Exploiting Bluetooth: From your car to the bank account
Defcon slides: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Vladyslav%20Zubkov%20Martin%20Strohmeier%20-%20Exploiting%20Bluetooth%20-%20from%20your%20car%20to%20the%20bank%20account%24%24.pdf
Defcon slides: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Vladyslav%20Zubkov%20Martin%20Strohmeier%20-%20Exploiting%20Bluetooth%20-%20from%20your%20car%20to%20the%20bank%20account%24%24.pdf
๐4
Android_App_Usage.pdf
10.3 MB
#Mobile_Security
"Android App Usage and Cell Tower Location: Private. Sensitive. Available to Anyone?", 2024.
"Android App Usage and Cell Tower Location: Private. Sensitive. Available to Anyone?", 2024.
๐ฅ3
How to root an #Android device for analysis and vulnerability assessment
https://www.pentestpartners.com/security-blog/how-to-root-an-android-device-for-analysis-and-vulnerability-assessment/
https://www.pentestpartners.com/security-blog/how-to-root-an-android-device-for-analysis-and-vulnerability-assessment/
Pen Test Partners
How to root an Android device for analysis and vulnerability assessment | Pen Test Partners
TL;DR Introduction For mobile testing, be it for apps or hardware, having complete control over the device is essential for analysis and vulnerability assessment. Rooting an Android device allows us to gain root privileges, giving us full access to the OSโฆ
#redteam
Cobalt Strike - CDN / Reverse Proxy Setup
https://redops.at/en/blog/cobalt-strike-cdn-reverse-proxy-setup
Cobalt Strike - CDN / Reverse Proxy Setup
https://redops.at/en/blog/cobalt-strike-cdn-reverse-proxy-setup
๐5๐ฅ1๐คฌ1๐คจ1
Post-Quantum Cryptography: Standards and Progress
http://security.googleblog.com/2024/08/post-quantum-cryptography-standards.html
http://security.googleblog.com/2024/08/post-quantum-cryptography-standards.html
Google Online Security Blog
Post-Quantum Cryptography: Standards and Progress
Posted by Royal Hansen, VP, Privacy, Safety and Security Engineering, Google, and Phil Venables, VP, TI Security & CISO, Google Cloud The...
iSniff GPS - Passive sniffing tool for capturing and visualising WiFi location data disclosed by iOS devices
https://github.com/hubert3/iSniff-GPS
https://github.com/hubert3/iSniff-GPS
GitHub
GitHub - hubert3/iSniff-GPS: Passive sniffing tool for capturing and visualising WiFi location data disclosed by iOS devices
Passive sniffing tool for capturing and visualising WiFi location data disclosed by iOS devices - hubert3/iSniff-GPS
๐ฅ2
Back to School - Exploiting a Remote Code Execution Vulnerability in Moodle
https://blog.redteam-pentesting.de/2024/moodle-rce/
https://blog.redteam-pentesting.de/2024/moodle-rce/
RedTeam Pentesting - Blog
Back to School - Exploiting a Remote Code Execution Vulnerability in Moodle
Surprisingly often, implementations include functionality where user input is passed to dangerous functions like PHPโs eval() - despite clear warnings. Often, devs are somewhat aware of this danger and attempt to sanitize the input, but this approach โฆ
๐2
CVE-2024-38063 - Remotely Exploiting The Kernel Via IPv6
https://malwaretech.com/2024/08/exploiting-CVE-2024-38063.html
https://malwaretech.com/2024/08/exploiting-CVE-2024-38063.html
Malwaretech
CVE-2024-38063 - Remotely Exploiting The Kernel Via IPv6
Performing a root cause analysis & building proof-of-concept for CVE-2024-38063, a CVSS 9.8 Vulnerability In the Windows Kernel IPv6 Parser
๐2๐ฅ1๐ซก1
Analysis of CVE-2024-43044 โ From file read to RCE in #Jenkins through agents
https://blog.convisoappsec.com/en/analysis-of-cve-2024-43044/
https://blog.convisoappsec.com/en/analysis-of-cve-2024-43044/
Conviso AppSec
Analysis of CVE-2024-43044 โ From file read to RCE in Jenkins through agents
The Jenkins team released an advisory (CVE-2024-43044) for an arbitrary file read vulnerability that allows an agent to be able to read files
CVE-2024-37084: #Spring Cloud Remote Code Execution
https://blog.securelayer7.net/spring-cloud-skipper-vulnerability/
https://blog.securelayer7.net/spring-cloud-skipper-vulnerability/
SecureLayer7 - Offensive Security, API Scanner & Attack Surface Management
CVE-2024-37084: Spring Cloud Remote Code Execution
CVE-2024-37084 is a critical security vulnerability in Spring Cloud Skipper, specifically related to how the application processes YAML input. The vulnerability arises from the use of the standard...
A public secret : Research on the CVE-2024-30051 privilege escalation vulnerability in the wild
https://ti.qianxin.com/blog/articles/public-secret-research-on-the-cve-2024-30051-privilege-escalation-vulnerability-in-the-wild-en/
https://ti.qianxin.com/blog/articles/public-secret-research-on-the-cve-2024-30051-privilege-escalation-vulnerability-in-the-wild-en/
Qianxin
ๅฅๅฎไฟกๅจ่ๆ
ๆฅไธญๅฟ
Nuxt.js project
๐1
Introducing Java fuzz harness synthesis using LLMs
https://blog.oss-fuzz.com/posts/introducing-java-auto-harnessing/
https://blog.oss-fuzz.com/posts/introducing-java-auto-harnessing/
OSS-Fuzz blog
Introducing Java fuzz harness synthesis using LLMs
Introducing LLM-based harness generation for Java OSS-Fuzz projects.
๐ฅ3
Windows Wi-Fi Driver #RCE Vulnerability - CVE-2024-30078 - Crowdfense
https://www.crowdfense.com/windows-wi-fi-driver-rce-vulnerability-cve-2024-30078/
https://www.crowdfense.com/windows-wi-fi-driver-rce-vulnerability-cve-2024-30078/
Crowdfense
Windows Wi-Fi Driver RCE Vulnerability - CVE-2024-30078 - Crowdfense
Analysis of CVE-2024-30078, a Windows Wi-Fi driver vulnerability. Detailed root cause analysis and exploitation constraints.
Infiltrax - post-exploitation tool to capture screenshots, retrieve clipboard contents, log keystrokes, and install AnyDesk for persistent remote access
https://github.com/alexdhital/Infiltrax
https://github.com/alexdhital/Infiltrax
GitHub
GitHub - alexdhital/Infiltrax: Infiltrax is a post-exploitation reconnaissance tool for penetration testers and red teams, designedโฆ
Infiltrax is a post-exploitation reconnaissance tool for penetration testers and red teams, designed to capture screenshots, retrieve clipboard contents, log keystrokes, bypass UAC and install AnyD...
๐ฅ2
Exploiting CI / CD Pipelines for fun and profit
https://blog.razzsecurity.com/2024/09/08/exploitation-research/exploiting-ci-cd-pipelines-for-fun-and-profit/
https://blog.razzsecurity.com/2024/09/08/exploitation-research/exploiting-ci-cd-pipelines-for-fun-and-profit/
๐2
How to intercepting #Android at runtime on non-rooted devices using frida-gadget
https://dispatchersdotplayground.hashnode.dev/intercepting-android-at-runtime-on-non-rooted-devices
https://dispatchersdotplayground.hashnode.dev/intercepting-android-at-runtime-on-non-rooted-devices
Stavro's Android Blog
Intercepting Android on runtime on non-rooted devices
Interestingly enough, Frida tool has its place on non-rooted devices as well. It can be used directly or with the help of another tool called Objection...
๐3