Cache Poisoning at Scale
https://youst.in/posts/cache-poisoning-at-scale/
Tweet / Twitter
https://twitter.com/cioarajeremy/status/1473647240384159748
UHC - LogForge - YouTube
https://www.youtube.com/watch?v=XG14EstTgQ4
CVE-2021-31956漏洞分析 | 京东探索研究院信息安全实验室
https://dawnslab.jd.com/CVE-2021-31956/
GitHub - 0x00Jeff/BetterGetProcAddress: POC of a better implementation of GetProcAddress for ntdll using binary search
https://github.com/0x00Jeff/BetterGetProcAddress
Путин — это война, ополченец из Дубая, золотой унитаз единоросса - YouTube
http://youtu.be/ZiIv25T_Dgk
Researchers Disclose Unpatched Vulnerabilities in Microsoft Teams Software
https://thehackernews.com/2021/12/researchers-disclose-unpatched.html
CISA, FBI and NSA Publish Joint Advisory and Scanner for Log4j Vulnerabilities
https://thehackernews.com/2021/12/cisa-fbi-and-nsa-publish-joint-advisory.html
PowerZure/New-AzureToken at master · hausec/PowerZure · GitHub
https://github.com/hausec/PowerZure/tree/master/New-AzureToken
Moxie Marlinspike on Twitter: "It's amazing to me that after all this time, almost all media coverage of Telegram still refers to it as an "encrypted messenger." Telegram has a lot of compelling features, but in terms of privacy and data collection, there is no worse choice. Here's how it actually works: 1/" / Twitter
https://twitter.com/moxie/status/1474067549574688768
How to exploit Log4j vulnerabilities in VMWare vCenter | Sprocket Security
https://www.sprocketsecurity.com/blog/how-to-exploit-log4j-vulnerabilities-in-vmware-vcenter
The Cyber Startup Observatory - The Global Cyber Innovation Network
https://cyberstartupobservatory.com
Scott Piper on Twitter: "AWSSupportServiceRolePolicy just got s3:GetObject. 😱 That role is supposed to only have metadata visibility. @AWSSecurityInfo you need to roll that back." / Twitter
https://twitter.com/0xdabbad00/status/1473448889948598275
4-Year-Old Bug in Azure App Service Exposed Hundreds of Source Code Repositories
https://thehackernews.com/2021/12/4-year-old-bug-in-azure-app-service.html