hdd-toolkit

HDD Firmware Toolkit A comprehensive Python toolkit for dumpi...

UBUNTU-CVE-2026-41305

PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rules into an Abstract Syntax Tree. Versions prior to 8.5.10 do not escape sequences when stringifying CSS ASTs. When user-submitted CSS is parsed and re-stringified for embedding in HTML tags, in CSS...

Faraday 5.15.0

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use...

CVE-2024-48545

Incorrect access control in the firmware update and download processes of IVY Smart v4.5.0 allows attackers to access sensitive information by analyzing the code and data within the APK file...

Python in Threat Intelligence: Analyzing and Mitigating Cyber Threats

By Waqas In the world of emerging cybersecurity threats, understanding the significance of threat intelligence is crucial and can not… This is a post from HackRead.com Read the original post: Python in Threat Intelligence: Analyzing and Mitigating Cyber Threats...

Denial Of Service (DoS)

radare2 is vulnerable to Denial of Service DoS attacks. The vulnerability exists in the coreanalfcn function in the radare2 codebase. The function is responsible for analyzing a binary file. The vulnerability occurs when the function tries to access a memory address that is null. This can cause t...

SAP NetWeaver AS Java Multiple Vulnerabilities (March 2023)

SAP NetWeaver Application Server for Java is affected by multiple vulnerabilities, including the following: - Due to missing authentication check, SAP NetWeaver AS for Java - version 7.50, allows an unauthenticated attacker to attach to an open interface and make use of an open naming and directo...

CVE-2023-27268

SAP NetWeaver AS Java Object Analyzing Service - version 7.50, does not perform necessary authorization checks, allowing an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access a service which will enable them to access but not modify...

Authorization

SAP NetWeaver AS Java Object Analyzing Service - version 7.50, does not perform necessary authorization checks, allowing an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access a service which will enable them to access but not modify...

CVE-2023-27268

CVE-2023-27268 relates to SAP NetWeaver AS Java (Object Analyzing Service) v7.50, where missing authorization checks allow an unauthenticated attacker to attach to an open interface and use the Open Naming and Directory API to access server data, enabling privilege escalation without modifying da...

Urlscan.io API Inadvertently Leaked Sensitive Data and URLs

By Deeba Ahmed Urlscan.io is a website scanning and analyzing engine that accepts URL submissions and creates a trove of data such as IPs, domains, DOM information, screenshots, and cookies. This is a post from HackRead.com Read the original post: Urlscan.io API Inadvertently Leaked Sensitive Dat...

CVE-2022-35734

'Hulu / フールー' App for Android from version 3.0.47 to the version prior to 3.1.2 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app...

Canadian Furious Beaver - A Tool For Monitoring IRP Handler In Windows Drivers, And Facilitating The Process Of Analyzing, Replaying And Fuzzing Windows Drivers For Vulnerabilities

Furious Beaver is a distributed tool for capturing IRPs sent to any Windows driver. It operates in 2 parts: 1. the "Broker" combines both a user-land agent and a self-extractable driver IrpDumper.sys that will install itself on the targeted system. Once running it will expose depending on the...

[SECURITY] Fedora 33 Update: pdfresurrect-0.21-1.fc33

PDFResurrect is a tool aimed at analyzing PDF documents. The PDF format allows for previous document changes to be retained in a more recent version of the document, thereby creating a running history of changes for the document. This tool attempts to extract all previous versions while also...

How the COVID-19 epidemic is like cybersecurity

Today, every citizen is on the front lines of the epidemic. We are flooded with information about staying safe, keeping an eye out, and left to process unfamiliar language. We are all suddenly doctors and epidemiologists analyzing information and predicting how the world is changing. With countle...

[SECURITY] Fedora 31 Update: pdfresurrect-0.18-1.fc31

PDFResurrect is a tool aimed at analyzing PDF documents. The PDF format allows for previous document changes to be retained in a more recent version of the document, thereby creating a running history of changes for the document. This tool attempts to extract all previous versions while also...

50m-ctf: Writeup

h1 50M CTF =========== This is my solution for the h1 ctf. On the 27th of february h1 posted this tweet: Since there is no link no any sort of challenge I supposed the challenges is self contained inside this tweet. My guess was the first clue is inside the embeded picture, and since the second o...

Ghidra - Software Reverse Engineering Framework

Ghidra is a software reverse engineering SRE framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including...

Kbd-Audio - Tools For Capturing And Analysing Keyboard Input Paired With Microphone Capture

This is a collection of command-line and GUI tools for capturing and analyzing audio data. The most interesting tool is called keytap - it can guess pressed keyboard keys only by analyzing the audio captured from the computer's microphone. Build instructions Dependencies: SDL2 - used to capture...

DumpsterDiver - Tool To Search Secrets In Various Filetypes

DumpsterDiver is a tool used to analyze big volumes of various file types in search of hardcoded secret keys e.g. AWS Access Key, Azure Share Key or SSH keys. Additionally, it allows creating a simple search rules with basic conditions e.g. reports only csv file including at least 10 email...