vidbuchanan.co.uk
From threatmodcon.com
ThreatModCon | The World’s Only Conference Dedicated To Threat Modeling
1 1
The conference is dedicated to providing a platform for threat modeling practitioners and AppSec leaders to delve into the latest trends & share best practices.
on Sep 4
From github.io
1 1
A vulnerability was discovered in the uxdqmsrv binary. It consists in an arbitrary file write as root that can be leveraged by any local user to gain full root privileges on the host (UNIX/Linux only).
14h ago
From github.io
1 2
The Tales of the Crimson Foes A compilation of red team and pentest stories
on Mon, 12PM
From github.io
1 3
This is a blog post for my presentation at the conference POC2024. The slides are uploaded here.
on Nov 8
From ibm.com
1 1
Resource Access Control Facility or RACF provides the tools to help the installation manage access to critical resources.
15h ago
From mdsec.co.uk
NSA Meeting Proposal for ProxyShell - MDSec
1 1
As part of Microsoft Exchange April and May 2021 patch, several important vulnerabilities were fixed which could lead to code execution or e-mail hijacking. Any outdated and exposed Exchange server...
14h ago
From za.net
Hacking Salesforce-backed WebApps - Hypn.za.net
1 1
A look at hacking insecure webapps that interact with Salesforce's API, and SQL-Injection like attacks in SoQL
14h ago
De-anonymizing ransomware domains on the dark web
1 1
* We have developed three techniques to identify ransomware operators' dark websites hosted on public IP addresses, allowing us to uncover previously unknown infrastructure for the DarkAngels, Snatch, Quantum and Nokoyawa ransomware groups. * The methods we used to identify the public internet...
15h ago
From crowdstrike.com
Introducing Sandbox Scryer: A Free Threat Hunting Tool | CrowdStrike
1 1
Sandbox Scryer allows threat hunters to scale their investigation operations through bulk malware sample submissions and comprehensive profiling of TTPs.
14h ago
From jordan-wright.com
Hunting for Malicious Packages on PyPI
1 1
I installed every package on PyPI to look for malicious content. This is what I found.
14h ago
Protecting major events: An incident response blueprint
1 1
Go behind the scenes with Talos incident responders and learn from what we've seen in the field.
on Oct 18
From medium.com
The Newcomer’s Guide to Cyber Threat Actor Naming
1 1
I was driven by a deep frustration when I started my public “APT Groups and Operations” spreadsheet in 2015. I couldn’t understand why I…
14h ago
From query.ai
Five Modifications To Imagine a New SIEM Architecture
1 1
A proposal for a new SIEM architecture that gives you better security and lowers your costs.
on Nov 13, 2023
From watchtowr.com
Hop-Skip-FortiJump-FortiJump-Higher - Fortinet FortiManager CVE-2024-47575
4 13
It’s been a tricky time for Fortinet (and their customers) lately - arguably, even more so than usual. Adding to the steady flow of vulnerabilities in appliances recently was a nasty CVSS 9.8 vulnerability in FortiManager, their tool for central management of FortiGate appliances. As always,...
#Fortinet #research #security #cve_2024_47575
on Thu, 4PM