S3 Ep28.5: Hacking back – is attack an acceptable form of defence? [Podcast]
S3 Ep28: Pwn2Own hacks, dark web hitmen and COVID-19 privacy [Podcast]
FBI hacks into hundreds of infected US servers (and disinfects them)
IoT bug report claims “at least 100M devices” may be impacted
Apple and Google block official UK COVID-19 app update
Naked Security Live – How to spot “government” scammers
Pwn2Own 2021: Zoom, Teams, Exchange, Chrome and Edge “fully owned”
Italian charged with hiring “dark web hitman” to murder his ex-girlfriend
S3 Ep27: Census scammers, beg bounties and data breach fines [Podcast]
Too slow! Booking.com fined for not reporting data breach fast enough
Google Project Zero Cuts Bug Disclosure Timeline to a 30-Day Grace Period
iOS Kids Game Morphs into Underground Crypto Casino
NSA: 5 Security Bugs Under Active Nation-State Cyberattack
Mandiant Front Lines: How to Tackle Exchange Exploits
BazarLoader Malware Abuses Slack, BaseCamp Clouds
Biden Races to Shore Up Power Grid Against Hacks
Gafgyt Botnet Lifts DDoS Tricks from Mirai
Attackers Target ProxyLogon Exploit to Install Cryptojacker
Security Bug Allows Attackers to Brick Kubernetes Clusters
Man Arrested for AWS Bomb Plot
623K Payment Cards Stolen from Cybercrime Forum
A Post-Data Privacy World and Data-Rights Management
Breaking Down Joe Biden's $10B Cybersecurity 'Down Payment'
CISOs Prep For COVID-19 Exposure Notification in the Workplace
From Triton to Stuxnet: Preparing for OT Incident Response
How the Pandemic is Reshaping the Bug Bounty Landscape
305 CVEs and Counting: Bug-Hunting Stories From a Security Engineer
COVID-Related Threats, PowerShell Attacks Lead Malware Surge
80% of Global Enterprises Report Firmware Cyberattacks
Employee Lockdown Stress May Spark Cybersecurity Risk
Cybersecurity Bug-Hunting Sparks Enterprise Confidence
TrickBot Takes Over, After Cops Kneecap Emotet
Podcast: Microsoft Exchange Server Attack Onslaught Continues
Podcast: Ransomware Attacks Exploded in Q4 2020
Chinese Hackers Hijacked NSA-Linked Hacking Tool: Report
Emotet's Takedown: Have We Seen the Last of the Malware?
A Look Ahead at 2021: SolarWinds Fallout and Shifting CISO Budgets
Simplifying Proactive Defense With Threat Playbooks
Cyber Monday is Every Monday: Securing the 'New Normal'
National Surveillance Camera Rollout Roils Privacy Activists
Malware Gangs Partner Up in Double-Punch Security Threat
How Email Attacks are Evolving in 2021
Patrick Wardle on Hackers Leveraging 'Powerful' iOS Bugs in High-Level Attacks
Ransomware and IP Theft: Top COVID-19 Healthcare Security Scares
Experts Weigh in on E-Commerce Security Amid Snowballing Threats
Cybercriminals Step Up Their Game Ahead of U.S. Elections
A Cyber 'Vigilante' is Sabotaging Emotet's Return
2020 Cybersecurity Trends to Watch
Top Mobile Security Stories of 2019
Facebook Security Debacles: 2019 Year in Review
Biggest Malware Threats of 2019
Top 2018 Security and Privacy Stories
2019: The Year Ahead in Cybersecurity
2018: A Banner Year for Breaches
Pandemic Drives Greater Need for Endpoint Security
High-Level Admin of FIN7 Cybercrime Group Sentenced ...
Security Gaps in IoT Access Control Threaten ...
How the Biden Administration Can Make Digital ...
Software Developer Arrested in Computer Sabotage Case
Google Brings 37 Security Fixes to Chrome 90
US Formally Attributes SolarWinds Attack to Russian ...
Pandemic Pushes Bot Operators to Redirect Efforts
6 Tips for Managing Operational Risk in a Downturn
How to Create an Incident Response Plan From the ...
Nation-State Attacks Force a New Paradigm: Patching ...
Malicious PowerShell Use, Attacks on Office 365 ...
404 - Page Not Found: An unexpected error has occurred
CISA Urges Caution for Security Researchers ...
FBI Operation Remotely Removes Web Shells From ...
Bolstering Our Nation's Defenses Against ...
Dependency Problems Increase for Open Source Components
DNS Vulnerabilities Expose Millions of ...
Dark Reading | Security | Protect The Business
NSA: Top 5 vulnerabilities actively abused by Russian govt hackers
NSA: Top 5 vulnerabilities actively abused by Russian govt hackers
Windows Terminal released with new settings UI and more
Celsius email system breach leads to phishing attack on customers
Celsius email system breach leads to phishing attack on customers
US government confirms Russian SVR behind the SolarWinds hack
US government confirms Russian SVR behind the SolarWinds hack
Major BGP leak disrupts thousands of networks globally
Major BGP leak disrupts thousands of networks globally
The Week in Ransomware - April 16th 2021 - The Houston Rockets
The Week in Ransomware - April 16th 2021 - The Houston Rockets
Microsoft Edge's update server is down - shows error code 7
Mandatory Windows 10 update causing DNS and shared folder issues
Instagram Android app is crashing for some, here's what to do
Popular Codecov code coverage tool hacked to steal dev credentials
Popular Codecov code coverage tool hacked to steal dev credentials
Amex cards removed from Google Pay due to expired certificate
HackBoss malware poses as hacker tools on Telegram to steal digital coins
HackBoss malware poses as hacker tools on Telegram to steal digital coins
Mozilla drops Firefox support on Amazon Fire TV
Mozilla drops Firefox support on Amazon Fire TV
Popular NFT marketplace Rarible targeted by scammers and malware
Microsoft Edge's new Kids Mode is now rolling out to everyone
Google Chrome 90 released with HTTPS as the default protocol
Microsoft moves Windows 10 21H1 to the Release preview channel
SAP fixes critical bugs in Business Client, Commerce, and NetWeaver
SAP fixes critical bugs in Business Client, Commerce, and NetWeaver
Second Google Chrome zero-day exploit dropped on twitter this week
Second Google Chrome zero-day exploit dropped on twitter this week
US Indicts SecondEye Operators
Keyfactor to Merge with PrimeKey
Mass Monitoring of Remote Workers Drives Shadow IT Risk
Google to Delay Publishing Vulnerability Details for 30 Days
Suspected Trickbot Actors Target Slack and BaseCamp Users
US Imprisons “Sadistic” Sextortionist
Ransomware: To Pay or Not to Pay?
Sanctions Escalate US–Russia Tensions
Making a Success of Your MSSP Journey
Securing Remote Employee Devices with Unified Endpoint Management
Security Certification: Gain Competitive Advantage as the Low Risk Option
The Vulnerability Landscape: Security Trends from 2020
Pharma Drama: Interactive Crisis Simulation of an Insider Threat
Security Mythbusting: Dismantling the Top Five API Myths
SOC for the Future: Transforming Security Operations' Speed and Stamina for Recovery
Securing the #COVID19 Vaccine & Supply Chain
Avoiding Fallout from the Ransomware Epidemic
Mitigating Ransomware Attacks in 2021
PKI in Today's Cybersecurity Landscape: What, Why and How
Staying Secure During Rapid Transformation: The Importance of DevSecOps
Uni of Hertfordshire Suffers Cyber-Attack That Takes Down its Entire IT Network
How to Secure Data in Your Organization
Zero Trust in 2021: How to Seamlessly Protect Your Remote and In-Office Users
Extended Threat Detection and Response: Critical Steps and a Critical System
Arrest Made Over California City Data Breach
European Data Protection Tsars Approve EU-UK Data Flows
Man Gets 10 Years for Multimillion-Dollar Medicare Fraud Scheme
Global Attacker Dwell Time Drops to Just 24 Days
CISOs Must Focus on People and Technologies Amid Rising Attacks
New Jersey School Districts Investigate Cyber-Attacks
Aviation Industry Lacks Cohesive Cybersecurity Approach
Will the CodeCov breach become the next big software supply chain hack?
Google won’t reveal technical details on patches for 30 days
Cyber nonprofits ask billionaire philanthropists to show them some love
Hack The Box to expand in America, add functions to 'hacking experiences'
What to do when a bug bounty request sounds more like extortion
Should NSA monitor your networks? Director Nakasone says no
Cybersecurity’s reputation rose in the pandemic’s first months
Health care organizations funnel dollars into security amid pandemic
Businesses shift resources to address risks tied to disgruntled employees
Listen: ORPEA Group's Mauro Israel on putting in the work
Listen: Children's Minnesota's Paul Hypki on reducing risk
Jason Witty: ‘We have to adapt to new ways of thinking’
Why enterprises are increasing cybersecurity budgets for 2021
Build and maintain a security culture, up, across, and down the organization
Public utilities in the U.S. need to lock down critical infrastructure facilities
Cyberspace: An endless highway without a patrol
Remember GDPR? Expect another set of cyber regulations around vulnerabilities
US takes sweeping action against Russia for years of hacking
DoJ's Microsoft Exchange mitigation brings results, few nagging worries
Led by cloud, cyber funding dollars flowed like water in 2020
No more snack attacks: Mondelez rolls out new security training program
'Digital exhaust' may be the solution for tracking consumer IoT devices
Reddit takes bug bounty program public
Google Project Zero Cuts Bug Disclosure Timeline to a 30-Day Grace Period
Facebook faces mass legal action over data leak
Security Bug Allows Attackers to Brick Kubernetes Clusters
US government strikes back at Kremlin for SolarWinds hack campaign
Ubuntu Security Notice USN-4917-1
GetSimple CMS My SMTP Contact 1.1.1 CSRF / Remote Code Execution
Ubuntu Security Notice USN-4916-1
glFTPd 2.11a Denial Of Service
Ubuntu Security Notice USN-4915-1
Linux/x86 execve(/bin/sh) Shellcode
Linux/x64 execve(/bin/sh) Shellcode
Nagios XI Remote Code Execution
Backdoor.Win32.Zombam.h Buffer Overflow
Red Hat Security Advisory 2021-1213-01
Red Hat Security Advisory 2021-1214-01
Red Hat Security Advisory 2021-1206-01
Ubuntu Security Notice USN-4913-1
Red Hat Security Advisory 2021-1202-01
Red Hat Security Advisory 2021-1203-01
Ubuntu Security Notice USN-4914-1
Red Hat Security Advisory 2021-1201-01
Red Hat Security Advisory 2021-1200-01
Red Hat Security Advisory 2021-1199-01
htmly 2.8.0 Cross Site Scripting
Horde Groupware Webmail 5.2.22 Cross Site Scripting
Tileserver-gl 3.0.0 Cross Site Scripting
Swinburne University confirms over 5,000 individuals affected in data breach
US imposes sanctions on Russia over cyber-attacks
Meet the Ransomware Gang Behind One of the Biggest Supply Chain Hacks Ever
Google releases Chrome 90 with HTTPS by default and security fixes
Is it still possible to run malware in a browser using JavaScript and Rowhammer? Yes, yes it is (slowly) • The Register
FBI deletes web shells from hundreds of compromised Microsoft Exchange servers before alerting admins • The Register
Facebook will not notify more than 530m users exposed in 2019 breach | Facebook
Reddit takes bug bounty program public
100,000 Google Sites Used to Install SolarMarker RAT
Rungutan — How to load test APIs using Client Certificates | by Marius Mitrofan | Rungutan | Apr, 2021 | Medium
What to Stream This Weekend. This weekend is all about teen… | by PCMag | PC Magazine | Apr, 2021 | Medium
The Many Faces of Malware: A Tour of Real-World Samples | by PCMag | PC Magazine | Apr, 2021 | Medium
Adobe Report: Emoji Done Right Can Change the World for the Better | by PCMag | PC Magazine | Apr, 2021 | Medium
Security Built on a Foundation of Trust | by Intel Author | Intel Tech | Apr, 2021 | Medium
The Many Faces of Malware: A Tour of Real-World Samples | by PCMag | PC Magazine | Apr, 2021 | Medium
Ethereum Foundation announces Berlin Hardfork | by Lukas Wiesflecker | Coinmonks | Mar, 2021 | Medium
React Authentication: How to Store JWT in a Cookie | by Ryan Chenkie | Medium
Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies | by Alex Birsan | Medium
How Russia Used SolarWinds To Hack Microsoft, Intel, Pentagon, Other Networks : NPR
Online Scams And Dangers Your Age Group Is Prone To - YouTube
Friday Squid Blogging: Blobs of Squid Eggs Found Near Norway - Schneier on Security
Detailed Audit of Voatz' Voting App Confirms Security Flaws
Cybersecurity Experts to Follow on Twitter - Schneier on Security
NSA Discloses Vulnerabilities in Microsoft Exchange - Schneier on Security
Why your favorite rapper is FAKE and BROKE. - YouTube
COVID-19 Cyber Attacks - WebARX Security
An introduction to making security pins and challenge locks - YouTube
Speakeasy JS – Reverse-engineering Notion's API (Travis Fischer) - YouTube
Meet the Ransomware Gang Behind One of the Biggest Supply Chain Hacks Ever
Abus XP10 and an answer to the most commonly asked question tattoo artists get! - YouTube
Account protections - A Google Perspective
Giveaway Winner and Speedlocks Tournament Update! - YouTube
Hacked Exchange Server Hosts Monero Miner Targeting Other Exchange Servers
ROBUR Safe Deposit Lock picked and gutted. - YouTube
Google rolls out Chrome 90, which defaults to HTTPS instead of HTTP | Engadget
[12] Speed Picking Challenge #SpeedSloth - YouTube
The Mechanics of The APT Attack on Microsoft Exchange, Now Available for Validation
Learn Wireshark in 10 minutes Part 4 Wireshark Tutorial(Decrypt TLS Traffic) - YouTube
Mitigating CVE-2021-20291: DoS affecting CRI-O and Podman
Web Application Penetration Testing: Steps, Methods, and Tools
American Lock 700 series padlock picked and gutted - YouTube
DLL Injection (and more!) via Application Shimming (Persistence & Defence Evasion) - YouTube
Backdoored developer tool that stole credentials escaped notice for 3 months | Ars Technica
Account protections - A Google Perspective
#speedsloth / Switching to glide - YouTube
Allow arbitrary URLs, expect arbitrary code execution | Positive Security
Maslow's Pyramid (The True Story)◢◣Plus A Better Dynamic Hierarchy of Needs - YouTube
Google exploring using location info to slow coronavirus spread
DNI’s Annual Threat Assessment - Schneier on Security
The U.S. wants smartphone location data to fight coronavirus. Privacy advocates are worried.
virusbtn: The call for papers for VB2021 localhost - VB's 2nd carbon neutral, budget neutral conference - is open until 21 April and we want to hear from you! We believe it's a great opportunity for you to share your research with security experts around the globe https://t.co/KY30gRzRwS https://t.co/DKLOXXrlz5
virusbtn: Avast's Romana Tesařová analyses HackBoss, a cryptocurrency-stealing malware distributed through Telegram https://t.co/lktd9O3wzT https://t.co/pVeUR8Rw9D
virusbtn: Sophos researcher @threatresearch looks at recent tricks used by BazarLoader. https://t.co/9ZwY5AGut5 https://t.co/2Pw0vDI1Kw
virusbtn: Bromium's Patrick Schläpfer writes about the Purple Fox exploit kit and its quick adoption of the CVE-2021-26411 exploit https://t.co/EbZDNqNbyV https://t.co/s1CfqpL9KJ
virusbtn: CISA and the Department of Defense Cyber National Mission Force (CNMF) have analysed additional SolarWinds-related malware variants. https://t.co/jjJanAuwv6
MITREattack: Help? This work is only valuable if they can get good visibility into what real defenders are seeing, so they need your contributions to make this reporting possible. https://t.co/IZDdtbi2qH
MITREattack: The last 2 years we've been running a pilot to collect "sightings" of ATT&CK techniques, hoping to better understand adversary in-the-wild behavior. We’re now one step closer as @MITREengenuity Center for Threat-Informed Defense takes that work on. https://t.co/AYGQuumzVi https://t.co/7xUrkY13vj
MITREattack: @commandline_be We release on a biannual schedule. Our last major release was in October, I'd suggest taking another look after our next release in 13 days.
MITREattack: @badtakeblake @voodoodahl1 Do you have a suggestion for a Tactic on that one?
TalosSecurity: We've followed #LodaRAT for a few years now. And in this week's episode of Talos Takes, we track its development into a full-blown trojan that targets Android devices across the world. Listen now in your favorite podcatcher or over on our podcasts page https://t.co/AH3SVx4hfZ https://t.co/29OB0pDcWb
TalosSecurity: The Threat Source newsletter has everything from #Microsoft #PatchTuesday, to #Android malware reverse-engineering and so much more. Check out this week's edition https://t.co/BAMQv5y3Sm https://t.co/FnHY8iCcgV
TalosSecurity: The #NSA today disclosed 5 vulnerabilities Russian Foreign Intelligence Services (SVR) is exploiting. Here's a breakdown of these exploits and a list of #Snort rules that can keep you protected. Anyone using one of these affected products should patch asap https://t.co/mfrOhpp11Q https://t.co/M27oj1dRQD
TalosSecurity: You don't want to miss our free webinar series on #Snort3. Sign up for the first session today and find out how to make your upgrade to Snort 3 as smooth as possible and use it to make your network more secure https://t.co/5nkzuU7gqn https://t.co/V2HCTBISnc
MBThreatIntel: Tech support scam #browlock targeting 🇯🇵. Source: adult malvertising jpfftapr[.]fun/150421jp-8554 Phone: 050[-]5534[-]8554 https://t.co/51Yy8hhcHl
MBThreatIntel: @NeePscambaiting yes, macros FTW
MBThreatIntel: Malspam pushing PPT exploits is not as common, but here's one. 565a8a815f2a794eadc0f0d27ebb729ee6f7c94dbdf706bf6615220944468e26 https://t.co/SCZGKWFQtt
MBThreatIntel: #SpelevoEK dropping #Zloader. Payload: f049bc2e1d492fd242d906e01612d4fda6de1272685d1ca4aabc37d742fa9588 C2s: yuidskadjna[.]com odjdnhsaj[.]com https://t.co/mmi59jXcsN
MBThreatIntel: ℹ️ Report from CISA on #SUNSHUTTLE is out. ➡️ Detections already in @Malwarebytes https://t.co/6fr9GMSGZn https://t.co/OtwnNYefqn
anyrun_app: TOP10 last week's threats by uploads ⬆️ #NjRAT 504 (315) ⬆️ #FormBook 187 (161) ⬆️ #NanoCore 101 (97) ⬆️ #AgentTesla 101 (69) ⬇️ #AsyncRAT 83 (113) ⬆️ #DCrat 79 (78) ⬆️ #Orcus 72 (69) ⬇️ #Remcos 65 (72) ⬇️ #Emotet 50 (85) ⬇️ #Quasar 49 (53) https://t.co/98nRpXOxWw
abuse_ch: Could someone please spot the fire hydrants? #failed 🤦♂️ https://t.co/WXoiJSzXoS
QuoIntelligence: This Weekly focuses on #Microsoft's April #PatchTuesday Tuesday and Israel's reported #cyberattack on Iran's nuclear facility. Read more: https://t.co/hRcOsbscvF
QuoIntelligence: We created a handy overview explaining the #facebook #dataleak on a timeline and looking at potential future implications. How does your organization prevent #brandabuse? Find more details on our blog! https://t.co/II4cSc679y
JAMESWT_MHT: @malwrhunterteam @VK_Intel @bryceabdo Mentioned #CobaltStrike Sample https://t.co/zGV6fjnNRr
cyb3rops: @lordx64 you could e.g. answer, "we've seen much more intrusions in 2017 in which they've used CobaltStrike than intrusions in which Mimikatz was used" Would this be the final truth? I guess someone else would have a yet another view and opinion.
cyb3rops: @lordx64 It is always a subjective view, isn't it? It always depends on what you see. Otherwise we would need flawless statistics, which we cannot get. Next time, I'll try to add "from what I see" to the beginning of the tweet, if there are still chars left.
cyb3rops: @lordx64 I think, Twitter is somehow overloaded this morning. I also had problems with other tweets.
cyb3rops: @frennkie @campuscodi @_fel1x I'm concerned about credentials or keys that could have been stolen from the environments, e.g. Access to FTP servers, GitHub API keys or Auth tokens, etc.
cyb3rops: @lordx64 "dominating" ☝️ not "used since"
inj3ct0r: #0daytoday #TikTok reset account password #Exploit #0day https://t.co/rxSN3eMMOb TOR link: https://t.co/qhVhSo1Ocn
inj3ct0r: #0daytoday #Linux/x64 - execve(/bin/sh) #Shellcode (21 bytes) (2) https://t.co/EeyCVKGWm8
inj3ct0r: #0daytoday #Linux/x86 - execve(/bin/sh) #Shellcode (17 bytes) https://t.co/TffEdVM5d5
inj3ct0r: #0daytoday #GetSimple CMS My SMTP Contact Plugin 1.1.1 - #CSRF to Remote Code Execution #Exploit #RCE https://t.co/UT7KlL1qbG
inj3ct0r: #0daytoday #Nagios XI 5.8.0 Remote Code Execution #Exploit #RCE #CVE-2020-35578 https://t.co/xFUwWrNhBz
malwrhunterteam: What a long list, right? 😂 Anyway, not remember seeing .NET ransomware using rstrtmgr before... @demonslay335 https://t.co/ocYUfU9ue4
malwrhunterteam: WTF? 😂 cc @DanielGallagher @zseano https://t.co/sRvkXKOYSR
blackorbird: 🥲APT29 - SolarWinds https://t.co/KB5u83k3kb https://t.co/KiBZfJqMlv https://t.co/bIxwM5UGQc
blackorbird: @vxunderground oh,thanks bro
blackorbird: A Cyber operation against Russia 1.Use Sberbank of Russia for a bait. 2.Use information about famous Russian athletes to obfuscate. 3.Stop attacking when the victim is in Ukraine. ref: https://t.co/8uNcbo4ToS translate: https://t.co/PqwMN8OJgS https://t.co/eVdsft7pKG
blackorbird: 2021 APT&CyberCrime Trends https://t.co/9ILapTebxx ref: https://t.co/PSNoNeRiBI https://t.co/YeglrBchIa
blackorbird: #Bitter #APT Desktop Window Manager 0day CVE-2021-28310 https://t.co/nP8JlhuTLX https://t.co/0aNaQTPhvS
malware_traffic: 2021-04-16 (Friday) - #TA551 (#Shathak) German-template Word docs again today, and I finally have a #pcap of infection traffic, some malware samples, and IOCs to share - Info available at: https://t.co/JCZ08bJeLy https://t.co/UtfaqtncFk
malware_traffic: 2021-04-16 (Friday) - #BazaLoader (#BazarLoader) from #BazaCall (#BazarCall) callcenter #malspam - 10 email examples, #pcap from an infection, the associated malware and some IOCs available at: https://t.co/YDqOEuyrW4 https://t.co/q24UHHThfG
malware_traffic: @JRoosen @rotarydrone Yes, Valak is a different malware family. #TA551 used it for a few months in 2020, where it often sent #IcedID as follow-up malware. https://t.co/o5yYRsCq3N
malware_traffic: Of note, there's TCP traffic to 185.92.73[.]147 port 8080 that started almost 50 minutes after the initial infection. It continued several hours throughout the infection run using different TCP streams, all to the same IP address.
malware_traffic: Per @netresec's request, I've sanitized and posted traffic related to the #IcedID (#Bokbot) infection I originally posted about through @Unit42_Intel on Monday 2021-04-12 - Two #pcap files from the infection are available at: https://t.co/i6Rdu9r7ye https://t.co/eNuspjrO8A
James_inthe_box: @KorbenD_Intel @JAMESWT_MHT @malwrhunterteam @Arkbird_SOLG @Bank_Security Betting #remcos ;)
James_inthe_box: @beethzydyaz #RealThinClient c2: http://MDKNOVOESMTUVMDQVMJAYMQ[.]DDNSKING[.]COM/$rdgate https://t.co/xLTT0WA9te
James_inthe_box: @GossiTheDog Where to?
pmelson: @NerdPyle https://t.co/hoGPU0K8Bw
pmelson: @NerdPyle Wood you beleaf that this is my first plant pun battle? https://t.co/7ZQbdFNqVk
pmelson: @r0wdy_ https://t.co/6UtisFvzVd
pmelson: @AffableKraut I guess I didn’t realize there were different server ports for the different engine versions? I thought all of the engines (so also Q3 and games like Wolfenstein, JK2/JA) all had the same server port number.
demonslay335: In-dev #wiper pretending to be #ransomware with extension ".id-1E192D2A.[xmmh@tutanota.com].combo13" - if it worked, it would just overwrite files with Random.NextBytes(), so #donotpay. Sample: https://t.co/28SAIhmRih https://t.co/srCOFclTM3
demonslay335: @VessOnSecurity Well that's even dumber, lol. I must just be using/assuming it wrong then... just noticed the Hex View that I've ignored up til now lol. 😅
demonslay335: @unjovengranaino IDA (Free/Pro) + x64dbg are my tools of choice for native disassembly. dnSpy if it is .NET. And other misc small tools depending on what I'm after (e.g. I use my CryptoTester _extensively_).
demonslay335: @VessOnSecurity So it would try to link it to a memory address of 0xD0? The "h" suffix (which is also dumb IMO...) isn't good enough?
hackerfantastic: Crypto isn't only thing go moon, UFO sightings doubled over the last year, new US Navy footage leaks to investigative journalists ahead of US disclosure report in 12 weeks time https://t.co/gdg352uMQP
hackerfantastic: @mkolsek beats living like I'm Amish.... ;)
hackerfantastic: @ryanaraine nice, those SS7 firewalls might not be such a wise purchase anymore then? >:)
Cyb3rWard0g: @LeahLease Aww thank you @LeahLease ! She is a beautiful and very sweet girl! 😍 https://t.co/jgcUNNrz4U
Cyb3rWard0g: @ScoubiMtl She is a baby great dane 😊 #dogdad https://t.co/HqfucktnTE
Cyb3rWard0g: The real @Cyb3rWard0g 🐶😂😍 Getting ready for the weekend! #dogdad https://t.co/17R5xcTP31
Cyb3rWard0g: @sixdub Welcome to the #MSTIC Family! 🍻🍻 Looking forward to collaborating with you Justin! 🎉🎉
VK_Intel: ⭐️ Watch for 2 more novel techniques:🛡️ 1⃣Hunting for a local IT admin with access to EDR software and extracting administrator credentials for EDR from a popular KeePass pwd manager via KeeThief.ps1 2⃣Deploying portable Notepad++ version to run PowerShell scripts on the host https://t.co/cR7snmDjyi
VK_Intel: [Emerging Blog] 🔥🆕Adversary Dossier: #Ryuk #Ransomware Anatomy of Attack in 2021 #DFIR 🔑: 1⃣Victim Value I. Network Recon Stage II. 'ZoomInfo' & Revenue Lookup 2⃣ #CobaltStrike as Golden Standard 3⃣Roadblocks: Endpoint Detection Response Bypass ↘️ https://t.co/iJhmGBPhop https://t.co/m6Md64o5n6
VK_Intel: 📌Upcoming Blog: 🔒#Ryuk #Ransomware Anatomy of The Attack 2021 EDITION 👹- tomorrow via https://t.co/p3c6AQP9Mo Nnewer and existing Tactics, Techniques and Procedures (TTPs) of the Ryuk ransomware that Advintel has witnessed throughout their investigations. https://t.co/cSoY42BFsc
securitydoggo: Anyone see and can talk about post exploitation activity with the #codecov fun? Trying to find something to spring off of, beyond the C2 IP. #infosec
DrunkBinary: @hacks4pancakes @chrissistrunk Those whisky's can't offer you the same variety. https://t.co/4MsO3wIz0h
Arkbird_SOLG: @c3rb3ru5d3d53c Yep GoldMax implant (Microsoft name)👍 https://t.co/05MoIVJHaw
Arkbird_SOLG: @KorbenD_Intel @James_inthe_box @JAMESWT_MHT @malwrhunterteam @Bank_Security Random loader based on Powersploit + random payloads looks like Aggah https://t.co/5PkJkmusys
Arkbird_SOLG: @CORE561 Yep, I do it too, unfortunately, there is too much work for so little time available, I do as best for cover all the aspects
Arkbird_SOLG: @CORE561 Congrats😉, have fun now !
Arkbird_SOLG: @SBousseaden Yep, possible, have the timestamp removed and the only date is from the maldoc that recently created ( 2021-04-01). Unable to be able to decide if it was an old sample of Maildrop, I used the conditional, thanks for the information. https://t.co/YoTy1MCcr2 https://t.co/3NoU6pkBzC
KorbenD_Intel: @James_inthe_box @JAMESWT_MHT @malwrhunterteam @Arkbird_SOLG @Bank_Security You get one guess what "Server.jpg" is 😀 https://t.co/oyyY9xoi4H
KorbenD_Intel: @securitydoggo welcome back!
KorbenD_Intel: Active Cobalt Strike servers: shopdsld-invoce[.]com,/ky.js 185.25.51[.]10 fastpighostmerch[.]com,/html 213.252.247[.]132 fastpic-domain[.]com,/logo.js 185.25.51[.]67,/na.js https://t.co/ndFnHQsJuq
KorbenD_Intel: @MsftSecIntel @msftsecresponse @msftsecurity @WindowsUpdate this link is broken https://t.co/w2FQDzywOj
ShadowChasing1: Another One: ITW:0b335fdb06d8f8dc6e19f13cb2801b38 filename:Call-for-Proposal-DGSP-COAS-Chair-Excellance. zip C2: hxxps://iiieyehealth.com/fonts/times/files/Call-for-Proposal-DGSP-COAS-Chair-Excellance/css hxxps://iiieyehealth.com/fonts/times/files/css/ hxxp://161.97.142.96/htt_p https://t.co/jgFcZb6GV4 https://t.co/cOWtVeG1RU
ShadowChasing1: #Gamaredon #APT group? ITW:17d8bf5d25178a331f5eaf5c4714047c filename:dkr.rar
ShadowChasing1: Same C2 but it is older ITW:8f7c5c3532c000c99c28dc55b8a93565 filename:armamento 001.doc https://t.co/hplM8f1TjN
ShadowChasing1: thanks @SBousseaden @fr0s7_
ItsReallyNick: ICYMI: #FIN7's sys admin sentenced to 10 years https://t.co/Pf7XpV4Mwl Updated 💰 impact: "U.S. prosecutors said in their sentencing memorandum for Hladyr that a “conservative estimate” of the losses caused by the group is between $3 billion to $5.7 billion." ...Hladyr sk8r!
ItsReallyNick: @sixdub 🥳 Thrilled to finally work together with you. Let’s get after it!!
ItsReallyNick: @GossiTheDog I’ll miss your pace & passion. Unfortunate we didn’t collab more but I’ll just ... DM here like always? Keep sharing activity & analysis as you see it 🍻
cyberwar_15: #북한 #탈륨 #Northkorea #Thallium #Cyberwar 0821884168a644f3c27176a52763acc9 6a614ca002c5b3a4d7023faffc0546e1 d7b717134358bbeefc5796b5912369f0 bce51419fae8acbeff3149ca53f8baad 49a04c85555b35f998b1787b325526e6 https://t.co/1GPPeuXPdd
DeadlyLynn: @ShadowChasing1 https://t.co/i0PmOHZOYr
58_158_177_102: @reservoir むしろ王道がよい?
58_158_177_102: @reservoir いたってオーソドックス
58_158_177_102: @reservoir 品切れ続出のときの最終選択肢
58_158_177_102: 西の海に戻ってきた。まあまあ歩いたし、高低差ある道のりだった https://t.co/haxAFL4lFP
issuemakerslab: North Korea's RGB-D5 launched a spear-phishing attack on a professor of Dankook University.
issuemakerslab: North Korea's RGB-D5 launched spear-phishing attacks on professors at Kyungnam University. https://t.co/7maYcmycAZ
issuemakerslab: North Korea's RGB-D5 launched spear-phishing attacks on professors at Chinju National University of Education. https://t.co/SJR9acfUPt
issuemakerslab: North Korea's RGB-D5 launched spear-phishing attacks on professors at Seoul National University. https://t.co/n7uoB1NmfF
IntezerLabs: Not all applications are born cloud-native. Secure your cloud non-native workloads with a runtime CWPP https://t.co/mYrgH38yzV https://t.co/ePDFsCHQUH
IntezerLabs: Containers are subject to attacks from Doki and Kaiji. Learn about the different ways containers can be hacked and your best defense against each https://t.co/RTyARymVAT https://t.co/SfXLFfaCnO
IntezerLabs: Learn how you can streamline the investigation of any malware-related incident using a next generation malware analysis platform
aboutsecurity: Finally: attacks are never fully automated, end to end. Your defense can't be **only** evaluated in a fully automated way either. Emulation tools are great but don't forget there's always a "human in the loop". (end of thread) #FridayThoughts #BlueTeam #SecOps #ThinkRedActBlue
aboutsecurity: ... do I have the ability to react appropriately to reduce exposure? In summary: efficacy is not binary, is not blocked vs non-blocked, detected vs not detected. Efficacy must be measured as a set of distinct but complementary capabilities, with a range of possible outcomes ⬇️
aboutsecurity: As you emulate these behaviors, evaluate how the tools support your efficacy goals: can I block high fidelity events? can I get analytical detections with enough context & enrichment? do I get the telemetry needed for investigations & threat hunting? ⬇️
aboutsecurity: Next step is creating your emulation plan based on the selected TTPs. @MITREattack has released some that you can use as a reference i.e. APT3 https://t.co/yWJsUOYum7 and APT29 https://t.co/2V3M3SQ8hJ. Tools like Caldera are great to emulate these https://t.co/27O8VGbqQy ⬇️
kyleehmke: Possible UNC1878 greattxmsng-imgx[.]com was registered through OpenProvider on 3/24 and is hosted at BAcloud IP 185.25.51[.]55. Per @censysio, an SSL certificate was created for the domain on 4/13. In @ThreatConnect: https://t.co/QbDy5oyEjc https://t.co/zR2W25dqSo
kyleehmke: Suspicious domain msedgecloud[.]net was registered through Njalla on 4/12. The domain itself isn't hosted, but subdomain telemetry[.]msedgecloud[.]net resolves to 176.97.65[.]130 and 185.87.148[.]81. https://t.co/C7oS6gIEUo
kyleehmke: Per @PassiveTotal, the name server subdomains for defenderlive[.]com resolved to 185.243.112[.]120. https://t.co/Rq24nMwrr9
kyleehmke: Suspicious domain defenderlive[.]com was registered through MonoVM on 4/11 using scottescobedo@protonmail[.]com. Switched to its own NS and not currently resolving, but worth keeping an eye out for. H/t @DomainTools for the WHOIS. https://t.co/NiaeCLd0cY
Hexacorn: @HackingLZ I vehemently disagree with the notion attackers can code. bet these 'private' malware families is nothing but public stuff modded with Resource Hacker or edlin
Hexacorn: @bohops hah been using it in the past a lot to copy tables from web sites (prior to Chrome/FF and plug-ins)
Hexacorn: @cyb3rops could that be a part of deployment readiness protocol?
Hexacorn: @arekfurt @MalwareTechBlog c'mon, that's the type of yeeting tasks that interns are hired for
Hexacorn: @0gtweet cute + Palme d'Or for the zoom in at the end https://t.co/FP6JGZ8H7o
JCyberSec_: @ActorExpose @Bobby_Presto @emailrepio @iHeartMalware @Spam404 @PhishKitTracker Yeah we are seeing an increase in US state government sites popping up in the last few weeks. Very worrying indeed!
JCyberSec_: @Unix_Guru Do it! For the name of science! https://t.co/aysUjgm75k
JCyberSec_: @Unix_Guru You can eat them! 🌺 Straight from the tree if you're feeling brave! They have a slight ginger taste but ultimately, they taste how you would imagine a flower would taste. https://t.co/f15oq2TdJF
JCyberSec_: @InfoSec_Paul_M @sysgoblin @SteveD3 @nullcookies @illegalFawn Great write up, thanks for sharing. Always learning something new!! 👍
JCyberSec_: @BushidoToken Being slightly pedantic I'd state the lure document is Air Marshall and the site is impersonating Adobe
nullcookies: I also remember being able to proofread tweets long ago.
nullcookies: BE STRONG AND CRUSH YOUR ENEMIES https://t.co/6gPxgsghvp
nullcookies: Oldcookies, yelling at his neighbors whilst smoking a corncob pipe: “I remember when the intent was a series of tubes. Bring back the coal-powered internet and get off my lawn.” https://t.co/C3E8VgBeqt
campuscodi: Codecademy launched yesterday a cybersecurity course https://t.co/xaWdDMvYxp https://t.co/kb4zfCEH3t
campuscodi: Mirai code re-use in Gafgyt https://t.co/lezY25c9SQ https://t.co/F6O7fCvJ9x
SBousseaden: apparently not a recent one https://t.co/2eofar7sbD
SBousseaden: likely APT34 related: doc -> task -> exchange.vbs -> powershell -> load .NET EWS backdoor (uses https://t.co/n1ln6XH7I0.WebServices.dll for mail-C2) mailsrv: https://t.co/29791gEJNU. gov .lb (compromised) send/rcv cmd from masters.michelle@protonmail.com https://t.co/Sp5JvPRE2R https://t.co/gTK85QMHK1
SBousseaden: https://t.co/tonf9nA6kA
SBousseaden: winword- > vbe -> certreq.exe (download lolbin) -> msiexec -> python.exe (renamed) _ bunch of bas64 encoded script-> python backdoor + infostealer (persist via scheduled task) https://t.co/MOXsykWRVP https://t.co/5k0oMoEhjZ
SBousseaden: @r0wdy_ @Ledtech3 4702 is well detailed but to figure out what changed exactly (trigger, status, time etc.) the action registry if changed its quite suspicious.
424f424f: PowerShell is dead... long live PowerShell! Are we just detecting more today because we're finally/hopefully looking at those PowerShell logs? Why the increase when the PowerShell threat surface "should" be reduced by now? https://t.co/e0J1SmHyQJ
424f424f: @SadProcessor Yeah, sometimes not so user friendly lol Arooo! <3
424f424f: @sixdub Congrats! See you on the battlefield 😉
lazyactivist192: @d0xygen @executemalware Most of those were from Choopa, with some Bacloud spattered in.
lazyactivist192: @d0xygen @executemalware I grabbed blocks of ips and scanned them.
lazyactivist192: @chrisculling @mikecherry @NicoleBeckwith @bryanmcaninch @mojo_sec @Neogenxz @vagab0ndsec @DougOfBorg @GyledC @4n6woman @CrunkComputing @InnocentOrg @RNS @bobsmietana @absolutez3 @JohnnyCiocca Thanks 🙂
lazyactivist192: Definitely CS, was able to pull beacon the other day from it https://t.co/gF6Lfxry5s https://t.co/SGSyigV5pB
cyber__sloth: @markus_neis @ochsenmeier @James_inthe_box @shotgunner101 @securitydoggo @Circuitous__ That's a cool pivot @markus_neis 👌🏽
cyber__sloth: An email sent to few employees of https://t.co/g2DIhGljgQ with weird subject and #LNK file. Downloads a PDF and EXE from 8.142.58[.]112. Couldn't grab the payload :( Hash: 3bf627b9b240f4872323840ff4423cdb @James_inthe_box @markus_neis @shotgunner101 @securitydoggo https://t.co/VS51ogbxpD
cyber__sloth: More samples: c623eb88eb0b6c6c9ff0346ab578dc43
cyber__sloth: Probably from a researcher or security team in Vietnam. Hash : ed1bf2c48dfa06fd50ff2e363880cf0b : Tai lieu hoc tap.docx.lnk Pulling Files from GitHub https://t.co/o3Z4kQNmJq @Rmy_Reserve @blackorbird @cyb3rops @trungduc751995 @Arkbird_SOLG https://t.co/Hyp2LIksWN
FewAtoms: #malware #opendir #infosecurity #threathunting #cybersecurity hxxp://18.140.72.12/wind/ https://t.co/zTh7kwnW2H https://t.co/Itmmkv8SiG
FewAtoms: #malware #cybersecurity #opendir #infosecurity #threathunting hxxp://23.95.122.25/hd/ hxxp://23.95.122.25/hdf/ hxxp://23.95.122.25/..-.-................-.....-------------/..................................................................dot https://t.co/nSkz8rHJkT
FewAtoms: #malware #threathunting #cybersecurity #opendir #infosecurity hxxp://45.77.9.151/ @bl4ckh0l3z at your request https://t.co/mMu2R2iaU6
FewAtoms: @bl4ckh0l3z @abuse_ch @James_inthe_box @JAMESWT_MHT Wait few mins
reecdeep: #AgentTesla #Malware from #Malspam "telephone conversation" MD5: A0494AF086A80AABB398034D4438AD12 🔥 pauline.nguimfack@electro-plomb.ml markmoon212@gmail.com mail.[electro-plomb[.ml #infosec #CyberSecurity #DFIR #cybercrime #Security https://t.co/QmbHUcEMKp
reecdeep: #Phishing targeting #Italy 🇮🇹 🔥 hxxps://psd2-spid.com @guelfoweb @illegalFawn @D3LabIT @AndreaDraghetti @andpalmier @PhishStats @ActorExpose @Bank_Security @rootella_ @nuke86 #infosec #cybersecurity #cybercrime #mwitaly https://t.co/f1caFUAOcV
reecdeep: #Malspam spreading XLSM #Maldoc to spawn #AgentTesla #Malware ⚙️ https://t.co/1Y7BceZqlE 🔥 u@cometshippings.com mail.[cometshippings.[com #infosec #CyberSecurity #DFIR #cybercrime #Security https://t.co/ejlNYCazsA
reecdeep: #AgentTesla #Malware from #Malspam "New Intraoperative MRi & CSSD Upgrade" MD5: 01BDE51FB30A013B7536DC7D45EA4A0A 🔥 ekwe@yillyenterprise.com mail.[yillyenterprise.[com #infosec #CyberSecurity #DFIR #cybercrime #Security https://t.co/OcPcQpUF9p
reecdeep: 🔥currently live c2: njwhuclqpvvwhwg.]ru/poll.php credits @sS55752750
luc4m: @Artilllerie @malwrhunterteam @LawrenceAbrams Again the North Korean ? 🇰🇵🇰🇵🇰🇵
3xp0rtblog: @siri_urz @struppigel
3xp0rtblog: @0x7fff9 @Abjuri5t @Amigo_A_ @Arkbird_SOLG @Bank_Security @BleepinComputer @JAMESWT_MHT @JRoosen @James_inthe_box @Jan0fficial @Kangxiaopao @LawrenceAbrams @ViriBack @Xylit0l @campuscodi @demonslay335 @fumik0_ @hasherezade @hexlax @luc4m @malwrhunterteam @pmelson
3xp0rtblog: #Malware #Ransomware #DarkSide Another DarkSide update. Added automatic test decrypting, all processes now are automated. Available DDoS (L3, L7), is performing before the target enters online. Also, the DarkSide team expand specialties like network supplies, pentesting. https://t.co/ZUgFx4afyb
----Vulners.com High Sev. Last 3 Days----
CVSS: 9.0 NSA: 5 Security Bugs Under Active Nation-State Cyberattack
CVSS: 9.0 Patch now! NSA, CISA, and FBI warn of Russian intelligence exploiting 5 vulnerabilities
CVSS: 7.5 Mandiant Front Lines: How to Tackle Exchange Exploits
CVSS: 7.5 Severe Bugs Reported in EtherNet/IP Stack for Industrial Systems
CVSS: 6.8 gnutls and nettle security update
CVSS: 9.0 US Sanctions Russia and Expels 10 Diplomats Over SolarWinds Cyberattack
CVSS: 10.0 Gafgyt Botnet Lifts DDoS Tricks from Mirai
CVSS: 7.5 Attackers Target ProxyLogon Exploit to Install Cryptojacker
CVSS: 10.0 1-Click Hack Found in Popular Desktop Apps — Check If You're Using Them
CVSS: 6.8 (RHSA-2021:1206) Important: gnutls and nettle security update
CVSS: 7.2 Linux kernel vulnerabilities
CVSS: 7.2 sudo security update
CVSS: 7.2 Linux kernel vulnerabilities
CVSS: 9.0 Nagios XI Remote Code Execution
CVSS: 7.1 Security Bug Allows Attackers to Brick Kubernetes Clusters
CVSS: 10.0 FBI Clears ProxyLogon Web Shells from Hundreds of Orgs
CVSS: 10.0 Microsoft Has Busy April Patch Tuesday with Zero-Days, Exchange Fixes
CVSS: 6.8 Update Your Chrome Browser to Patch 2 New In-the-Wild 0-Day Exploits
CVSS: 7.5 Underscore vulnerability
----NVD Last 3 Days----
CVE#: CVE-2020-36322 Published Date: 2021-04-14 CVSS: NO CVSS Description: An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950.
CVE#: CVE-2021-20491 Published Date: 2021-04-16 CVSS: NO CVSS Description: IBM Spectrum Protect Server 7.1 and 8.1 is subject to a stack-based buffer overflow caused by improper bounds checking during the parsing of commands. By issuing such a command with an improper parameter, an authorized administrator could overflow a buffer and cause the server to crash. IBM X-Force ID: 197792.
CVE#: CVE-2021-26073 Published Date: 2021-04-16 CVSS: NO CVSS Description: Broken Authentication in Atlassian Connect Express (ACE) from version 3.0.2 before version 6.6.0: Atlassian Connect Express is a Node.js package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Express app occurs with a server-to-server JWT or a context JWT. Atlassian Connect Express versions between 3.0.2 - 6.5.0 erroneously accept context JWTs in lifecycle endpoints (such as installation) where only server-to-server JWTs should be accepted, permitting an attacker to send authenticated re-installation events to an app.
CVE#: CVE-2021-27394 Published Date: 2021-04-16 CVSS: NO CVSS Description: A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.19), Mendix Applications using Mendix 8 (All versions < V8.17.0), Mendix Applications using Mendix 8 (V8.12) (All versions < V8.12.5), Mendix Applications using Mendix 8 (V8.6) (All versions < V8.6.9), Mendix Applications using Mendix 9 (All versions < V9.0.5). Authenticated, non-administrative users could modify their privileges by manipulating the user role under certain circumstances, allowing them to gain administrative privileges.
CVE#: CVE-2021-27599 Published Date: 2021-04-14 CVSS: NO CVSS Description: SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Integration Builder Framework), versions - 7.10, 7.30, 7.31, 7.40, 7.50, allows an attacker to access information under certain conditions, which would otherwise be restricted.
CVE#: CVE-2021-27604 Published Date: 2021-04-14 CVSS: NO CVSS Description: In order to prevent XML External Entity vulnerability in SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Enterprise Service Repository JAVA Mappings), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, SAP recommends to refer this note.
CVE#: CVE-2021-27608 Published Date: 2021-04-14 CVSS: NO CVSS Description: An unquoted service path in SAPSetup, version - 9.0, could lead to privilege escalation during the installation process that is performed when an executable file is registered. This could further lead to complete compromise of confidentiality, Integrity and Availability.
CVE#: CVE-2021-27672 Published Date: 2021-04-15 CVSS: NO CVSS Description: SQL Injection in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to obtain sesnitive database information by injecting SQL commands into the "cID" parameter when creating a new HTML component.
CVE#: CVE-2021-27673 Published Date: 2021-04-15 CVSS: NO CVSS Description: Cross Site Scripting (XSS) in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "cID" parameter when creating a new HTML component.
CVE#: CVE-2021-27850 Published Date: 2021-04-15 CVSS: NO CVSS Description: A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: Before the fix of CVE-2019-0195 it was possible to download arbitrary class files from the classpath by providing a crafted asset file URL. An attacker was able to download the file `AppModule.class` by requesting the URL `http://localhost:8080/assets/something/services/AppModule.class` which contains a HMAC secret key. The fix for that bug was a blacklist filter that checks if the URL ends with `.class`, `.properties` or `.xml`. Bypass: Unfortunately, the blacklist solution can simply be bypassed by appending a `/` at the end of the URL: `http://localhost:8080/assets/something/services/AppModule.class/` The slash is stripped after the blacklist check and the file `AppModule.class` is loaded into the response. This class usually contains the HMAC secret key which is used to sign serialized Java objects. With the knowledge of that key an attacker can sign a Java gadget chain that leads to RCE (e.g. CommonsBeanUtils1 from ysoserial). Solution for this vulnerability: * For Apache Tapestry 5.4.0 to 5.6.1, upgrade to 5.6.2 or later. * For Apache Tapestry 5.7.0, upgrade to 5.7.1 or later.
CVE#: CVE-2021-28242 Published Date: 2021-04-15 CVSS: NO CVSS Description: SQL Injection in the "evoadm.php" component of b2evolution v7.2.2-stable allows remote attackers to obtain sensitive database information by injecting SQL commands into the "cf_name" parameter when creating a new filter under the "Collections" tab.
CVE#: CVE-2021-29654 Published Date: 2021-04-14 CVSS: NO CVSS Description: AjaxSearchPro before 4.20.8 allows Deserialization of Untrusted Data (in the import database feature of the administration panel), leading to Remote Code execution.
CVE#: CVE-2021-30138 Published Date: 2021-04-15 CVSS: NO CVSS Description: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE#: CVE-2021-30245 Published Date: 2021-04-15 CVSS: NO CVSS Description: The project received a report that all versions of Apache OpenOffice through 4.1.8 can open non-http(s) hyperlinks. The problem has existed since about 2006 and the issue is also in 4.1.9. If the link is specifically crafted this could lead to untrusted code execution. It is always best practice to be careful opening documents from unknown and unverified sources. The mitigation in Apache OpenOffice 4.1.10 (unreleased) assures that a security warning is displayed giving the user the option of continuing to open the hyperlink.
CVE#: CVE-2021-30477 Published Date: 2021-04-15 CVSS: NO CVSS Description: An issue was discovered in Zulip Server before 3.4. A bug in the implementation of replies to messages sent by outgoing webhooks to private streams meant that an outgoing webhook bot could be used to send messages to private streams that the user was not intended to be able to send messages to.
CVE#: CVE-2021-30478 Published Date: 2021-04-15 CVSS: NO CVSS Description: An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the can_forge_sender permission (previously is_api_super_user) resulted in users with this permission being able to send messages appearing as if sent by a system bot, including to other organizations hosted by the same Zulip installation.
CVE#: CVE-2021-30479 Published Date: 2021-04-15 CVSS: NO CVSS Description: An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the all_public_streams API feature resulted in guest users being able to receive message traffic to public streams that should have been only accessible to members of the organization.
CVE#: CVE-2021-30487 Published Date: 2021-04-15 CVSS: NO CVSS Description: In the topic moving API in Zulip Server 3.x before 3.4, organization administrators were able to move messages to streams in other organizations hosted by the same Zulip installation.
----#MALWARE----
newsoft53759560: RT @QAValley: Behind Every Successful Cyber Attack There Is A Human https://t.co/rxnS8K5Ekz #Cyberattack #Cybersecurity #Cybercrime #Malwar… Link with Tweet
newsoft53759560: RT @QAValley: The Need for a Cybersecurity Protection Agency https://t.co/R2XPjeF1CC #CyberSecurity #Malware #Cyberattack #Cybercrime #Rans… Link with Tweet
Fabriciosx: RT @keepnetlabs: Watering Hole Attacks https://t.co/0MUanI5Dms #databreach #malware #ransomware #emailsecurity #datasecurity #iot #covid1… Link with Tweet
beefyspace: RT @cybermaterial_: Certified Ethical Hacker (Practical) https://t.co/4mSwdLsax8 #cybersecurity #infosec #malware #cybermaterial #ransomwar… Link with Tweet
PythonExpertBot: RT @keepnetlabs: Watering Hole Attacks https://t.co/0MUanI5Dms #databreach #malware #ransomware #emailsecurity #datasecurity #iot #covid1… Link with Tweet
beefyspace: RT @keepnetlabs: Watering Hole Attacks https://t.co/0MUanI5Dms #databreach #malware #ransomware #emailsecurity #datasecurity #iot #covid1… Link with Tweet
botcybersec: RT @cybermaterial_: Certified Ethical Hacker (Practical) https://t.co/4mSwdLsax8 #cybersecurity #infosec #malware #cybermaterial #ransomwar… Link with Tweet
cybermaterial_: Certified Ethical Hacker (Practical) https://t.co/4mSwdLsax8 #cybersecurity #infosec #malware #cybermaterial… https://t.co/jZvWSpNPIp Link with Tweet Link with Tweet
the404code: RT @keepnetlabs: Watering Hole Attacks https://t.co/0MUanI5Dms #databreach #malware #ransomware #emailsecurity #datasecurity #iot #covid1… Link with Tweet
DBMPartners: Cybersecurity: Victims are spotting cyberattacks much more quickly - but there's a catch #cybersecurity… https://t.co/i8EXPteFFL Link with Tweet
cyber_int: ⚠️ [NEW BLOG] There's an ongoing attack campaign targeting social media influencers, attempting to infect them with… https://t.co/DP7VyMWcHi Link with Tweet
CyberSecurityN8: RT @phishingorguk: 5 Measures You Can Take Against Spear Phishing https://t.co/hFhyI360M3 #databreach #malware #ransomware #emailsecurit… Link with Tweet
sectest9: RT @phishingorguk: 5 Measures You Can Take Against Spear Phishing https://t.co/hFhyI360M3 #databreach #malware #ransomware #emailsecurit… Link with Tweet
----#PHISHING----
MalwarePatrol: Another active #Phishing targeting Dropbox URL: hxxps://sonne-medoon.firebaseapp.com/ #onpatrol4malware (bot genera… https://t.co/LKGp3pyFl0 Link with Tweet
JEMPradio: Allman Brothers Band - Mountain Jam (9-16-71) #Phish #CommunityRadio https://t.co/LPFrNQaySD Link with Tweet
TMCheck_: ⚠️ @Amazon Scam Alert⚠️ Your name is Membership Of Amazon. 😏 ✅Use #TrendMicroCheck for immediate scam detection:… https://t.co/W48PIzzktc Link with Tweet
JEMPradio: Phish - Julius (12-31-14) #Phish #CommunityRadio https://t.co/LPFrNQaySD Link with Tweet
JEMPradio: Jimi Hendrix - Johnny B. Goode (5-30-70) #Phish #CommunityRadio https://t.co/LPFrNQaySD Link with Tweet
SecurePurple: Can you spot a #phishing attempt? #CyberSecurity #socialmedia https://t.co/odGQ7Ni6ZO
JEMPradio: Trey Anastasio - More (10-30-19) #Phish #CommunityRadio https://t.co/LPFrNQaySD Link with Tweet
----#OSINT----
thesecuritydai1: dutch_osintguy: RT @Ginger__T: Five excellent #OSINT resources :- ➡️@OsintCurious https://t.co/WyN4akHims ➡️… https://t.co/qjcnQuq2nK Link with Tweet Link with Tweet
CircuitMagazine: A great set of free or cost effective #OSINT educational resources! https://t.co/cX2gorwdPN Link with Tweet
LockpickingPete: RT @Ginger__T: Five excellent #OSINT trainers :- ➡️@WebBreacher https://t.co/bsIAZSWqkj ➡️@technisette https://t.co/620qlaU9vn ➡️@Blackstag… Link with Tweet Link with Tweet
CtgIntelligence: #OSINT training doesn't have to be expensive! Great presentation by @10fMan7 at @d_overcon highlighting great resou… https://t.co/j6HASHPK1T Link with Tweet
crispSV: #Russia Air Force Beriev Be-200 multirole amphibious aircraft on mission over Sea of Azov. #Crimea #Ukraine #NATO… https://t.co/BxBbrZbeg8 Link with Tweet
----#THREATINTEL----
cyberreport_io: What are the different roles within cybersecurity? https://t.co/YJOX0sVNoV #cybersecurity #threatintelligence… https://t.co/DbwwEN3Egl Link with Tweet Link with Tweet
SecdevB: RT @Certego_Intel: #Covid19 #CertStream #Suspicious Domain: ww16[.coronavirusliveupdate[.com VirusTotal: https://t.co/So3RigYnz8 #CyberSecu… Link with Tweet
Certego_Intel: #Covid19 #CertStream #Suspicious Domain: ww16[.coronavirusliveupdate[.com VirusTotal: https://t.co/So3RigYnz8… https://t.co/0Nmiy0uZ21 Link with Tweet Link with Tweet
cybersec_feeds: RT @RedPacketSec: University of Hertfordshire Hit by Cyberattack - https://t.co/pY2mh44jyY #OSINT #Security #Threatintel #cybersecurity Link with Tweet
cybersec_feeds: RT @RedPacketSec: 643GB of Customer Information Exposed in a Data Breach Suffered by Bizongo - https://t.co/VOFDQKkc5y #OSINT #Security #Th… Link with Tweet
cybersec_feeds: RT @RedPacketSec: ParkMobile Data Breach: 21Million User Data Exposed - https://t.co/E5omitXGYR #OSINT #Security #Threatintel #cybersecurity Link with Tweet
cybersec_feeds: RT @RedPacketSec: U.S. Agencies Warns of Russian APT Operators Exploiting Five Publicly Known Vulnerabilities - https://t.co/rWPJbL4ode #OS… Link with Tweet
RedPacketSec: U.S. Agencies Warns of Russian APT Operators Exploiting Five Publicly Known Vulnerabilities -… https://t.co/Za4xg9Alxo Link with Tweet
RedPacketSec: ParkMobile Data Breach: 21Million User Data Exposed - https://t.co/E5omitXGYR #OSINT #Security #Threatintel #cybersecurity Link with Tweet
botcybersec: RT @RedPacketSec: 643GB of Customer Information Exposed in a Data Breach Suffered by Bizongo - https://t.co/VOFDQKkc5y #OSINT #Security #Th… Link with Tweet
botcybersec: RT @RedPacketSec: University of Hertfordshire Hit by Cyberattack - https://t.co/pY2mh44jyY #OSINT #Security #Threatintel #cybersecurity Link with Tweet
RedPacketSec: 643GB of Customer Information Exposed in a Data Breach Suffered by Bizongo - https://t.co/VOFDQKkc5y #OSINT… https://t.co/2tH6gotpvd Link with Tweet Link with Tweet
----#RANSOMWARE----
newsoft53759560: RT @QAValley: Behind Every Successful Cyber Attack There Is A Human https://t.co/rxnS8K5Ekz #Cyberattack #Cybersecurity #Cybercrime #Malwar… Link with Tweet
newsoft53759560: RT @QAValley: The Need for a Cybersecurity Protection Agency https://t.co/R2XPjeF1CC #CyberSecurity #Malware #Cyberattack #Cybercrime #Rans… Link with Tweet
Fabriciosx: RT @keepnetlabs: Watering Hole Attacks https://t.co/0MUanI5Dms #databreach #malware #ransomware #emailsecurity #datasecurity #iot #covid1… Link with Tweet
beefyspace: RT @cybermaterial_: Certified Ethical Hacker (Practical) https://t.co/4mSwdLsax8 #cybersecurity #infosec #malware #cybermaterial #ransomwar… Link with Tweet
PythonExpertBot: RT @keepnetlabs: Watering Hole Attacks https://t.co/0MUanI5Dms #databreach #malware #ransomware #emailsecurity #datasecurity #iot #covid1… Link with Tweet
beefyspace: RT @keepnetlabs: Watering Hole Attacks https://t.co/0MUanI5Dms #databreach #malware #ransomware #emailsecurity #datasecurity #iot #covid1… Link with Tweet
botcybersec: RT @cybermaterial_: Certified Ethical Hacker (Practical) https://t.co/4mSwdLsax8 #cybersecurity #infosec #malware #cybermaterial #ransomwar… Link with Tweet
cybermaterial_: Certified Ethical Hacker (Practical) https://t.co/4mSwdLsax8 #cybersecurity #infosec #malware #cybermaterial… https://t.co/jZvWSpNPIp Link with Tweet Link with Tweet
the404code: RT @keepnetlabs: Watering Hole Attacks https://t.co/0MUanI5Dms #databreach #malware #ransomware #emailsecurity #datasecurity #iot #covid1… Link with Tweet
CyberSecurityN8: RT @phishingorguk: 5 Measures You Can Take Against Spear Phishing https://t.co/hFhyI360M3 #databreach #malware #ransomware #emailsecurit… Link with Tweet
sectest9: RT @phishingorguk: 5 Measures You Can Take Against Spear Phishing https://t.co/hFhyI360M3 #databreach #malware #ransomware #emailsecurit… Link with Tweet
-----#OPENDIR----
status_418: #Opendir | #Phishingkit Victims: @Office365 Kits: hXXps://mnseating.com/FN/new.zip Actors: litogeneration@yandex… https://t.co/qm2d5MS60o Link with Tweet
-----#MALSPAM----
cpardue09: #ln -s :malware_traffic: 2021-04-16 (Friday) - #BazaLoader (#BazarLoader) from #BazaCall (#BazarCall) callcenter… https://t.co/PhbsAkct9P Link with Tweet
malware_traffic: 2021-04-16 (Friday) - #BazaLoader (#BazarLoader) from #BazaCall (#BazarCall) callcenter #malspam - 10 email example… https://t.co/yzSMLr6G1z Link with Tweet
----#EMOTET----
AcooEdi: Threat Roundup for April 9 to April 16 https://t.co/ApDKOnLlTa #CiscoTalos #Dridex #Emotet #Features #IOCs via… https://t.co/dOX4hlB7Uw Link with Tweet Link with Tweet
McAfee_Help: Are you prepared to defend against #Emotet? Watch our Emotet Trojan #webcast, where we covered behavioral analysi… https://t.co/gkM5bVBrv8 Link with Tweet
botcybersec: RT @securityjwd: Emotet Takedown: Time to Celebrate? #emotet #cybersecurity https://t.co/Jjz7mFrWaa Link with Tweet
securityjwd: Emotet Takedown: Time to Celebrate? #emotet #cybersecurity https://t.co/Jjz7mFrWaa Link with Tweet
sectest9: RT @malware_devil: #emotet Takedown: Time to Celebrate? https://t.co/jErlernJEI #cyber #eff #emotet #europe #infrastructure #malware #se… Link with Tweet
CyberSecurityN8: RT @malware_devil: #emotet Takedown: Time to Celebrate? https://t.co/jErlernJEI #cyber #eff #emotet #europe #infrastructure #malware #se… Link with Tweet
malware_devil: #emotet Takedown: Time to Celebrate? https://t.co/jErlernJEI #cyber #eff #emotet #europe #infrastructure #malware #security #malwaredevil Link with Tweet
Eurojust: ✉️ It's here! Find all the highlights of the first quarter wrapped up in our latest newsletter: 🇵🇹 First steps wit… https://t.co/a2LFsq1Kc9 Link with Tweet
-----#BUGBOUNTY----
davidvalles007: RT @fernale: I'm pleased to share my first write-up :D How I got 9000 USD by hacking into #Apple iCloud. https://t.co/7Ze9GxI6zH #BugBou… Link with Tweet
botcybersec: RT @viehgroup: Hunting for bugs in Telegram's animated stickers remote attack surface https://t.co/2x670gSP2X #Pentesting #Fuzzing #BugBo… Link with Tweet
viehgroup: Hunting for bugs in Telegram's animated stickers remote attack surface https://t.co/2x670gSP2X #Pentesting… https://t.co/RNRcZw4KUl Link with Tweet Link with Tweet
----#CYBERCRIME----
newsoft53759560: RT @QAValley: Behind Every Successful Cyber Attack There Is A Human https://t.co/rxnS8K5Ekz #Cyberattack #Cybersecurity #Cybercrime #Malwar… Link with Tweet
newsoft53759560: RT @QAValley: The Need for a Cybersecurity Protection Agency https://t.co/R2XPjeF1CC #CyberSecurity #Malware #Cyberattack #Cybercrime #Rans… Link with Tweet
tht_en: 5 Operating Systems for Ethical Hackers❗ #cybersecurity #cyberattack #data #system #apps #network #kalilinux… https://t.co/iHRXypTHAw Link with Tweet
chidambara09: RT @scanta_io: The $1 billion Russian cyber company that the US says hacks for Moscow! https://t.co/Ej6PBZuOgV #Scanta #DigitalTransforma… Link with Tweet
----Hacking Updates----
aigars-github updated blacklist. This repo has 0 stars and 1 watchers. This repo was created on 2020-10-24. --- IP's from which scanning, spaming or hacking attempts detected
22XploiterCrew-Team updated Gel4y-Mini-Shell-Backdoor. This repo has 35 stars and 1 watchers. This repo was created on 2021-03-20. --- A webshell that can bypass some system security
hackforla updated website. This repo has 22 stars and 26 watchers. This repo was created on 2018-04-18. --- Hack for LA's website
Zarcolio updated sitedorks. This repo has 250 stars and 18 watchers. This repo was created on 2020-04-18. --- Search Google/Bing/Ecosia/DuckDuckGo/Yandex/Yahoo for a search term with a default set of websites, bug bounty programs or a custom collection. *** Help wanted with more lists ***
MuhammadJamal99 updated hackerRank_challenges. This repo has 0 stars and 1 watchers. This repo was created on 2021-04-17. --- Solve Hacker rank challenges
PDGHACK-10 updated FACEBOOK-BRUTEFORCE. This repo has 0 stars and 1 watchers. This repo was created on 2021-04-17. --- FACEBOOK BRUTEFORCE THIS TOOL USE TO HACK FACEBOOK OR BRUTEFORCE IT WITH TERMUX APP
RfidResearchGroup updated proxmark3. This repo has 955 stars and 71 watchers. This repo was created on 2018-08-12. --- RRG / Iceman repo, the most totally wicked repo around if you are into Proxmark3 and RFID hacking
Chamepp updated GoogleForms. This repo has 6 stars and 1 watchers. This repo was created on 2020-12-03. --- :dart: Simply Hack Google Forms.
22anirudhk updated covid-net. This repo has 0 stars and 0 watchers. This repo was created on 2020-07-15. --- 🎉 2nd Place - Harmony Hacks 2 📈 A Deep Learning Powered Automated Coronavirus Visualization and Prediction Software
danielburgess updated hextra. This repo has 0 stars and 1 watchers. This repo was created on 2021-04-17. --- The ROM Hacking Hex Editor. Written as an html/javascript component.
mister-hai updated grab-bag-of-madness. This repo has 0 stars and 1 watchers. This repo was created on 2021-03-27. --- just for stuff I share with hackers
y-ohanne-s updated Life-Hacks. This repo has 0 stars and 1 watchers. This repo was created on 2021-04-17. --- A Simple Life Hacks App built by Flutter
eppeque updated hacker_news. This repo has 2 stars and 1 watchers. This repo was created on 2020-12-08. --- A Hacker News reader app.
snolab updated CapsLockX. This repo has 42 stars and 5 watchers. This repo was created on 2017-06-09. --- Operate the computer like a hacker! 像黑客一样操作电脑!
clintev1 updated Kwitter. This repo has 1 stars and 1 watchers. This repo was created on 2021-02-23. --- So this app is made for chatting. Just enter your name then create your room and Hangout with your friends. There is no password. We never take your personal info except for your name. No hackers. It's hacker-proof!
DanielOliyarnik updated Virtual-me. This repo has 0 stars and 1 watchers. This repo was created on 2021-04-17. --- For hack dartmouth
elmot updated lempo_smart_watch. This repo has 0 stars and 1 watchers. This repo was created on 2021-04-17. --- Hacking Chinese smart watch based on nRF52832
akamboj99 updated Hacker-Rank. This repo has 0 stars and 1 watchers. This repo was created on 2021-04-04. --- This repository contains all solutions to the problem I solved on hacker rank
Moham3dRiahi updated XAttacker. This repo has 915 stars and 89 watchers. This repo was created on 2017-11-07. --- X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter
Ananya-0306 updated Cybersecurity. This repo has 1 stars and 1 watchers. This repo was created on 2021-04-09. --- A collection of various awesome lists for hackers, pentesters and security researchers
vay3t updated hax0rpi. This repo has 94 stars and 18 watchers. This repo was created on 2016-07-26. --- A Raspberry Pi Hacker Tools suite
LeonarthCG updated FFTA_Engine_Hacks. This repo has 7 stars and 3 watchers. This repo was created on 2019-02-07. --- A collection of my modular engine hacks for FFTA
haisenberg updated book-it. This repo has 2 stars and 1 watchers. This repo was created on 2021-04-16. --- Automatic hacking book search by google dorks
qvtqht updated sHiTMyseLf. This repo has 1 stars and 1 watchers. This repo was created on 2020-11-29. --- friendly floating forum for hackers and their friends
sayanarijit updated xplr. This repo has 854 stars and 9 watchers. This repo was created on 2021-02-24. --- A hackable, minimal, fast TUI file explorer, stealing ideas from nnn and fzf.
----Security Updates----
Isaacobuya5 updated spring_security_practice. This repo has 0 stars and 1 watchers. This repo was created on 2021-04-17. --- None
projectdiscovery updated nuclei-templates. This repo has 1503 stars and 106 watchers. This repo was created on 2020-04-04. --- Community curated list of templates for the nuclei engine to find security vulnerabilities.
22XploiterCrew-Team updated Gel4y-Mini-Shell-Backdoor. This repo has 35 stars and 1 watchers. This repo was created on 2021-03-20. --- A webshell that can bypass some system security
Vadbeg updated networks-and-info-security. This repo has 0 stars and 1 watchers. This repo was created on 2021-02-04. --- Labs for University subject
nusenu updated OrNetStats. This repo has 19 stars and 2 watchers. This repo was created on 2017-05-08. --- Stats about the Tor network (website)
geekabel updated security. This repo has 0 stars and 1 watchers. This repo was created on 2019-07-29. --- note sur les essentiel de la sécurité
damienbod updated angular-auth-oidc-client. This repo has 598 stars and 36 watchers. This repo was created on 2017-06-13. --- npm package for OpenID Connect, OAuth Code Flow with PKCE, Refresh tokens, Implicit Flow
JavaGarcia updated Neanet. This repo has 5 stars and 1 watchers. This repo was created on 2020-08-02. --- Threat intelligence
chungdk1993 updated Spring_master. This repo has 0 stars and 1 watchers. This repo was created on 2021-04-13. --- Spring Framework 환경 구축부터 AOP, JPA, Security, Unit Test, Log 등의 단계적 적용을 통한 Spring에 대한 전반적 학습
Anteste updated Pentesting-Notes. This repo has 5 stars and 1 watchers. This repo was created on 2020-12-14. --- Notes from CTF, KOTH, security adventures, etc..
f0r3idd3n-n3tw0rk2 updated H4CK1NG-SCRIPTS. This repo has 1 stars and 1 watchers. This repo was created on 2021-01-09. --- Small Python Scripts for Cyber Security Study
nikitavoryet updated jwt-crack-goLang. This repo has 0 stars and 1 watchers. This repo was created on 2021-04-17. --- The project was created for a brute JWT token that can be used on GO. The author is not responsible for the use of the project. The main idea is to check the work of the security department with an estimate of the reaction time. Also the idea is to check the difficulty of generating a token.
CrashOverrideProductions updated Tools. This repo has 0 stars and 1 watchers. This repo was created on 2020-12-11. --- Penetration Testing and Cyber Security Tools
PKUFlyingPig updated UCB-CS161. This repo has 0 stars and 1 watchers. This repo was created on 2021-02-07. --- computer security
tobias-z updated security-testing. This repo has 0 stars and 1 watchers. This repo was created on 2021-04-17. --- None
YurinDoctrine updated Fresh. This repo has 2 stars and 2 watchers. This repo was created on 2020-10-17. --- Tons of modules for Windows 10 fine-tuning and post installation
OpenVPN updated openvpn. This repo has 5828 stars and 421 watchers. This repo was created on 2012-04-26. --- OpenVPN is an open source VPN daemon
NuurZrReaq updated Security. This repo has 0 stars and 1 watchers. This repo was created on 2021-04-17. --- None
z1pti3 updated jimi. This repo has 27 stars and 6 watchers. This repo was created on 2020-06-11. --- Jimi is an automation first platform designed from the ground by IT and Cyber Security. Automation first means that the usual product limitations are removed opening the possibilities of automation to all aspects of IT. Jimi features a rich no-code user interface creating a single pane of glass that effortlessly integrate your existing tools unlocking new possibilities and enabling cross functional automation.
juliojsb updated jota-cert-checker. This repo has 32 stars and 5 watchers. This repo was created on 2016-11-22. --- Check SSL certificate expiration date of a list of sites.
czs108 updated PE-Packer. This repo has 74 stars and 9 watchers. This repo was created on 2020-01-02. --- 📦 A simple Windows x86 PE file packer written in C & Microsoft Assembly. The file after packing can obstruct the process of reverse engineering.
GrapheneOS updated releases.grapheneos.org. This repo has 14 stars and 8 watchers. This repo was created on 2018-12-22. --- GrapheneOS update server site.
Parthiv-M updated events-wearemist. This repo has 0 stars and 1 watchers. This repo was created on 2021-04-15. --- The repository for the Events portal for Manipal Information Security Team
controlplaneio updated kubesec. This repo has 458 stars and 13 watchers. This repo was created on 2017-10-10. --- Security risk analysis for Kubernetes resources
kateberryd updated security-app. This repo has 0 stars and 1 watchers. This repo was created on 2021-04-15. --- None
----PoC Updates----
Esperenzza updated splunk-cloud-cicd. This repo has 0 stars and 1 watchers. This repo was created on 2021-04-17. --- A Proof Of Concept on how to integrate Splunk Cloud in a CICD pipeline
NIkolayrr updated election-app. This repo has 0 stars and 1 watchers. This repo was created on 2021-04-09. --- Proof of concept for I-voting application build with React Native - Expo and Firebase.
Denperidge updated media-raspberry-pie. This repo has 0 stars and 1 watchers. This repo was created on 2020-06-02. --- A set of tools that allow a Raspberry Pi to become the cheapest downloading + streaming platform. More proof of concept than anything. Still watch official releases if possible.
codecreative updated newsminder. This repo has 0 stars and 1 watchers. This repo was created on 2021-03-22. --- Proof of concept Puppeteer and Actions
schulke-214 updated django-page-transitions. This repo has 0 stars and 1 watchers. This repo was created on 2021-04-14. --- A proof of concept repo to show transition abilities for bigger server side rendered django projects.
ualberta-smr updated api-mapping-with-program-synthesis. This repo has 0 stars and 1 watchers. This repo was created on 2021-04-09. --- A proof of concept that program synthesis can be used for API mapping
Systems-Modeling updated SysML-v2-Pilot-Implementation. This repo has 28 stars and 14 watchers. This repo was created on 2018-01-09. --- Proof-of-concept pilot implementation of the SysML v2 textual notation and visualization
jsherling updated io-oasis. This repo has 0 stars and 1 watchers. This repo was created on 2021-04-07. --- Proof of concept for social media site
mitwelten updated mitwelten-iot-hardware-poc. This repo has 0 stars and 2 watchers. This repo was created on 2021-02-12. --- IoT Hardware Proof of Concept
UCSD-E4E updated Automated_Audio_Labeling_System_AID. This repo has 1 stars and 7 watchers. This repo was created on 2021-01-31. --- A repo designed to convert audio-based "weak" labels to "strong" intraclip labels. Provides a pipeline to compare automated moment-to-moment labels to human labels. Current proof of concept work being fulfilled on Bird Audio clips using Microfaune predictions.
clojurust updated clojurust. This repo has 4 stars and 1 watchers. This repo was created on 2020-09-28. --- A proof of concept version of Clojure in Rust.
Peabo83 updated Valheim-Server-Web-GUI. This repo has 0 stars and 1 watchers. This repo was created on 2021-03-27. --- This is a proof of concept of a simple web GUI for a Valheim server configured with https://github.com/Nimdy/Dedicated_Valheim_Server_Script *Requires Apache2, PHP and PHP command 'shell_exec' enabled
OSAlt updated gb-www-site. This repo has 0 stars and 2 watchers. This repo was created on 2021-03-03. --- New GeekBeacon Proof of Concept
gdevic updated CalculatorProof. This repo has 1 stars and 1 watchers. This repo was created on 2021-03-12. --- Calculator Project: Proof of Concept
crcollver updated bandcamp-group-listen. This repo has 0 stars and 1 watchers. This repo was created on 2020-12-21. --- A simple chat and music sync app using Vue 3 and Firebase. Styling to be done at a later date, this is simply a proof of concept.
unPi-ro updated sonar.glass. This repo has 0 stars and 0 watchers. This repo was created on 2021-03-28. --- a proof of concept, smart visor for the Blind, built with Raspberry Pico
GlennMay updated POC_SQL_DATA_MOCKER. This repo has 0 stars and 1 watchers. This repo was created on 2021-04-15. --- Proof of concept - Sql Data Mock generator.
webyrd updated mediKanren. This repo has 207 stars and 25 watchers. This repo was created on 2017-11-17. --- Proof-of-concept for reasoning over the SemMedDB knowledge base, using miniKanren + heuristics + indexing.
oparamo updated talkingdog. This repo has 0 stars and 1 watchers. This repo was created on 2021-04-16. --- A proof-of-concept application for exploring Twilio's APIs. Uses firebase cloud functions to receive WebHook notifications. Also I didn't make this, my dog actually did. 🐕
garrettmichaelgeorge updated patch_cable. This repo has 0 stars and 1 watchers. This repo was created on 2021-03-19. --- WIP: A proof-of-concept implementation of the Patcher family of audio programming environments, using Tone.js backed by Rails and Stimulus Reflex.
binup5727 updated Final_POC. This repo has 0 stars and 1 watchers. This repo was created on 2021-04-11. --- proof of concept
AltruSight updated AltruSight. This repo has 0 stars and 0 watchers. This repo was created on 2021-01-25. --- AltruSight’s goal is to implement a proof-of concept website to serve as a beacon of transparency when it comes to donating money to nonprofits. There are several main goals for our project. First, we want to provide a centralized system where donors can track how their donations are being used. We also wish to add a social aspect of donation in the form of a Venmo-esque payment feed, as well as the ability to favorite, share, like, etc. for any nonprofit supported on the website. We also wish to ultimately provide a comprehensive analytics platform detailing how each nonprofit spends their money, as well as details on an individual level detailing personal goals and donations. Ultimately, our objective is to create a system that makes it easier to hold nonprofits accountable and makes it easier for donors to see how their donations are being put to use, as well as providing relevant information on the legitimacy of nonprofits supported on the website. We want to be a central hub of information for all things nonprofit.
nullsecuritynet updated tools. This repo has 1371 stars and 169 watchers. This repo was created on 2015-02-01. --- Security and Hacking Tools, Exploits, Proof of Concepts, Shellcodes, Scripts.
nightingaleproject updated blackbird. This repo has 3 stars and 6 watchers. This repo was created on 2018-02-06. --- This proof-of-concept application demonstrates a technical approach for allowing medical certifiers to report and certify to jurisdiction electronic death registration systems (EDRS) from a hospital setting.
pfaffman updated discourse-pfaffmanager. This repo has 1 stars and 2 watchers. This repo was created on 2020-09-24. --- Mostly proof of concept plugin for adding a model