-
UNC1151 Exploits Roundcube Flaw in Spear Phishing Attack
UNC1151 Exploits Roundcube Flaw in Spear Phishing Attack CERT Polska has sounded the alarm after uncovering a spear phishing campaign that targeted Polish organizations using a critical webmail vulnerability. The campaign is linked to the UNC1151 APT group, … Read more Published Date: Jun 09, 2025 (14 hours, 27 minutes ago) Vulnerabilities has been mentioned in this…
-
Go Fixes Three Security Flaws: Update Your Apps Now!
Go Fixes Three Security Flaws: Update Your Apps Now! The Go team has rolled out versions 1.24.4 and 1.23.10, addressing three critical security vulnerabilities affecting core packages such as net/http, os, and crypto/x509. While these are minor point re … Read more Published Date: Jun 09, 2025 (14 hours, 45 minutes ago) Vulnerabilities has been mentioned in…
-
SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths
SUDO_KILLER is a Bash script that audits sudo configurations on Unix-like systems, identifying misconfigurations and vulnerabilities for potential privilege escalation. Go to Source
-
Tyton – Kernel-Mode Rootkit Hunter for Linux
Tyton is a lightweight, open-source kernel-mode rootkit detection tool for Linux systems. Designed to identify stealthy kernel-level threats, Tyton offers a focused approach to uncovering hidden modules and system call table hooks. Key Features Notifications: Users (including myself) do not actively monitor their journald logs, so a userland notification daemon has been included to monitor…
-
OpenCTF : Nightmare 50
Category: Web Points: 50 Description: Automated home work scoring my ass. https://shades-of-nightmare.openctf.com/nzpoixyucvkjwnerntasdfascdvasdfqwerqwe/nightmare-50/ When connecting to this website in my browser, I receive the following prompt: Welcome to Doctor Professor Wilson’s Python 101! Lesson 1: hello world Enter homework for grading: So it looks like this will execute the Python code you provide. So I test…
-
OpenCTF : SQL 10
Category: Web Points: 10 Description: https://sql-mayham.openctf.com/ziopxuoiwquyerhnszpasdyvzlkxcjlwerqwer/sql-10/ When 1 is entered it returns the following row: Enter a badge number to view that officers file:1 (1, ‘bob’, ‘simmons’, ‘none’) Performing a basic sql injection we got the same row back but no error. The server only returns 1 row Enter a badge number to view that…
-
Dear Apple: add “Disappearing Messages” to iMessage right now
This is a cryptography blog and I always feel the need to apologize for any post that isn’t “straight cryptography.” I’m actually getting a little tired of apologizing for it (though if you want some hard-core cryptography content, there’s plenty here and here.) Sometimes I have to remind my colleagues that out in the real…
-
Three questions about Apple, encryption, and the U.K.
Two weeks ago, the Washington Post reported that the U.K. government had issued a secret order to Apple demanding that the company include a “backdoor” into the company’s end-to-end encrypted iCloud Backup feature. From the article: The British government’s undisclosed order, issued last month, requires blanket capability to view fully encrypted material, not merely assistance…
-
How to prove false statements? (Part 3)
This is the third and penultimate post in a series about theoretical weaknesses in Fiat-Shamir as applied to proof systems. The first post is here, the second post is here, and you should probably read them. Over the past two posts I’ve given a bit of background on four subjects: (1) interactive proof systems (for…
-
U.K. asks to backdoor iCloud Backup encryption
I’m supposed to be finishing a wonky series on proof systems (here and here) and I promise I will do that this week. In the midst of this I’ve been a bit distracted by world events. Last week the Washington Post published a bombshell story announcing that the U.K. had filed “technical capability notices” demanding…