■■■■□ CVE-2022-3786; DoS: Buffer overflow occurs in the ossl_a2ulabel vulnerable function. When this function meets a Punycode part followed by a dot character (“.”) it also appends “.” to the output buffer even if it overflows its size. https://twitter.com/_CPResearch_/status/1587741086340075521 https://t.me/cKure/11888
All posts by cK-bot
November 1, 2022 at 04:47PM
■■■■□ Pegasus spyware(Android) Analysis part 3. https://cybergeeks.tech/a-technical-analysis-of-pegasus-for-android-part-3/ https://t.me/cKure/11887
November 1, 2022 at 07:39AM
■■■■□ Weaponizing the Yubikey as a Rubber-Duck. https://www.blackhillsinfosec.com/how-to-weaponize-the-yubikey/ https://t.me/cKure/11886
October 31, 2022 at 12:34AM
■■■■■ Juniper SSLVPN / JunOS RCE and Multiple Vulnerabilities. https://octagon.net/blog/2022/10/28/juniper-sslvpn-junos-rce-and-multiple-vulnerabilities/ https://t.me/cKure/11885
October 29, 2022 at 08:54PM
■■■■□ Tool: Hunting After Secrets Accidentally Uploaded To Public S3 Buckets. https://github.com/Eilonh/s3crets_scanner https://medium.com/@hareleilon/hunting-after-secrets-accidentally-uploaded-to-public-s3-buckets-7e5bbbb80097 https://www.bleepingcomputer.com/news/security/new-open-source-tool-scans-public-aws-s3-buckets-for-secrets/ https://t.me/cKure/11884
October 28, 2022 at 11:20AM
■■■■■ CVE-2022-3723: Google Chrome zero-day Vulnerability. https://securityonline.info/cve-2022-3723-google-chrome-0-day-vulnerability/ https://t.me/cKure/11883
October 27, 2022 at 10:38PM
■■■■■ Tool: A plugin to introduce interactive symbols into your debugger from your decompiler. https://github.com/mahaloz/decomp2dbg https://t.me/cKure/11882
October 26, 2022 at 10:49AM
■■□□□ The European Parliament committee to investigate use of Pegasus and other spyware has a new hearing today! @ShaneHuntley from Google will be providing comments too. https://multimedia.europarl.europa.eu/en/webstreaming/committee-of-inquiry-to-investigate-use-of-pegasus-and-equivalent-surveillance-spyware_20221026-0900-COMMITTEE-PEGA Src: twitter.com/runasand/status/1585157185914691584 https://t.me/cKure/11881
October 26, 2022 at 10:44AM
■■■■■ Tool: singe’s grep – a fast grep using single-file parallelism. https://github.com/singe/singrep https://t.me/cKure/11880
October 26, 2022 at 10:26AM
● Exclusive – Zero-Day: A medium to high severity vulnerability in SAP portal allows a low privileged authenticated user to escalate privileges within the system abusing certain API end-points. The latest software / CMS is vulnerable and possibly all previous versions as well. SAP has been informed about the bug who have confirmed it and…