ap on X: "Is Kerberos relaying so limited? I'd say no, thanks to @tiraniddo CredMarshalTargetInfo trick. In this case, I'm relaying SMB to HTTP (ADCS) with a modified version of @cube0x0 krbrelay using DFSCoerce and PetitPotam - classic ESC8 attack with Kerberos, no DCOM involved ;) https://t.co/DR6x6nQj0O" / X
https://x.com/decoder_it/status/1842180729695842676
AT&T, Verizon reportedly hacked to target US govt wiretapping platform
https://www.bleepingcomputer.com/news/security/atandt-verizon-reportedly-hacked-to-target-us-govt-wiretapping-platform/
ESC15/EKUwu PR by dru1d-foofus · Pull Request #228 · ly4k/Certipy · GitHub
https://github.com/ly4k/Certipy/pull/228
GitHub - mbog14/CVE-2024-44193: Hacking Windows through iTunes - Local Privilege Escalation 0-day
https://github.com/mbog14/CVE-2024-44193
Kyiv's hackers launched an unprecedented cyber attack on Russian state media VGTRK on Putin's birthday
https://securityaffairs.com/169486/cyber-warfare-2/kyivs-hackers-hit-russian-state-media.html
Ruby-SAML / GitLab Authentication Bypass (CVE-2024-45409)
https://blog.projectdiscovery.io/ruby-saml-gitlab-auth-bypass/
VMK extractor for BitLocker with TPM and PIN
https://post-cyberlabs.github.io/Offensive-security-publications/posts/2024_09_tpmandpin/
Qualcomm patches high-severity zero-day exploited in attacks
https://www.bleepingcomputer.com/news/security/qualcomm-patches-high-severity-zero-day-exploited-in-attacks/
Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications
https://thehackernews.com/2024/10/critical-apache-avro-sdk-flaw-allows.html
Google Blocks Unsafe Android App Sideloading in India for Improved Fraud Protection
https://thehackernews.com/2024/10/google-blocks-unsafe-android-app.html
Critical Vulnerabilities Expose Nearly 1 Million DrayTek Routers Globally
https://hackread.com/1-million-draytek-routers-critical-vulnerabilities/
Microsoft: Word deletes some documents instead of saving them
https://www.bleepingcomputer.com/news/microsoft/microsoft-word-for-microsoft-365-deletes-some-documents-instead-of-saving-them/
GitHub - renniepak/CSPBypass
https://github.com/renniepak/CSPBypass
New Gorilla Botnet Launches Over 300,000 DDoS Attacks Across 100 Countries
https://thehackernews.com/2024/10/new-gorilla-botnet-launches-over-300000.html
CSP Bypass Search
http://cspbypass.com
perfctl: A Stealthy Malware Targeting Millions of Linux Servers
https://www.aquasec.com/blog/perfctl-a-stealthy-malware-targeting-millions-of-linux-servers/
PentesterLab Blog: Hiring Your First AppSec Engineer
https://pentesterlab.com/blog/hiring-your-first-appsec-engineer
FBCS data breach impacted 238,000 Comcast customers
https://securityaffairs.com/169478/data-breach/fbcs-data-breach-impacted-238000-comcast-customers.html
E.U. Court Limits Meta's Use of Personal Facebook Data for Targeted Ads
https://thehackernews.com/2024/10/eu-court-limits-metas-use-of-personal.html
American Water shuts down online services after cyberattack
https://www.bleepingcomputer.com/news/security/american-water-shuts-down-online-services-after-cyberattack/
MalwareBazaar | Browse malware samples
https://bazaar.abuse.ch/browse.php?search=serial_number%3A026db70f749dc993edb96bd0d65bc394
c862578f76c396997aec18d367b6f0ce81a6e15b6e50e27858e0f3dea7a98d95 | Triage
https://tria.ge/241007-d7bfdstbkm
2024 Cybersecurity Awareness Month Kit | SANS Institute
https://www.sans.org/u/1ydE
We Need To Talk About The OWASP Top Ten - YouTube
https://youtu.be/_4oODs7PBuI
Virus Bulletin 2024 - Day I
https://www.linkedin.com/pulse/virus-bulletin-2024-day-i-veronica-valeros-4y8me
Virus Bulletin 2024 - Day II
https://www.linkedin.com/pulse/virus-bulletin-2024-day-ii-veronica-valeros-vl5zf
Base64 Beyond Encoding – Steganography and Canonical Form (part 1) - HexArcana
https://hexarcana.ch/b/2024-08-16-base64-beyond-encoding/
tmate - Instant Terminal Sharing (or How To Backdoor a Linux Server) | dfir.ch
https://dfir.ch/posts/tmate_as_a_backdoor/
Base64 Beyond Encoding – Steganography and Canonical Form (part 2) - HexArcana
https://hexarcana.ch/b/2024-08-19-base64-beyond-encoding-p2/