dreamhack.io

📑 실제 보안 컨설팅 중 발견한 원격 코드 실행(RCE) 0-Day 취약점 4건 공개! 🔗 blog.theori.io/a-deep-dive-in… Endpoint Protector(EPP) 솔루션 취약점의 발견 배경, 분석 과정, 이용 방법까지 확인해 보세요! #티오리 #Theori #컨설팅 #RCE #취약점분석 #CoSoSys #사이버보안 #보안 #0Day #EPP #CVE

In a recent #APT simulation, #Theori uncovered 4 critical #RCE vulnerabilities in @cososys Endpoint Protector (EPP) that let us fully compromise the server & clients. Here’s a peek: 👾 CVE-2024–36072: Unauthenticated attackers can exploit a logging flaw to execute system

Parsing Untrusted File Formats Safely github.com/google/puffs/

Australian InfoSec Analysts Hit With Restraining Orders bankinfosecurity.com/australian-inf…

Solving FlareOn 2017 - Challenge 3 with WinAppDbg (and three more hands-on WinAppDbg tutorials) parsiya.net/blog/2017-11-1…

Plus Accounts for Students! (ProtonMail) protonmail.uservoice.com/forums/284483-…

Bug bounty hunter walks away on 30k$ bounty from DJI (drone maker) digitalmunition.com/WhyIWalkedFrom…

A fed only browser isolation platform (beta). tucloud.com/safeweb_engine…

Dangers of the Decompiler, A Sampling of Anti-Decompilation Techniques blog.ret2.io/2017/11/16/dan…

CarolinaCon's CFP is now open! carolinacon.org/cfp.html

SpookFlare: Stay In Shadows artofpwn.com/spookflare.html?

Remote Code Execution in Chrome OS ($100k Bounty) - Writeup bugs.chromium.org/p/chromium/iss…

Github introduces automatic dependency security alerting github.com/blog/2470-intr…

Staring into the Spotlight - An offensive tour of the OSX userland search system blog.doyensec.com/2017/11/15/osx…

using a custom libc reddit.com/r/securityCTF/…

SQL Injection in bbPress blog.sucuri.net/2017/11/sql-in…

JOLTandBLEED Vulnerability CVSS 10.0 erpscan.com/press-center/b…

Evading Microsoft's AutoRuns blog.conscioushacker.io/index.php/2017…

[*]rebooting....