![Community banner](https://lemmy.world/pictrs/image/a473a49a-c89d-45ff-91e7-c4b8ced7fac2.jpeg)
-
Is this come kind of hack attempt?
The NGINX access.log of my VPS is showing a curiosity.
Instead of a simple request like this...
"GET / HTTP/1.1"
...regular requests are coming in that look like this
"\x03\x00\x00\x13\x0E\xE0\x00\x00\x00\x00\x00\x01\x00\x08\x00\x03\x00\x00\x00"
Is this some kind of hack attempt?
Here's an example of a full line from the log...
15.204.204.182 - - [24/Apr/2024:15:59:47 +0000] "\x03\x00\x00\x13\x0E\xE0\x00\x00\x00\x00\x00\x01\x00\x08\x00\x03\x00\x00\x00" 400 166 "-" "-"
EDIT: For what it might be worth, most of these requests come in singularly, from different IP addresses. Once (that I've noticed) repeated attempts came in quickly from one specific IP.
-
Ghidra training classes from NSA
Ghidra training classes from NSA::undefined
-
An intro to automated evasion and compilation of .NET offensive tools
tierzerosecurity.co.nz Tier Zero SecurityInformation Security Services. Offensive Security, Penetration Testing, Mobile and Application, Purple Team, Red Team
An intro to automated evasion and compilation of .NET offensive tools::Information Security Services. Offensive Security, Penetration Testing, Mobile and Application, Purple Team, Red Team
- www.nist.gov NIST Releases Version 2.0 of Landmark Cybersecurity Framework
The agency has finalized the framework’s first major update since its creation in 2014.
-
Hacking Terraform state to gain code execution and privilege escalation
blog.plerion.com Hacking Terraform State for Privilege Escalation - PlerionWhat can an attacker do if they can edit Terraform state? The answer should be 'nothing' but is actually 'take over your CI/CD pipeline'.
Hacking Terraform state to gain code execution and privilege escalation::undefined
-
Data Scientists Targeted by Malicious Hugging Face ML Models with Silent Backdoor
jfrog.com Examining Malicious Hugging Face ML Models with Silent BackdoorIs Hugging Face the target of model-based attacks? See a detailed explanation of the attack mechanism and what is required to identify real threats >
Data Scientists Targeted by Malicious Hugging Face ML Models with Silent Backdoor::Is Hugging Face the target of model-based attacks? See a detailed explanation of the attack mechanism and what is required to identify real threats >
-
New Server Side Prototype Pollution Gadgets Scanner from Doyensec
blog.doyensec.com Unveiling the Server-Side Prototype Pollution Gadgets Scanner · Doyensec's BlogUnveiling the Server-Side Prototype Pollution Gadgets Scanner
New Server Side Prototype Pollution Gadgets Scanner from Doyensec::Unveiling the Server-Side Prototype Pollution Gadgets Scanner
-
It's now possible to find the AWS Account ID for any S3 Bucket (private or public)
It's now possible to find the AWS Account ID for any S3 Bucket (private or public)::A technique to find the Account ID of a private S3 bucket.
-
“SubdoMailing” — Thousands of Hijacked Major-Brand Subdomains Found Bombarding Users With Millions of Malicious Emails
“SubdoMailing” — Thousands of Hijacked Major-Brand Subdomains Found Bombarding Users With Millions of Malicious Emails::undefined
-
SEO Poisoning to Domain Control: The Gootloader Saga Continues
thedfirreport.com SEO Poisoning to Domain Control: The Gootloader Saga Continues - The DFIR ReportKey Takeaways More information about Gootloader can be found in the following reports: The DFIR Report, GootloaderSites, Mandiant, Red Canary, & Kroll. An audio version of this report can be … Read More
SEO Poisoning to Domain Control: The Gootloader Saga Continues::Key Takeaways More information about Gootloader can be found in the following reports: The DFIR Report, GootloaderSites, Mandiant, Red Canary, & Kroll. An audio version of this report can be … Read More
-
Code injection or backdoor: A new look at Ivanti's CVE-2021-44529
www.labs.greynoise.io GreyNoise Labs - Code injection or backdoor: A new look at Ivanti’s CVE-2021-44529In 2021, Ivanti patched a vulnerability that they called “code injection”. Rumors say it was a backdoor in an open source project. Let’s find out what actually happened!
Code injection or backdoor: A new look at Ivanti's CVE-2021-44529::In 2021, Ivanti patched a vulnerability that they called “code injection”. Rumors say it was a backdoor in an open source project. Let’s find out what actually happened!
-
Python Risk Identification Tool for generative AI (PyRIT)
github.com GitHub - Azure/PyRIT: The Python Risk Identification Tool for generative AI (PyRIT) is an open access automation framework to empower security professionals and machine learning engineers to proactively find risks in their generative AI systems.The Python Risk Identification Tool for generative AI (PyRIT) is an open access automation framework to empower security professionals and machine learning engineers to proactively find risks in th...
Python Risk Identification Tool for generative AI (PyRIT)::The Python Risk Identification Tool for generative AI (PyRIT) is an open access automation framework to empower security professionals and machine learning engineers to proactively find risks in their generative AI systems. - Azure/PyRIT
-
New TP-Link authentication Bypass!
ssd-disclosure.com SSD Advisory - TP-Link NCXXX Authentication Bypass - SSD Secure DisclosureSummary A vulnerability exists in TP-Link NCXXX family of devices, the vulnerability allows accessing the device without credentials – this chained with well known and currently unpatched post-auth vulnerabilities allow for the complete compromise of the device. Credit An independent security resear...
New TP-Link authentication Bypass!::undefined
-
Optum / Change Healthcare Breach
status.changehealthcare.com Update: Some applications are experiencing connectivity issues.Optum Solutions's Status Page - Update: Some applications are experiencing connectivity issues..
Optum / Change Healthcare Breach::Optum Solutions's Status Page - Update: Some applications are experiencing connectivity issues..
-
Ongoing Malware Laced Developer Job Interviews
blog.phylum.io Smuggling Malware in Test CodePhylum continues to discover malware polluting open-source ecosystems. In this blog post, we take a deep-dive into an npm package trying to masquerade as code profiler which actually installs several malicious scripts including a cryptocurrency and credential stealer. Curiously, the attacker attempt...
Ongoing Malware Laced Developer Job Interviews::Phylum continues to discover malware polluting open-source ecosystems. In this blog post, we take a deep-dive into an npm package trying to masquerade as code profiler which actually installs several malicious scripts including a cryptocurrency and credential stealer. Curiously, the attacker attempted to hide the malicious code in a test
-
Lockbit Ransomeware global taketown
Lockbit Ransomeware global taketown::With indictments and arrests.
- github.com GitHub - mlcsec/FormThief: Spoofing desktop login applications with WinForms and WPF
Spoofing desktop login applications with WinForms and WPF - mlcsec/FormThief
GitHub - mlcsec/FormThief: Spoofing desktop login applications with WinForms and WPF::Spoofing desktop login applications with WinForms and WPF - mlcsec/FormThief
-
Ivanti Connect Secure Under Attack: Uncovering Five Exploitable CVEs - XXE
blog.securelayer7.net Ivanti Connect Secure Under Attack: Uncovering Five Exploitable CVEsOverview Recently, five CVEs have been discovered in Ivanti Connect Secure, a software product designed to offer secure remote access to corporate resources and applications. This product is currently trusted by numerous service providers and government entities. These vulnerabilities encompas...
Ivanti Connect Secure Under Attack: Uncovering Five Exploitable CVEs - XXE::Time and again, securing you
-
Analysis of Mirai variant leveraging CVE-2023-1389
Analysis of Mirai variant leveraging CVE-2023-1389::undefined
- attackshipsonfi.re Exploiting Unsynchronised Clocks
TL;DR According to data from RIPE, over 40% of computers attached to the Internet have a few seconds of clock drift, which with the right combination of headers, will make an HTTP response unintentionally cacheable. Background Like many parts of the HTTP model, caching has been extended and revised ...
Exploiting Unsynchronised Clocks::TL;DR According to data from RIPE, over 40% of computers attached to the Internet have a few seconds of clock drift, which with the right combination of headers, will make an HTTP response unintentionally cacheable. Background Like many parts of the HTTP model, caching has been extended and revised multiple times over the years. The result is a confusing set of response header values, which affect the way that the browser may or may-not cache the response.
- www.aquasec.com Snap Trap: The Hidden Dangers Within Ubuntu's Package Suggestion System
Aqua Nautilus researchers have identified a security issue that arises from the interaction between Ubuntu’s command-not-found package and the snap package repository. While command-not-found serves as a convenient tool for suggesting installations for uninstalled commands, it can be inadvertently m...
Snap Trap: The Hidden Dangers Within Ubuntu's Package Suggestion System::Aqua Nautilus researchers have identified a security issue that arises from the interaction between Ubuntu’s command-not-found package and the snap package repository. While command-not-found serves as a convenient tool for suggesting installations for uninstalled commands, it can be inadvertently manipulated by attackers through the snap repository, leading to deceptive recommendations of malicious packages. Additionally, our …
-
Decrypted: Rhysida Ransomware - "we are now publicly releasing our decryptor for download to all victims of the Rhysida ransomware"
decoded.avast.io Decrypted: Rhysida Ransomware - Avast Threat LabsThe team at Avast has developed a decryptor for the Rhysida ransomware and released it for public download. The Rhysida ransomware has been active since May 2023. As of Feb 2024, their TOR site lists 78 attacked companies, including IT (Information Technology) sector, healthcare, universities, and g...
Decrypted: Rhysida Ransomware - "we are now publicly releasing our decryptor for download to all victims of the Rhysida ransomware"::The team at Avast has developed a decryptor for the Rhysida ransomware and released it for public download. The Rhysida ransomware has been active since May 2023. As of Feb 2024, their TOR site lists 78 attacked companies, including IT (Information Technology) sector, healthcare, universities, and government organizations.
-
Breach Analysis: APT29’s Attack on Microsoft - Password Spray & OAuth abuse.
www.cyberark.com APT29’s Attack on Microsoft: Tracking Cozy Bear’s FootprintsA new and concerning chapter has unfolded in these troubled times of geopolitical chaos. The Cozy Bear threat actor has caused significant breaches targeting Microsoft and HPE, and more are likely...
Breach Analysis: APT29’s Attack on Microsoft - Password Spray & OAuth abuse.::undefined
-
Troy Hunt: How Spoutible’s Leaky API Spurted out a Deluge of Personal Data
Troy Hunt: How Spoutible’s Leaky API Spurted out a Deluge of Personal Data::Ever hear one of those stories where as it unravels, you lean in ever closer and mutter “No way! No way! NO WAY!” This one, as far as infosec stories go, had me leaning and muttering like never before. Here goes:
Last week, someone reached out to me with what
-
JSON Smuggling: A far-fetched intrusion detection evasion technique
JSON Smuggling: A far-fetched intrusion detection evasion technique::undefined
-
Shellcode evasion using Wasm/Wat and Rust
balwurk.com Shellcode evasion using WebAssembly and Rust - BalwurkEveryone in InfoSec knows Metasploit and the importance this tool has had on many professionals and in the field itself, either be it for awareness purposes, education, CTFs or actual live penetration tests, odds are the reader has encountered and used Metasploit before.
Shellcode evasion using Wasm/Wat and Rust::undefined
-
ShmooCon 2024 Videos are up!
archive.org Shmoocon 2024 : ShmooCon : Free Download, Borrow, and Streaming : Internet ArchiveShmooCon 2024by Shmoo Group, various presentersThe videos in this collection are from ShmooCon 2024, which occurred on 12 - 14 January 2024, at the Washington...
ShmooCon 2024 Videos are up!::ShmooCon 2024by Shmoo Group, various presentersThe videos in this collection are from ShmooCon 2024, which occurred on 12 - 14 January 2024, at the Washington...
-
apk.sh makes reverse engineering Android apps easier, automating some repetitive tasks like pulling, decoding, rebuilding and patching an APK.
github.com GitHub - ax/apk.sh: apk.sh makes reverse engineering Android apps easier, automating some repetitive tasks like pulling, decoding, rebuilding and patching an APK.apk.sh makes reverse engineering Android apps easier, automating some repetitive tasks like pulling, decoding, rebuilding and patching an APK. - GitHub - ax/apk.sh: apk.sh makes reverse engineering...
apk.sh makes reverse engineering Android apps easier, automating some repetitive tasks like pulling, decoding, rebuilding and patching an APK.::apk.sh makes reverse engineering Android apps easier, automating some repetitive tasks like pulling, decoding, rebuilding and patching an APK. - GitHub - ax/apk.sh: apk.sh makes reverse engineering Android apps easier, automating some repetitive tasks like pulling, decoding, rebuilding and patching an APK.
-
Trends in Phishing, Fraud, 'Dark AI Models', and how to better protect yourself.
Trends in Phishing, Fraud, 'Dark AI Models', and how to better protect yourself.::We guard your domain, so you have peace of mind. Threat Visibility Platform.
-
How I Hacked My Air Purifier to Remove Cloud Dependency [Detailed Write-Up]
jmswrnr.com Hacking a Smart Home DeviceHow I reverse engineered an ESP32-based smart home device to gain remote control access and integrate it with Home Assistant.
How I Hacked My Air Purifier to Remove Cloud Dependency [Detailed Write-Up]::undefined
-
Deluder: Python utility for intercepting traffic of applications. Deluder can be used as an alternative for EchoMirage. It supports OpenSSL, GnuTLS, SChannel, WinSock and Linux Sockets out of the b...
github.com GitHub - Warxim/deluder: Deluder is a tool for intercepting traffic of proxy unaware applications. Currently, Deluder supports OpenSSL, GnuTLS, SChannel, WinSock and Linux Sockets out of the box. ⚡Deluder is a tool for intercepting traffic of proxy unaware applications. Currently, Deluder supports OpenSSL, GnuTLS, SChannel, WinSock and Linux Sockets out of the box. ⚡ - GitHub - Warxim/delu...
Deluder: Python utility for intercepting traffic of applications. Deluder can be used as an alternative for EchoMirage. It supports OpenSSL, GnuTLS, SChannel, WinSock and Linux Sockets out of the b...::Deluder is a tool for intercepting traffic of proxy unaware applications. Currently, Deluder supports OpenSSL, GnuTLS, SChannel, WinSock and Linux Sockets out of the box. ⚡ - GitHub - Warxim/deluder: Deluder is a tool for intercepting traffic of proxy unaware applications. Currently, Deluder supports OpenSSL, GnuTLS, SChannel, WinSock and Linux Sockets out of the box. ⚡
-
AnyDesk Incident Response 2-2-2024
AnyDesk Incident Response 2-2-2024::undefined
-
Your Security Program Is Shit::Very shit
-
Frog4Shell — FritzFrog Botnet Adds One-Days to Its Arsenal
Frog4Shell — FritzFrog Botnet Adds One-Days to Its Arsenal::undefined
-
Leaky Vessels: Docker and runc Container Breakout Vulnerabilities - January 2024
snyk.io Leaky Vessels: Docker and runc Container Breakout Vulnerabilities - January 2024 | SnykSnyk Security Labs Team has identified four container breakout vulnerabilities in core container infrastructure components including Docker and runc, which also impacts Kubernetes.
Leaky Vessels: Docker and runc Container Breakout Vulnerabilities - January 2024::Snyk Security Labs Team has identified four container breakout vulnerabilities in core container infrastructure components including Docker and runc, which also impacts Kubernetes.
-
CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog()
CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog()::undefined
-
New Visual Studio Code plugin for IaC security (plus collaboration, semgrep integration)
blog.doyensec.com Introducing PoIEx - Points Of Intersection Explorer · Doyensec's BlogIntroducing PoIEx - Points Of Intersection Explorer
New Visual Studio Code plugin for IaC security (plus collaboration, semgrep integration)::Introducing PoIEx - Points Of Intersection Explorer
-
Hunting for (Un)authenticated n-days in Asus Routers - Shielder
www.shielder.com Shielder - Hunting for ~~Un~~authenticated n-days in Asus RoutersNotes on patch diffing, reverse engineering and exploiting CVE-2023-39238, CVE-2023-39239, and CVE-2023-39240.
Hunting for (Un)authenticated n-days in Asus Routers - Shielder::Notes on patch diffing, reverse engineering and exploiting CVE-2023-39238, CVE-2023-39239, and CVE-2023-39240.
-
Your Firewalls and Proxies are about to be blind to real TLS destinations: Learn about Encrypted Client Hello
Your Firewalls and Proxies are about to be blind to real TLS destinations: Learn about Encrypted Client Hello::undefined