If you're affiliated with a participating institution, the Hungary OA agreements means you can publish your article OA with fees covered, in more than 400 fully OA journals and 2,000 hybrid journals across the Springer Nature portfolio. Find out more about your eligibility.

The first reported DES fixed point (Enc_K(P)=P) for non weak-keys. You can verify it manually using OpenSSL: echo 9fe10d2e8c496143 | xxd -r -p | openssl enc -des-ecb -nopad -K 5d460701328f2962 | xxd -p ieeexplore.ieee.org/document/98328…

You can force any v8/Electron process to execute arbitrary js code (child_process, http, etc) by forcefully enabling and abusing the builtin debug mechanism ... here's VS Code executing Calc, but I suspect any Electron app is susceptible 🔥 it works with SIP enabled on macOS

☢️ Can confirm: Macros killed in Office 365, 2207 (Build 15427.20210) 1. if doc has MOTW, macros are disabled. 2. if doc is opened from MOTW flagged ISO/IMG, macros are disabled ISOs are no longer effective containers for MOTW evasion. However, bundling payloads into LNK is 🔥

Here is why NetNTLMv1 should be disabled in prod networks ASAP. Besides cracking the hash back to NTLM (and then forging Silver Tickets) is straightforward, there is also a lesser known but immediate relay attack path by removing the MIC and doing RBCD abuse. Demo in screenshots.

First hashcat benchmarks on the new NVIDIA RTX 4090! Coming in at an insane >2x uplift over the 3090 for nearly every algorithm. Easily capable of setting records: 300GH/s NTLM and 200kh/s bcrypt w/ OC! Thanks to blazer for the run. Full benchmarks here: gist.github.com/Chick3nman/32e…

here is the proper way to RC4 encode with OpenSSL compatible with SystemFunction032 (use the raw hex key instead of passphrase). awesome shellcode exec method from S3cur3Th1sSh1t 👍 s3cur3th1ssh1t.github.io/SystemFunction…

CrackMapExec version 5.4.0 "Indestructible G0thm0g" is out for everyone and also available in Kali Linux 🎉 ➡️ apt update ➡️ apt install crackmapexec Happy Hacking ! 🔥🪂 Release blog post 🔽 wiki.porchetta.industries/news-2022/inde…

what a wonderful technique for stealing chrome/edge cookies without knowing the user password via chrome debug mode by “Alex”: mango.pdf.zone/stealing-chrom… have not known it before (what a shame😄), although it is 4+ yrs old and still working. here it is, demo using Sliver C2.🔥

Prime factorization with chatGPT 😀

Do you think that establishing TCP connections and executing commands in PHP is a malicious activity? I don't think so, and neither does VirusTotal. #PHP #reverseshell

#paradoxon #ChatGPT 😀

Take a look at our latest publication in Acta Informatica, a journal by Springer, titled "Simple Chain Automaton Random Number Generator for IoT Devices". link.springer.com/article/10.100… #IoT , #Cryptography , #PRNG

Introducing the FormAI dataset. A collection of 112,000 compilable AI-generated C programs and their vulnerability classifications. ieee-dataport.org/documents/form… #AI , #dataset , #vulnerability

Have you ever considered the security of codes generated by AI? We have published the FormAI dataset, a large collection of 112 000 AI-generated compilable and independent C programs with vulnerability classification. github.com/FormAI-Dataset ieee-dataport.org/documents/form…

Want to know more about the security of "Edge Learning for 6G-Enabled Internet of Things"? Delighted to announce that our latest research accepted in the prestigious IEEE Communications Surveys & Tutorials (35.6 IF) ieeexplore.ieee.org/document/10255… #6G, #security, #IEEE, #AI, #edge

Computer vision has been solved.

The FormAI Dataset: Generative AI in Software Security through the Lens of Formal Verification | Proceedings of the 19th International Conference on Predictive Models and Data Analytics in Software Engineering dl.acm.org/doi/10.1145/36…

We've just released Shadow Repeater, for AI-enhanced manual testing. Simply use Burp Repeater as you normally would, and behind the scenes Shadow Repeater will learn from your attacks, try payload permutations, and report any discoveries via Organizer.