github.com/Wenzel/awesome…

Mapped all of the Amazon GuardDuty Findings to ATT&CK. A bit more of an art than a science. Hopefully useful to some detection and response teams out there. See 🧵for more detail 👇

Gamers Beware We recently turned our eyes to a major networking library used by a sizeable chunk of online gaming - Valve’s "Steam Sockets". Here is our report on the library, and the vulnerabilities we found in it. research.checkpoint.com/2020/game-on-f…

Sharing this mindmap I personally created months ago when I was studying memory forensics. These are all publicly available on the volatility GitHub page but I find it very useful for mapping the plugins and their usage. #dfir #incidentresponse #memoryforensics #infosec

ICYMI @[email protected] explained a few DOMPurify bypasses yesterday (youtu.be/QBkLI35sxVs). Today we're publishing a first part of two-part series about how he helped secure DOMPurify: research.securitum.com/helping-secure…

madaidans-insecurities.github.io/guides/linux-h…

4 different ways of hiding a #Linux process sysdig.com/blog/hiding-li…

Having discovered various issues with Windows mini-filter drivers lately I found public information about how to analyze such drivers for security issues somewhat lacking. Therefore today I've put out a blog post to try and fix that glitch :-) googleprojectzero.blogspot.com/2021/01/huntin…

googleprojectzero.blogspot.com/2021/01/introd…

eBPF Tools: An Overview of Falco, Inspektor Gadget, Hubble and Cilium thenewstack.io/ebpf-tools-an-…

I know there are lots of people waiting for the recent Microsoft Exchange pre-auth RCE on our side. This is a short advisory and detailed timeline. proxylogon.com #proxylogon

Interesting. The print() dialog has no information about the origin, so "document.write(document.domain);print()" might be better. By doing so, you can see document.domain on the print preview portswigger.net/research/alert…

NEW VIDEO! Ever wondered what these "Browser Sandbox Escapes" are about? @freddyb wrote an article about how easy it is to look for vulnerabilities in the Firefox Sandbox and I turned it into a video. What is a Browser Security Sandbox?! youtube.com/watch?v=StQ_6j…

Inspired by Gareth Heyes \u2028' CSP bypass in PayPal, for the first time in 4 years, I found again that JS resources added by CloudFlare could introduce a CSP bypass. l0.cm/cf_cspbypass.h…

I’m looking to give away a voucher for the #OSCP PEN-200 w/ 30 day lab access ($999 value) for those in #InfoSec looking to grow their career! To enter for a chance to win, make sure to follow me AND retweet or like. The winner will be randomly selected on October 1st!

Amazing writeup on finding a vulnerability through .NET reversing, enjoyed reading about the breakpoints that were set and how they logically owned Citrix ShareFile through a third party dependency codewhitesec.blogspot.com/2021/09/citrix…

⚠️📱Android Pentest Resources 👇 👉 Android app pentesting Hacktricks by @carlospolopm book.hacktricks.xyz/mobile-apps-pe… 👉 android pentest mindmap xmind.net/m/DVAq9V/# 👉 Android pentest checklist by Harsh Bothra xmind.net/m/GkgaYH/#