■■■■■ Autorize is a Burpsuite extension to help you automate authorization vulnerabilities!
It auto-repeats all the requests as an authenticated user as well one without a session.
https://github.com/portswigger/autorize
It auto-repeats all the requests as an authenticated user as well one without a session.
https://github.com/portswigger/autorize
GitHub
GitHub - PortSwigger/autorize: Automatic authorization enforcement detection extension for burp suite written in Jython developed…
Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automa...
■■■□□ Caesars reportedly paid millions to stop hackers releasing its data.
https://www.engadget.com/caesars-reportedly-paid-millions-to-stop-hackers-releasing-its-data-081052820.html
https://www.engadget.com/caesars-reportedly-paid-millions-to-stop-hackers-releasing-its-data-081052820.html
Engadget
Caesars reportedly paid millions to stop hackers releasing its data
Caesars Entertainment reportedly paid "tens of millions of dollars" to hackers who threatened to release company data.
■■■■□ Bypassing UAC with SSPI Datagram Contexts.
https://splintercod3.blogspot.com/p/bypassing-uac-with-sspi-datagram.html
https://splintercod3.blogspot.com/p/bypassing-uac-with-sspi-datagram.html
■■■■■ Data-Leak: 38TB of data accidentally exposed by Microsoft AI researchers
Wiz Research found a data exposure incident on Microsoft’s AI GitHub repository, including over 30,000 internal Microsoft Teams messages – all caused by one misconfigured SAS token.
https://www.wiz.io/blog/38-terabytes-of-private-data-accidentally-exposed-by-microsoft-ai-researchers
Wiz Research found a data exposure incident on Microsoft’s AI GitHub repository, including over 30,000 internal Microsoft Teams messages – all caused by one misconfigured SAS token.
https://www.wiz.io/blog/38-terabytes-of-private-data-accidentally-exposed-by-microsoft-ai-researchers
wiz.io
38TB of data accidentally exposed by Microsoft AI researchers | Wiz Blog
Wiz Research found a data exposure incident on Microsoft’s AI GitHub repository, including over 30,000 internal Microsoft Teams messages – all caused by one misconfigured SAS token
■■■■■ Fileless Remote Code Execution on Juniper Firewalls - Blog - VulnCheck.
https://vulncheck.com/blog/juniper-cve-2023-36845
https://vulncheck.com/blog/juniper-cve-2023-36845
VulnCheck
VulnCheck - Outpace Adversaries
Vulnerability intelligence that predicts avenues of attack with speed and accuracy.
Forwarded from cKure Red
● Real world OSINT challenge.
United States' military loses F35B over its territory. Unable to track, the US government has requested civilian help to find the missing plane.
https://twitter.com/flightradar24/status/1703827299412455459
https://twitter.com/TeamCharleston/status/1703523385475534968
https://www.businessinsider.com/missing-f35-flying-after-pilot-ejected-soviet-jet-cold-war-2023-9
United States' military loses F35B over its territory. Unable to track, the US government has requested civilian help to find the missing plane.
https://twitter.com/flightradar24/status/1703827299412455459
https://twitter.com/TeamCharleston/status/1703523385475534968
https://www.businessinsider.com/missing-f35-flying-after-pilot-ejected-soviet-jet-cold-war-2023-9
X (formerly Twitter)
Flightradar24 (@flightradar24) on X
The US military is searching for a missing F-35B in South Carolina after the pilot ejected yesterday and the jet kept flying. If you have seen an F-35 in the woods, please contact the US Marines.
■■■□□ Data-Leak: Researchers from vx-underground reported that FBI hacker ‘USDoD‘ leaked sensitive data from consumer credit reporting agency TransUnion.
https://securityaffairs.com/150968/data-breach/transunion-data-leak.html
https://securityaffairs.com/150968/data-breach/transunion-data-leak.html
Security Affairs
FBI hacker USDoD leaks highly sensitive TransUnion data
Researchers from vx-underground reported that FBI hacker 'USDoD' leaked sensitive data from consumer credit reporting agency TransUnion.
■□□□□ Data-leak: The Clorox Company admits cyberattack causing 'widescale disruption'
Back to 'manual' order processing for $7B household cleaning biz, financial impact will be 'material'.
https://www.theregister.com/2023/09/19/the_clorox_company_admits_cyber/
Back to 'manual' order processing for $7B household cleaning biz, financial impact will be 'material'.
https://www.theregister.com/2023/09/19/the_clorox_company_admits_cyber/
The Register
The Clorox Company admits cyberattack causing 'widescale disruption'
Back to 'manual' order processing for $7B household cleaning biz, financial impact will be 'material'
■■■■■ The Not So Pleasant Password Manager.
https://www.mdsec.co.uk/2023/09/the-not-so-pleasant-password-manager/
https://www.mdsec.co.uk/2023/09/the-not-so-pleasant-password-manager/
MDSec
The Not So Pleasant Password Manager - MDSec
Overview During a recent adversary simulation, the MDSec ActiveBreach red team were asked to investigate the organisation’s Password Manager solution, with the key objective of compromising stored credentials, ideally from...
Forwarded from cKure Red
Signal adds quantum-resistant encryption to its E2EE messaging protocol.
https://signal.org/blog/pqxdh/
https://www.bleepingcomputer.com/news/security/signal-adds-quantum-resistant-encryption-to-its-e2ee-messaging-protocol/
https://signal.org/blog/pqxdh/
https://www.bleepingcomputer.com/news/security/signal-adds-quantum-resistant-encryption-to-its-e2ee-messaging-protocol/
Signal
Quantum Resistance and the Signal Protocol
The Signal Protocol is a set of cryptographic specifications that provides end-to-end encryption for private communications exchanged daily by billions of people around the world. After its publication in 2013, the Signal Protocol was adopted not only by…
■■■■□ android-luks: An app that allows secure LUKS unlocking using usb accessory mode without typing your LUKS password.
https://github.com/full-disclosure/android-luks
https://github.com/full-disclosure/android-luks
GitHub
GitHub - full-disclosure/android-luks: An app that allows secure LUKS unlocking using usb accessory mode without typing your LUKS…
An app that allows secure LUKS unlocking using usb accessory mode without typing your LUKS password - full-disclosure/android-luks
■■■■■ Frida & Objection without Jailbreak!
https://infosecwriteups.com/frida-objection-without-jailbreak-27a66501bf38
https://infosecwriteups.com/frida-objection-without-jailbreak-27a66501bf38
Medium
Frida & Objection without Jailbreak! 🔥🔥
So are you the one who stops security testing if Jailbreak Detection is not bypassed?? No worries, we have got you covered! A method to…