HTTP Methods Discloser is a Burp extension to easily check which HTTP methods are available. Users who installed the infected package would have had their system compromised. A bug in the git_diff library made it possible to trick a repo’s maintainers into approving malicious pull requests. Make sure to update your OS before diving into disclosed a Remote Code Execution in Homebrew (a popular macOS package manager). confirmed the findings and published a detailed analysis on the root cause of the bug. Remote code execution in Homebrew by compromising the official Cask repository found a pretty bad bug that allowed malicious apps to basically bypass MacOS’s security mechanisms (File Quarantine, Gatekeeper, and Notarization Requirements). Writeups of the weekĪll Your Macs Are Belong To Us & macOS Gatekeeper Bypass (2021 Edition) (Apple) These are interesting but complex topics that only could make so fun! 2. The second video is a walkthrough of CVE-2021-3156 (Baron Samedit), why it wasn’t obsvious to detect with fuzzing and was hiding in plain sight for almost a decade. It provides a beginner friendly introduction to file descriptors, what they are and how they can be abused. The first one is part of a new binary exploitation series by PwnFunction. I’m more into Web/API/mobile hacking, but sometimes other types of InfoSec resources are so good it makes me want to change fields! It’s the case with these two videos. How SUDO on Linux was HACKED! // CVE-2021-3156 Why you should Close Your Files | Binary Exploitation 0x02 This issue covers the week from 19 to 26 of April.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |