today.md

每日安全资讯（2023-03-21）

• Security Boulevard
  • USENIX Security ’22 – Agnieszka Dutkowska-Zuk, Austin Hounsel, Amy Morrill, Andre Xiong, Marshini Chetty, Nick Feamster – ‘How and Why People Use Virtual Private Networks’
  • Software supply chain security practices are maturing — but it’s a work in progress
  • Automate your DevSecOps to take the pressure off triage
  • Investing in People Doesn’t Take AI
  • Women’s History Month at RiskLens: More Voices
  • [New Live Series] Dev Chat with Dan Conn: Beware of Malware
  • Robert M. Lee’s & Jeff Haas’ Little Bobby Comic – ‘WEEK 422’
  • A Former FBI Agent’s Thoughts: National Cybersecurity Strategy
  • How to Ensure Your Development Complies With SOC 2
  • The AI Risk Landscape: How ChatGPT Is Shaping the Way Threat Actors Work
• Armin Ronacher's Thoughts and Writings
  • Lessons from a Pessimist: Make Your Pessimism Productive
• Darknet – Hacking Tools, Hacker News & Cyber Security
  • DataSurgeon – Extract Sensitive Information (PII) From Logs
• 先知安全技术社区
  • Ejs模板引擎注入实现RCE
  • 探究公众号接口漏洞：从后台登录口到旁站getshell
• Microsoft Security Blog
  • Microsoft achieves first native Cloud Data Management Capabilities certification
  • Leverage cloud-powered security with Microsoft Defender for IoT
• unSafe.sh - 不安全
  • Persistence – Service Control Manager
  • Kali Linux 2023.1发布-10周年版-Kali Purple
  • CVE-2023-21768 本地提权 POC
  • 一个轻量级Web蜜罐
  • 一键提取安卓敏感信息ApkAnalyser
  • IP伪造插件（Burpsuite）
  • 褐寡妇打败黑寡妇
  • QQ截图工具独立版
  • 最新edu教育邮箱和github学生包申请保姆级教程
  • [New] CentOS Stream 9: missing kernel security fixes
  • 新基因编辑技术成功逆转小鼠视力损失
  • 科学家找到方法控制雄蚊的精子
  • IcedID’s VNC Backdoors: Dark Cat, Anubis & Keyhole
  • [站务公告] 蓝点网文件下载服务器维护 期间可能无法访问
  • 微软为Windows 11更新添加新选项：可以更快地获取系统更新？
  • curl 8.0.1 because I jinxed it
• 安全客-有思想的安全新媒体
  • NBA警告球迷数据泄露或涉及个人信息
  • Emotet恶意软件暗藏Microsoft OneNote文件逃避防御
  • Breach黑客论坛管理员POMpo..被抓
  • HinataBot僵尸网络可发起3.3 Tbps大规模DDoS攻击
  • 《2022 年度中国手机安全状况报告》，网诈男性受害者占 66%
  • FakeWalls Android恶意软件以新方式潜藏手机
  • 国新办发布《新时代的中国网络法治建设》白皮书
• InfoSec Write-ups - Medium
  • From Beginner to Pro: Secureum RACEs and the Journey to Ethereum Security Mastery
  • JWT [JSON WEB TOKENS] [EXPLANATION & EXPLOITATION] (0x02)
  • A Game-Changing Tool for Bug Bounty Hunters and Security Researchers
  • SecGPT transforms cybersecurity through AI-driven insights.
  • Alibaba Cloud WAF Command Injection Bypass via Wildcard Payload in All 1,462 Built-in Rule Set
  • Vulnerable Websocket Server
  • Adding Root Certificate to Android With Magisk Module
  • REST API FUZZING
• Tenable Blog
  • Tenable Cyber Watch: A Look at the U.S. National Cybersecurity Strategy, A Powerful AI Tech Gears Up for Prime Time, and more
• Recent Commits to cve:main
  • Update Mon Mar 20 19:36:34 UTC 2023
• Trustwave Blog
  • Gartner Names Trustwave in 2023 Market Guide for Managed Detection and Response (MDR)
• 嘶吼 RoarTalk – 回归最本质的信息安全,互联网安全新媒体,4hou.com
  • 勒索软件攻击已进入到令人发指的新阶段
  • CVE-2023-23397：Outlook漏洞PoC
• Twitter @Nicolas Krassas
  • Hackers target .NET developers with malicious NuGet packages https://www.bleepingcomputer.com/news/security/hackers-target-net-developers-with-malicio...
  • Persistence – Service Control Manager https://www.reddit.com/r/netsec/comments/11wn7vj/persistence_service_control_manager/
  • New tool to detect use of known secrets in web frameworks - Badsecrets https://www.reddit.com/r/netsec/comments/11wqhq4/new_tool_to_detect_use_of_know...
  • DataSurgeon – Extract Sensitive Information (PII) From Logs https://www.darknet.org.uk/2023/03/datasurgeon-extract-sensitive-information-pii-from-log...
  • File-sharing site Zippyshare shutting down after 17 years https://www.bleepingcomputer.com/news/technology/file-sharing-site-zippyshare-shutting-down-...
  • RT @[email protected]: Black Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its f...
  • Google Pixel flaw allowed recovery of redacted, cropped images https://www.bleepingcomputer.com/news/security/google-pixel-flaw-allowed-recovery-of-re...
  • Re @notzecoxao @happychat84 https://gchq.github.io/CyberChef/#recipe=Magic(3,false,false,'')
  • Re @lean0x2f Have a look at 1.2, https://iclg.com/practice-areas/data-protection-laws-and-regulations/usa . Short answer depending on the case.
  • IntelTechniques Search Tools https://inteltechniques.com/tools/
  • IcedID’s VNC Backdoors: Dark Cat, Anubis & Keyhole https://blog.nviso.eu/2023/03/20/icedids-vnc-backdoors-dark-cat-anubis-keyhole/
  • NANDo-Board: the swiss-army-knife for your IoT hacking adventures https://www.whid.ninja/blog/nando-board-the-swiss-army-knife-for-your-iot-hacking-ad...
  • Inside The DEA Tool Hackers Allegedly Used To Extort Targets https://packetstormsecurity.com/news/view/34436/Inside-The-DEA-Tool-Hackers-Allegedly-Use...
  • Mispadu Banking Trojan Targets Latin America: 90,000+ Credentials Stolen https://thehackernews.com/2023/03/mispadu-banking-trojan-targets-latin.html
  • BBC to staff: Uninstall TikTok from our corporate kit unless you can 'justify' having it https://go.theregister.com/feed/www.theregister.com/2023/03/2...
  • New DotRunpeX Malware Delivers Multiple Malware Families via Malicious Ads https://thehackernews.com/2023/03/new-dotrunpex-malware-delivers-multiple.h...
  • Researchers Shed Light on CatB Ransomware's Evasion Techniques https://thehackernews.com/2023/03/researchers-shed-light-on-catb.html
  • Emotet is back after a three-month hiatus https://securityaffairs.com/143722/cyber-crime/emotet-microsoft-onenote-campaign.html
  • NimPlant - A Light-Weight First-Stage C2 Implant Written In Nim http://www.kitploit.com/2023/03/nimplant-light-weight-first-stage-c2.html
  • RT CODE WHITE GmbH: Even though JMX exploitation is well understood, @mwulftange and @qtc_de found new universal exploitation techniques & one of them...
• 先知安全技术社区
  • Ejs模板引擎注入实现RCE
  • 探究公众号接口漏洞：从后台登录口到旁站getshell
• Files ≈ Packet Storm
  • Ubuntu Security Notice USN-5960-1
  • Red Hat Security Advisory 2023-1303-01
  • MyBB External Redirect Warning 1.3 Cross Site Scripting
  • MyBB Active Threads 1.3.0 Cross Site Scripting
  • 101+ News Portal 1.0 SQL Injection
  • Shannon Baseband NrSmPcoCodec Intra-Object Overflow
  • Red Hat Security Advisory 2023-1286-01
  • Music Gallery Site 1.0 Cross Site Scripting
  • Medicine Tracker System 1.0 Cross Site Scripting
  • Red Hat Security Advisory 2023-1154-01
  • Red Hat Security Advisory 2023-1285-01
  • Yoga Class Registration System 1.0 Cross Site Scripting
  • Online Pizza Ordering System 1.0 SQL Injection
  • Human Resources Management System 1.0 SQL Injection
  • Yoga Class Registration 1.0 SQL Injection
  • Adobe Connect 11.4.5 / 12.1.5 Local File Disclosure
• Sploitus.com Exploits RSS Feed
  • Online Pizza Ordering System 1.0 SQL Injection Vulnerability exploit
  • Human Resources Management System 1.0 SQL Injection Vulnerability exploit
  • Music Gallery Site 1.0 Cross Site Scripting Vulnerability exploit
  • Medicine Tracker System 1.0 Cross Site Scripting Vulnerability exploit
  • Yoga Class Registration System 1.0 Cross Site Scripting Vulnerability exploit
  • Yoga Class Registration 1.0 SQL Injection Vulnerability exploit
  • Adobe Connect 11.4.5 / 12.1.5 Local File Disclosure Vulnerability exploit
  • 101+ News Portal 1.0 SQL Injection Vulnerability exploit
  • Open Web Analytics 1.7.3 Remote Code Execution Exploit exploit
  • Riello UPS Restricted Shell Bypass Vulnerability exploit
  • Microsoft User Account Control Nuances Vulnerability exploit
  • 101+ News Portal 1.0 SQL Injection exploit
  • Music Gallery Site 1.0 Cross Site Scripting exploit
  • Human Resources Management System 1.0 SQL Injection exploit
  • Yoga Class Registration System 1.0 Cross Site Scripting exploit
  • Medicine Tracker System 1.0 Cross Site Scripting exploit
  • MyBB Active Threads 1.3.0 Cross Site Scripting exploit
  • MyBB External Redirect Warning 1.3 Cross Site Scripting exploit
  • Yoga Class Registration 1.0 SQL Injection exploit
  • Adobe Connect 11.4.5 / 12.1.5 Local File Disclosure exploit
  • Online Pizza Ordering System 1.0 SQL Injection exploit
  • Exploit for Path Traversal in Icinga Icinga Web 2 exploit
  • Exploit for CVE-2023-27326 exploit
  • Exploit for Improper Input Validation in Apache Log4J exploit
  • Exploit for Authentication Bypass by Capture-replay in Microsoft exploit
• 安全脉搏
  • APP代码保护方案原理分析
  • PHP代码审计-某cms逻辑漏洞导致getshell
• code white | Blog
  • JMX Exploitation Revisited
• Cerbero Blog
  • PowerShell Beautifier 2.0 Package
• Penetration Testing Lab
  • Persistence – Service Control Manager
• NVISO Labs
  • IcedID’s VNC Backdoors: Dark Cat, Anubis & Keyhole
• Darknet – Hacking Tools, Hacker News & Cyber Security
  • DataSurgeon – Extract Sensitive Information (PII) From Logs
• Bug Bounty in InfoSec Write-ups on Medium
  • A Game-Changing Tool for Bug Bounty Hunters and Security Researchers
• Twitter @bytehx
  • RT Sina Yeganeh: A Simple Tip for #bugbounty, But a Money Maker 🧐💸🫰 Before you finish your day of hunting: search in all requests and check i...
• Malwarebytes Labs
  • Google reveals 18 chip vulnerabilities threatening mobile, wearables, vehicles
  • "ViLE" members posed as police officers and extorted victims
  • A week in security (March 13 - 19)
• SentinelOne
  • SentinelOne Announces Amazon Linux 2023 Service Ready Designation
• Application Security Blog
  • Automate your DevSecOps to take the pressure off triage
• SAP Blogs
  • Offline Fiori App using local storage
  • Unlocking Success: The Power of People Transformation in Business Process Transformation
  • SAP Datasphere Analytic Model Series – Data Model Introduction
  • Automatic Idoc Generation while Creating Purchase Order
  • BW7.5 on HANA,BW/4HANA Migration Post and Pre steps from BW/BI Developer perspective
  • “Tell it like it is” — a communication strategy that saves time and gains credibility.
  • Another Successful Demo Readiness Workshop for S/4 HANA Cloud, Public Edition in NA
  • Using SAP Build Apps, create a Web app that simulates a lead generation page for C4C
  • SAP SuccessFactors: Error- The HRIS Element jobInfo is not updated
  • Total Workforce Management: An Infographic
• Reverse Engineering
  • /r/ReverseEngineering's Weekly Questions Thread
  • Showing names in SOLOQ champ select [League of legends]
  • Obfuscating WebAssembly using Emscripten built with an LLVM-level obfuscator
• daniel.haxx.se
  • curl 8.0.1 because I jinxed it
  • curl 8.0.0 is here
• code white | Blog
  • JMX Exploitation Revisited
• KitPloit - PenTest & Hacking Tools
  • NimPlant - A Light-Weight First-Stage C2 Implant Written In Nim
• FireShell Security Team
  • The Dangers of Exposed Azure Blobs
• FreeBuf网络安全行业门户
  • 本周三9点 | FreeBuf企业安全俱乐部·北京站来啦
  • FreeBuf早报 | 我国网络安全产业处于繁荣发展时期；美国法警局数百GB数据遭售卖
  • 2023第一个重大漏洞，几乎影响所有组织
  • 新的 "HinataBot "僵尸网络可以发动大规模的 DDoS攻击
  • 硅谷银行倒闭导致企业网络风险上升
• 博客园 - 郑瀚Andrew
  • 数据安全管理 学习笔记 - 郑瀚Andrew
• 安全牛
  • APT攻击分析报告-响尾蛇组织针对我国高校发起APT攻击
  • 2023热血再燃|网络安全攻防演练实战公开课来袭！
  • 六方云出海记！以泰国光合能源为范式，旗舰级方案走向世界
  • 对话知道创宇“黑哥”：视野和格局将决定网络空间测绘的未来！
  • 安全头条 |《新时代的中国网络法治建设》白皮书发布；中央网信办部署整治自媒体乱象专项行动
  • 直播预告 | 网安大讲堂（65期）：企业网络安全意识宣教思路探讨(二)
• text/plain
  • Going Electric – Solar
• 看雪学苑
  • 【详解】CTFHUB-FastBin Attack
  • NBA通讯服务遭黑客攻击，球迷个人信息失窃
  • 第5周 第2章节更新！《CTF训练营-Web篇》全面上线
• 腾讯玄武实验室
  • 每日安全动态推送(3-20)
• 黑海洋 - WIKI
  • Kali Linux 2023.1发布-10周年版-Kali Purple
  • CVE-2023-21768 本地提权 POC
  • 一个轻量级Web蜜罐
  • 一键提取安卓敏感信息ApkAnalyser
  • IP伪造插件（Burpsuite）
  • QQ截图工具独立版
  • 最新edu教育邮箱和github学生包申请保姆级教程
  • 推荐10个 Chrome 生产辅助插件
  • 15款Python 编辑器
  • 用HTTrack自己制作一个镜像网站
• 锦行科技
  • 锦行科技与广州大学、广州海关缉私局三方携手共建开源情报联合实验室
• HackerNews
  • 新的 “HinataBot “僵尸网络可以发动大规模的 DDoS 攻击
  • 硅谷银行倒闭导致网络风险上升
  • 军事基地航拍照片泄露，美国法警局数百 GB 敏感数据遭黑客售卖
  • 针对多国政府官员的黑客攻击还在继续……
• 赛博攻防悟道
  • [D3FENSE Knowledge WIKI「先进攻防知识WIKI」确定最终形态，一个致力于消除攻防双方认知偏差陷阱的知识百科。

🏠 访问入口： https://d3fense.tech

📖 WIKI版本： V0.3.3（WIKI起始版本0.1，大更新更新版本号0.1，小更新更新版本号0.01）

🆚 D3FENSE名称释义： “defense”这个词指代的是一种灵活的、具备反制能力的保护策略

🔭 主旨意图： 收录形成体系的先进攻防知识源和关键技术文档，避免在网络安全领域中因知识落差和信息不对称而导致认知偏差陷阱](https://mp.weixin.qq.com/s?__biz=MzI1MDA1MjcxMw==&mid=2649908027&idx=1&sn=028f648dce54e11b8be18ac4fa119ac9&chksm=f18eea3dc6f9632bd029bf976f7481a3a4ac75afcd00b4d710944a5686f6ea4e73debb989bcb&scene=58&subscene=0#rd)

• 绿盟科技技术博客
  • 企业内部的物联网：人去楼空网仍在 员工将智能设备扔在办公室会怎样？
  • 绿盟科技威胁周报（2023.03.13-2023.03.19）
  • SPNEGO 扩展协商 (NEGOEX) 安全机制远程代码执行漏洞（CVE-2022-37958）
  • Microsoft Outlook权限提升漏洞（CVE-2023-23397）通告
  • Adobe ColdFusion多个安全漏洞通告
• 信息时代的犯罪侦查
  • 往事钩沉 | 断了线的风筝
• 安全研究GoSSIP
  • G.O.S.S.I.P 阅读推荐 2023-03-20 That Person Moves Like A Car
• 丁爸 情报分析师的工具箱
  • 【生物安全】美军在我国周边的生物实验室布局
• M01N Team
  • 攻击技术研判 | 借助OneNote笔记进行MoTW规避新姿势
• 关键基础设施安全应急响应中心
  • 关键基础设施安全资讯周报20230320期
  • 真假顺丰官网，小心密码又被钓鱼！
  • 《新时代的中国网络法治建设》彰显网络法治建设是全面依法治国的题中应有之义
  • NBA已承认！敏感数据泄露，警告球迷安全风险
• 安全牛
  • 对话知道创宇“黑哥”：视野和格局将决定网络空间测绘的未来！
  • 安全头条 |《新时代的中国网络法治建设》白皮书发布；中央网信办部署整治自媒体乱象专项行动
  • 直播预告 | 网安大讲堂（65期）：企业网络安全意识宣教思路探讨(二)
• 中国信息安全
  • 庄荣文：深入学习贯彻习近平总书记重要论述 奋力开创新时代网络法治工作新局面
  • 《最高人民法院工作报告》中，有哪些内容与网络安全相关？
  • 评论 | 持续推进网络空间法治化
  • 观点 | 提升APP全链条管理能力
  • 法治 | 性侵未成年人案件之网络交友问题分析
  • 前沿 | 追踪人工智能监管政策新进展
  • 关注 | “192”号端诈骗电话开卡团伙被打掉，涉案金额超1亿！
• 国家互联网应急中心CNCERT
  • 每周典型移动恶意APP安全监测报告--“Android勒索类病毒”篇（2023-03-06-2023-03-12）
• 山石网科安全技术研究院
  • 商用密码应用安全性评估实施指南
• 奇安信 CERT
  • 全网漏洞态势研究 | 2022年度报告
• 慢雾科技
  • 火爆出圈的“最强 AI” —— GPT 是否可用于合约安全审计？
• CNCERT国家工程研究中心
  • 原创 | 真假顺丰官网，小心密码又被钓鱼！
  • Docker 容器安全风险和防御综述
  • 针对多国政府官员的黑客攻击还在继续……
• 奇客Solidot–传递最新科技情报
  • 褐寡妇打败黑寡妇
  • 新基因编辑技术成功逆转小鼠视力损失
  • 科学家找到方法控制雄蚊的精子
  • Curl 8.0.0 释出
  • 鸟儿搭乘海上船只的便车
  • 北海鳕鱼在变小
  • 转基因水稻可能能在火星上生长
  • Ken Thompson 称他正从 Mac 切换到 Linux
  • 2022 年度的自由软件奖宣布
  • curl 作者回顾过去二十五年
  • LLVM 编辑器套件释出 v16.0.0
  • 中国二手市场出现假冒的三星 980 Pro SSD
  • Mastodon 用户数突破一千万
• 字节跳动技术团队
  • ByteHouse 实时导入技术演进
  • 【活动预告】从云原生到大数据，如何打造 AIGC 新引擎？
• 嘶吼专业版
  • 勒索软件攻击已进入到令人发指的新阶段
  • CVE-2023-23397：Outlook漏洞PoC
• 三六零CERT
  • 2023年2月勒索软件流行态势分析
  • 安全事件周报 2023-03-13 第11周
  • 安全日报（2023.03.20）
• 深信服千里目安全技术中心
  • Adobe ColdFusion多个漏洞通告
• 网安国际
  • 【NDSS 2022 论文分享】基于无线网流量指纹分析的APP行为隔空识别
• 我的安全梦
  • 网吧威胁狩猎
• 安全学术圈
  • SySeVR:使用深度学习的漏洞检测框架
• 迪哥讲事
  • dom-xss研究系列-034-自动化研究
  • Bug Bounty Tips
  • 日常学习记录
• 代码卫士
  • 日立能源证实受GoAnywhere攻击影响，数据遭泄露
  • 研究员利用ChatGPT制造出多态恶意软件Blackmamba
  • 澳大利亚最大的个贷公司Latitude遭攻击，两家服务提供商受影响
• 360数字安全
  • 筑牢数字安全屏障！联通CA入根360信创SM2国密根证书库
  • 天津市公共实训中心与360共建“数字安全实训竞赛基地”
• Over Security - Cybersecurity news aggregator
  • Ferrari discloses data breach after receiving ransom demand
  • Windows 11 bug warns Local Security Authority protection is off
  • General Bytes Bitcoin ATMs hacked using zero-day, $1.5M stolen
  • Hackers target .NET developers with malicious NuGet packages
  • File-sharing site Zippyshare shutting down after 17 years
  • Bitcoin ATM customers hacked by video upload that was actually an app
  • Hackers mostly targeted Microsoft, Google, Apple zero-days in 2022
  • Macchine protette: il giusto equilibrio tra cyber security e sicurezza fisica degli asset produttivi
  • DataSurgeon – Extract Sensitive Information (PII) From Logs
  • People Trying to Use Facebook's Leaked AI to Improve Their Tinder Matches
  • False app Telegram e WhatsApp distribuiscono malware per Windows e Android: i dettagli
  • Campagna di Phishing ai danni di 6sicuro
  • Google Pixel flaw allowed recovery of redacted, cropped images
  • Why You Should Opt Out of Sharing Data With Your Mobile Provider
  • Wave of Arrests Hits Cybercriminals
  • The end of PfP: Pain-free Passwords
  • Security Awareness: how to avoid the dangers of cybersecurity with TelsySkills
  • Debunk a fake CVE-2023-23415
  • HinataBot, la botnet che sfrutta vulnerabilità in router e server per sferrare attacchi DDoS
  • Infrastrutture critiche, l’approccio dei CISO alla resilienza
  • FakeCalls: ritorna il malware per Android ed è ancora più evasivo
  • I rischi di sicurezza del lavoro remoto preoccupano le aziende
  • Risky Biz News: Samsung smartphones impacted by no-user-interaction zero-days
• Microsoft Security Blog
  • Microsoft achieves first native Cloud Data Management Capabilities certification
  • Leverage cloud-powered security with Microsoft Defender for IoT
• Krypt3ia
  • Manipulating ChatGPT into creating possible malware code and insights into responses an AI might have were it to become “God”
• 奇安信威胁情报中心
  • 全网漏洞态势研究 | 2022年度报告
• 信安之路
  • 手把手教你写 hacking 脚本
• 极客公园
  • 比亚迪放了个「大招」，准备「杀死」燃油车
  • 李开复正式下场，要做 AI 2.0 平台；美版权局：ChatGPT 生成内容不受保护；比亚迪智能手表曝光 | 极客早知道
• SANS Internet Storm Center, InfoCON: green
  • From Phishing Kit To Telegram... or Not!, (Mon, Mar 20th)
  • ISC Stormcast For Monday, March 20th, 2023 https://isc.sans.edu/podcastdetail.html?id=8416, (Mon, Mar 20th)
• ICT Security Magazine
  • Ciberdifesa Europea: Obiettivi e Strategie nel documento JOIN(2022)49
• NVISO Labs
  • IcedID’s VNC Backdoors: Dark Cat, Anubis & Keyhole
• The Hacker News
  • New DotRunpeX Malware Delivers Multiple Malware Families via Malicious Ads
  • Mispadu Banking Trojan Targets Latin America: 90,000+ Credentials Stolen
  • New Cyber Platform Lab 1 Decodes Dark Web Data to Uncover Hidden Supply Chain Breaches
  • Researchers Shed Light on CatB Ransomware's Evasion Techniques
  • Emotet Rises Again: Evades Macro Security via OneNote Attachments
• KitPloit - PenTest Tools!
  • NimPlant - A Light-Weight First-Stage C2 Implant Written In Nim
• Krebs on Security
  • Why You Should Opt Out of Sharing Data With Your Mobile Provider
• Daniel Miessler
  • NO. 374 — AI Response Shaping, SpaceX Blueprints, GPT-4 Innovation Explosion…
  • Response Shaping: How to Move from AI “Prompts” to AI Whispering
  • Calling Out The Security Community on AI
  • What’s My Bar for AGI? A Stand-up Comedy Routine
• Information Security
  • Chat GPT-4 asked how it would solve cybersecurity
• Your Hacking Tutorial by Zempirians
  • cruel tiktok pages tormenting the students at my school
  • Is it still worth it to learn hacking with the release of new AI?
• Computer Forensics
  • What is the usual waiting period for receiving your GIAC voucher after purchasing?
  • EXIF Hound Returns: The Next Milestone and Beyond
  • Identify what attachment had been downloaded in OWA
• D3Lab
  • Campagna di Phishing ai danni di 6sicuro
• Include Security Research Blog
  • Mitigating SSRF in 2023
• Blackhat Library: Hacking techniques and research
  • A Guide To DMA Geo-targeting On Tiktok: Reaching Location-based Audience
  • does anyone know an exploit to view tweets from a private account without following on twitter?
  • where did breached forums go ?
• Deeplinks
  • Sign The Petition And Tell EU Legislators: Don’t Scan Us
  • EU Lawmakers Must Reject This Proposal To Scan Private Chats
  • CBP Is Expanding Its Surveillance Tower Program at the U.S.-Mexico Border–And We're Mapping It
• netsecstudents: Subreddit for students studying Network Security and its related subjects
  • Can anyone please give us a roadmap for the things i need to learn in Cyber Security? like general concepts and the tools that we have to master, not talking about the certificates.
  • Pitting ChatGPT against common Cyber Security MCQ Exam Questions
  • Degree Choice Impasse
  • Do you know if the defense-in-depth strategy is still in use?
• Technical Information Security Content & Discussion
  • Attackers are starting to target .NET developers with malicious-code NuGet packages
  • Black Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality.
  • Persistence – Service Control Manager
  • New tool to detect use of known secrets in web frameworks - Badsecrets
  • KillNet and affiliate hacktivist groups targeting healthcare with DDoS attacks
  • Obfuscating WebAssembly using Emscripten with an LLVM-based obfuscator
  • Bypassing CloudTrail in AWS Service Catalog, and Other Logging Research | Datadog Security Labs
• Securityinfo.it
  • I rischi di sicurezza del lavoro remoto preoccupano le aziende
• Security Affairs
  • Acropalypse flaw in Google Pixel’s Markup tool allowed the recovery of edited images
  • Threat actors abuse Adobe Acrobat Sign to distribute RedLine info-stealer
  • Emotet is back after a three-month hiatus
  • Play ransomware gang hit Dutch shipping firm Royal Dirkzwager
• Social Engineering
  • How do you demonstrate thoughtfulness through words?
  • Why doesn't Cialdini mention basic emotions - like fear?