attack-vector – WindowsTechs.com

CVSS attack vector adjacent vs network

Posted on February 11, 2024 by Anonymous

I am trying to calculate a CVSS score for a vulnerability. In my case, to exploit the vulnerability you should have network access to the server, which is sitting behind a firewall. This server is serving an application that only computers… Continue reading CVSS attack vector adjacent vs network→

Attack surface when no incoming port is open

Posted on February 4, 2024 by fkarger

Let’s assume that the only attack to be feared on a computer is one via the network in which the machine is embedded.
What options does an attacker have if the machine has no open incoming ports?
(For example: NMAP cannot find a service wi… Continue reading Attack surface when no incoming port is open→

Attack surface when no incoming port is open

Posted on February 4, 2024 by fkarger

Is there any resources that discover LLM-based threats in Cybersecurity recently? [closed]

Posted on January 16, 2024 by Mario

I wondered If there are some official/reliable resources to discover statistics regarding new threats and attack vectors generated by GenAI or Large Language Models (LLM) that recently opened a new era and attack surface.

Continue reading Is there any resources that discover LLM-based threats in Cybersecurity recently? [closed]→

Does enabling hardware acceleration increase the attack surface of software?

Posted on January 6, 2024 by Flux

For software that process untrusted data and have an option to use hardware acceleration, does enabling hardware acceleration increase the attack surface of the software? Examples of situations where typical software process untrusted data… Continue reading Does enabling hardware acceleration increase the attack surface of software?→

MITRE ATT&CK Framework [closed]

Posted on September 7, 2023 by sasa

Web and Cloud Access Protection
Host Integrity
Live Update
Exceptions
Clients Upgrade
Policy Components

Which MITRE ATT&CK tactics, techniques these terms belongs to ..

Continue reading MITRE ATT&CK Framework [closed]→

Ways how a mobile device and authenticator app could be compromised

Posted on August 26, 2023 by Lauri

I’m evaluating moving to Passwordless and my company is using BYOD.
This will change my attack surface.
I’m trying to brainstorm all the possible attack vectors how someone could compromise a mobile and gain access to the authenticator app… Continue reading Ways how a mobile device and authenticator app could be compromised→

Malware infection to wifi router from android phone

Posted on August 1, 2023 by Ajay

Suppose a wifi router has strong admin password, updated firmware and no vulnurability then –

Is the router safe from malware infection from android phones connected to it?
Can malware from an infected android phone transmit infection to … Continue reading Malware infection to wifi router from android phone→

What is the impact of compromising CI/CD pipelines in the Cloud

Posted on May 31, 2023 by user153882

If an attacker was able to compromise an Azure ADO CI/CD pipeline, what is the actual impact? For example, say an existing pipeline was using Azure CLI, an attacker could potentially query AD depending on the API key’s permission. Another … Continue reading What is the impact of compromising CI/CD pipelines in the Cloud→

what are legitimate reason for a program to need access to /proc/self/mem [migrated]

Posted on March 24, 2023 by 400 the Cat

I have noticed that both browsers Firefox and Chromium on linux do open the file /proc/self/mem for reading. No other program on my system reads this file, as far as I can tell.
/proc/self/mem is notorious for being vector for endless priv… Continue reading what are legitimate reason for a program to need access to /proc/self/mem [migrated]→