research-threats
security
Our great sponsors
| research-threats | security | |
|---|---|---|
| 7 | 2 | |
| 269 | 73 | |
| 1.5% | - | |
| 3.2 | 0.0 | |
| 11 months ago | over 1 year ago | |
| CSS | Shell | |
| Creative Commons Zero v1.0 Universal | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
research-threats
-
I pwned half of America's fast food chains, simultaneously
Everybody has that goal until they get a knock on their door at 6am: https://github.com/disclose/research-threats
- How to get a software vendor to fix security issues
-
Charges Dropped Against The Inspect Element Hacker From Missouri After Four "Anxious" Months
From: disclose/research-threats: A collection of legal threats against good faith Security Researchers; vulnerability disclosure gone wrong.
- Research-threats: Collection of legal threats against Security Researchers
- Open Source Archive of Legal Threats Made Against Genuine Security Researchers
- disclose/research-threats - Collection of legal threats against good faith Security Researchers; vulnerability disclosure gone wrong; a continuation of work started by @attritionorg
- Open Source Archive of Legal Threats Made Against Genuine Security Researchers (Creative Commons!)
security
-
https://securityledger.com/2021/04/deere-john-researcher-warns-ag-giants-site-provides-a-map-to-customers-equipment/
The researcher known as “Sick Codes” (@sickcodes) published two advisories on Thursday warning about the flaws in the myjohndeere.com web site and the John Deere Operations Center web site and mobile applications. In a conversation with Security Ledger, the researcher said that a he was able to use VINs (vehicle identification numbers) taken from a farm equipment auction site to identify the name and physical address of the owner. Furthermore, a flaw in the myjohndeere.com website could allow an unauthenticated user to carry out automated attacks against the site, possibly revealing all the user accounts for that site.
-
Finding a Vulnerability in Teamwork Cloud Server (NoMagic, 3DS), Which Is Used By Gov/Enterprise to Design Rockets, Missiles, and Satellites.
fix the critical file permissions as per NoMagic's updated instructions at the bottom of the article, or here: https://github.com/sickcodes/security/blob/master/advisories/SICK-2020-002.md
What are some alternatives?
Karakurt-Hacking-Team-CTI - IOC Data Obtained From Karakurt Hacking Team's Internal Infrastructure
EDR-Testing-Script - Test the accuracy of Endpoint Detection and Response (EDR) software with simple script which executes various ATT&CK/LOLBAS/Invoke-CradleCrafter/Invoke-DOSfuscation payloads
wpsec-cli - WPSec command line tool
sbt-dependency-check - SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). :rainbow:
NewsStack - Curate news stacks that matter to you.
atomic-red-team - Small and highly portable detection tests based on MITRE's ATT&CK.
rss - RSS News Aggregator using JavaScript, HTML, and CSS. Explore news from various sources like The Verge, New York Times, and more. Responsive design, dynamic images, and user feedback.
Sn1per - Attack Surface Management Platform
RVD - Robot Vulnerability Database. An archive of robot vulnerabilities and bugs.
MultiBUGS - Multi-core BUGS for fast Bayesian inference of large hierarchical models