Application Security This Week for September 13

by Bill Sempf 13. September 2020 13:46

Or Maypril 319 but who is counting.

 

Here's an OLD Visual Studio project that gets AES keys from running applications.  Seems to still work!

https://github.com/mmozeiko/aes-finder

 

 Another writeup on my current favorite bug, HTTP Request Smuggling.

https://labs.bishopfox.com/tech-blog/h2c-smuggling-request-smuggling-via-http/2-cleartext-h2c

 

Via Matt Groves, this tool tests CouchBase databases for injection.  Pretty slick.

https://github.com/FSecureLABS/N1QLMap

 

Neat article on using Fuzzilli to fuzz JavaScript engines using an intermediate language.

https://blog.doyensec.com/2020/09/09/fuzzilli-jerryscript.html

 

Cool breakdown on using Mobile Device Management to get RCE on devices.

https://blog.orange.tw/2020/09/how-i-hacked-facebook-again-mobileiron-mdm-rce.html?m=1

 

That's the news folks.  Stay safe.

Tags:

E-Mail | Kick it! | DZone it! | del.icio.us
Permalink | Comments (0)
Comments are closed

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

Find me on Mastodon

PageList

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList

TagCloud

Mastodon