NULLCON (http://nullcon.net):

📡Time is running out for you to inspire the whole industry with your #securityresearch!

⚠️Call for Papers ends tonight 11:59 PM IST➡️ https://t.co/ZVLrlvZurC

#NullconGoa2023 #CFP #Infosec #Conference https://t.co/GPDXIHLMIX

NULLCON (http://nullcon.net):

💡Re-imagined Nullcon call for papers in the Anime World & with this, we are excited to receive your innovation in #securityresearch

⌚7 days left to submit | Call for Papers ➡️https://t.co/ZVLrlvZurC

#NullconGoa2023 #CFP #infosec #Conference https://t.co/d16xfYtjDo

NULLCON (http://nullcon.net):

🤖Generative AI is growing in popularity in almost all products/industries; your scope is even wider now!

⌨️Present your latest #securityresearch with a vast range of topics you can choose ⌚Call for Papers ends on 10th July➡️https://t.co/ZVLrlvZurC

#NullconGoa2023 #CFP https://t.co/FVzU2ZN39c

Let's say you are a company with $2B+ revenue.
Let's say you have a security.txt with an email address.

Why don't you answer to emails from that email address?

Context: I started to hunt for bug bounties only 2 months ago, but I feel like I could already write multiple blog posts about my frustrations.
#security #securityresearch #bugbounty

NULLCON (http://nullcon.net):

📢 Call for Papers closing soon! The platform where you can calm your senses, enjoy the 🌴serene destination & present your latest #securityresearch with a thrill

💻Submit your proposals by 10th July ➡️https://t.co/ZVLrlw02ha

#NullconGoa2023 #CFP #Conference @cfp_time https://t.co/cRyAHOkq3D

CodeQL zero to hero part 2: getting started with CodeQL

Check it out! 👇
https://github.blog/2023-06-15-codeql-zero-to-hero-part-2-getting-started-with-codeql/

#StaticAnalysis #SecurityResearch #GithubSecurityLab #Codeql #Security

NULLCON (http://nullcon.net):

🌊 Experience the perfect blend of your cutting-edge research + relaxed vibes in one of the most beautiful destinations 🌅🌴

It's time to present your latest #securityresearch #CFP👉 https://t.co/ZVLrlvZurC

#NullconGoa2023 #CallforPapers #Infosec #Conference https://t.co/mif0Hhgo3g

NULLCON (http://nullcon.net):

🚀If you are the one pushing the boundaries with your #securityresearch then submit your research at Asia's finest destination & inspire the incredible #infosec community

🟢Call for Papers ends on 10th July ➡️ https://t.co/ZVLrlvZurC

#NullconGoa2023 #CFP https://t.co/Ob1l55qbnM

CodeQL zero to hero part 1: the fundamentals of static analysis for vulnerability research

Check it out! 👇
https://github.blog/2023-03-31-codeql-zero-to-hero-part-1-the-fundamentals-of-static-analysis-for-vulnerability-research/

#StaticAnalysis #SecurityResearch #GithubSecurityLab #Codeql #Security

#10yrsago Mr Unpronounceable Adventures, spectacularly weird graphic novel in a Lovecraftian/Burroughsian vein https://memex.craphound.com/2013/03/30/mr-unpronounceable-adventures-spectacularly-weird-graphic-novel-in-a-lovecraftian-burroughsian-vein/

#10yrsago Group whose #Wikipedia entry was deleted for non-notability threatens lawsuit against Wikipedian who participated in the discussion https://mako.cc/copyrighteous/the-institute-for-cultural-diplomacy-and-wikipedia

#5yrsago Georgia criminalizes routine #SecurityResearch https://www.eff.org/deeplinks/2018/03/georgia-passes-anti-infosec-legislation

6/

Orca's cloud security research pod is hiring. Like I said on LinkedIn, they're a fantastic team doing important work. You'd probably be a good fit.

https://www.linkedin.com/feed/update/urn:li:activity:7041117727444336640/

#job #work #CloudResearch #SecurityResearch #CloudSecurity

You can now run a single static analysis query across thousands of repos on GitHub using CodeQL's MRVA (Multi-repo Variant Analysis).

That's great both for security research and rapidly auditing exposure to a single vuln or weakness for security teams.

It works from the CodeQL extension for VSCode, with open source public repos & private repos where CodeQL Code Scanning is enabled.

https://github.blog/2023-03-09-multi-repository-variant-analysis-a-powerful-new-way-to-perform-security-research-across-github/

#GitHub #SecurityResearch #VulnerabilityResearch #CodeQL #VariantAnalysis #MRVA #SAST

Very grateful for my first CVE assigned by Apple today 🍎 -- Hopefully a blog post coming soon! #grateful #securityresearch

Ronin 2.0.1 has been released!
https://ronin-rb.dev/blog/2023/03/01/ronin-2-0-1-released.html
#ruby #security #infosec #securityresearch

Security research company Horizon3 released a proof-of-concept (PoC) exploit for a vulnerability in the Fortinet FortiNAC appliance, just two business days after the vendor notified customers of its existence.

The PoC allows an attacker to write arbitrary files to disk, and was seized upon by malicious actors who - just one day later - were seen deploying web shells on vulnerable appliances in-the-wild.

While security research is an undeniably important component of Cyber Security, its participants are often on the bleeding edge of offensive tradecraft, and need to be cautious that their research isn't abused by bad actors.

Allowing organisations just two business days to patch a vulnerability before releasing a fully-functional exploit into the wild does not meet that standard.

This isn't a criticism of Horizon3 themselves, but a reminder that organisations take time to discover and patch vulnerabilities, and security researchers need to be mindful of this - especially when publishing offensive tooling.

https://opalsec.substack.com/p/poc-leak-swiftly-followed-by-widespread?sd=pf

#infosec #cyber #news #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #redteam #soc #threatintel #threatintelligence #poc #exploit #Fortinet #FortiNAC #securityresearch

Some New #codes / #researches for Some #Pentesters / #RedTemaers / #BlueTeamers and #securityresearchers Added to the list:
#cybersecurity #offensivesecurity #securityresearch #defensive #redteam #blueteam #pentest

Full List here => https://github.com/DamonMohammadbagher/Some_Pentesters_SecurityResearchers_RedTeamers

1. [offensive] @trickster012 , (Rust Weaponization for Red Team Engagements) => https://lnkd.in/eWsKKFY9

2. [offensive] @trickster012 , (roof of concept of bypassing(unhooking) the hook of potential EDRs) => https://lnkd.in/eQwQr4sY

3. [offensive] Deep Instinct , (A POC for the new injection technique, abusing windows fork API to evade EDRs) => https://lnkd.in/eGP2haTc

4. [offensive] @daem0nc0re , (investigation of Windows process execution techniques [C#]) => https://lnkd.in/eeyFi5Xz

5. [offensive] @D1rkMtr , (Bypass Userland EDR hooks by Loading Reflective Ntdll in memory) => https://lnkd.in/eVTy8WvP

6. [defensive] @ZeroMemoryEx , (malware analysts to extract Command and Control C2 traffic) => https://lnkd.in/eGWGKWgQ

7. [offensive] lem0nSec , (CreateRemoteThread: how to pass multiple parameters to the remote thread function without shellcode) => https://lnkd.in/eQ6ssfhK

8. [offensive] QAX A-Team , (A tool mainly to erase specified records from Windows event logs) => https://lnkd.in/eywTbFzr

9. [offensive] 3gstudent , (Remove individual lines from Windows XML Event Log (EVTX) files) => https://lnkd.in/ebn4AdaH

10. [offensive] @hlldz , (Windows Event Log Killer) => https://lnkd.in/es7V6xHt

11. [defensive] @foxit , (detect use of the DanderSpritz eventlogedit module [recover the removed event log entries]) => https://lnkd.in/evWYwRXQ

12. [offensive] @Ceramicskate0 , (C# Tool to interact with MS Exchange based on MS docs) => https://lnkd.in/ehiAcM6Z

13. [offensive] @reveng007 , (implant will exfiltrate data via smtp and will read commands from C2 [Gmail] via imap protocol) => https://lnkd.in/eBiXyEtR

14. [offensive] @cyberwarfarelab , (VectoredSyscall) => https://lnkd.in/eps_aJ6Z

15. [offensive] fosstodon.org/@mttaggart , (Notion as a platform for offensive operations) => https://lnkd.in/eXvKFTwP

16. [offensive] @t3l3machus , (A Windows reverse shell payload generator) => https://lnkd.in/e-Ce2zii

17. [offensive] @idov31 , (Sandman is a NTP based backdoor for red team engagements in hardened networks) => https://lnkd.in/eWzsBdXD

Full List here => https://github.com/DamonMohammadbagher/Some_Pentesters_SecurityResearchers_RedTeamers

The early bird pricing for my training ends in one month!
https://www.blackhat.com/asia-23/training/schedule/index.html#bughunting-bootcamp-virtual-29840 #training #bughunting #securityresearch #blackhat

Fun walk thru from the port swigger crew on the Top 10 web hacking techniques of 2022 https://portswigger.net/research/top-10-web-hacking-techniques-of-2022 Not as close to the vulnerability Reaserch space in this current job as the last but this is a great reminder about all TNT work going on in the #securityresearch and #bugbounty spaces. Keep those coordinated disclosures flowing

Need help securing #ImageMagick against the arbitrary file read described in CVE-2022-44268? The pictured policy change can mitigate it for you.

For more recommendations on hardening your security policies check out our free tool at:
https://imagemagick-secevaluator.doyensec.com

#doyensec #appsec #secdevops #securityresearch

Ronin 2.0.0 has finally been released!
https://ronin-rb.dev/blog/2023/02/01/ronin-2-0-0-finally-released.html
#ruby #security #infosec #securityresearch