Vulnerability Management. A thread. I don’t see much written on vulnerability management in more holistic terms vs. patch/bug fixing. This might be ok given a lot of vuln. mgmt. should be contextualized into enterprise risk/control. But still worth a short thread....... 1/13

Stanford University offers this free course on Web Security. The course covers: 1. HTTP, Cookies, Sessions 2. Same Origin Policy 3. Cross-Site Scripting (XSS) 4. Denial-of-service, Phishing, Side Channels 5. WebAuthn 6. Server security and more... Link: stanford.io/2UHIu65

flaws.cloud is a great resource for learning cloud security. It’s basically a CTF for an AWS environment.

Hey all!! We are running yet another Pay What You Can for SOC Core Skills next week! Yes, $0 is an option. Let's break some gates down and get more cool people in the industry. antisyphontraining.com/soc-core-skill…

In case you guys involved and new to red-teaming activities. These are one of good references. ired.team

Vulnerability full disclosure - New Oracle cloud vulnerability allowed users to access the virtual disks of other Oracle customers >>

It feels illegal to know about these 16 websites:

I started doing bug bounty on the side about 8 months ago. Here's what I've found 👇

Ben Sadeghipour mega.nz/folder/rLZmDax…

Cross-site scripting (XSS) SQL injection (SQLi) Cross-site request forgery (CSRF) Server-side request forgery (SSRF) Remote code execution (RCE) File inclusion Authentication bypass Information disclosure XML injection Clickjacking Open redirect Directory traversal Session

#CVE #Hunting #MDE #M365D CVE-2023-21554 DeviceNetworkEvents | where Timestamp > ago(30d) | where ActionType == "ListeningConnectionCreated" | where LocalPort == "1801" | where InitiatingProcessVersionInfoOriginalFileName has "MQSVC" | summarize by DeviceName

How many of these do you know? 100 web app exploits, in case you were bored :) Cross-Site Scripting (XSS) SQL Injection Cross-Site Request Forgery (CSRF) Remote File Inclusion (RFI) Local File Inclusion (LFI) Server-Side Request Forgery (SSRF) Clickjacking Directory Traversal

################################ CVE-2023-38408: Remote Code Execution in OpenSSH's forwarded ssh-agent ################################ now.. first questions... how many devices in your enterprise do you have running a vulnerable version of SSH? How many of these are internet

💻 What to look for on a site with IIS? 1. Use shortscan to search for short (and possibly full) filenames and extensions. - shortscan : - github.com/bitquark/short… 2. Check for reverse proxy and try directory traversal: /backend/ -> 10.0.0.1/api/ /backend/..%2Ftest ->

We are cutting the release cycle short and will release curl 8.4.0 on October 11, including a fix for a severity HIGH CVE. Buckle up.