Technical news and discussion of information security.
Rules:
- Be excellent to each other
- Keep it on topic
- Absolutely no PII or doxing
- No disclosure posts
-
netsec @lemmy.world Aconite33 @lemmy.world BBoT 2.0 Released!
blog.blacklanternsecurity.com BBOT 2.0 - Release AnnouncementThe recursive internet scanner gets an upgrade
BBoT 2.0 is our new release! Check out our GitHub:
-
netsec @lemmy.world maltfield @monero.town 3TOFU: Verifying Unsigned Releases
tech.michaelaltfield.net 3TOFU: Verifying Unsigned Releases - Michael Altfield's Tech BlogIntroducing 3TOFU -- a Harm-Reduction process to Supply Chain Security when downloading software that cannot be verified cryptographically
3TOFU: Verifying Unsigned Releases
By Michael Altfield
License: CC BY-SA 4.0
https://tech.michaelaltfield.net/This article introduces the concept of 3TOFU - a harm-reduction process when downloading software that cannot be verified cryptographically.
Verifying Unsigned Releases with 3TOFU ⚠ NOTE: This article is about harm reduction.
It is dangerous to download and run binaries (or code) whose authenticity you cannot verify (using a cryptographic signature from a key stored offline). However, sometimes we cannot avoid it. If youre going to proceed with running untrusted code, then following the steps outlined in this guide may reduce your risk.
TOFU
-
netsec @lemmy.world Optional @lemmy.world 
www.theverge.com Microsoft left internal passwords exposed in latest security blunderAn internal Azure-hosted server was left without password protection.
cross-posted from: https://lemmy.zip/post/13403067
Microsoft left internal passwords exposed in latest security blunder
An internal Azure-hosted server was left without password protection.
-
netsec @lemmy.world repostbot33 @lemmy.world BOTGalactical Bug Hunting: How we discovered new issues in CD Projekt Red’s Gaming Platform
www.anvilsecure.com Galactical Bug Hunting: How we discovered new issues in CD Projekt Red's Gaming Platform - Anvil SecureThe main purpose behind starting this research project was to get further understanding on how to review and exploit both Windows Applications and Environments…
-
netsec @lemmy.world repostbot33 @lemmy.world BOTWifi credential dumping
www.r-tec.net Blog WIFI Credential DumpingThis blog won't dive into any of the mentioned WIFI attacks, but will highlight techniques to retrieve the PSK from a workstation post-compromise instead.
-
netsec @lemmy.world repostbot33 @lemmy.world BOTDiving Deeper into AI Package Hallucinations
www.lasso.security Lasso Research: AI Package HallucinationsExplore Lasso’s latest research on AI Package Hallucinations, their impact on security, and mitigation strategies for enterprises.
-
netsec @lemmy.world repostbot33 @lemmy.world BOTSecurity Advisory: Systems with a SONIX Technology Webcam vulnerable to DLL hijacking attack allowing attackers to execute malicious DLL and escalate privileges
herolab.usd.de usd-2023-0029 - usd HeroLabAdvisory ID: usd-2023-0029 | Product: SONIX Technology Webcam | Vulnerability Type: CWE 732 - Incorrect Permission Assignment for Critical Resource
-
netsec @lemmy.world repostbot33 @lemmy.world BOTunch 😗: Hides message with invisible Unicode characters
github.com GitHub - dwisiswant0/unch: Hides message with invisible Unicode charactersHides message with invisible Unicode characters. Contribute to dwisiswant0/unch development by creating an account on GitHub.
-
netsec @lemmy.world repostbot33 @lemmy.world BOTGram - Self-hosted Threat Modeling Webapp
github.com GitHub - klarna-incubator/gram: Gram is Klarna's own threat model diagramming toolGram is Klarna's own threat model diagramming tool - klarna-incubator/gram
-
netsec @lemmy.world repostbot33 @lemmy.world BOTKobold letters – Why HTML emails are a risk to your organization
lutrasecurity.com Kobold letters – Lutra SecurityAnyone who has had to deal with HTML emails on a technical level has probably reached the point where they wanted to quit their job or just set fire to all the mail clients due to their inconsistent implementations. But HTML emails are not just a source of frustration, they can also be a serious sec...
-
netsec @lemmy.world repostbot33 @lemmy.world BOTShowcasing Incinerator a Powerful Android Malware Reversing Tool
boschko.ca Incinerator: The Ultimate Android Malware Reversing ToolMaster Android malware reversal with ease using Incinerator, your trusted ally in the fight against threat actors for experts and novices alike.
-
netsec @lemmy.world repostbot33 @lemmy.world BOTPersistence - DLL Proxy Loading
pentestlab.blog Persistence – DLL Proxy LoadingDLL Proxy Loading is a technique which an arbitrary DLL exports the same functions as the legitimate DLL and forwards the calls to the legitimate DLL in an attempt to not disrupt the execution flow…
-
netsec @lemmy.world repostbot33 @lemmy.world BOTAdventures in Stegoland - Adventures with a stego shellcode loader
tierzerosecurity.co.nz Tier Zero SecurityInformation Security Services. Offensive Security, Penetration Testing, Mobile and Application, Purple Team, Red Team
-
netsec @lemmy.world repostbot33 @lemmy.world BOTXZ-actly What You Need (CVE 2024-3094): Detecting Exploitation with Oligo
www.oligo.security XZ-actly What You Need (CVE 2024-3094): Detecting Exploitation with Oligo | Oligo SecuritySee how Oligo ADR Detects Exploitation of CVE-2024-3094 (XZ backdoor in liblzma).
-
netsec @lemmy.world repostbot33 @lemmy.world BOT
www.pentagrid.ch IBIS hotel check-in terminal keypad-code leakageAn IBIS hotel check-in terminal leaked room door key codes of almost half of the rooms.
