2024-02-07 // Today, a guide shows how to turn off Windows Defender in sneaky ways, manipulating privilege tokens and integrity levels. Proctools is a toolkit for managing Windows processes, including extracting information and dumping sensitive strings for cybersecurity operations. CVE-2024-20931 is a bug in Oracle WebLogic that allows bad actors to bypass a previous fix using a Java trick. Studies unravel code scrambles in the DJI Pilot app, aiding in understanding and repair. Google’s tool uses AI for quicker bug identification and resolution. Scapy, a Python tool, tests networks for vulnerabilities. CVE-2017-11176 exploitation in the Linux kernel is detailed, guiding from understanding to proof-of-concept. BrowserLeaks offers a privacy check for web browsing. Jael narrates their journey to becoming a cybersecurity expert with the OSCE3 certification. LaZagne extracts passwords from various applications across operating systems. CloakQuest3r reveals real IP addresses of websites behind Cloudflare. RustNet incorporates features like malware analysis and network sniffing. Infoooze performs online data gathering. Paybag simplifies Metasploit payload creation for Linux. Lists find hidden Dark Web sites and sensitive information. Findhunters fosters bug hunter collaboration. A Nuclei template detects a Jenkins vulnerability. TPM-Sniffing retrieves Bitlocker keys from TPMs using communication protocols. [more...]

2024-02-06 // Analyze SAP Router and DIAG connections for security parameters with the Sncscan tool. Detect ransomware in MySQL with MELEE, and enhance offensive security assessments with the Nemesis Kubernetes pipeline. Identify GitHub Actions vulnerabilities using the Argus static taint analysis tool, and check for Nginx alias traversal issues using Navgix. [more...]

2024-02-05 // Today, extract macOS passwords with osx-password-dumper, scan networks via NetProbe, test servers with HTTP Garden, maintain access with RedTeam-Checker, analyze cloud security with PoiEx, solve CAPTCHAs using AI with a project by AashiqRamachandran, and learn more about vulnerabilities and breaches affecting AnyDesk, Meta, and Microsoft products. [more...]

2024-02-04 // Explore PETEP, a Java-based network traffic analysis and modification tool, and Deluder, a Python interception tool utilizing Frida for capturing traffic. Dive into Ken Shirriff's reverse engineering of the Intel 386 processor and learn about exploiting HackTheBox's RegistryTwo machine. Understand DMAC in PS2 development, enhance FPGA skills, bypass Windows UAC with a script, and test SpringBoot vulnerabilities using a GUI. [more...]

2024-02-03 // Today, Ivanti patched a big SSRF bug (CVE-2024-21893). Secure your network with least privilege and multi-factor authentication. Charlie Miller shows how to fix mobile device weaknesses. Yak Lang is a cool cybersecurity language. ADOKit attacks Azure DevOps, and Ransack secures Ruby apps. EventLogCrasher bugs Windows services, while CVE-2024-20698 is a tough exploit. Beware of fake NFT games and use SOAPHound for sneaky data collection. ToumaPet reveals its secrets, guard against sneaky OAuth apps, and Math Invaders gets decoded. ThievingFox steals credentials, and AnyDesk IOCs help spot threats. Monitor Telegram with tg-keyword-trends, secure your bootloader against CVE-2023-40547, and track SEC filings with SECurityTr8Ker! [more...]