Login
FreshRSS
Login
/r/netsec - Information Security News & Discussion
Reverse Branch Target Buffer Poisoning - new ASLR bypass technique using CPU vulnerabilities [PDF]
By
/u/Gallus
β November 4
th
2022 at 07:41
submitted by
/u/Gallus
[link]
[comments]
/r/netsec - Information Security News & Discussion
MI-X - Determine whether your compute is truly vulnerable to a specific vulnerability
By
/u/boutnaru
β November 4
th
2022 at 06:54
submitted by
/u/boutnaru
[link]
[comments]
/r/netsec - Information Security News & Discussion
CVE-2022-33679 Windows Kerberos Elevation of Privilege
By
/u/smokiesmk
β November 4
th
2022 at 05:26
submitted by
/u/smokiesmk
[link]
[comments]
/r/netsec - Information Security News & Discussion
Release Ghidra 10.2 Β· NationalSecurityAgency/ghidra
By
/u/mumbel
β November 3
rd
2022 at 22:52
submitted by
/u/mumbel
[link]
[comments]
/r/netsec - Information Security News & Discussion
Why Did the OpenSSL Punycode Vulnerability Happen
By
/u/ScottContini
β November 3
rd
2022 at 22:26
submitted by
/u/ScottContini
[link]
[comments]
/r/netsec - Information Security News & Discussion
Threat Model Examples
By
/u/hipver
β November 3
rd
2022 at 16:56
submitted by
/u/hipver
[link]
[comments]
/r/netsec - Information Security News & Discussion
The below-OS for supply chain of critical infrastructure protection
By
/u/hardenedvault
β November 3
rd
2022 at 14:47
submitted by
/u/hardenedvault
[link]
[comments]
/r/netsec - Information Security News & Discussion
CVE-2022-3602 & CVE-2022-3786 - OSS tools to detect susceptibility to the recent OpenSSL issues
By
/u/SRMish3
β November 3
rd
2022 at 11:08
submitted by
/u/SRMish3
[link]
[comments]
/r/netsec - Information Security News & Discussion
Checkmk: Remote Code Execution by Chaining Multiple Bugs (1/3)
By
/u/monoimpact
β November 2
nd
2022 at 22:50
submitted by
/u/monoimpact
[link]
[comments]
/r/netsec - Information Security News & Discussion
Gregor Samsa: Exploiting Java's XML Signature Verification
By
/u/jp_bennett
β November 2
nd
2022 at 19:26
submitted by
/u/jp_bennett
[link]
[comments]
/r/netsec - Information Security News & Discussion
urlscan.io's SOAR spot: Chatty security tools leaking private data
By
/u/mckirk_
β November 2
nd
2022 at 12:58
submitted by
/u/mckirk_
[link]
[comments]
/r/netsec - Information Security News & Discussion
Symbolic Triage: Making the Best of a Good Situation β Atredis Partners
By
/u/jeandrew
β November 2
nd
2022 at 05:55
submitted by
/u/jeandrew
[link]
[comments]
/r/netsec - Information Security News & Discussion
Awesome Security Newsletters
By
/u/mymalema
β November 1
st
2022 at 23:00
submitted by
/u/mymalema
[link]
[comments]
/r/netsec - Information Security News & Discussion
Dozens More PyPI Packages Attempting to Deliver W4SP Stealer in Ongoing Supply-Chain Attack
By
/u/louis11
β November 1
st
2022 at 21:20
submitted by
/u/louis11
[link]
[comments]
/r/netsec - Information Security News & Discussion
The OpenSSL punycode vulnerability (CVE-2022-3602): Overview, detection, exploitation, and remediation | Datadog Security Labs
By
/u/RedTermSession
β November 1
st
2022 at 16:57
submitted by
/u/RedTermSession
[link]
[comments]
/r/netsec - Information Security News & Discussion
OpenSSL Blog Post with FAQs - CVE-2022-3786 and CVE-2022-3602: X.509 Email Address Buffer Overflows
By
/u/Gallus
β November 1
st
2022 at 16:11
submitted by
/u/Gallus
[link]
[comments]
/r/netsec - Information Security News & Discussion
OpenSSL version 3.0.7 published - Fixed two buffer overflows in punycode decoding functions
By
/u/Gallus
β November 1
st
2022 at 15:50
submitted by
/u/Gallus
[link]
[comments]
/r/netsec - Information Security News & Discussion
List of (un)affected software OpenSSL vulnerability (still being updated)
By
/u/Triyujin
β November 1
st
2022 at 12:01
submitted by
/u/Triyujin
[link]
[comments]
/r/netsec - Information Security News & Discussion
Exploiting Static Site Generators: When Static Is Not Actually Static
By
/u/Mempodipper
β November 1
st
2022 at 07:13
submitted by
/u/Mempodipper
[link]
[comments]
/r/netsec - Information Security News & Discussion
No Hat 2022 Conference Recordings
By
/u/Khryse
β October 31
st
2022 at 22:15
submitted by
/u/Khryse
[link]
[comments]
/r/netsec - Information Security News & Discussion
Fugu15 - a semi-untethered permasigned jailbreak for iOS 15
By
/u/_rs
β October 31
st
2022 at 20:09
submitted by
/u/_rs
[link]
[comments]
/r/netsec - Information Security News & Discussion
A tale of a simple Apple kernel bug
By
/u/JordyZomer
β October 31
st
2022 at 19:15
submitted by
/u/JordyZomer
[link]
[comments]
/r/netsec - Information Security News & Discussion
Abusing windowsβ tokens to compromise active directory without touching lsass
By
/u/sanitybit
β October 31
st
2022 at 17:52
submitted by
/u/sanitybit
[link]
[comments]
/r/netsec - Information Security News & Discussion
New Microcorruption Challenges - Embedded Hardware Security CTF
By
/u/sanitybit
β October 31
st
2022 at 17:47
submitted by
/u/sanitybit
[link]
[comments]
/r/netsec - Information Security News & Discussion
What I learnt from reading 217 subdomain takeover bug reports.
By
/u/_nynan
β October 31
st
2022 at 14:04
submitted by
/u/_nynan
[link]
[comments]
/r/netsec - Information Security News & Discussion
A technical analysis of Pegasus for Android β Part 3
By
/u/CyberMasterV
β October 31
st
2022 at 14:02
submitted by
/u/CyberMasterV
[link]
[comments]
/r/netsec - Information Security News & Discussion
Vulnerability and Exploit feeds
By
/u/AnyYak5018
β October 31
st
2022 at 08:03
submitted by
/u/AnyYak5018
[link]
[comments]
/r/netsec - Information Security News & Discussion
Baby steps into MITRE Stix/Taxii, Pandas, Graphs & Jupyter notebooks
By
/u/DiabloHorn
β October 31
st
2022 at 07:44
submitted by
/u/DiabloHorn
[link]
[comments]
/r/netsec - Information Security News & Discussion
Part 3 of Lord Of The Ring0 - Sailing to the land of the user (and debugging the ship)
By
/u/Idov31
β October 30
th
2022 at 12:09
submitted by
/u/Idov31
[link]
[comments]
/r/netsec - Information Security News & Discussion
The Automated Penetration Testing Reporting System (APTRS). Pentester can easily maintain projects, customers, and vulnerabilities, and create PDF reports without needing to use traditional DOC files. The tool allows you to maintain a vulnerability databa
By
/u/Ano_F
β October 30
th
2022 at 07:29
submitted by
/u/Ano_F
[link]
[comments]
/r/netsec - Information Security News & Discussion
Urgent: Patch OpenSSL on November 1 to avoid βCriticalβ Security Vulnerability - GlobalSign
By
/u/c0r0n3r
β October 29
th
2022 at 22:37
submitted by
/u/c0r0n3r
[link]
[comments]
/r/netsec - Information Security News & Discussion
GitHub - Legit-Labs/legitify: Detect and remediate misconfigurations and security risks across all your GitHub assets
By
/u/roy_6472
β October 29
th
2022 at 20:00
submitted by
/u/roy_6472
[link]
[comments]
/r/netsec - Information Security News & Discussion
mitmproxy 9: WireGuard Mode and Raw UDP Support
By
/u/mhils
β October 29
th
2022 at 12:49
submitted by
/u/mhils
[link]
[comments]
/r/netsec - Information Security News & Discussion
RC4 Is Still Considered Harmful
By
/u/sanitybit
β October 28
th
2022 at 22:13
submitted by
/u/sanitybit
[link]
[comments]
/r/netsec - Information Security News & Discussion
Passkeys as a tool for user retention
By
/u/Khryse
β October 28
th
2022 at 19:52
submitted by
/u/Khryse
[link]
[comments]
/r/netsec - Information Security News & Discussion
CVE-2022-22241: Juniper SSLVPN / JunOS RCE and Multiple Vulnerabilities β Blog
By
/u/spacedust65
β October 28
th
2022 at 17:28
submitted by
/u/spacedust65
[link]
[comments]
/r/netsec - Information Security News & Discussion
TCP/IP Vulnerability CVE-2022β34718 PoC Restoration and Analysis
By
/u/sanitybit
β October 28
th
2022 at 03:34
submitted by
/u/sanitybit
[link]
[comments]
/r/netsec - Information Security News & Discussion
Towards the next generation of XNU memory safety: kalloc_type
By
/u/sanitybit
β October 27
th
2022 at 20:59
submitted by
/u/sanitybit
[link]
[comments]
/r/netsec - Information Security News & Discussion
GitHub - karimhabush/cis-vsphere: A tool to assess the compliance of a VMware vSphere environment against the CIS Benchmark.
By
/u/karimhabush
β October 27
th
2022 at 19:13
submitted by
/u/karimhabush
[link]
[comments]
/r/netsec - Information Security News & Discussion
One-Time Programs
By
/u/feross
β October 27
th
2022 at 18:47
submitted by
/u/feross
[link]
[comments]
/r/netsec - Information Security News & Discussion
control flow unflattening of an android rasp sdk
By
/u/eybisi_
β October 27
th
2022 at 17:00
submitted by
/u/eybisi_
[link]
[comments]
/r/netsec - Information Security News & Discussion
Open source automated Tailscale security best practices benchmark assessment just released by Steampipe.io
By
/u/stevecio
β October 27
th
2022 at 14:31
submitted by
/u/stevecio
[link]
[comments]
/r/netsec - Information Security News & Discussion
Visual Studio Code Jupyter Notebook RCE (CVE-2021-26437)
By
/u/nibblesec
β October 27
th
2022 at 12:45
submitted by
/u/nibblesec
[link]
[comments]
/r/netsec - Information Security News & Discussion
Hexacon conference videos
By
/u/gquere
β October 27
th
2022 at 12:15
submitted by
/u/gquere
[link]
[comments]
/r/netsec - Information Security News & Discussion
Divin'n'phishin with executable filetypes on Windows
By
/u/ljulolsen
β October 27
th
2022 at 10:06
submitted by
/u/ljulolsen
[link]
[comments]
/r/netsec - Information Security News & Discussion
Building a multifunctional red team dropbox for USB and Ethernet attacks
By
/u/RoganDawes
β October 27
th
2022 at 09:20
submitted by
/u/RoganDawes
[link]
[comments]
/r/netsec - Information Security News & Discussion
Ethernet ghosting & NAC bypass - A practical overview
By
/u/Gallus
β October 27
th
2022 at 03:48
submitted by
/u/Gallus
[link]
[comments]
/r/netsec - Information Security News & Discussion
Hijacking AUR Packages by Searching for Expired Domains
By
/u/whisperingmime
β October 26
th
2022 at 17:24
submitted by
/u/whisperingmime
[link]
[comments]
/r/netsec - Information Security News & Discussion
Ring0VBA - Getting Ring0 Using a Goddamn Word Document
By
/u/CyberMasterV
β October 26
th
2022 at 14:05
submitted by
/u/CyberMasterV
[link]
[comments]
/r/netsec - Information Security News & Discussion
OpenSSL: CRITICAL vulnerability will be fixed in upcoming release
By
/u/josephnoir
β October 26
th
2022 at 11:27
submitted by
/u/josephnoir
[link]
[comments]
/r/netsec - Information Security News & Discussion
Token handles abuse: One shell to HANDLE them all
By
/u/gid0rah
β October 26
th
2022 at 11:28
submitted by
/u/gid0rah
[link]
[comments]
/r/netsec - Information Security News & Discussion
Lateral Movement via AutodialDLL registry key abuse
By
/u/gid0rah
β October 26
th
2022 at 10:38
submitted by
/u/gid0rah
[link]
[comments]
/r/netsec - Information Security News & Discussion
topmostp: A simple CLI tool to retrieve the N top most used ports
By
/u/deleee
β October 26
th
2022 at 07:51
submitted by
/u/deleee
[link]
[comments]
/r/netsec - Information Security News & Discussion
GitHub Actions are being abused to run mining operations
By
/u/MiguelHzBz
β October 25
th
2022 at 16:04
submitted by
/u/MiguelHzBz
[link]
[comments]
/r/netsec - Information Security News & Discussion
Stranger Strings: An exploitable flaw in SQLite
By
/u/jeandrew
β October 25
th
2022 at 11:52
submitted by
/u/jeandrew
[link]
[comments]
/r/netsec - Information Security News & Discussion
The Logging Dead: Two Event Log Vulnerabilities Haunting Windows
By
/u/lohacker0
β October 25
th
2022 at 10:46
submitted by
/u/lohacker0
[link]
[comments]
/r/netsec - Information Security News & Discussion
Firefox and Chromium | Madaidan's Insecurities
By
/u/gquere
β October 25
th
2022 at 09:23
submitted by
/u/gquere
[link]
[comments]
/r/netsec - Information Security News & Discussion
Chapter 1 β From Gozi to ISFB: The history of a mythical malware family
By
/u/CyberMasterV
β October 25
th
2022 at 06:27
submitted by
/u/CyberMasterV
[link]
[comments]
/r/netsec - Information Security News & Discussion
Racing Cats to the Exit: A Boring Linux Kernel Use-After-Free
By
/u/0x414141
β October 24
th
2022 at 22:42
submitted by
/u/0x414141
[link]
[comments]
/r/netsec - Information Security News & Discussion
Exploit archaeology: A forensic history of in-the-wild NSO Group exploits
By
/u/DonnchaOC
β October 24
th
2022 at 21:45
submitted by
/u/DonnchaOC
[link]
[comments]
Load more articles