What's Bugging the NSA? A Vuln in Its 'SkillTree' Training Platform: https://lnkd.in/e98HpJnf by Nate Nelson
Dark Reading’s Post
More Relevant Posts
-
Cybersecurity Architect | Device Security & Cloud Security SME | DevSecOps | IoT Pentester | Security Researcher | Threat & Risk Assessment | Governance | Incident Handler | Speaker |
Latest Top 10 risks, vulnerabilities and mitigations for developing and securing Gen AI and LLM applications across the development, deployment and management lifecycle. #ai #llm #aisecurity #cybersecurity
OWASP LLM T10 Overview v1.0 (1)
docsend.com
-
Me again. Another article related to the topic of web security.
Exploiting XSS to steal sensitive data from user’s browser and store those into database ^-^
link.medium.com
-
Tracked as CVE-2023-46604 (CVSS score: 10.0), the vulnerability is a remote code execution bug that could permit a threat actor to run arbitrary shell commands. #vulnerability #exploit #rce #infosec #devsecops
New PoC Exploit for Apache ActiveMQ Flaw Could Let Attackers Fly Under the Radar
thehackernews.com
-
Happy Thanksgiving! I started my morning by finishing the first domain of my eJPT studies. This goes through the various methodologies in both active & passive information gathering phases in penetration testing, footprinting & scanning + much more that eJPT offers within its arsenal for learning. Tools I learned: - DNS Recon - theHarvester - dirb - Hydra - nmap - Metasploit Some services tested for enum: -SMB, HTTP, SQL, SSH, FTP It's fun to see how the attacker thinks and most of all fuel some red teaming into my blue teaming mindset. Knowing both sides, att&ck & defense and what that looks like will increase your understanding and approach to infosec!
-
-
IT Systems Engineer - C5ISR Information System Analyst @ FGS, LLC | MSM | Information System Security Practitioner | CISA (in progress) | SSCP | CySA+, Security+, Net+
I ran across a practice question, studying for CySA+, related to the "ProxyNotShell" vulnerability. I wanted to know more, so I found the below article. It's an interesting read. https://lnkd.in/d_BcGg4C
Microsoft Exchange ProxyNotShell vulnerability explained and how to mitigate it
csoonline.com
-
Our technical walkthrough of the Empire C2 framework <5.9.3 exploit is now available. We also provide: • Recommendations for offensive/defensive teams • Multiple exploit paths • RCE PoC code https://lnkd.in/gGsjgEUZ
Blog - Exploiting Empire C2 Framework
aceresponder.com
-
Founder and CEO of Tehama, the world's only all-in-one cybersecurity platform delivering compliant and secure access to desktops, data and applications | Senior Fellow, CIGI | Member, Digital Governance Council of Canada
In case this isn't on your radar yet, it should be: https://lnkd.in/dM7SAgNf Obviously well-funded and organized state-actor level work. Represents several years of painstaking and well-organized work to place a backdoor into sshd, which basically everyone uses. A description of the work that achieved this: https://lnkd.in/dbKFr8Zq Here is the CVE: https://lnkd.in/dVKcq3Fi It's CVSS level 10 which is the most serious level. Hat tip to Bradley F. who put it on my radar.
Urgent: Secret Backdoor Found in XZ Utils Library, Impacts Major Linux Distros
thehackernews.com
-
Due to the high volume of information related to regression CVE, I attempted to analyze the technical aspects from the exploit stage through to the detection and mitigation steps. https://lnkd.in/dQqDXevq
RegreSSHion CVE-2024-6387 as a chunk of attack
threat.boutique
-
INCLUDE is a challenge which tests one’s server-side exploitation skills. It consists of Prototype Pollution, SSRF for fetching internal resources, and LFI + brute-forcing SSH.🔑 WriteUp is out :) #CyberSecurity #Hacking #ServerSideExploitation #SSRF #LFI
INCLUDE — TryHackme Server-Side Challenge
link.medium.com
xlr8r.cloud hosting linux cybersecurity AI research, vinophila.com 3Dwinealcool luxuryfood expometaverse,virtuego.comsocialnetwork,lnpservices.com,pdfstreaming.com, top-tasteofpassion.it magazine 30K1stconnections
1wGood to know!