Hacker News
- Beware of the GIF: Account Takeover Vulnerability in Microsoft Teams https://www.cyberark.com/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams/ 67 comments
- I Hacked Play-With-Docker and Remotely Ran Code on the Host https://www.cyberark.com/threat-research-blog/how-i-hacked-play-with-docker-and-remotely-ran-code-on-the-host/ 3 comments
- Deep dive into the recent bugs in the NVMe protocol and the impact on cloud providers and on-premises servers. https://www.cyberark.com/resources/threat-research-blog/nvme-new-vulnerabilities-made-easy 5 comments netsec
- Penetrating the Apple: A Deep Dive into macOS Pentesting https://www.cyberark.com/resources/all-blog-posts/a-deep-dive-into-penetration-testing-of-macos-applications-part-1 9 comments netsec
- Multiple Vulnerabilities found in Docker Desktop - privesc, code execution, file overwrite/delete and more. https://www.cyberark.com/resources/threat-research-blog/breaking-docker-named-pipes-systematically-docker-desktop-privilege-escalation-part-2 29 comments netsec
- I wrote a thing! - How AI is revolutionizing infosec offensively and defensively. https://www.cyberark.com/resources/blog/ai-chatgpt-and-identity-securitys-critical-human-element 3 comments netsec
- Researcher infiltrates phishing syndicate to learn TTP's https://www.cyberark.com/resources/threat-research-blog/phishing-as-a-service 21 comments netsec
- CVE-2022-25637 - Multiple TOCTOU vulns in peripheral devices (Razer, EVGA, MSI, AMI) https://www.cyberark.com/resources/threat-research-blog/inglourious-drivers-a-journey-of-finding-vulnerabilities-in-drivers 9 comments netsec
- Creating a polymorphic malware using ChatGPT https://www.cyberark.com/resources/threat-research-blog/chatting-our-way-into-creating-a-polymorphic-malware 8 comments netsec
- Exploring the depths of Istio: A researcher's guide to analyzing a caching vulnerability https://www.cyberark.com/resources/threat-research-blog/what-i-learned-from-analyzing-a-caching-vulnerability-in-istio 2 comments netsec
- Critical Vulnerability Found in Sovrin, a Popular Decentralized Identity System https://www.cyberark.com/resources/threat-research-blog/decentralized-identity-attack-surface-part-2 2 comments netsec
- Inside Matanbuchus: A Quirky Loader https://www.cyberark.com/resources/threat-research-blog/inside-matanbuchus-a-quirky-loader 2 comments netsec
- New Technique: Extracting Clear-Text Credentials Directly From Chromium’s Memory https://www.cyberark.com/resources/threat-research-blog/extracting-clear-text-credentials-directly-from-chromium-s-memory 4 comments netsec
- HermeticWiper: What We Know About New Malware Targeting Ukrainian Infrastructure (Thus Far) https://www.cyberark.com/resources/blog/hermeticwiper-what-we-know-about-new-malware-targeting-ukrainian-infrastructure-thus-far 14 comments netsec
- How Docker Made Me More Capable and the Host Less Secure https://www.cyberark.com/resources/threat-research-blog/how-docker-made-me-more-capable-and-the-host-less-secure 2 comments netsec
- How we abused named pipes for smart-card hijacking, unauthorized file system access to client machines and more. https://www.cyberark.com/resources/threat-research-blog/attacking-rdp-from-inside 3 comments netsec
- Abusing terminal emulators with ANSI escape characters can lead to remote DDoS, character injection and more. https://www.cyberark.com/resources/threat-research-blog/dont-trust-this-title-abusing-terminal-emulators-with-ansi-escape-characters 3 comments netsec
- How I Cracked 70% of Tel Aviv’s Wifi Networks (from a Sample of 5,000 Gathered WiFi). https://www.cyberark.com/resources/threat-research-blog/cracking-wifi-at-scale-with-one-simple-trick 50 comments netsec
- Fuzzing Windows’ RDP client and server https://www.cyberark.com/resources/threat-research-blog/fuzzing-rdp-holding-the-stick-at-both-ends 2 comments netsec
- FickerStealer: A New Rust Player in the Market https://www.cyberark.com/resources/threat-research-blog/fickerstealer-a-new-rust-player-in-the-market 3 comments netsec
- Attacking Kubernetes Clusters Through Your Network Plumbing: Part 2 https://www.cyberark.com/resources/threat-research-blog/attacking-kubernetes-clusters-through-your-network-plumbing-part-2 6 comments netsec
- Group Policies Going Rogue https://www.cyberark.com/resources/threat-research-blog/group-policies-going-rogue 13 comments netsec
- Beware of the GIF: Account Takeover Vulnerability in Microsoft Teams https://www.cyberark.com/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams/ 17 comments netsec
- Anatomy of the Triton Malware Attack. https://www.cyberark.com/threat-research-blog/anatomy-triton-malware-attack/ 15 comments netsec
- Proxy or other solution needed please https://www.cyberark.com/products/privileged-account-security-solution/endpoint-privilege-manager/ 5 comments linuxadmin
- Golden SAML: Newly Discovered Attack Technique Forges Authentication to Cloud Apps https://www.cyberark.com/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-cloud-apps/ 12 comments netsec
- Implementing Malware Command and Control Using Major CDNs and High-Traffic Domains https://www.cyberark.com/threat-research-blog/implementing-malware-command-control-using-major-cdns-high-traffic-domains/ 9 comments netsec
- HTTPS Domain Fronting using Google Hosts and Cobalt Strike https://www.cyberark.com/threat-research-blog/red-team-insights-https-domain-fronting-google-hosts-using-cobalt-strike/ 3 comments netsec
- Discover the "Shadow Admins" lurking within AD.... before your adversaries do https://www.cyberark.com/threat-research-blog/shadow-admins-stealthy-accounts-fear/ 6 comments netsec
- Stealing Service Credentials to Achieve Full Domain Compromise - CyberArk http://www.cyberark.com/blog/cyberark-labs-research-stealing-service-credentials-achieve-full-domain-compromise/ 4 comments netsec
- CyberArk Labs: From Safe Mode to Domain Compromise http://www.cyberark.com/blog/cyberark-labs-from-safe-mode-to-domain-compromise/ 7 comments sysadmin
- Safe Mode, still easy to exploit. http://www.cyberark.com/blog/cyberark-labs-from-safe-mode-to-domain-compromise/ 11 comments netsec