How do companies respond to 0days in 3rd party software?
How do companies respond to 0days in 3rd party software? Source link
Category: Mix
There are better options for a privacy-respecting phone
Meet the new, better Apple. Here’s how to choose your phone and set it up. Whether you think the news of Apple scanning your private…
The Mr Robot “Hack Twitch” video
The Mr Robot “Hack Twitch” video Source link
The Best Bug Bounty Recon Methodology
My first introduction to reconnaissance was Jason Haddix’s Bug Bounty Hunters Methodology. It’s the de facto standard and is still updated every year. There are…
Pre Auth Remote Command Execution (CVE-2022-36804) – Assetnote
Often when performing application security research, we come across other researchers who have found critical vulnerabilities in software that can inspire us to dig deeper…
Misconfigured JSF ViewStates can lead to severe RCE vulnerabilities
tl;dr ViewStates in JSF are serialized Java objects. If the used JSF implementation in a web application is not configured to encrypt the ViewState the…
Seguridad de iOS – Web View XSS – allysonomalley.com
Esta entrada se trata de una vulnerabilidad sencilla, pero peligrosa, que he visto en varias ocasiones. Creo que esta falla debería ser mas conocida –…
community/KCSA-CVE-2020-28914.md at main · kata-containers/community · GitHub
announcement-date: 2020-11-17 id: KCSA-CVE-2020-28914 title: Kata Containers Improper file permissions for read-only volumes description: An improper file permissions vulnerability affects Kata Containers prior to 1.11.5.…
Exploiting WPAD with Burp Suite and the “HTTP Injector” extension | Agarri : Sécurité informatique offensive
Exploiting WPAD with Burp Suite and the “HTTP Injector” extension I went last week to the ASFWS conference (“Application Security Forum – Western Switzerland”) at…
Insights into the New OWASP API Security Top-10 for CISOs
ICYMI, we recently presented A CISOs Guide to the New 2023 OWASP API Security Update. In this first of two planned webinars, Stepan Ilyin and…
Launching an InfoSec Career: My six essential tips | Security Simplified
Launching an InfoSec Career: My six essential tips | Security Simplified Source link
Bug Bounties With Bash – VirSecCon2020 Talk
Bug Bounties With Bash – VirSecCon2020 Talk Source link