Grambulf

9.2K posts

Grambulf

@grambulf

Katılım Ekim 2011

631 Takip Edilen345 Takipçiler

Grambulf@grambulf·10 Eki

@feffi1 Is that yours? 😄

English

Grambulf retweetledi

zhiniang peng@edwardzpeng·10 Eki

#VisualStudio 1-click RCE, No Smartscreen warning, No trust need, No futher interaction need. Just download from internet, 1-click then pwn. But it will not be fixed, because Microsoft consider it's not a vulnerability😅

English

193

32.2K

Grambulf@grambulf·21 Tem

@NightmareJS @cloudvillage_dc Nice! I would love to be there

English

kat traxler@NightmareJS·21 Tem

Ever wanted to attack AWS from GCP? I know I did. Unveiling The DeRF @cloudvillage_dc Friday August 11th at 12:30 PDT. #talks?collapsekattraxler" target="_blank" rel="nofollow noopener">cloud-village.org/#talks?collaps…

English

2.5K

Grambulf retweetledi

FerrousSystems@FerrousSystems·19 Tem

Today, we're announcing the immediate availability of the Ferrocene release candidate! We're also inviting you to our birthday party on October 4th, where we will meet online with guests, have fun conversations and unveil the Ferrocene product fully. ferrous-systems.com/blog/a-decade-…

English

112

31.6K

RedTeam Pentesting@RedTeamPT·19 Tem

🚨 New Advisory: RWS WorldServer 🚨 redteam-pentesting.de/advisories/rt-… The vulnerability allows to feasibly enumerate session tokens. While it was fixed by the vendor prior reporting, no concrete information is publicly available that this critical issue was fixed in v11.8.0. #infosec

English

1.1K

Grambulf@grambulf·19 Tem

@RedTeamPT "A significant number of security enhancements have been included in this release" 🤡 Awesome work (again)

English

Grambulf@grambulf·18 Tem

@shakalandy Did you also saw this approach by Truffle Security? twitter.com/trufflesec/sta…

Truffle Security@trufflesec

Introducing Forager! Check to see if anyone using your company's email domain posted LIVE SECRETS to GitHub and NPM: forager.trufflesecurity.com

English

Andreas Lehr@shakalandy·18 Tem

Can I have your API Key? oh wait. "Data analysis using regular expressions to search for specific secrets revealed the exposure of 52,107 valid private keys and 3,158 distinct API secrets in 28,621 Docker images" bleepingcomputer.com/news/security/…

English

326

Grambulf retweetledi

Truffle Security@trufflesec·17 Tem

Introducing Forager! Check to see if anyone using your company's email domain posted LIVE SECRETS to GitHub and NPM: forager.trufflesecurity.com

English

30.4K

Grambulf retweetledi

Scott Piper@0xdabbad00·17 Tem

I wonder if we'll get more outages this summer due to record heat like this one from almost a year ago.

GCP Incidents@GCP_Incidents

There has been a cooling related failure in one of our buildings that hosts zone europe-west2-a for region europe-west2. This caused a partial failure of capacity in that zone, leading to VM terminations and a loss of machines for a small set of our customers 4/9

English

3.3K

Grambulf retweetledi

Shodan@shodanhq·17 Tem

The $5 Membership sale is now live! The sale lasts until July 17 23:59 UTC: account.shodan.io/billing/member

English

130

856

1.6K

617K

Grambulf retweetledi

Dylan@InsecureNature·13 Tem

Okay, so why are we releasing a free tool to see which companies are exposing secrets? A little while ago we started doing disclosure emails for every key leaked out, but we were shocked to with what we saw Short 🧵

Truffle Security@trufflesec

People don’t realize how often live keys leak out on GitHub in 2023, despite this being a known problem for almost a decade. Next week we’re releasing a tool to check if your company exposed any. Here’s a thread on it 1/6

English

10.9K

Grambulf retweetledi

Go@golang·11 Tem

🎉 Go 1.20.6 and 1.19.11 are released! 🔐 Security: Includes security fixes for CVE-2023-29406 and Go issue go.dev/issue/60374 📢 Announcement: groups.google.com/g/golang-annou… 📦 Download: #go1.20.6" target="_blank" rel="nofollow noopener">go.dev/dl/#go1.20.6 #golang

English

126

401

56.1K

Grambulf retweetledi

Go@golang·13 Tem

"Govulncheck v1.0.0 is released!" by @JQiu25 — goo.gle/46QGFrB #golang

English

255

44.6K

Grambulf retweetledi

Marc Backes@marcba·12 Tem

As an introvert at a tech conference

English

122

617

5.5K

681.4K

Grambulf retweetledi

Keycloak@keycloak·11 Tem

Keycloak 22 is out keycloak.org/2023/07/keyclo…

English

119

23.2K

Grambulf retweetledi

BSides Zurich@BSidesZurich·11 Tem

📢📢📢 Accepted Talks and Speakers' Bios published 📢📢📢 Thanks to all who applied to our #CfP and to our reviewers, the list of accepted talks is now on our website. Detailed agenda will follow bsideszh.ch/talks-bios/ REMEMBER: Tickets sale starts tomorrow 3pm Zurich time 🥳

GIF

English

2.8K

Grambulf retweetledi

Malcolm@malkoegler·7 Tem

@N4hualH @CyberSleuth1 @solminingpunk @BruteBee There might already be active exploitation on this. Check for files newer than the installation date in /netscaler/ns_gui/ /var/vpn/ /var/netscaler/logon/ /var/python/

English

3.2K

Grambulf retweetledi

joernchen@joernchen·7 Tem

"Sollte es jedoch Zero-Day-Exploits bei Messengerdiensten geben, müsse das BSI diese konsequenterweise verschweigen, wenn "andere Stellen" diese offenhalten wollten." golem.de/news/neue-bsi-…

Deutsch

1.8K

Grambulf retweetledi

S3cur3Th1sSh1t@ShitSecure·7 Tem

After holding the talks at @x33fcon and @WEareTROOPERS done, I also finally managed to write down my latest research about userland hook evasion: s3cur3th1ssh1t.github.io/Cat_Mouse_or_C…

English

106

248

42.7K

Grambulf retweetledi

Dr. Anton Chuvakin@anton_chuvakin·30 Haz

"Log Centralization: The End Is Nigh?" buff.ly/3CQQmZw <- a VERY incomplete thought blog that talks about centralized vs decentralized/federated/distributed approaches for dealing with logs, at scale.

English

11.8K

Keşfet

@NightmareJS @cloudvillage_dc @RedTeamPT @shakalandy @JQiu25 @CyberSleuth1 @solminingpunk @BruteBee