karayaman/Play-online-chess-with-real-chess-board: Program that enables you to play online chess using real chess board.
Program that enables you to play online chess using real chess board.
https://github.com/karayaman/Play-online-chess-with-real-chess-board
The Security Manager was a JVM component that allowed you to define a white list of what an application could do, regardless of the application code.
https://blog.frankel.ch/running-untrusted-code/
Kronos hack update: Employers are suing as paycheck delays drag on
Kronos hack update: Employers are suing as paycheck delays drag on Hundreds, if not thousands, of workers have missed out on overtime and holiday pay in recent weeks.
https://www.npr.org/2022/01/15/1072846933/kronos-hack-lawsuits
Risk-aware applications
The Indicators of Compromise produced by the risk-aware applications must also be mature and well qualified to be accepted into the SOC. Risk Queries.
https://www.jerkeby.se/newsletter/posts/risk-aware-applications/
The issue resides on that for some reason the Procmon which is running with elevated permissions, is launched from the user Temp Directory, allowing the user to replace the Procmon binary to any other binary which will run elevated.
https://hencohen10.medium.com/cyberark-endpoint-manager-local-privilege-escalation-cve-2021-44049-67cd5e62c3d2
opsdisk/the cyber plumbers handbook: Free copy of The Cyber Plumber's Handbook
Advanced topics included SSHing through 4 jump boxes, throwing exploits through SSH tunnels, scanning assets using proxychains and Metasploit's Meterpreter, browsing the Internet through a SOCKS proxy, utilizing proxychains and nmap to scan targets, and leveraging Metasploit's Meterpreter portfwd command.
https://github.com/opsdisk/the_cyber_plumbers_handbook
Destructive malware targeting Ukrainian organizations
Microsoft Threat Intelligence Center has identified evidence of a destructive malware operation targeting multiple organizations in Ukraine.
https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/
Automatic Rop Chain Generation
'/home/chris/projects/auto rop chain/buffer overflow 64bit'.
https://breaking-bits.gitbook.io/breaking-bits/vulnerability-discovery/automatic-exploit-generation/automatic-rop-chain-generation
open-sauced/hot: 🍕The site that recommends the hottest projects on GitHub.
Since the tests run in watch mode by default, some users may encounter errors about too many files being open.
https://github.com/open-sauced/hot
EXCLUSIVE Ukraine suspects group linked to Belarus intelligence over cyberattack
Register now for FREE unlimited access to Reuters.comKYIV, Jan 15 - Kyiv believes a hacker group linked to Belarusian intelligence carried out a cyberattack that hit Ukrainian government websites this week and used malware similar to that used by a group tied to Russian intelligence, a senior Ukrainian security official said.
https://www.reuters.com/world/europe/exclusive-ukraine-suspects-group-linked-belarus-intelligence-over-cyberattack-2022-01-15/
Every time a website interacts with a database, a new database with the same name is created in all other active frames, tabs, and windows within the same browser session.
https://fingerprintjs.com/blog/indexeddb-api-browser-vulnerability-safari-15/
dhondta/awesome-executable-packing: A curated list of awesome resources related to executable packing
A curated list of resources related to executable packing.
https://github.com/dhondta/awesome-executable-packing
Ghost in the ethernet optic
Smart-sfp(root)(config-erspan[profile1])# show filter Number Dir BSO Protocol IP src Port src IP dst Port dst VLAN id Erspan Cap Enabled 0 rx off off off off off off off erspan0 capture0 false 1 rx off off off off off off off erspan0 capture0 false.
https://blog.benjojo.co.uk/post/smart-sfp-linux-inside
Identifying beaconing malware using Elastic
If you don't have an Elastic Cloud cluster but would like to try out our beaconing identification framework, you can start a free 14-day trial of Elastic Cloud.
https://www.elastic.co/blog/identifying-beaconing-malware-using-elastic
FSB arrests REvil ransomware gang members
The Russian Federal Security Service said today that it has raided and shut down the operations of the REvil ransomware gang.
https://therecord.media/fsb-raids-revil-ransomware-gang-members/
Wisser/Jailer: Database Subsetting and Relational Data Browsing Tool.
Jailer is a tool for database subsetting and relational data browsing.
https://github.com/Wisser/Jailer
North Korean Hackers Have Prolific Year as Their Unlaundered Cryptocurrency Holdings Reach All-time High
North Korean cybercriminals had a banner year in 2021, launching at least seven attacks on cryptocurrency platforms that extracted nearly $400 million worth of digital assets last year.
https://blog.chainalysis.com/reports/north-korean-hackers-have-prolific-year-as-their-total-unlaundered-cryptocurrency-holdings-reach-all-time-high/
FirmWire/FirmWire: FirmWire is a full-system baseband firmware emulation platform for fuzzing, debugging, and root-cause analysis of smartphone baseband firmwares
FirmWire is a full-system baseband firmware emulation platform that supports Samsung and MediaTek.
https://github.com/FirmWire/FirmWire
|