The Intel Chroniclesintelchronicles.com·Jul 22, 2024Splunk Enterprise Hit by Critical Path Traversal Vulnerability: CVE-2024-36991Executive Summary On 17 July 2024, an arbitrary file read vulnerability in the Splunk Enterprise installations/deployments was identified by the SonicWall Capture Labs cyber threat research team. The vulnerability tracked as CVE-2024-36991. This vuln...Discuss·7 likes·100 readsVulnerability IntelligenceSplunk
Achal Tiwariachaltiwari.hashnode.dev·Jul 22, 2024ShellCode 1.0Hey there! Today, we're diving into the fascinating and somewhat intimidating world of shellcode. If you've ever wondered how hackers manage to take control of a compromised machine, shellcode is often a big part of the answer. Let's break it down to...DiscussMalware
The Intel Chroniclesintelchronicles.com·Jul 19, 2024One Shell To Rule Them All ReleasedExecutive Summary On July 16, 2024, cybersecurity firm Tanto Security (known as @TantoSecurity on X, previously Twitter) introduced a new tool called oneshell in a detailed write-up. Oneshell is designed to simplify the creation and deployment of cro...DiscussThreat Intelligenceexploit
The Intel Chroniclesintelchronicles.com·Jul 10, 2024Critical Outlook Vulnerability CVE-2024-38021 Patched by Microsoft - Remote Code Execution Without ClicksExecutive Summary Microsoft addressed the CVE-2024-38021 critical vulnerability affecting the Microsoft Outlook that allows remote code execution without user interaction or authentication. Experts from Morphisec also reported that this flaw could le...Discuss·56 readsVulnerability IntelligenceMicrosoft
The Intel Chroniclesintelchronicles.com·Jul 10, 2024Critical Server-Side Source Code Exposure Vulnerability in Apache Software FoundationExecutive Summary A regression in Apache HTTP Server version 2.4.60 has led to the omission of certain legacy content-type configurations for handlers. Specifically, the "AddType" directive and similar configurations may be ignored in cases where fil...Discuss·53 readsVulnerability Intelligencevulnerability intelligence
The Intel Chroniclesintelchronicles.com·Jun 9, 2024"303" Offers Fully-Functional Command Injection Exploit for OpenSSH 9.6Executive Summary On June 7, 2024, "303," a member of BreachForums, posted an update about selling a local command injection (LCI) exploit affecting OpenSSH version 9.6. According to the post, the exploit was developed in Python 3 and allows reverse ...DiscussVulnerability IntelligenceUbuntu
Corey Gardnercoreyscorner.hashnode.dev·Apr 25, 2024Safeguarding the Stack: Ornithology of Stack CanariesDuring the industrial era canaries were given the unforgiving job of determining if working conditions were "safe" for coal miners. Within coal mines toxic fumes can build up, and oxygen can become scarce. The life of the canary was a litmus test for...DiscussStack Overflow
Reza RashidiforRedTeamReciperedteamrecipe.com·Apr 25, 2024ASLR Exploitation TechniquesAddress Space Layout Randomization (ASLR) is a security technique used in operating systems to protect against certain types of cyber attacks, particularly buffer overflow attacks. Here’s an overview of ASLR: What is ASLR? ASLR is a feature implement...Discuss·1.1K readsaslr
Sukrit Duasukritdua.com·Mar 8, 2024Android Hacking - Part 5Activities What is an Activity? Activities are simply the screens we see when we open an application. Let's say we are greeted with the following Screens (Activities) Login page (LoginActivity.java) Profile page (ProfileActivity.java) Settings pag...DiscussMobile Security Android
Greg BulmashforGitGuardiangitguardian.hashnode.dev·Jan 29, 2024Five Ways Your CI/CD Tools Can Be ExploitedWe've talked about how Continuous Integration and Continuous Delivery (CI/CD) tools can be a source of secrets sprawl. While it's not as insecure as leaving them laying around in a publicly accessible file, CI/CD pipelines can be exploited in a numbe...DiscussSecurity