by Bill Sempf
25. April 2021 12:56
A fun tool that finds weak Active Directory passwords, and then notifies the user.
https://github.com/AdrianVollmer/Crack-O-Matic
Signal pwned Cellebrite with pure Moxie.
https://signal.org/blog/cellebrite-vulnerabilities/
Sad news, Dan Kaminsky has left us. He was known for his extraordinary research into DNS cache poisoning, but most importantly, he was a great person. He will be missed.
https://en.wikipedia.org/wiki/Dan_Kaminsky
S
2586a10c-26b4-46de-acea-9cb08c65a4bc|0|.0|96d5b379-7e1d-4dac-a6ba-1e50db561b04
Tags:
by Bill Sempf
18. April 2021 13:34
Pwn2Own had some interesting browser vulnerability results:
https://www.zerodayinitiative.com/blog/2021/4/2/pwn2own-2021-schedule-and-live-results
Reddit (A social network) has started a bug bounty program:
https://www.reddit.com/r/redditsecurity/comments/mqse9a/announcing_reddits_public_bug_bounty_program/?sort=qa
I am user #63 on that site, and thee oldest active member who isn't an admin, so I might give it a shot.
A good person wrote a list for semgrep that searches for secrets in public repos (or really any code) using some really well written filters. Check it out:
https://r2c.dev/blog/2021/dont-leak-your-secrets/
Hope everyone has a secure week!
4904d893-1fa2-46db-8fa1-c08160c8284a|0|.0|96d5b379-7e1d-4dac-a6ba-1e50db561b04
Tags:
by Bill Sempf
11. April 2021 13:44
Surprisingly good article from the BBC about firmware attacks
https://www.bbc.com/news/business-56671419
Some really interesting code related to the Windows RPC attack
https://iamelli0t.github.io/2021/04/10/RPC-Bypass-CFG.html
One of my favorite topics - insecure API endpoints - presented at BSides
https://blog.assetnote.io/2021/04/05/contextual-content-discovery/
Have a secure week, everyone.
16375c20-f853-4a2f-b5be-3eba007ac23a|0|.0|96d5b379-7e1d-4dac-a6ba-1e50db561b04
Tags: