exploit.org

#FREEDUROV

🚀 OWASP Netryx Release 🚀 https://github.com/OWASP/www-project-netryx We have our official release of Netryx under OWASP Foundation - advanced Java security framework designed to protect your data and save you from cyber attacks. Here are the key features: JA3, JA4+, and HTTP/2 Fingerprinting: identification of users based on TLS and HTTP connection establishment, which helps to avoid bots and bad actors. Intrusion Detection System (IDS): Collect and analyze data to detect and block malicious activities. HTTP/2 0day Protection: Block attacks exploiting vulnerabilities in the HTTP/2 protocol, preventing you from RST Stream vulnerability Path Traversal Protection: Prevent unauthorized access to files outside the web root directory, ensuring your data remains secure. Protection Against Various Injection Attacks: HTML, JS, LDAP, and CMD encoders ensuring safety against different types of injection attacks. Secure Memory Management: Ensure sensitive information like keys and tokens are safely handled in memory, protecting from Data in Use attacks. And much more! All these features are implemented in Java, making OWASP Netryx a big addition to your security toolkit. Don't forget to star the repository 😉 #OWASP#Netryx#CyberSecurity#Java#WebSecurity

I think network traffic analysis in pentest scenarios is vastly underrated. In this article, I will demonstrate a technique to silently analyze the security of network equipment based on traffic analysis alone. Caster - Funeral https://blog.exploit.org/caster-funeral

Active Directory is used in many networks and is often the target of attacks. In this article, Caster will demonstrate the capabilities of Suricata signatures to detect attacks against Active Directory. Caster - If You Hadn't https://blog.exploit.org/caster-ifyouhadnt

Tomorrow

UPDATE: Telegram has fixed this bug. 🙂 Telegram started banning bots that send messages, where service number "t.me/+42777" is included in its content as a link. Some of popular bots (like @fabrika) got already banned. If you own a bot, turn off sending messages whose content depends on user input (e.g. greeting with user's firstname, etc.). P.S Telegram started slowly rollbacking the bans.

Kerberos, while more secure than NTLM, also has some security nuances. In this article, researcher Caster will demonstrate techniques for detecting Kerberos attacks using Suricata. Caster - Kerbhammer https://blog.exploit.org/caster-kerbhammer

Poisoning attacks against Windows machines have become well known among pentesters. In this article, Caster will demonstrate how to detect poisoning attacks using Suricata. Caster - Neurotransmitter https://blog.exploit.org/caster-neurotransmitter

Cisco equipment is widespread in production networks. In this article, Caster will demonstrate methods to protect Cisco IOS from network attacks. Caster - Disciple https://blog.exploit.org/caster-disciple

MikroTik equipment is widely distributed all over the world and its security is an acute issue. In this paper, Caster covered many aspects related to the network security of MikroTik equipment. Caster - Lockdown https://blog.exploit.org/caster-routeros-lockdown

⚠️PuTTY CVE-2024-31497⚠️ 📰Brief: attacker can gain access to private key with public key and some signed messages on hand via forged identification signature of legitimate user. Signed messages may be publicly visible due to storage in public Git. 🚩Possibilities: login into any servers key was used in, supply chain attacks software maintained git, etc. 📗Affected versions: 0.80 and prior. 📚Full description:https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html