DYK most VPN services can actually make you less secure? Today x.com/PET_Symposium, Benjamin Mixon-Baca will present research done in collaboration with the Citizen Lab about how VPNs can enable an attacker to act as an in-path router between you and the VPN server. The study identifies a new vulnerability called a “port shadow”.https://petsymposium.org/popets/2024/popets-2024-0070.pdf
Please open Telegram to view this post
VIEW IN TELEGRAM
X (formerly Twitter)
PETS (@PET_Symposium) on X
Official account of the Privacy Enhancing Technologies Symposium. Next event: PETS 2025, July 14-19, Washington, DC and Online.
mastodon: @PET_Symposium@infosec
mastodon: @PET_Symposium@infosec
This media is not supported in your browser
VIEW IN TELEGRAM
https://www.mobile-hacker.com/2024/07/23/whatsapp-trick-android-malware-can-impersonate-pdf-file/
Please open Telegram to view this post
VIEW IN TELEGRAM
Includes credentials, registrant IP, and last login IP, among other details.
https://bf.based.re/
Please open Telegram to view this post
VIEW IN TELEGRAM
https://anatomic.rip/abusing_rcu_callbacks_to_defeat_kaslr/
Please open Telegram to view this post
VIEW IN TELEGRAM
a place of anatomical precision
Abusing RCU callbacks with a Use-After-Free read to defeat KASLR
Introduction In this article, I will be walking you through a clever technique that can be used to leak addresses and defeat KASLR in the Linux Kernel when you have a certain type of Use-After-Free by abusing RCU callbacks. It is by no means a novel technique…
Please open Telegram to view this post
VIEW IN TELEGRAM
https://flatt.tech/research/posts/beyond-the-limit-expanding-single-packet-race-condition-with-first-sequence-sync/
Please open Telegram to view this post
VIEW IN TELEGRAM
GMO Flatt Security Research
Beyond the Limit: Expanding single-packet race condition with a first sequence sync for breaking the 65,535 byte limit
Introduction
Hello, I’m RyotaK (@ryotkak
), a security engineer at Flatt Security Inc.
In 2023, James Kettle
of PortSwigger published an excellent paper
titled Smashing the state machine: the true potential of web race conditions.
In the paper, he introduced…
Hello, I’m RyotaK (@ryotkak
), a security engineer at Flatt Security Inc.
In 2023, James Kettle
of PortSwigger published an excellent paper
titled Smashing the state machine: the true potential of web race conditions.
In the paper, he introduced…
Cyber-Warfare
📍Apparently the Jew ✡️ (Israel) used sonic booms 💥 of fighter jets (apparently F-35s) in Beirut, Lebanon 🇱🇧 and nearby areas during the telecast of Hizbollah chief Hassan Nasrallah's speech to get his location in a corelation attack (had it been live).
https://x.com/Lonewolf8ier/status/1820825946212978816
Please open Telegram to view this post
VIEW IN TELEGRAM
0.0.0.0 Day
https://www.bleepingcomputer.com/news/security/18-year-old-security-flaw-in-firefox-and-chrome-exploited-in-attacks/
Please open Telegram to view this post
VIEW IN TELEGRAM
BleepingComputer
18-year-old security flaw in Firefox and Chrome exploited in attacks
A vulnerability disclosed 18 years ago, dubbed "0.0.0.0 Day", allows malicious websites to bypass security in Google Chrome, Mozilla Firefox, and Apple Safari and interact with services on a local network.
It’s becoming increasingly apparent that security research is not enough to end the era of zero days.Natalie Silvanovich
https://duo.com/decipher/project-zero-it-will-take-all-of-us-to-end-the-era-of-zero-days
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
YouTube
Exploring Android Threats | Cybersecurity Podcast
Did you know a ducky can control your phone?
Welcome to Episode #5 of Unlocked 403, where we dive deep into Android security threats with Lukas Stefanko, a leading malware researcher at ESET. In this episode, we explore some of the most intriguing and dangerous…
Welcome to Episode #5 of Unlocked 403, where we dive deep into Android security threats with Lukas Stefanko, a leading malware researcher at ESET. In this episode, we explore some of the most intriguing and dangerous…
Please open Telegram to view this post
VIEW IN TELEGRAM
YouTube
Hunting The Dark Webs Biggest Villain
Use the code thinker at https://nordpass.com/thinker to get a free 3-month trial of NordPass Business. No credit card is required!
Watch on Spotify: https://creators.spotify.com/pod/profile/thinkeryt/
In this documentary, we dive into the shadowy world…
Watch on Spotify: https://creators.spotify.com/pod/profile/thinkeryt/
In this documentary, we dive into the shadowy world…
❤1
🍊Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server.
https://blog.orange.tw/posts/2024-08-confusion-attacks-en/
https://blog.orange.tw/posts/2024-08-confusion-attacks-en/
Orange Tsai
Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server!
📌 [ 繁體中文 | English ] Hey there! This is my research on Apache HTTP Server presented at Black Hat USA 2024. Additionally, this research will also be presented at HITCON and OrangeCon. If you’re int
2024-1275_240823_230000.pdf
777.4 KB
https://www.securityweek.com/major-backdoor-in-millions-of-rfid-cards-allows-instant-cloning/
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
Phrack
Stealth Shell
Click to read the article on phrack
❤1
https://blog.coffinsec.com/0day/2024/08/30/exploiting-CVE-2024-20017-four-different-ways.html
Please open Telegram to view this post
VIEW IN TELEGRAM
hyprblog
4 exploits, 1 bug: exploiting CVE-2024-20017 4 different ways
a post going over 4 exploits for CVE-2024-20017, a remotely exploitable buffer overflow in a component of the MediaTek MT7622 SDK.
https://github.com/lvkv/whenfs
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - lvkv/whenfs: A FUSE filesystem for your Google calendar
A FUSE filesystem for your Google calendar. Contribute to lvkv/whenfs development by creating an account on GitHub.
https://labs.taszk.io/articles/post/there_will_be_bugs/
Please open Telegram to view this post
VIEW IN TELEGRAM
labs.taszk.io
Unburdened By What Has Been: Exploiting New Attack Surfaces in Radio Layer 2 for Baseband RCE on Samsung Exynos
Samsung Baseband RCE with Layer 2 Vulnerabilities
https://sites.google.com/view/Gazeploit/
PDF: https://arxiv.org/pdf/2409.08122
Please open Telegram to view this post
VIEW IN TELEGRAM
Google
GAZEploit
GAZEploit: