Login
FreshRSS
Login
/r/netsec - Information Security News & Discussion
Open Source drop - Evil OIDC Server for SSRF testing from Doyensec. Helpful for testers and bug bounty.
By
/u/ds_at
โ October 20
th
2022 at 15:18
submitted by
/u/ds_at
[link]
[comments]
/r/netsec - Information Security News & Discussion
Reverse Engineering the Apple MultiPeer Connectivity Framework
By
/u/juken
โ October 20
th
2022 at 14:47
submitted by
/u/juken
[link]
[comments]
/r/netsec - Information Security News & Discussion
Untangling Azure Active Directory Principals & Access Permissions
By
/u/0xcsandker
โ October 20
th
2022 at 06:40
submitted by
/u/0xcsandker
[link]
[comments]
/r/netsec - Information Security News & Discussion
Fantastic Rootkits: And Where to Find Them (Part 1)
By
/u/jat0369
โ October 20
th
2022 at 01:00
submitted by
/u/jat0369
[link]
[comments]
/r/netsec - Information Security News & Discussion
Telerik Revist - New Exploit Tool
By
/u/aconite33
โ October 19
th
2022 at 18:22
submitted by
/u/aconite33
[link]
[comments]
/r/netsec - Information Security News & Discussion
HTTP/3 connection contamination: an upcoming threat
By
/u/albinowax
โ October 19
th
2022 at 13:31
submitted by
/u/albinowax
[link]
[comments]
/r/netsec - Information Security News & Discussion
Wireless Penetration Testing complete Repo
By
/u/lutzenfried
โ October 19
th
2022 at 13:28
submitted by
/u/lutzenfried
[link]
[comments]
/r/netsec - Information Security News & Discussion
Detecting and mitigating CVE-2022-42889 a.k.a. Text4shell
By
/u/MiguelHzBz
โ October 19
th
2022 at 13:18
submitted by
/u/MiguelHzBz
[link]
[comments]
/r/netsec - Information Security News & Discussion
Hara-Kirin: Dissecting the Privileged Components of Huawei Mobile Devices (Hexacon 2022)
By
/u/M0t0k0Kus4n4g1
โ October 19
th
2022 at 11:24
submitted by
/u/M0t0k0Kus4n4g1
[link]
[comments]
/r/netsec - Information Security News & Discussion
Microsoft Office Online Server Remote Code Execution
By
/u/gid0rah
โ October 19
th
2022 at 09:11
submitted by
/u/gid0rah
[link]
[comments]
/r/netsec - Information Security News & Discussion
The Danger of Falling to System Role in AWS SDK Client
By
/u/nibblesec
โ October 19
th
2022 at 09:07
submitted by
/u/nibblesec
[link]
[comments]
/r/netsec - Information Security News & Discussion
CVE-2022-42889: Apache Commons Text prior to 1.10.0 allows RCE (CVSS9.8), aka "Text4Shell"
By
/u/qwerty0x41
โ October 19
th
2022 at 08:47
submitted by
/u/qwerty0x41
[link]
[comments]
/r/netsec - Information Security News & Discussion
Azure function to insert MISP data into Azure Sentinel
By
/u/wez32
โ October 19
th
2022 at 08:30
submitted by
/u/wez32
[link]
[comments]
/r/netsec - Information Security News & Discussion
A New Attack Surface on MS Exchange Part 4 - ProxyRelay
By
/u/CyberMasterV
โ October 19
th
2022 at 06:07
submitted by
/u/CyberMasterV
[link]
[comments]
/r/netsec - Information Security News & Discussion
PHP filters chain: What is it and how to use it - convert almost any file inclusion to RCE
By
/u/Gallus
โ October 19
th
2022 at 00:57
submitted by
/u/Gallus
[link]
[comments]
/r/netsec - Information Security News & Discussion
Jetstack Paranoia: A New Open Source Tool for Container Image Security
By
/u/sanitybit
โ October 18
th
2022 at 21:30
submitted by
/u/sanitybit
[link]
[comments]
/r/netsec - Information Security News & Discussion
Enrich Splunk events with Steampipe
By
/u/sanitybit
โ October 18
th
2022 at 19:50
submitted by
/u/sanitybit
[link]
[comments]
/r/netsec - Information Security News & Discussion
Our new scanner for Text4Shell
By
/u/dn3t
โ October 18
th
2022 at 19:31
submitted by
/u/dn3t
[link]
[comments]
/r/netsec - Information Security News & Discussion
Introducing fine-grained personal access tokens for GitHub
By
/u/0x414141
โ October 18
th
2022 at 19:29
submitted by
/u/0x414141
[link]
[comments]
/r/netsec - Information Security News & Discussion
Defenders beware: A case for post-ransomware investigations
By
/u/SCI_Rusher
โ October 18
th
2022 at 19:19
submitted by
/u/SCI_Rusher
[link]
[comments]
/r/netsec - Information Security News & Discussion
Opening the doors and windows 0-click RCE on the Tesla Model3
By
/u/jeandrew
โ October 18
th
2022 at 18:20
submitted by
/u/jeandrew
[link]
[comments]
/r/netsec - Information Security News & Discussion
CVE-2022-42889 (Text4Shell) OSS detector - Finds possibly vulnerable JAR files
By
/u/SRMish3
โ October 18
th
2022 at 15:49
submitted by
/u/SRMish3
[link]
[comments]
/r/netsec - Information Security News & Discussion
A Detailed Analysis of the Gafgyt Malware Targeting IoT Devices [PDF]
By
/u/CyberMasterV
โ October 18
th
2022 at 14:24
submitted by
/u/CyberMasterV
[link]
[comments]
/r/netsec - Information Security News & Discussion
Recovering Web Tokens From Office
By
/u/gid0rah
โ October 18
th
2022 at 07:19
submitted by
/u/gid0rah
[link]
[comments]
/r/netsec - Information Security News & Discussion
A journey of fuzzing Nvidia graphic driver leading to LPE exploitation
By
/u/jeandrew
โ October 17
th
2022 at 13:38
submitted by
/u/jeandrew
[link]
[comments]
/r/netsec - Information Security News & Discussion
Toner Deaf โ Printing your next persistence (Hexacon 2022)
By
/u/digicat
โ October 17
th
2022 at 09:27
submitted by
/u/digicat
[link]
[comments]
/r/netsec - Information Security News & Discussion
How a Microsoft blunder opened millions of PCs to potent malware attacks
By
/u/0xdea
โ October 15
th
2022 at 09:52
submitted by
/u/0xdea
[link]
[comments]
/r/netsec - Information Security News & Discussion
FortiOS, FortiProxy, and FortiSwitchManager Authentication Bypass Technical Deep Dive (CVE-2022-40684) + PoC
By
/u/mrkoot
โ October 14
th
2022 at 05:48
submitted by
/u/mrkoot
[link]
[comments]
/r/netsec - Information Security News & Discussion
Regulator: A unique method of subdomain enumeration
By
/u/Quick-Ingenuity-7024
โ October 16
th
2022 at 17:41
submitted by
/u/Quick-Ingenuity-7024
[link]
[comments]
/r/netsec - Information Security News & Discussion
[PDF] Security Deep-Dive Into The Internals Of NetBackup - AirbusSecLab@Hexacon
By
/u/alain_proviste
โ October 14
th
2022 at 17:40
submitted by
/u/alain_proviste
[link]
[comments]
/r/netsec - Information Security News & Discussion
Microsoft Office 365 Message Encryption Insecure Mode of Operation
By
/u/kekw32
โ October 14
th
2022 at 10:09
submitted by
/u/kekw32
[link]
[comments]
/r/netsec - Information Security News & Discussion
Exploiting predictable UUID/GUID values
By
/u/dcthatch
โ October 14
th
2022 at 08:39
submitted by
/u/dcthatch
[link]
[comments]
/r/netsec - Information Security News & Discussion
Adobe Reader - XFA - ANSI-Unicode Confusion Information Leak
By
/u/hacksysteam
โ October 14
th
2022 at 06:50
submitted by
/u/hacksysteam
[link]
[comments]
/r/netsec - Information Security News & Discussion
PiRogue Tool Suite Mobile forensic & network analysis on a Raspberry Pie
By
/u/ResponsibleCat
โ October 13
th
2022 at 18:59
submitted by
/u/ResponsibleCat
[link]
[comments]
/r/netsec - Information Security News & Discussion
How to Investigate Insider Threats (Forensic Methodology)
By
/u/CyberMasterV
โ October 13
th
2022 at 14:43
submitted by
/u/CyberMasterV
[link]
[comments]
/r/netsec - Information Security News & Discussion
RPC Toolkit - security research oriented resources on MS-RPC (articles, PoCs, vulnerability write-ups, tools, etc.)
By
/u/ophirharpaz
โ October 13
th
2022 at 09:35
submitted by
/u/ophirharpaz
[link]
[comments]
/r/netsec - Information Security News & Discussion
SafeSetID - a Linux Security Modules (LSM) you should know about
By
/u/boutnaru
โ October 13
th
2022 at 07:07
submitted by
/u/boutnaru
[link]
[comments]
/r/netsec - Information Security News & Discussion
Private npm Packages Disclosed via Timing Attacks
By
/u/mkatch
โ October 13
th
2022 at 07:07
submitted by
/u/mkatch
[link]
[comments]
/r/netsec - Information Security News & Discussion
Bringing passkeys to Android & Chrome
By
/u/Khryse
โ October 13
th
2022 at 01:59
submitted by
/u/Khryse
[link]
[comments]
/r/netsec - Information Security News & Discussion
Subdomain Enumeration Tool Face-off 2022
By
/u/the-techromancer
โ October 12
th
2022 at 15:32
submitted by
/u/the-techromancer
[link]
[comments]
/r/netsec - Information Security News & Discussion
A deep dive into CVE-2021โ42847 - arbitrary file write and XXE in ManageEngine ADAudit Plus before 7006
By
/u/kalibabka
โ October 12
th
2022 at 14:11
submitted by
/u/kalibabka
[link]
[comments]
/r/netsec - Information Security News & Discussion
Cerberus Stress Testing Tool
By
/u/fficarola
โ October 12
th
2022 at 13:26
submitted by
/u/fficarola
[link]
[comments]
/r/netsec - Information Security News & Discussion
Kubernetes CRD validation with CEL and kubebuilder marker comments
By
/u/Rewanth_Tammana
โ October 12
th
2022 at 11:49
submitted by
/u/Rewanth_Tammana
[link]
[comments]
/r/netsec - Information Security News & Discussion
Userland Execution of Binaries Directly from Python
By
/u/anvilventures
โ October 12
th
2022 at 06:32
submitted by
/u/anvilventures
[link]
[comments]
/r/netsec - Information Security News & Discussion
postMessage Braindump - a brief postMessage testing methodology
By
/u/Gallus
โ October 12
th
2022 at 03:53
submitted by
/u/Gallus
[link]
[comments]
/r/netsec - Information Security News & Discussion
On Bypassing eBPF Security Monitoring
By
/u/nibblesec
โ October 11
th
2022 at 21:25
submitted by
/u/nibblesec
[link]
[comments]
/r/netsec - Information Security News & Discussion
The Fresh Phish Market: Behind the Scenes of the Caffeine Phishing-as-a-Service Platform
By
/u/CyberMasterV
โ October 11
th
2022 at 19:13
submitted by
/u/CyberMasterV
[link]
[comments]
/r/netsec - Information Security News & Discussion
Uncovering Siemens SIMATIC S7-1200/1500 Hardcoded Cryptographic Keys in PLCs
By
/u/derp6996
โ October 11
th
2022 at 13:50
submitted by
/u/derp6996
[link]
[comments]
/r/netsec - Information Security News & Discussion
Linux Security โ LSM (Linux Security Modules)
By
/u/boutnaru
โ October 7
th
2022 at 19:35
submitted by
/u/boutnaru
[link]
[comments]
/r/netsec - Information Security News & Discussion
Persistent PHP payloads in PNGs: How to inject PHP code in an image and keep it there!
By
/u/Gallus
โ October 10
th
2022 at 16:47
submitted by
/u/Gallus
[link]
[comments]
/r/netsec - Information Security News & Discussion
The Google plasma globe affair of 2012
By
/u/nf--
โ October 10
th
2022 at 15:26
submitted by
/u/nf--
[link]
[comments]
/r/netsec - Information Security News & Discussion
GitLab: RCE via github import
By
/u/jeandrew
โ October 10
th
2022 at 11:45
submitted by
/u/jeandrew
[link]
[comments]
/r/netsec - Information Security News & Discussion
A simple shell script (almost) POSIX for mail security checks
By
/u/ljulolsen
โ October 10
th
2022 at 08:07
submitted by
/u/ljulolsen
[link]
[comments]
/r/netsec - Information Security News & Discussion
Getting served a malicious update - interesting techniques, my slip up, and lessons learned: a short blog post
By
/u/CuckooExe
โ October 9
th
2022 at 14:55
submitted by
/u/CuckooExe
[link]
[comments]
/r/netsec - Information Security News & Discussion
What can we learn from leaked Insyde's BIOS for Intel Alder Lake
By
/u/hardenedvault
โ October 8
th
2022 at 15:00
submitted by
/u/hardenedvault
[link]
[comments]
/r/netsec - Information Security News & Discussion
Disclosure time for Zoneminder findings
By
/u/trenchesofit
โ October 7
th
2022 at 15:01
submitted by
/u/trenchesofit
[link]
[comments]
/r/netsec - Information Security News & Discussion
Unpatched vulnerability on Zimbra (again!) - symlink abuse in cpio
By
/u/iagox86
โ October 6
th
2022 at 21:01
submitted by
/u/iagox86
[link]
[comments]
/r/netsec - Information Security News & Discussion
Uncovering a Fake Recruiter Scam with OSINT techniques
By
/u/smicallef
โ October 6
th
2022 at 19:43
submitted by
/u/smicallef
[link]
[comments]
/r/netsec - Information Security News & Discussion
Fully loaded: testing vulnerable PyYAML versions
By
/u/iterablewords
โ October 6
th
2022 at 18:11
submitted by
/u/iterablewords
[link]
[comments]
/r/netsec - Information Security News & Discussion
CVE-2022โ36635 โ A SQL Injection in ZKSecurityBio to RCE
By
/u/sp1d3rr
โ October 6
th
2022 at 13:46
submitted by
/u/sp1d3rr
[link]
[comments]
Load more articles