/r/netsec - Information Security News & Discussion

We had a security incident. Here’s what we know.

By /u/sanitybit — February 9^th 2023 at 20:29

submitted by /u/sanitybit
[link] [comments]

/r/netsec - Information Security News & Discussion

Exploit Vector Analysis of Emerging 'ESXiArgs' Ransomware

By /u/DrinkMoreCodeMore — February 9^th 2023 at 19:48

submitted by /u/DrinkMoreCodeMore
[link] [comments]

/r/netsec - Information Security News & Discussion

Neo4jection: Secrets, Data, and Cloud Exploits - Attacking Neo4j

By /u/lowlandsmarch — February 9^th 2023 at 14:56

submitted by /u/lowlandsmarch
[link] [comments]

/r/netsec - Information Security News & Discussion

Offphish - Phishing revisited in 2023

By /u/0xcsandker — February 9^th 2023 at 10:10

submitted by /u/0xcsandker
[link] [comments]

/r/netsec - Information Security News & Discussion

OpenSSH Pre-Auth Double Free - CVE-2023-25136 - Writeup and Proof-of-Concept

By /u/n0llbyte — February 8^th 2023 at 17:33

submitted by /u/n0llbyte
[link] [comments]

/r/netsec - Information Security News & Discussion

A Year in Review 2022: 100 vulnerabilities you should prioritize - PRIOn

By /u/gfekkas — February 8^th 2023 at 15:34

submitted by /u/gfekkas
[link] [comments]

/r/netsec - Information Security News & Discussion

Rustproofing Linux (Part 1, Leaking Addresses)

By /u/Gallus — February 8^th 2023 at 15:04

submitted by /u/Gallus
[link] [comments]

/r/netsec - Information Security News & Discussion

Top 10 web hacking techniques of 2022

By /u/Fugitif — February 8^th 2023 at 14:25

submitted by /u/Fugitif
[link] [comments]

/r/netsec - Information Security News & Discussion

Fearless CORS: a design philosophy for CORS middleware libraries (and a Go implementation) :: jub0bs.com

By /u/jub0bs — February 8^th 2023 at 13:57

submitted by /u/jub0bs
[link] [comments]

/r/netsec - Information Security News & Discussion

Dota 2 Under Attack: How a V8 Bug Was Exploited in the Game

By /u/stashing_the_smack — February 8^th 2023 at 10:00

submitted by /u/stashing_the_smack
[link] [comments]

/r/netsec - Information Security News & Discussion

Recovery script for ESXiArgs ransomware

By /u/YogiBerra88888 — February 8^th 2023 at 00:36

submitted by /u/YogiBerra88888
[link] [comments]

/r/netsec - Information Security News & Discussion

🔑 Introducing Matano Identity Data Lake for Open Source Cloud-Native SIEM!

By /u/shaeqahmed — February 7^th 2023 at 19:41

submitted by /u/shaeqahmed
[link] [comments]

/r/netsec - Information Security News & Discussion

Post-Exploitation: Abusing the KeePass Plugin Cache

By /u/guedou — February 7^th 2023 at 18:27

submitted by /u/guedou
[link] [comments]

/r/netsec - Information Security News & Discussion

GitHub - mazen160/secrets-patterns-db: Secrets Patterns DB: A comprehensive open-source regex database for secret detection.

By /u/mazen160 — February 7^th 2023 at 16:24

submitted by /u/mazen160
[link] [comments]

/r/netsec - Information Security News & Discussion

Discovering a weakness leading to a partial bypass of the login rate limiting in the AWS Console

By /u/thorn42 — February 7^th 2023 at 16:14

submitted by /u/thorn42
[link] [comments]

/r/netsec - Information Security News & Discussion

Tracing the Linux kernel using Exein Pulsar: a 5 Minute Tutorial

By /u/hdtrinh — February 7^th 2023 at 14:59

submitted by /u/hdtrinh
[link] [comments]

/r/netsec - Information Security News & Discussion

A Detailed Analysis of a New Stealer called Stealerium

By /u/CyberMasterV — February 7^th 2023 at 14:57

submitted by /u/CyberMasterV
[link] [comments]

/r/netsec - Information Security News & Discussion

NETGEAR Nighthawk upnpd Pre-authentication Buffer Overflow

By /u/luci_morningstart — February 7^th 2023 at 09:55

submitted by /u/luci_morningstart
[link] [comments]

/r/netsec - Information Security News & Discussion

I Built a Self-Destructing USB Drive Part 3

By /u/Machinehum — February 7^th 2023 at 03:52

submitted by /u/Machinehum
[link] [comments]

/r/netsec - Information Security News & Discussion

Hacking into Toyota's global supplier management network

By /u/EatonZ — February 6^th 2023 at 16:39

submitted by /u/EatonZ
[link] [comments]

/r/netsec - Information Security News & Discussion

CVE-2022-44268 - Arbitrary File Read PoC - PNG generator

By /u/voidz0r — February 5^th 2023 at 19:22

submitted by /u/voidz0r
[link] [comments]

/r/netsec - Information Security News & Discussion

StarHound - CLI tool for importing BloodHound's Active Directory and Azure data (for latest SharpHound/AzureHound data collectors)

By /u/malacupa — February 5^th 2023 at 11:56

submitted by /u/malacupa
[link] [comments]

/r/netsec - Information Security News & Discussion

The Defender's Guide to OneNote MalDocs

By /u/SuaveHobo — February 5^th 2023 at 10:46

submitted by /u/SuaveHobo
[link] [comments]

/r/netsec - Information Security News & Discussion

Reversing UK mobile rail tickets

By /u/Gallus — February 5^th 2023 at 05:28

submitted by /u/Gallus
[link] [comments]

/r/netsec - Information Security News & Discussion

DoS and arbitrary file read in (ImageMagick: The hidden vulnerability behind your online images)

By /u/Mini_True — February 4^th 2023 at 22:11

submitted by /u/Mini_True
[link] [comments]

/r/netsec - Information Security News & Discussion

Gartner Peer Insights widget - postMessage DOM XSS vulnerability

By /u/Gallus — February 3^rd 2023 at 23:01

submitted by /u/Gallus
[link] [comments]

/r/netsec - Information Security News & Discussion

PixPirate: a new Brazilian Banking Trojan | Cleafy LABS

By /u/f3d_0x0 — February 3^rd 2023 at 14:38

submitted by /u/f3d_0x0
[link] [comments]

/r/netsec - Information Security News & Discussion

Adobe Acrobat Reader - resetForm - CAgg UaF - RCE Exploit - CVE-2023-21608

By /u/hacksysteam — February 3^rd 2023 at 02:58

submitted by /u/hacksysteam
[link] [comments]

/r/netsec - Information Security News & Discussion

Pre-Auth RCE in Aspera Faspex: Case Guide for Auditing Ruby on Rails

By /u/Mempodipper — February 3^rd 2023 at 02:51

submitted by /u/Mempodipper
[link] [comments]

/r/netsec - Information Security News & Discussion

TC39 proposal for mitigating prototype pollution

By /u/Gallus — February 3^rd 2023 at 00:42

submitted by /u/Gallus
[link] [comments]

/r/netsec - Information Security News & Discussion

Discovering Six Critical Docker Desktop Privilege Escalation Vulnerabilities. (Bonus: New OSS Tool!)

By /u/jat0369 — February 2^nd 2023 at 19:34

submitted by /u/jat0369
[link] [comments]

/r/netsec - Information Security News & Discussion

GitHub - adityatelange/bhhb: Tool to view HTTP history exported from Burp Suite Community Edition

By /u/adityatelange — February 2^nd 2023 at 17:24

submitted by /u/adityatelange
[link] [comments]

/r/netsec - Information Security News & Discussion

The missing piece: the need for product management in security teams

By /u/sullivanmatt — February 2^nd 2023 at 16:26

submitted by /u/sullivanmatt
[link] [comments]

/r/netsec - Information Security News & Discussion

EMBA - Automated firmware security scanner v1.2.1 released

By /u/_m-1-k-3_ — February 2^nd 2023 at 14:50

submitted by /u/_m-1-k-3_
[link] [comments]

/r/netsec - Information Security News & Discussion

An easy way to preview the content of an XML nmap file, in VS Code.

By /u/j_bono — February 2^nd 2023 at 14:30

submitted by /u/j_bono
[link] [comments]

/r/netsec - Information Security News & Discussion

Adobe Acrobat Reader - resetForm - CAgg UaF - RCE Exploit - CVE-2023-21608

By /u/hacksysteam — February 2^nd 2023 at 12:48

submitted by /u/hacksysteam
[link] [comments]

/r/netsec - Information Security News & Discussion

Demystifiying SMPC (Secure multi-party computation) and its threat model

By /u/hardenedvault — February 2^nd 2023 at 11:47

submitted by /u/hardenedvault
[link] [comments]

/r/netsec - Information Security News & Discussion

Unserializable, but unreachable: Remote Code Execution on vBulletin

By /u/cfambionics — February 2^nd 2023 at 08:29

submitted by /u/cfambionics
[link] [comments]

/r/netsec - Information Security News & Discussion

Ronin 2.0.0 has finally been released! Ronin is a free and Open Source Ruby toolkit for security research and development.

By /u/postmodern — February 1^st 2023 at 23:09

submitted by /u/postmodern
[link] [comments]

/r/netsec - Information Security News & Discussion

HeadCrab: A Novel State-of-the-Art Redis Malware in a Global Campaign

By /u/gfdgfbal — February 1^st 2023 at 18:39

submitted by /u/gfdgfbal
[link] [comments]

/r/netsec - Information Security News & Discussion

Precision Munitions for Denial of Service

By /u/DevSec23 — February 1^st 2023 at 14:40

submitted by /u/DevSec23
[link] [comments]

/r/netsec - Information Security News & Discussion

CVE-2021-34462: Exploiting the Windows AppXSvc Service Logic-Error Vulnerability

By /u/Gallus — February 1^st 2023 at 07:50

submitted by /u/Gallus
[link] [comments]

/r/netsec - Information Security News & Discussion

RCE in Avaya Aura Device Services

By /u/Mempodipper — February 1^st 2023 at 01:03

submitted by /u/Mempodipper
[link] [comments]

/r/netsec - Information Security News & Discussion

Setting you up for failure: Exploring 2FA bypasses in web application settings page functionality

By /u/TheCrazyAcademic — January 31^st 2023 at 22:15

I discuss an interesting attack vector which not many people do to possibly bypass 2 factor authentication in a web application.

submitted by /u/TheCrazyAcademic
[link] [comments]

/r/netsec - Information Security News & Discussion

TimeException: A tool to find folders excluded from AV real-time scanning using a time oracle

By /u/sanitybit — January 31^st 2023 at 18:25

submitted by /u/sanitybit
[link] [comments]

/r/netsec - Information Security News & Discussion

Remote Command Execution in binwalk

By /u/Gallus — January 31^st 2023 at 14:09

submitted by /u/Gallus
[link] [comments]

/r/netsec - Information Security News & Discussion

Learning CodeQL - Going Beyond Grep

By /u/Gallus — January 31^st 2023 at 12:57

submitted by /u/Gallus
[link] [comments]

/r/netsec - Information Security News & Discussion

Github reports unauthorized access to some Github Desktop and Atom repositories

By /u/qwerty0x41 — January 31^st 2023 at 12:42

submitted by /u/qwerty0x41
[link] [comments]

/r/netsec - Information Security News & Discussion

The Good, Bad and Compromisable Aspects of Linux eBPF

By /u/eberkut — January 31^st 2023 at 12:13

submitted by /u/eberkut
[link] [comments]

/r/netsec - Information Security News & Discussion

VMware vRealize Log Insight VMSA-2023-0001 Technical Deep Dive and Exploit POC

By /u/scopedsecurity — January 31^st 2023 at 12:11

submitted by /u/scopedsecurity
[link] [comments]

/r/netsec - Information Security News & Discussion

Exposing Secrets Via AppSec Tools: The SonarQube Case

By /u/roy_6472 — January 31^st 2023 at 11:29

submitted by /u/roy_6472
[link] [comments]

/r/netsec - Information Security News & Discussion

How to identify and avoid malicious code in your software supply chain

By /u/n0llbyte — January 31^st 2023 at 11:03

submitted by /u/n0llbyte
[link] [comments]

/r/netsec - Information Security News & Discussion

Lockpicking The Lockout Policy For Information Correlation: Exploring the novel web app attack…

By /u/TheCrazyAcademic — January 31^st 2023 at 03:42

Discussing a under rated sub bug class of Buisness Logic Flaws in web apps that deserves more attention.

submitted by /u/TheCrazyAcademic
[link] [comments]

/r/netsec - Information Security News & Discussion

CloudGPT - Use ChatGPT to analyze AWS policies for vulnerabilities

By /u/ustayready — January 31^st 2023 at 02:31

submitted by /u/ustayready
[link] [comments]

/r/netsec - Information Security News & Discussion

Truffle Security is proud to host a new XSSHunter, that finds new vulnerabilities

By /u/wifihack — January 30^th 2023 at 16:26

submitted by /u/wifihack
[link] [comments]

/r/netsec - Information Security News & Discussion

DDoS attacks in Europe experienced a 73% increase in 2022 compared to the previous year

By /u/shapelez — January 30^th 2023 at 15:38

submitted by /u/shapelez
[link] [comments]

/r/netsec - Information Security News & Discussion

Metasploit Framework 6.3 Released

By /u/Fugitif — January 30^th 2023 at 14:15

submitted by /u/Fugitif
[link] [comments]

/r/netsec - Information Security News & Discussion

FIM (File Integrity Monitor) proof-of-concept implementation

By /u/CsaProtocol — January 30^th 2023 at 12:15

submitted by /u/CsaProtocol
[link] [comments]

/r/netsec - Information Security News & Discussion

This paper reinforces the belief that RSA isn't going to fall to Shor's Algorithm anytime soon

By /u/atoponce — January 27^th 2023 at 18:36

submitted by /u/atoponce
[link] [comments]

/r/netsec - Information Security News & Discussion

Public Disclosure for CVE-2022-42475

By /u/BlackCatNeo — January 30^th 2023 at 01:44

submitted by /u/BlackCatNeo
[link] [comments]