Z000n Bug

@engineers_feed 102

Meet WiFiDemon: iOS WiFi RCE 0-Day Vulnerability & a 'Zero-Click' Vulnerability That was Silently Patched blog.zecops.com/research/meet-…

Gotta Catch 'Em All: Frida & jailbreak detection - anti-jailbreak, anti-Frida, anti-debug techniques used in PokemonGO 🔥 #MobileSecurity #AndroidSecurity @fridadotre @LIEF_project by @rh0main romainthomas.fr/post/21-07-pok…

10 Vulnerable Android Applications for beginners to learn Android hacking. 🧵👇

This is always a handy option, similar to Match/Replace False to True to enable any hidden menu options in the UI

I don’t usually do #ff #followfriday but I’d like to shout out a few of my faves this week ❤️ You have all had such an impact on me during my time in infosec so far - thank you for your friendship and guidance! ✨ @z000nbug @zak_hax @amysw_sec @charlieamber94 1/2

@Dinosn "We have SSL certificates on our websites, so we are secure" - Oh the things you hear!

Having an ISO certification does not imply that you are secure it shows that you can follow procedures. Saying that you are secure due to ISO compliance is like having an antivirus and thinking that you are not going to get compromised.

In my second blog post, I have explained how one can decrypt the AES Encrypted mobile app traffic on the fly using AES Killer and Frida. n00b.sh/posts/aes-kill… #cybersecurity #infosec #informationsecurity #pentest #burpsuite #bugbounty #mobileappsecurity #frida #MobileSecurity

@TomNomNom peacocks are so majestic. I always wanted them in my front garden at one time. You are lucky !

@irsdl Chip has been planted. Now we can expect more 0h-days from you. There is no excuse :)

I had my AZ vaccine (1st dose) yesterday and had a hard night and day! I almost got all the side effects except vomiting and rash and blood clot (not yet anyway). If the vaccine does this to me, what would the actual virus would do? 😬

.@Office365 Last week, @Practical365 published a script to create an inventory of #AzureAD integrated apps. Here's how to conduct a review of the apps to decide why stay and which should go. I managed to remove 35% of the apps registered in my tenant! office365itpros.com/2021/04/28/cle…

@GazTheJourno Take a full copy of breached data = straight to jail

Infosec folk. Is it routine that when you find breached data, you automatically take a full copy of that data and save it somewhere before informing the owner? Gen question.

Inclavare containers, by Alibaba - A new container runtime for cloud-native confidential computing inclavare-containers.io/en/

[PDF] Defending against Software Supply Chain attacks, taking into consideration recent high-profile attacks in the news. What are they and how to mitigate from CISA bit.ly/3xpYZpP

[PDF] Cybersecurity advisory to defend against attacks from SVR. Understand the tactics, techniques, and procedures used by online threat actors to compromise your network. Mitigations within the document to protect yourself bit.ly/3u8wsmV

Microsoft has announced the end-of-support for .NET Framework v4.5.2, 4.6, and 4.6.1 on April 26, 2022, as per Microsoft. Please make sure if you are applying for CE/CE+, then the version is updated to 4.6.2

Want to practice your #JWT #pentesting skills? Check out this JWT Hacking Challenges lab by @onsecru. Includes the following JWT signature attacks: * none, * weak secret key, * key confusion, * key injection, * jwks spoofing, * kid github.com/onsecru/jwt-ha…

SQL Injection still exists in 2021 🤪

Unlocked Gate - A loophole that would allow an attacker to trivially craft a macOS payload to bypass Gatekeeper has been patched in a recent Bigsur update.

FYI: chrome://settings/content/notifications "Sites can ask to send notifications" -> off