Cyber Research #70Mert Coskuner·Follow2 min read·Feb 11, 2023--ListenSharehttps://twitter.com/jahreindota/status/1622626791553699841ArticlesApache SCXML Remote Code Execution0x01 Preface Here is the Apache offical explanation. State Chart XML (SCXML) is currently a Working Draft specification…pyn3rd.github.ioNo Macro? No Worries. VSTO Being Weaponized by Threat Actors | Deep InstinctA software development toolset, VSTO is available in Microsoft's Visual Studio IDE. It enables Office Add-In's (a type…www.deepinstinct.comIncident Response in Google Cloud: Forensic ArtifactsForensic data across Google Cloud can logically be organized into three categories: Identity Management, Google…blog.sygnia.coVulnerabilities due to XML files processing: XXE in C# applications in theory and in practiceHow can simple XML files processing turn into a security weakness? How can a blog deployed on your machine cause a data…pvs-studio.comAWS Could Do More About SSO Device Auth PhishingIn AWS Phishing: Four ways, I mentioned the potential for AWS SSO Device Authentication Phishing. In short: AWS SSO…ramimac.meData exfiltration with native AWS S3 featuresResearch into use of native aws s3 features to accomplish data exfiltrationbleemb.medium.comToolsGitHub - mazen160/secrets-patterns-db: Secrets Patterns DB: The largest open-source Database for…The largest open-source database for detecting secrets, API keys, passwords, tokens, and more. Use secrets-patterns-db…github.comGitHub - chainguard-dev/justtrustmeYou can't perform that action at this time. You signed in with another tab or window. You signed out in another tab or…github.comGitHub - praetorian-inc/gato: GitHub Self-Hosted Runner Enumeration and Attack ToolGato, or GitHub Attack Toolkit, is an enumeration and attack tool that allows both blue teamers and offensive security…github.comGitHub - groundcover-com/caretta: Instant K8s service dependency map, right to your Grafana.Caretta is a lightweight, standalone tool that instantly creates a visual network map of the services running in your…github.com