• Search
  • Topics
  • Nodes
< back

 query.ai

1 2
A chart of hourly posts over the last week (for big screens). A chart of hourly posts over the last week (for small screens).

From threatmodcon.com

ThreatModCon | The World’s Only Conference Dedicated To Threat Modeling

1 1

The conference is dedicated to providing a platform for threat modeling practitioners and AppSec leaders to delve into the latest trends & share best practices.

#research #security

on Sep 4

From github.io

CVE-2019-19544 - CA Dollar Universe 5.3.3 ‘uxdqmsrv’ - Privilege Escalation via a Vulnerable SUID Binary

1 1

A vulnerability was discovered in the uxdqmsrv binary. It consists in an arbitrary file write as root that can be leveraged by any local user to gain full root privileges on the host (UNIX/Linux only).

#research #security

14h ago

From github.io

Tales of the Crimson Foes

1 2

The Tales of the Crimson Foes A compilation of red team and pentest stories

#research #security

on Mon, 12PM

From github.io

A New Era of macOS Sandbox Escapes: Diving into an Overlooked Attack Surface and Uncovering 10+ New Vulnerabilities

1 3

This is a blog post for my presentation at the conference POC2024. The slides are uploaded here.

#research #security

on Nov 8

From ibm.com

What is RACF?

1 1

Resource Access Control Facility or RACF provides the tools to help the installation manage access to critical resources.

#research #security

15h ago

From mdsec.co.uk

NSA Meeting Proposal for ProxyShell - MDSec

1 1

As part of Microsoft Exchange April and May 2021 patch, several important vulnerabilities were fixed which could lead to code execution or e-mail hijacking. Any outdated and exposed Exchange server...

#research #security

14h ago

From za.net

Hacking Salesforce-backed WebApps - Hypn.za.net

1 1

A look at hacking insecure webapps that interact with Salesforce's API, and SQL-Injection like attacks in SoQL

#research #security

14h ago

From talosintelligence.com

De-anonymizing ransomware domains on the dark web

1 1

* We have developed three techniques to identify ransomware operators' dark websites hosted on public IP addresses, allowing us to uncover previously unknown infrastructure for the DarkAngels, Snatch, Quantum and Nokoyawa ransomware groups. * The methods we used to identify the public internet...

#research #security

15h ago

From crowdstrike.com

Introducing Sandbox Scryer: A Free Threat Hunting Tool | CrowdStrike

1 1

Sandbox Scryer allows threat hunters to scale their investigation operations through bulk malware sample submissions and comprehensive profiling of TTPs.

#research #security

14h ago

From jordan-wright.com

Hunting for Malicious Packages on PyPI

1 1

I installed every package on PyPI to look for malicious content. This is what I found.

#research #security

14h ago

From talosintelligence.com

Protecting major events: An incident response blueprint

1 1

Go behind the scenes with Talos incident responders and learn from what we've seen in the field.

#research #security

on Oct 18

From medium.com

The Newcomer’s Guide to Cyber Threat Actor Naming

1 1

I was driven by a deep frustration when I started my public “APT Groups and Operations” spreadsheet in 2015. I couldn’t understand why I…

#research #security

14h ago

From query.ai

Five Modifications To Imagine a New SIEM Architecture

1 1

A proposal for a new SIEM architecture that gives you better security and lowers your costs.

#research #security

on Nov 13, 2023

From watchtowr.com

Hop-Skip-FortiJump-FortiJump-Higher - Fortinet FortiManager CVE-2024-47575

4 13

It’s been a tricky time for Fortinet (and their customers) lately - arguably, even more so than usual. Adding to the steady flow of vulnerabilities in appliances recently was a nasty CVSS 9.8 vulnerability in FortiManager, their tool for central management of FortiGate appliances. As always,...

#Fortinet #research #security #cve_2024_47575

on Thu, 4PM

(Showing 20 out of 24.)