Really great post from Christophe Tafani-Dereeper about the menacing "allowPrivilegeEscalation" security context" blog.christophetd.fr/stop-worrying-…

Completed path Senior Web Penetration Tester in HTB Academy! academy.hackthebox.com/achievement/28… #hackthebox #htbacademy #cybersecurity

A list of +1400 websites making use of #Polyfill , which apparently has been used for a supplychain attack. Some stats: -26 gov sites - several bank pages ( 4 x santander) - times news pages for several US mil branches - +21 edu pages Let's hope it was just mobile ads...

I always recommend the use of Fail2ban for everything, including web services The good news is that it comes with a default config for sshd, which prevents the exploitation of CVE-2024-6387 & brute force attacks in general DigitalOcean has a tutorial digitalocean.com/community/tuto…

As we continue to do our daily news check up, we can confirm that CrowdStrike has performed a colossal oopsie and has done catastrophic damage. We have never witnessed an oopsie of this magnitude

100% CWEE !! Very nice 👌

Officially passed the CWEE 🥳 It was a challenging yet incredibly informative learning experience. Looking forward to what's next!

C2 Operations with Sliver offers a great introduction to the framework. However, the labs miss out on integrating security controls, which also feels like a missed opportunity to teach evasion techniques. academy.hackthebox.com/achievement/28… #hackthebox #htbacademy #cybersecurity

Critical XSS in Roundcube webmail⚠ A victim only has to view a malicious email. As reported by ESET Research, APTs have exploited similar vulns in the past to steal government emails. Our announcement: sonarsource.com/blog/governmen… (CVE-2024-42008, CVE-2024-42009, CVE-2024-42010)

Awesome post about various techniques on lateral movements and their Opsec/IOCs. It also touches on the double-hop problem. posts.specterops.io/offensive-late…

5. How did I learn about this? I was reading this article by Zachary Reichert, Daniel Stein, and Joshua Pivirotto about how this technique was utilized in the wild by a "financially motivated threat actor" aon.com/en/insights/cy…

A very good overview of the process integrity levels redcanary.com/blog/threat-de…

I just completed module Windows Lateral Movement in HTB Academy! academy.hackthebox.com/achievement/28… #hackthebox #htbacademy #cybersecurity

I just completed module Secure Coding 101: JavaScript in HTB Academy! academy.hackthebox.com/achievement/28… #hackthebox #htbacademy #cybersecurity

I just pwned Chemistry in Hack The Box! hackthebox.com/achievement/ma… #HackTheBox #htb #CyberSecurity #EthicalHacking #InfoSec #PenTesting

I just pwned Sightless in Hack The Box! hackthebox.com/achievement/ma… #HackTheBox #htb #CyberSecurity #EthicalHacking #InfoSec #PenTesting

I just pwned Sea in Hack The Box! hackthebox.com/achievement/ma… #HackTheBox #htb #CyberSecurity #EthicalHacking #InfoSec #PenTesting

I just pwned Instant in Hack The Box! hackthebox.com/achievement/ma… #HackTheBox #htb #CyberSecurity #EthicalHacking #InfoSec #PenTesting

I just pwned MonitorsThree in Hack The Box! hackthebox.com/achievement/ma… #HackTheBox #htb #CyberSecurity #EthicalHacking #InfoSec #PenTesting

I just pwned EscapeTwo on Hack The Box! hackthebox.com/achievement/ma… #HackTheBox #htb #CyberSecurity #EthicalHacking #InfoSec #PenTesting