as some were surprised by the AREA41 CFP closing, we decised to extend it till May 1.
But get your abstracts in quickly as review selections have started
https://t.co/6yFuZvlTXQ
Evilginx 💗 Gophish
The long-awaited official integration of Evilginx with Gophish has finally arrived with the Evilginx 3.3 update. 🪝🐟
The update includes lots of quality-of-life improvements as well.
Enjoy and happy phishing! 🤗
https://t.co/Cqma4vpRFm
the CallForPaper for AREA41 conference is open!
Submit your A game of technical research to be a part of this conference🤓
⏳You got till end of April⌛️
https://t.co/6yFuZvlTXQ
📢📢📢 Accepted Talks and Speakers' Bios published 📢📢📢
Thanks to all who applied to our #CfP and to our reviewers, the list of accepted talks is now on our website. Detailed agenda will follow
https://t.co/X9lvNUOu1c
REMEMBER: Tickets sale starts tomorrow 3pm Zurich time 🥳
Done, CrackMapExec is now able to decrypt LAPS password thanks to the awesome work of @_zblurx and @BoreanJordan 🎉
If you have a credential that can read laps password, just run a /24 with the option of your choice (lsassy, lsa, dpapi...) and quickly become DA (probably) 👑
🪂
Today VirusTotal announced that each sample uploaded will be accompanied by "Code Insight". Code Insight uses Sec-PaLM, one of the generative AI models by Google, to explain what the malicious binary is doing.
Code Insight is available to all users.
tl;dr "they took my job"
@malmoeb do you actually encounter cases where an attacket was able to crack an Net-NTLMv2 hash? In opposition to LM and NThash, Net-NTLMv1/v2 are challenge/response-based and therefore usually way harder to crack. That is why you normally relay such hashes to another host internally.
@ant0inet Basierend auf dem Proof und unter der Annahme das es im Kontext von einem normalen Browser direkt gerendert wird, ist dieses XSS so gar kein XSS sondern ein korrekt encodierter String.
Decided to publish the Lexmark printer exploit + writeup + tools instead of sell it for peanuts. 0day at the time of writing: https://t.co/YptEXw3CjJ -- enjoy!
It's time everybody!!! the OffensiveCon23 ticket shop is now open! Get your tickets quickly, as they tend to run out pretty soon. https://t.co/DySRWNwSG9
Careful if you test for request smuggling vulns with @Burp_Suite and have „Add Custom Header“ adding a header for you because it seems to lead Repeater into updating the CL even if you have it disabled. Maybe a good time to migrate to Burp's internal function to add a header?
@albinowax Yeah that's what I would have expected. However, I see a zero CL in my case. I will email some more details to your support, maybe it helps.
@PortSwiggerRes To test for a client-side desync vuln, active scanner sends a request twice (first with keep-alive) and then reports it as vulnerable if the connection was not closed in between. Shouldn't it alter the content-length as well to test if it's actually ignored?
@albinowax I did, that's how I ruled it out as a FP manually. My point is that the scanner states "the server ignored the Content-Length header and did not close the connection" but only tests for the connection-part and does not modify the CL or sends a non-valid CL or similar.