Ståle Pettersen
@kozmic.bsky.social
Application Security and Cloud Security
Very interesting write-up
blog.talosintelligence.com/salt-typhoon...
blog.talosintelligence.com/salt-typhoon...
Weathering the storm: In the midst of a Typhoon
Cisco Talos has been closely monitoring reports of widespread intrusion activity against several major U.S. telecommunications companies, by a threat actor dubbed Salt Typhoon. This blog highlights ou...
blog.talosintelligence.com
February 21, 2025 at 7:47 AM
Very interesting write-up
blog.talosintelligence.com/salt-typhoon...
blog.talosintelligence.com/salt-typhoon...
Reposted by Ståle Pettersen
Old school or call it a classic: Hackers hacking hackers... labs.watchtowr.com/more-governm...
Backdooring Your Backdoors - Another $20 Domain, More Governments
After the excitement of our .MOBI research, we were left twiddling our thumbs. As you may recall, in 2024, we demonstrated the impact of an unregistered domain when we subverted the TLS/SSL CA process...
labs.watchtowr.com
January 9, 2025 at 5:40 AM
Old school or call it a classic: Hackers hacking hackers... labs.watchtowr.com/more-governm...
I'm hoping this becomes a success! It is really needed, as consumers have no information about the security of the IoT products they buy today. thehackernews.com/2025/01/fcc-...
FCC Launches 'Cyber Trust Mark' for IoT Devices to Certify Security Compliance
The U.S. Cyber Trust Mark enhances IoT security with NIST standards, QR codes, and accredited testing.
thehackernews.com
January 8, 2025 at 12:44 PM
I'm hoping this becomes a success! It is really needed, as consumers have no information about the security of the IoT products they buy today. thehackernews.com/2025/01/fcc-...
New Challenges, New Anti-Patterns
"I can tell you that AI is introducing some of the most fascinating – and terrifying – security challenges. Below are a few emerging anti-patterns you need to know about"
srajangupta.substack.com/p/security-a...
"I can tell you that AI is introducing some of the most fascinating – and terrifying – security challenges. Below are a few emerging anti-patterns you need to know about"
srajangupta.substack.com/p/security-a...
Security Anti-Patterns in the AI Era
Systemic mistakes masquerading as “practical solutions"
srajangupta.substack.com
January 7, 2025 at 5:59 PM
New Challenges, New Anti-Patterns
"I can tell you that AI is introducing some of the most fascinating – and terrifying – security challenges. Below are a few emerging anti-patterns you need to know about"
srajangupta.substack.com/p/security-a...
"I can tell you that AI is introducing some of the most fascinating – and terrifying – security challenges. Below are a few emerging anti-patterns you need to know about"
srajangupta.substack.com/p/security-a...
Very impressive research (as always from @orange.tw ) ! worst.fit
WorstFit!
worst.fit
December 11, 2024 at 6:58 PM
Very impressive research (as always from @orange.tw ) ! worst.fit
Reposted by Ståle Pettersen
My latest blog post is live! Check your Ruby on Rails applications for the use of params[:_json]
nastystereo.com/security/rai...
nastystereo.com/security/rai...
December 10, 2024 at 8:30 AM
My latest blog post is live! Check your Ruby on Rails applications for the use of params[:_json]
nastystereo.com/security/rai...
nastystereo.com/security/rai...
December 6, 2024 at 7:04 PM
New Feature on AWS GuardDuty Findings: Now available: Amazon GuardDuty Extended Threat Detection automatically detects multi-stage attacks sequences. An attack sequence is a critical severity (via @zoph.me )
gist.github.com/z0ph/960e35f...
gist.github.com/z0ph/960e35f...
MGDA-NEW_FEATURES-2024-12-03-23-22-55.json
GitHub Gist: instantly share code, notes, and snippets.
gist.github.com
December 4, 2024 at 6:27 AM
New Feature on AWS GuardDuty Findings: Now available: Amazon GuardDuty Extended Threat Detection automatically detects multi-stage attacks sequences. An attack sequence is a critical severity (via @zoph.me )
gist.github.com/z0ph/960e35f...
gist.github.com/z0ph/960e35f...
Pretty big operation!
thehackernews.com/2024/12/inte...
thehackernews.com/2024/12/inte...
INTERPOL Arrests 5,500 in Global Cybercrime Crackdown, Seizes Over $400 Million
Global police arrest 5,500 suspects, seize $400M, dismantle $1.1B phishing syndicate in INTERPOL-led HAECHI-V.
thehackernews.com
December 2, 2024 at 4:47 PM
Pretty big operation!
thehackernews.com/2024/12/inte...
thehackernews.com/2024/12/inte...
Are we allowed to link to X? I feel a bit ashamed to do it… but it’s such a good thread!
"Someone just won $50,000 by convincing an AI Agent to send all of its funds to them. "
x.com/jarrodwattsd...
"Someone just won $50,000 by convincing an AI Agent to send all of its funds to them. "
x.com/jarrodwattsd...
x.com
x.com
December 2, 2024 at 1:42 PM
Are we allowed to link to X? I feel a bit ashamed to do it… but it’s such a good thread!
"Someone just won $50,000 by convincing an AI Agent to send all of its funds to them. "
x.com/jarrodwattsd...
"Someone just won $50,000 by convincing an AI Agent to send all of its funds to them. "
x.com/jarrodwattsd...
A Security Threat Model for eBPF
Security information and guidance to large enterprises using or looking to adopt eBPF-based tools (PDF) github.com/ebpffoundati...
Security information and guidance to large enterprises using or looking to adopt eBPF-based tools (PDF) github.com/ebpffoundati...
github.com
December 2, 2024 at 11:50 AM
A Security Threat Model for eBPF
Security information and guidance to large enterprises using or looking to adopt eBPF-based tools (PDF) github.com/ebpffoundati...
Security information and guidance to large enterprises using or looking to adopt eBPF-based tools (PDF) github.com/ebpffoundati...
Malware can turn off webcam LED and record video, demonstrated on ThinkPad X230 github.com/xairy/lights...
GitHub - xairy/lights-out: Tools for controlling webcam LED on ThinkPad X230
Tools for controlling webcam LED on ThinkPad X230. Contribute to xairy/lights-out development by creating an account on GitHub.
github.com
November 28, 2024 at 6:12 AM
Malware can turn off webcam LED and record video, demonstrated on ThinkPad X230 github.com/xairy/lights...
Nice bypass of CSRF protections that rely on the Content-Type request header being present and then checking the value. "Blob" to the rescue! nastystereo.com/security/cro...
Cross-Site POST Requests Without a Content-Type Header / nastystereo.com
nastystereo.com
November 28, 2024 at 5:13 AM
Nice bypass of CSRF protections that rely on the Content-Type request header being present and then checking the value. "Blob" to the rescue! nastystereo.com/security/cro...
Reposted by Ståle Pettersen
I just wrote a new blog post! This is how I (ab)used a jailed file write bug in Tomcat/Spring. Enjoy!
Remote Code Execution with Spring Properties :: srcincite.io/blog/2024/11...
Remote Code Execution with Spring Properties :: srcincite.io/blog/2024/11...
Remote Code Execution with Spring Properties
Recently a past student came to me with a very interesting unauthenticated vulnerability in a Spring application that they were having a hard time exploiting...
srcincite.io
November 26, 2024 at 11:57 PM
I just wrote a new blog post! This is how I (ab)used a jailed file write bug in Tomcat/Spring. Enjoy!
Remote Code Execution with Spring Properties :: srcincite.io/blog/2024/11...
Remote Code Execution with Spring Properties :: srcincite.io/blog/2024/11...
🤣
November 27, 2024 at 5:21 AM
🤣
Very cool! Check it out :)
The self described “Shodan of AWS” is now live! This is an amazing project from Daniel Grzelak that helps democratize cloud resource enumeration for the masses. Very excited about this!
awseye.com
awseye.com
Awseye - See Inside AWS Accounts
Awseye tracks publicly accessible AWS data to help identify and secure known and exposed AWS resources. Empowering defenders with open-source intelligence.
awseye.com
November 26, 2024 at 5:24 AM
Very cool! Check it out :)
Great writeup about how parsers handle file uploads in different ways. Great list of bypasses :) blog.sicuranext.com/breaking-dow...
Breaking Down Multipart Parsers: File upload validation bypass
TL;DR: Basically, all multipart/form-data parsers fail to fully comply with the RFC, and when it comes to validating filenames or content uploaded by users, there are always numerous ways to bypass va...
blog.sicuranext.com
November 19, 2024 at 9:28 AM
Great writeup about how parsers handle file uploads in different ways. Great list of bypasses :) blog.sicuranext.com/breaking-dow...
Nice research, including the final punch (exploit) dreyand.rs/code/review/...
What Are My OPTIONS? CyberPanel v2.3.6 pre-auth RCE
Few months ago I was assigned to do a pentest on a target running CyberPanel. It seemed to be installed by default by some VPS providers & it was also sponsored by Freshworks.
dreyand.rs
November 18, 2024 at 6:27 AM
Nice research, including the final punch (exploit) dreyand.rs/code/review/...
I put a LLM to attack your LLM, what can possibly go wrong? :) Seems like a nice til actually. github.com/NVIDIA/garak
GitHub - NVIDIA/garak: the LLM vulnerability scanner
the LLM vulnerability scanner. Contribute to NVIDIA/garak development by creating an account on GitHub.
github.com
November 18, 2024 at 6:25 AM
I put a LLM to attack your LLM, what can possibly go wrong? :) Seems like a nice til actually. github.com/NVIDIA/garak
Interesting write-up of the new forced reboot of inactive iPhones that Apple recently added: naehrdine.blogspot.com/2024/11/reve...
Reverse Engineering iOS 18 Inactivity Reboot
Wireless and firmware hacking, PhD life, Technology
naehrdine.blogspot.com
November 18, 2024 at 6:23 AM
Interesting write-up of the new forced reboot of inactive iPhones that Apple recently added: naehrdine.blogspot.com/2024/11/reve...
So many new bluebird alternatives... Got the be on all of them, in case one of them actually managed to take over :)
August 21, 2023 at 12:59 PM
So many new bluebird alternatives... Got the be on all of them, in case one of them actually managed to take over :)