Guest-to-host VM escape in VMware Workstation chaining CVE-2023-20870, CVE-2023-34044 and CVE-2023-20869, by Alexander Zaviyalov (@NCCGroupInfosec).
https://t.co/qAKnS15RLn
#infosec
CISA KEV is a solid resource, yes, but it only lists which vulns have been caught being exploited in the wild and stops there. From a red team operator’s point of view that’s a useful starting point, but also a big gap if your end game is actually exploiting one of these during an op.
That’s what this CVE exploitation module I’ve been building is for: https://t.co/jheswG0CyB
CISA KEV stays the authoritative source for confirmed active exploitation. On top of it, the CVEs are enriched with technical writeups, the exploit repos themselves (if they exist), the researcher who found it, and even live chatter from X. It also surfaces vendor CVEs that already have a verified public PoC but haven’t hit KEV yet… the stuff a KEV-only view misses.
So as an operator, you can hopefully spend less time hunting down details and more time operating.
Hack the planet!
Stop asking LLMs to “find vulns.” Start using them to understand code.
@Sw4mp_f0x walks through using Claude Code as a force multiplier in app assessments - faster analysis, fewer false positives, better outcomes.
Check it out: https://t.co/BpMnOGBMv7
Discover the future of web traffic with HTTP/3 & QUIC!
Learn how this new protocol is revolutionizing internet communication with faster, more secure connections.
Get started with HTTP/3 testing using curl & Wireshark. https://t.co/KBf17Z7aYo
@three_cube
Unbelievable, they’re still sharing that bullshit hallucinated list (I can’t quote it because they blocked me)
We’ve called out all its mistakes multiple times, how dense do you have to be to stubbornly keep reposting it
A quick and easy way to find services with unquoted service paths is to open up PowerShell and run the following:
Get-WmiObject win32_service | select Name,PathName,StartMode,StartName | where {$_.StartMode -ne "Disabled" -and $_.StartName -eq "LocalSystem" -and $_.PathName -notmatch "`"" -and $_.PathName -notmatch "C:\\Windows"} | Format-List
I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: https://t.co/jD6EaGtsn3
HOLY FUCK.
Department of Justice nabbed one of the Scattered Spider guys. They got him on 120 counts of computer intrusions.
He's facing over 95 years in prison. I've NEVER seen a cyber crime charge this high.