KBSec

Round two! Now with more memes github.com/kbsec/CS-501-m…

In all seriousness, @SchmiegSophie is 100% right. It’s kind of hard to create post-quantum cryptographic systems when I don’t know which algorithms to use.

Today we are launching Visual Search, a new and powerful search feature which finds related scanned websites on urlscan.io by their visual appearance. Available to customers on urlscan Pro today, have fun using it! - urlscan.io/blog/2022/05/0…

I'm so traumatized by Python that every third line of code I write is a type check

Happy to finally publish my work on the two vulnerabilities in the Linux kernel I've found: CVE-2022-1015 and CVE-2022-1016! I'll be talking some background, a deeper look into nf_tables, and a local privilege escalation PoC! (code on my github) blog.dbouman.nl/2022/04/02/How…

From an upcoming presentation

Testing Process Injection stuff like:

all my C/C++ code is secure because i manifest it ✨

BREAKING: The open-sourced sample AC97 sound driver by Microsoft, is now added into latest nightly builds of #ReactOS! You can now have sound in VirtualBox, out of the box! For VMware, you need to install Guest Additions. Do not forget that you could run into issues with sound.

@huggingface Kind of a tough one. As a rule of thumb you shouldn’t ever unpickle untrusted bytes because by design it’s code execution. (De)serialization is the source of many foot guns. Unless you absolutely need all features of pickled objects, you might want to pick a different format

Is anyone here into vulnerability detection and how to make Pickle and other Python serialization formats more secure? We would love to hear from you!

New post is up on the @trustedsec blog, this time looking at how to use ProcessDeviceMap to load arbitrary DLL's into a process on start. trustedsec.com/blog/object-ov…

Is it possible to start a process as SYSTEM using only CreateFile and WriteFile? Yes Spoiler: Write a custom RPC client and create a temporary service using \\.\pipe\ntsvcs 🙂 x86matthew.com/view_post?id=c…

@RichieRandolph Plenty more where that came from

@KB_Intel Great memes, thank you for sharing!

Round two! Now with more memes github.com/kbsec/CS-501-m…

@piffey @DomainTools 🤠

In a bit of personal news, tomorrow is my last day @DomainTools. After almost 7 years hunting malicious infra with the industry's best historical data set it's time to move along and expand. It's been a wonderful ride of growth at an amazing firm. Thanks for all the years. 🤙

Do you like Free stuff? Want to learn the basics of writing and reversing your own C2 Framework? Then you should check out github.com/kbsec/CS-501-2… . This class was written by myself and @__winn and is currently being taught at BU!

@PythonResponder F

@replit Python repls don’t work

Everything is up excepting web hosting, which includes HTML. We're hoping to be up in the next 15 minutes

We're experiencing higher load times, looking into it.

@ANeilan @Spam404 @nullcookies @dyngnosis @olihough86 @dave_daves @JCyberSec_ @sysgoblin @n0p1shing @makflwana Looks like burp intruder