/r/netsec - Information Security News & Discussion

Venom is a library that meant to perform evasive communication using stolen browser socket.

By /u/Idov31 — December 18^th 2022 at 12:33

submitted by /u/Idov31
[link] [comments]

/r/netsec - Information Security News & Discussion

Your Car is Trackable by Law TPMS tracking for 30$

By /u/Exact-Practice-8658 — December 18^th 2022 at 04:50

submitted by /u/Exact-Practice-8658
[link] [comments]

/r/netsec - Information Security News & Discussion

Gepetto - An IDA plugin which queries OpenAI's davinci-003 language model to speed up reverse-engineering

By /u/galaris — December 18^th 2022 at 02:38

submitted by /u/galaris
[link] [comments]

/r/netsec - Information Security News & Discussion

Exploiting API Framework Flexibility

By /u/6W99ocQnb8Zy17 — December 17^th 2022 at 10:33

submitted by /u/6W99ocQnb8Zy17
[link] [comments]

/r/netsec - Information Security News & Discussion

OSCP guide 2022

By /u/sgtdede — December 17^th 2022 at 03:17

Here is my personal guide for the current OSCP format (2022). All the advices you'll find here rewarded me a lot during my training. I hope my advices will be valuable to you. And I wish you guys a lot of luck in your journey

English: https://sgtdede.gitbook.io/hacking/oscp-2022/guide-en French: https://sgtdede.gitbook.io/hacking/oscp-2022/guide-fr

Note: I'll probably add some stuff to this guides in the next weeks Please let me know if you want me to answer specific questions or add some topics to this guide :)

submitted by /u/sgtdede
[link] [comments]

/r/netsec - Information Security News & Discussion

Build: an open source IDE for authoring, testing, and verifying production-ready security tests.

By /u/DH_Prelude — December 16^th 2022 at 14:15

submitted by /u/DH_Prelude
[link] [comments]

/r/netsec - Information Security News & Discussion

Critical Vulnerability Found in Sovrin, a Popular Decentralized Identity System

By /u/jat0369 — December 16^th 2022 at 06:14

submitted by /u/jat0369
[link] [comments]

/r/netsec - Information Security News & Discussion

Foxit PDF Reader - Use after Free - Remote Code Execution Exploit

By /u/hacksysteam — December 16^th 2022 at 06:12

submitted by /u/hacksysteam
[link] [comments]

/r/netsec - Information Security News & Discussion

A vulnerability in the UMPD (User-Mode Printer Drivers) allows local users to trigger a use-after-free vulnerability. The vulnerability works from Windows 8 and above, and is fairly easy to exploit on older Windows machines.

By /u/SSDisclosure — December 15^th 2022 at 15:27

submitted by /u/SSDisclosure
[link] [comments]

/r/netsec - Information Security News & Discussion

SHA-1 is out. NIST recommends switching to the SHA-2 and SHA-3 groups of hash algorithms as soon as possible, with an official deadline of Dec. 31, 2030.

By /u/nist — December 15^th 2022 at 15:06

submitted by /u/nist
[link] [comments]

/r/netsec - Information Security News & Discussion

Salt Labs | Missing Bricks: Finding Security Holes in LEGO APIs

By /u/ynvb — December 15^th 2022 at 13:53

submitted by /u/ynvb
[link] [comments]

/r/netsec - Information Security News & Discussion

Unauthenticated Buffer Overflows in multiple Zyxel routers still haunting users - Metasploit exploit code published, thousands of devices potentially affected!

By /u/0x9000 — December 15^th 2022 at 12:52

submitted by /u/0x9000
[link] [comments]

/r/netsec - Information Security News & Discussion

Take down of DDoS services under Operation Power OFF

By /u/CyberChoicesUK — December 15^th 2022 at 10:17

submitted by /u/CyberChoicesUK
[link] [comments]

/r/netsec - Information Security News & Discussion

PyPI malware creators starting to employ Anti-Debug techniques

By /u/SRMish3 — December 15^th 2022 at 07:52

submitted by /u/SRMish3
[link] [comments]

/r/netsec - Information Security News & Discussion

BSidesSF 2023 Call For Presentations, Workshops, and Villages

By /u/reedloden — December 15^th 2022 at 05:42

submitted by /u/reedloden
[link] [comments]

/r/netsec - Information Security News & Discussion

How NOT to patch Integer Overflow in JavaScript - Technical analysis of over 50 community submissions

By /u/pi3ch — December 15^th 2022 at 03:37

submitted by /u/pi3ch
[link] [comments]

/r/netsec - Information Security News & Discussion

Unusual Cache Poisoning between Akamai and S3 buckets

By /u/albinowax — December 14^th 2022 at 15:29

submitted by /u/albinowax
[link] [comments]

/r/netsec - Information Security News & Discussion

Technical Review: A Deep Analysis of the Dirty Pipe Vulnerability

By /u/gfdgfbal — December 14^th 2022 at 14:22

submitted by /u/gfdgfbal
[link] [comments]

/r/netsec - Information Security News & Discussion

Hacking the MBTA CharlieCard from 2008 to Present

By /u/_zio_pane — December 14^th 2022 at 12:48

submitted by /u/_zio_pane
[link] [comments]

/r/netsec - Information Security News & Discussion

FRESH from Black Hat EU: Dirty Vanity, the windows-fork based injection method is public

By /u/LezG00 — December 14^th 2022 at 11:01

submitted by /u/LezG00
[link] [comments]

/r/netsec - Information Security News & Discussion

Coercer: A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.

By /u/boutnaru — December 14^th 2022 at 07:59

submitted by /u/boutnaru
[link] [comments]

/r/netsec - Information Security News & Discussion

Vulnerabilities found on Arcadyan Routers

By /u/asherdl02 — December 14^th 2022 at 03:07

Finally (!!!) I was able to make this public. It ain’t much but it is honest work.

submitted by /u/asherdl02
[link] [comments]

/r/netsec - Information Security News & Discussion

apk.sh makes reverse engineering Android apps easier, automating some repetitive tasks like pulling, decoding, rebuilding and patching an APK.

By /u/FipoKa — December 13^th 2022 at 22:15

submitted by /u/FipoKa
[link] [comments]

/r/netsec - Information Security News & Discussion

Sandworm.JS - dynamically analyses over 2M javascript packages to offer zero day, real time protection against malicious scripts.

By /u/sculabobone — December 13^th 2022 at 19:02

submitted by /u/sculabobone
[link] [comments]

/r/netsec - Information Security News & Discussion

A Deep Dive into BianLian Ransomware [PDF]

By /u/CyberMasterV — December 13^th 2022 at 15:00

submitted by /u/CyberMasterV
[link] [comments]

/r/netsec - Information Security News & Discussion

AWS ECR Public Vulnerability

By /u/Gallus — December 13^th 2022 at 14:55

submitted by /u/Gallus
[link] [comments]

/r/netsec - Information Security News & Discussion

A Server Side Request Forgery protection library for Golang

By /u/nibblesec — December 13^th 2022 at 13:52

submitted by /u/nibblesec
[link] [comments]

/r/netsec - Information Security News & Discussion

Critical Citrix ADC Bug Exploited in the Wild

By /u/YogiBerra88888 — December 13^th 2022 at 13:37

submitted by /u/YogiBerra88888
[link] [comments]

/r/netsec - Information Security News & Discussion

An Open Source tool for Fixing the Accidental Public GitHub Repo

By /u/amirshk — December 13^th 2022 at 08:01

submitted by /u/amirshk
[link] [comments]

/r/netsec - Information Security News & Discussion

Precious Gemstones: The New Generation of Kerberos Attacks

By /u/0xdea — December 13^th 2022 at 06:17

submitted by /u/0xdea
[link] [comments]

/r/netsec - Information Security News & Discussion

Exploiting CVE-2022-42703 - Bringing back the stack attack

By /u/boutnaru — December 13^th 2022 at 04:05

submitted by /u/boutnaru
[link] [comments]

/r/netsec - Information Security News & Discussion

Finding JIT Optimizer Bugs using SMT Solvers and Fuzzing

By /u/surrealisticpillow12 — December 12^th 2022 at 12:47

submitted by /u/surrealisticpillow12
[link] [comments]

/r/netsec - Information Security News & Discussion

IATelligence is a Python script that will extract the IAT of a PE file and request GPT to get more information about the API and the ATT&CK matrix related

By /u/boutnaru — December 12^th 2022 at 04:37

submitted by /u/boutnaru
[link] [comments]

/r/netsec - Information Security News & Discussion

Detecting heap memory pitfalls

By /u/CoolerVoid — December 11^th 2022 at 16:30

submitted by /u/CoolerVoid
[link] [comments]

/r/netsec - Information Security News & Discussion

Fuzzing ping(8)…and finding a 24 year old bug

By /u/Gallus — December 11^th 2022 at 04:27

submitted by /u/Gallus
[link] [comments]

/r/netsec - Information Security News & Discussion

Nebuchadnezzar - Practically-exploitable Cryptographic Vulnerabilities in Matrix

By /u/Gallus — December 10^th 2022 at 08:56

submitted by /u/Gallus
[link] [comments]

/r/netsec - Information Security News & Discussion

Polar: debugging on LLDB using OpenAI's davinci-003 language model - @ant4g0nist

By /u/ant4g0nist — December 10^th 2022 at 01:01

submitted by /u/ant4g0nist
[link] [comments]

/r/netsec - Information Security News & Discussion

Ongoing Typosquatting Campaign Publishing Malware to PyPI

By /u/louis11 — December 9^th 2022 at 17:20

submitted by /u/louis11
[link] [comments]

/r/netsec - Information Security News & Discussion

Cool vulns don't live long - Netgear and Pwn2Own

By /u/Gallus — December 9^th 2022 at 07:10

submitted by /u/Gallus
[link] [comments]

/r/netsec - Information Security News & Discussion

Using ChatGPT to Generate Phishing Campaigns

By /u/rickyrockslide — December 9^th 2022 at 03:02

submitted by /u/rickyrockslide
[link] [comments]

/r/netsec - Information Security News & Discussion

Hooking System Calls in Windows 11 22H2 like Avast Antivirus. Research, analysis and bypass

By /u/Gallus — December 9^th 2022 at 01:58

submitted by /u/Gallus
[link] [comments]

/r/netsec - Information Security News & Discussion

Nosey Parker: a new scanner to find misplaced secrets in textual data and Git history

By /u/exploding_nun — December 8^th 2022 at 22:37

submitted by /u/exploding_nun
[link] [comments]

/r/netsec - Information Security News & Discussion

Hacking the Furbo Dog Camera: Part III

By /u/somersetrecon — December 8^th 2022 at 20:59

submitted by /u/somersetrecon
[link] [comments]

/r/netsec - Information Security News & Discussion

Fuzzing Golang msgpack for fun and panic

By /u/Schwag — December 8^th 2022 at 19:14

submitted by /u/Schwag
[link] [comments]

/r/netsec - Information Security News & Discussion

How to secure your Open Source Project – A quick guide for developers

By /u/TupleType1 — December 8^th 2022 at 15:48

submitted by /u/TupleType1
[link] [comments]

/r/netsec - Information Security News & Discussion

Using JSON in a New Generic Web Application Firewall Bypass

By /u/derp6996 — December 8^th 2022 at 15:34

submitted by /u/derp6996
[link] [comments]

/r/netsec - Information Security News & Discussion

cli google search client written by chatgpt ai - bypasses captcha and rate limiting

By /u/endless — December 8^th 2022 at 14:29

submitted by /u/endless
[link] [comments]

/r/netsec - Information Security News & Discussion

Shoggoth

By /u/DarkGrejuva — December 8^th 2022 at 13:00

Shoggoth: Asmjit Based Polymorphic Encryptor

submitted by /u/DarkGrejuva
[link] [comments]

/r/netsec - Information Security News & Discussion

GitHub - klezVirus/SilentMoonwalk: PoC Implementation of a TRUE call stack spoofer

By /u/R3dCr0wn — December 8^th 2022 at 09:54

submitted by /u/R3dCr0wn
[link] [comments]

/r/netsec - Information Security News & Discussion

Firewalls under the hood - UFW

By /u/doitsukara — December 7^th 2022 at 22:32

submitted by /u/doitsukara
[link] [comments]

/r/netsec - Information Security News & Discussion

PyPI-distributed malicious package campagin tying into GitHub accounts and embedded into repos to disguise its intention - FULL ANALYSIS

By /u/dalmoz — December 7^th 2022 at 15:35

submitted by /u/dalmoz
[link] [comments]

/r/netsec - Information Security News & Discussion

RCE via SSTI on Spring Boot Error Page with Akamai WAF Bypass

By /u/Gallus — December 7^th 2022 at 02:31

submitted by /u/Gallus
[link] [comments]

/r/netsec - Information Security News & Discussion

An open source SMS gateway for pentest projects

By /u/aunga — December 6^th 2022 at 21:25

submitted by /u/aunga
[link] [comments]

/r/netsec - Information Security News & Discussion

The Last Breath of Our Netgear RAX30 Bugs - A Tragic Tale before Pwn2Own Toronto 2022

By /u/Gallus — December 6^th 2022 at 14:51

submitted by /u/Gallus
[link] [comments]

/r/netsec - Information Security News & Discussion

Moobot Uses a Fake Vulnerability

By /u/chicksdigthelongrun — December 6^th 2022 at 14:22

submitted by /u/chicksdigthelongrun
[link] [comments]

/r/netsec - Information Security News & Discussion

Default NETGEAR Router Configuration Allows Attacks from WAN

By /u/dinobyt3s — December 5^th 2022 at 17:22

submitted by /u/dinobyt3s
[link] [comments]

/r/netsec - Information Security News & Discussion

Hijacking GitHub Repositories by Deleting and Restoring Them

By /u/whisperingmime — December 5^th 2022 at 17:00

submitted by /u/whisperingmime
[link] [comments]

/r/netsec - Information Security News & Discussion

Release of EMBA firmware analyzer in version 1.2.0 - aka London Calling

By /u/_m-1-k-3_ — December 5^th 2022 at 13:27

submitted by /u/_m-1-k-3_
[link] [comments]

/r/netsec - Information Security News & Discussion

Slides: Demystifying Practical DoS Attacks

By /u/mazen160 — December 5^th 2022 at 06:48

submitted by /u/mazen160
[link] [comments]

/r/netsec - Information Security News & Discussion

OWASP Top 10 CI/CD Security Risks project released

By /u/Hefty_Knowledge_7449 — December 4^th 2022 at 20:26

submitted by /u/Hefty_Knowledge_7449
[link] [comments]