Automating API Vulnerability Testing Using Postman Workflows #APIVulnerabilityTesting #PostmanWorkflows #AutomatedTesting #BugHunting #OWASP https://haymiz.dev/security/2024/04/27/automating-apis-with-postman-workflows/
haymiz@kali:~/blog$
Automating API Vulnerability Testing Using Postman Workflows
Explore the art of automating and visually demonstrating API vulnerabilities you've identified using Postman Workflows.
Judge0 Sandbox Escape #Judge0 #SandboxEscape #PenetrationTesting #SecurityReviews #Exploitation https://tantosec.com/blog/judge0/
From IcedID to Dagon Locker Ransomware in 29 Days #IcedID #DagonLocker #Ransomware #DFIRReport #ThreatIntelligence https://thedfirreport.com/2024/04/29/from-icedid-to-dagon-locker-ransomware-in-29-days/
The DFIR Report
From IcedID to Dagon Locker Ransomware in 29 Days
Key Takeaways In August 2023, we observed an intrusion that started with a phishing campaign using PrometheusTDS to distribute IcedID. IcedID dropped and executed a Cobalt Strike beacon, which was …
From Assistant to Analyst: The Power of Gemini 1.5 Pro for Malware Analysis #MalwareAnalysis #Gemini1.5Pro #AIAssistance #ReverseEngineering #ZeroDayDetection https://cloud.google.com/blog/topics/threat-intelligence/gemini-for-malware-analysis
Google Cloud Blog
From Assistant to Analyst: The Power of Gemini 1.5 Pro for Malware Analysis | Google Cloud Blog
Gemini 1.5 Pro helps analysts manage the asymmetric volume of threats more effectively and efficiently.
🤮2🎉1
Your NVMe Had Been Syz’ed: Fuzzing NVMe-oF/TCP Driver for Linux with Syzkaller #NVMe #Linux #KernelFuzzer #NVMeOF #Subsystems https://www.cyberark.com/resources/threat-research-blog/your-nvme-had-been-syzed-fuzzing-nvme-of-tcp-driver-for-linux-with-syzkaller
Cyberark
Your NVMe Had Been Syz’ed: Fuzzing NVMe-oF/TCP Driver for Linux with Syzkaller
Following research conducted by a colleague of mine [1] at CyberArk Labs, I better understood NVMe-oF/TCP. This kernel subsystem exposes INET socket(s), which can be a fruitful attack surface for...
It’s Morphin’ Time: Self-Modifying Code Sections with WriteProcessMemory for EDR Evasion #MorphinTime #SelfModifyingCode #WriteProcessMemory #EDREvasion #ProcessMockingjay https://revflash.medium.com/its-morphin-time-self-modifying-code-sections-with-writeprocessmemory-for-edr-evasion-9bf9e7b7dced
Medium
It’s Morphin’ Time: Self-Modifying Code Sections with WriteProcessMemory for EDR Evasion
The Mockingjay process injection technique was designed to prevent the allocation of a buffer with RWX permission, typically used for…
SecretCalls Spotlight: A Formidable App of Notorious Korean Financial Fraudster (Part 1) #VoicePhishing #FinancialFraud #SecretCalls #KoreanFraudster #AntiAnalysisTechniques https://medium.com/s2wblog/secretcalls-spotlight-a-formidable-app-of-notorious-korean-financial-fraudster-part-1-fa4bbed855c0
Medium
SecretCalls Spotlight: A Formidable App of Notorious Korean Financial Fraudster (Part 1)
Author: S2W TALON
Reverse Engineering Protobuf Definitions From Compiled Binaries #ReverseEngineering #Protobuf #Definitions #CompiledBinaries #SecurityBlog https://arkadiyt.com/2024/03/03/reverse-engineering-protobuf-definitiions-from-compiled-binaries/
Arkadiyt
Reverse Engineering Protobuf Definitions From Compiled Binaries
How to extract raw source protobuf definitions from compiled binaries, regardless of the target architecture
Identifying ESD damage using an electron microscope #MBSItem #ElectronMicroscope #IdentifyingESDdamage #MachineBuildingSystems #Automation https://mbsitem.co.uk/identifying-esd-damage-using-an-electron-microscope/
MBS Item
Identifying ESD damage using an electron microscope - MBS Item
MBS Item Identifying ESD damage using an electron microscope. When microchips are faulty, it’s the job of the Dresden-based experts at SGS Institut Fresenius to find out why.
Hunting M365 Invaders: Dissecting Email Collection Techniques #M365 #EmailCollection #HuntingInvaders #Splunk #SecurityDetection https://www.splunk.com/en_us/blog/security/hunting-m365-invaders-dissecting-email-collection-techniques.html
Splunk
Hunting M365 Invaders: Dissecting Email Collection Techniques | Splunk
The Splunk Threat Research Team describes various methods attackers may leverage to monitor mailboxes, how to simulate them and how teams can detect them using Splunk’s out-of-the-box security content.
master: Half-Life 1 engine based games #GitHub #ValveSoftware #halflife #HalfLifeEngine #games https://github.com/ValveSoftware/halflife/tree/master
GitHub
GitHub - ValveSoftware/halflife: Half-Life 1 engine based games
Half-Life 1 engine based games. Contribute to ValveSoftware/halflife development by creating an account on GitHub.
HEAP HEAP HOORAY — Unveiling GLIBC heap overflow vulnerability (CVE-2023–6246) #GLIBC #heapoverflow #FengShui #CVE-2023-6246 #exploitation https://medium.com/@elpepinillo/heap-heap-hooray-unveiling-glibc-heap-overflow-vulnerability-cve-2023-6246-0c6412423269
Medium
HEAP HEAP HOORAY — Unveiling GLIBC heap overflow vulnerability (CVE-2023–6246)
HEAP HEAP HOORAY — Unveiling GLIBC heap overflow vulnerability (CVE-2023–6246) INTRODUCTION In January 30th, Qualys team found a heap overflow in the __vsyslog_internal function of the Glibc …
XZ Utils Made Me Paranoid #TrustedSec #XZUtils #Paranoid #Backdoor #SecurityScanner https://trustedsec.com/blog/xz-utils-made-me-paranoid
TrustedSec
XZ Utils Made Me Paranoid
Identify XZ Utils backdoors by parsing ELF binaries, identifying function hooks, and comparing memory sections in real-time, using tools like ptrace and…
pcap-did-what: Analyze pcaps with Zeek and a Grafana Dashboard #GitHub #pcapAnalysis #Zeek #Grafana #NetworkMonitoring https://github.com/hackertarget/pcap-did-what
GitHub
GitHub - hackertarget/pcap-did-what: Analyze pcaps with Zeek and a Grafana Dashboard
Analyze pcaps with Zeek and a Grafana Dashboard. Contribute to hackertarget/pcap-did-what development by creating an account on GitHub.
Everyday Ghidra: Symbols — Prescription Lenses for Reverse Engineers — Part 1 #EverydayGhidra #ReverseEngineeringSymbols #GhidraTips #SymbolInformationSources https://medium.com/@clearbluejar/everyday-ghidra-symbols-prescription-lenses-for-reverse-engineers-part-1-d3efe9279a0b
Medium
Everyday Ghidra: Symbols — Prescription Lenses for Reverse Engineers — Part 1
In reverse engineering a closed-source binary using Ghidra or other software reverse engineering frameworks, a key objective is to…
🔥3
16 years of CVE-2008-0166 #16YearsCVE2008 #DebianOpenSSLBug #DKIMBIMI2024 #EmailVulnerability #SecurityIssues https://16years.secvuln.info/
16years.secvuln.info
16 years of CVE-2008-0166 - Debian OpenSSL Bug
Many DKIM setups used cryptographic keys vulnerable to the 2008 Debian OpenSSL Bug (CVE-2008-0166) in 2024.
"Password cracking: past, present, future" OffensiveCon 2024 keynote talk slides (by Solar Designer) #OffensiveCon2024 #PasswordCracking #SecurityTalk #Evolution https://www.openwall.com/lists/announce/2024/05/14/1
🔥1
QakBot attacks with Windows zero-day (CVE-2024-30051) #QakBot #CVE202430051 #WindowsZeroDay #Kaspersky #Cybersecurity https://securelist.com/cve-2024-30051/112618/
Securelist
QakBot attacks with Windows zero-day (CVE-2024-30051)
In April 2024, while researching CVE-2023-36033, we discovered another zero-day elevation-of-privilege vulnerability, which was assigned CVE-2024-30051 identifier and patched on May, 14 as part of Microsoft's patch Tuesday. We have seen it exploited by QakBot…
Executing Cobalt Strike's BOFs on ARM-based Linux devices #CobaltStrike #BOFs #ARM #Linux #Zig https://blog.z-labs.eu/2024/05/10/bofs-on-arm-based-devices.html