret Club (author: addison)