Releasing full 2+hr video of my browser exploitation workshop from VXCON 2024: https://t.co/SBn4fMarPU
In which I show what goes inside the mind of a skilled hacker while exploiting a highly non-trivial vulnerability in v8, from zero to exploit concept.
Especially this workflow requires advanced abstract thinking, thereby emphasize the role of theoretical modeling in attacking hard zeroday research targets, which is a part of why it's fun. @zerodaytraining
☁️ AWS vs Azure: A “Secure by default” comparison
Stefan Tita compares various AWS and Azure defaults:
* Susceptibility of the Instance Metadata Service to SSRF
* How easily S3 buckets/container registery images/etc. can be exposed publicly
* AWS Access Keys vs Azure’s Interactive Login
* AWS IAM Policies vs Azure Roles (RBAC)
+ more
https://t.co/P67dOs2uut
How does MS Exchange on-premises compromise Active Directory?
Check out @Jonas_B_K's latest blog to learn what permissions Exchange has in AD that an attacker can abuse to compromise the domain & what organizations can do to prevent that. https://t.co/mngW1ateAw
Stop by @syn_cubes booth SU07 at #OWASP Global AppSec DC and check out their latest security tools! See why they stand out from the rest - friendly staff, exceptional service, and powerful solutions. https://t.co/WQr51kqVyi #friendlyninja#cybersecurity#appsec#developers
Attention network ninjas: Get ready to rock the cybersecurity world! Join us at the Packet Hacking Village at DEF CON. 🤩#PacketHackingVillage#DEFCON
and don't forget to join the official DEF CON discord!
https://t.co/lbbVBJCKrV
Radamsa's mutator fuzzer can be used for testing anything from web apps and embedded devices to network protocols.
Because it can generate unpredictable test inputs, it has been a great way to find unexpected security flaws.
https://t.co/x5NNbO30Zk
#pentesting#fuzzing
We’re excited to announce our partnership with @inspectiv. This will also allow Inspectiv to expand its portfolio and act as a one-stop security shop for clients that seek high-quality penetration testing for their compliance needs & beyond.
#partnership#Pentesting
The following website uses a variety of information gathered within the IAM Dataset and exposes that information in a clean, easy-to-read format, JSON or via descriptive API calls details.
https://t.co/2QAaOZ4v5M
#cloud#redteam#pentester#cloudsec
We published a blog post exploring a couple of practical solutions related to documents metada sanitization. It might be worth a read. 😉
https://t.co/jsahRdFGi2
After the NIST 800-190, Application Container Security Guide, which represents a high-level framework, NSA published a long-expected technical whitepaper. Get it, read it, use it. It is FREE and awesome. https://t.co/IZMRQZTK9Y