Login
FreshRSS
Login
/r/netsec - Information Security News & Discussion
Incident Response in Google Cloud: Forensic Artifacts
By
/u/MiguelHzBz
β March 1
st
2023 at 22:32
submitted by
/u/MiguelHzBz
[link]
[comments]
/r/netsec - Information Security News & Discussion
Making New Connections β Leveraging Cisco AnyConnect Client to Drop and Run Payloads
By
/u/0xdea
β March 1
st
2023 at 16:30
submitted by
/u/0xdea
[link]
[comments]
/r/netsec - Information Security News & Discussion
CI/CD secrets extraction, tips and tricks
By
/u/Gallus
β March 1
st
2023 at 15:31
submitted by
/u/Gallus
[link]
[comments]
/r/netsec - Information Security News & Discussion
Indirect Prompt Injection on Bing Chat
By
/u/Gallus
β March 1
st
2023 at 10:19
submitted by
/u/Gallus
[link]
[comments]
/r/netsec - Information Security News & Discussion
Using JFrog Artifactory? Make sure it doesn't mistakenly expose your secrets, apparently it's not uncommon
By
/u/roy_6472
β March 1
st
2023 at 09:47
submitted by
/u/roy_6472
[link]
[comments]
/r/netsec - Information Security News & Discussion
First steps in CHERIoT Security Research | MSRC Blog
By
/u/unaligned_access
β February 28
th
2023 at 17:49
submitted by
/u/unaligned_access
[link]
[comments]
/r/netsec - Information Security News & Discussion
SCARLETEEL: Operation leveraging Terraform, Kubernetes, and AWS for data theft
By
/u/MiguelHzBz
β February 28
th
2023 at 17:34
submitted by
/u/MiguelHzBz
[link]
[comments]
/r/netsec - Information Security News & Discussion
Empowering weak primitives: file truncation to code execution with Git
By
/u/monoimpact
β February 28
th
2023 at 15:54
submitted by
/u/monoimpact
[link]
[comments]
/r/netsec - Information Security News & Discussion
How to conduct a Complete Kubernetes Security Config Review
By
/u/phoenixzeu
β February 28
th
2023 at 14:45
submitted by
/u/phoenixzeu
[link]
[comments]
/r/netsec - Information Security News & Discussion
Dirty Arbitrary File Write to RCE in Python uWSGI
By
/u/nibblesec
β February 28
th
2023 at 13:47
submitted by
/u/nibblesec
[link]
[comments]
/r/netsec - Information Security News & Discussion
Itβs All Bad News: An update on how the Lastpass breach affects Lastpass SSO
By
/u/csanders_
β February 27
th
2023 at 23:00
submitted by
/u/csanders_
[link]
[comments]
/r/netsec - Information Security News & Discussion
SPIP Remote Code Execution (pre-auth)
By
/u/EasyAd9596
β February 27
th
2023 at 21:59
submitted by
/u/EasyAd9596
[link]
[comments]
/r/netsec - Information Security News & Discussion
ParamAngler - tool for testing specific payload on each parameter
By
/u/spajky_yt
β February 27
th
2023 at 19:47
submitted by
/u/spajky_yt
[link]
[comments]
/r/netsec - Information Security News & Discussion
Lastpass Quietly indicates that Enterprise Users' K2s were accessed
By
/u/csanders_
β February 27
th
2023 at 19:42
submitted by
/u/csanders_
[link]
[comments]
/r/netsec - Information Security News & Discussion
RIG Exploit Kit: In-Depth Analysis
By
/u/wtfse
β February 27
th
2023 at 15:35
submitted by
/u/wtfse
[link]
[comments]
/r/netsec - Information Security News & Discussion
Scripts for playing with WinDbg JS API (hugsy/windbg_js_scripts)
By
/u/Gallus
β February 27
th
2023 at 01:27
submitted by
/u/Gallus
[link]
[comments]
/r/netsec - Information Security News & Discussion
open-appsec provides ML-based API Security add-on for Kong API Gateways
By
/u/Hen2022
β February 26
th
2023 at 10:00
submitted by
/u/Hen2022
[link]
[comments]
/r/netsec - Information Security News & Discussion
Wrote a hands-on blog series for anyone trying to get a start as a SOC analyst -- feedback welcome!
By
/u/skybound5
β February 25
th
2023 at 03:56
submitted by
/u/skybound5
[link]
[comments]
/r/netsec - Information Security News & Discussion
Yet, another packer/loader with my very own implementation of GetProcAddress and GetModuleHandle to dinamically fetch function addresses, as well as AES payload and function name encryption with a derived SHA256 key
By
/u/oldboy21
β February 24
th
2023 at 16:19
submitted by
/u/oldboy21
[link]
[comments]
/r/netsec - Information Security News & Discussion
A Review of Attacks Against Language-Based Package Managers
By
/u/panoptischall
β February 24
th
2023 at 12:21
submitted by
/u/panoptischall
[link]
[comments]
/r/netsec - Information Security News & Discussion
SSO Gadgets: Escalate (Self-)XSS to ATO
By
/u/albinowax
β February 24
th
2023 at 10:13
submitted by
/u/albinowax
[link]
[comments]
/r/netsec - Information Security News & Discussion
OpenEMR - Remote Code Execution in your Healthcare System
By
/u/_noraj_
β February 24
th
2023 at 09:20
submitted by
/u/_noraj_
[link]
[comments]
/r/netsec - Information Security News & Discussion
The code that wasn't there: Reading memory on an Android device by accident
By
/u/albinowax
β February 24
th
2023 at 08:30
submitted by
/u/albinowax
[link]
[comments]
/r/netsec - Information Security News & Discussion
520 Malware Packages Published to PyPI in Ongoing Attack
By
/u/louis11
β February 24
th
2023 at 01:31
submitted by
/u/louis11
[link]
[comments]
/r/netsec - Information Security News & Discussion
41 imposter HTTP libraries discovered on PyPI
By
/u/ledgit
β February 23
rd
2023 at 13:15
submitted by
/u/ledgit
[link]
[comments]
/r/netsec - Information Security News & Discussion
Detecting Server-Side Prototype Pollution
By
/u/dcthatch
β February 23
rd
2023 at 10:59
submitted by
/u/dcthatch
[link]
[comments]
/r/netsec - Information Security News & Discussion
AD Offsec Testing Tools Pre-Compiled, up to date, and ready to use
By
/u/Pleasant-Drawer729
β February 23
rd
2023 at 06:46
submitted by
/u/Pleasant-Drawer729
[link]
[comments]
/r/netsec - Information Security News & Discussion
Vulnerability write-up - "Dangerous assumptions" (6 CVEs in Node.js packages)
By
/u/ThomasRinsma
β February 22
nd
2023 at 16:40
submitted by
/u/ThomasRinsma
[link]
[comments]
/r/netsec - Information Security News & Discussion
Disabling ClamAV as an Unprivileged User
By
/u/DLLCoolJ
β February 22
nd
2023 at 12:58
submitted by
/u/DLLCoolJ
[link]
[comments]
/r/netsec - Information Security News & Discussion
Multiple vulnerabilities in Nokia BTS Airscale ASIKA [PDF]
By
/u/Gallus
β February 22
nd
2023 at 10:15
submitted by
/u/Gallus
[link]
[comments]
/r/netsec - Information Security News & Discussion
Introducing Burp DOM Scanner, a Burp Suite's extension to scan and crawl Single Page Applications. It can discover and verify DOM based XSS by tracking JavaScript execution.
By
/u/filippo_cavallarin
β February 21
st
2023 at 10:48
submitted by
/u/filippo_cavallarin
[link]
[comments]
/r/netsec - Information Security News & Discussion
Let's build a Chrome extension that steals everything
By
/u/ScottContini
β February 22
nd
2023 at 01:53
submitted by
/u/ScottContini
[link]
[comments]
/r/netsec - Information Security News & Discussion
Introducing Sublime: A new, open approach to email security
By
/u/Glomar-Response
β February 21
st
2023 at 21:53
submitted by
/u/Glomar-Response
[link]
[comments]
/r/netsec - Information Security News & Discussion
OWASP Kubernetes Top 10 - Tools & Techniques
By
/u/MiguelHzBz
β February 21
st
2023 at 15:45
submitted by
/u/MiguelHzBz
[link]
[comments]
/r/netsec - Information Security News & Discussion
ClamAV Critical Patch Review
By
/u/g_e_r_h_a_r_d
β February 21
st
2023 at 15:02
submitted by
/u/g_e_r_h_a_r_d
[link]
[comments]
/r/netsec - Information Security News & Discussion
A Deep Dive Into a PoshC2 Implant
By
/u/CyberMasterV
β February 21
st
2023 at 15:02
submitted by
/u/CyberMasterV
[link]
[comments]
/r/netsec - Information Security News & Discussion
Fortinet FortiNAC CVE-2022-39952 Deep-Dive, IOCs, and POC
By
/u/scopedsecurity
β February 21
st
2023 at 12:52
submitted by
/u/scopedsecurity
[link]
[comments]
/r/netsec - Information Security News & Discussion
New OSCP Reporting Tool (SysReptor)
By
/u/Pleasant-Drawer729
β February 21
st
2023 at 06:54
submitted by
/u/Pleasant-Drawer729
[link]
[comments]
/r/netsec - Information Security News & Discussion
CVE-2022-24942 Heap-based buffer overflow in Silicon Labs Gecko SDK
By
/u/attilaszia
β February 20
th
2023 at 19:18
submitted by
/u/attilaszia
[link]
[comments]
/r/netsec - Information Security News & Discussion
Legitify added support for GPT-based security recommendations for GitHub & GitLab assets
By
/u/dotanoam
β February 20
th
2023 at 15:35
submitted by
/u/dotanoam
[link]
[comments]
/r/netsec - Information Security News & Discussion
GitHub - zblurx/dploot: DPAPI looting remotely in Python
By
/u/scopedsecurity
β February 20
th
2023 at 15:24
submitted by
/u/scopedsecurity
[link]
[comments]
/r/netsec - Information Security News & Discussion
New OpenSecurityTraining2 class, "Hardware 1101: Intel SPI Analysis"
By
/u/OpenSecurityTraining
β February 20
th
2023 at 02:43
submitted by
/u/OpenSecurityTraining
[link]
[comments]
/r/netsec - Information Security News & Discussion
Return of the 0ktapus? Coinbase fend of UNC3944/ScatteredSpider attack that used SMS Phishing and attempted MFA bypass
By
/u/SuaveHobo
β February 19
th
2023 at 04:11
submitted by
/u/SuaveHobo
[link]
[comments]
/r/netsec - Information Security News & Discussion
Small utility to chunk up a large BloodHound JSON file into smaller files for faster importing.
By
/u/ustayready
β February 18
th
2023 at 22:38
submitted by
/u/ustayready
[link]
[comments]
/r/netsec - Information Security News & Discussion
mast1c0re: Part 3 β Escaping the PS5 emulator
By
/u/ArbitraryWrite
β February 18
th
2023 at 22:36
submitted by
/u/ArbitraryWrite
[link]
[comments]
/r/netsec - Information Security News & Discussion
Azure B2C Crypto Misuse and Account Compromise
By
/u/dlorenc
β February 18
th
2023 at 13:33
submitted by
/u/dlorenc
[link]
[comments]
/r/netsec - Information Security News & Discussion
chvancooten/NimPlant: A light-weight first-stage C2 implant written in Nim.
By
/u/Vegetable_Treat_5017
β February 18
th
2023 at 03:03
submitted by
/u/Vegetable_Treat_5017
[link]
[comments]
/r/netsec - Information Security News & Discussion
ICS and OT Vulnerabilities Analysis for 2022
By
/u/derp6996
β February 17
th
2023 at 15:39
submitted by
/u/derp6996
[link]
[comments]
/r/netsec - Information Security News & Discussion
How we Hacked Apple Twice in one day for Fun (and Profit)
By
/u/pectoral
β February 17
th
2023 at 14:44
submitted by
/u/pectoral
[link]
[comments]
/r/netsec - Information Security News & Discussion
Ghidra Golf: A Reverse Engineering CTF
By
/u/DLLCoolJ
β February 17
th
2023 at 11:47
submitted by
/u/DLLCoolJ
[link]
[comments]
/r/netsec - Information Security News & Discussion
Introducing Proxy Enriched Sequence Diagrams (PESD). New Burp Plugin.
By
/u/nibblesec
β February 17
th
2023 at 11:33
submitted by
/u/nibblesec
[link]
[comments]
/r/netsec - Information Security News & Discussion
Reinforcement learning for red/blue team automation
By
/u/limmen
β February 17
th
2023 at 09:47
submitted by
/u/limmen
[link]
[comments]
/r/netsec - Information Security News & Discussion
CVE-2023-20032: ClamAV Remote Code Execution (CVSS 9.8)
By
/u/qwerty0x41
β February 17
th
2023 at 09:00
submitted by
/u/qwerty0x41
[link]
[comments]
/r/netsec - Information Security News & Discussion
Guide For Beginners: Syslog Configuration on Cisco Devices
By
/u/DenofBlerds
β February 17
th
2023 at 07:05
submitted by
/u/DenofBlerds
[link]
[comments]
/r/netsec - Information Security News & Discussion
Outdated Default AWS IAM Policy Language Versions | CloudQuery
By
/u/jsonpile
β February 16
th
2023 at 22:21
submitted by
/u/jsonpile
[link]
[comments]
/r/netsec - Information Security News & Discussion
No More Access Denied - I Am the TrustedInstaller
By
/u/achilles4828
β February 16
th
2023 at 18:37
submitted by
/u/achilles4828
[link]
[comments]
/r/netsec - Information Security News & Discussion
[BugTales] REUnziP: Re-Exploiting Huawei Recovery With FaultyUSB
By
/u/poltess0
β February 16
th
2023 at 16:31
submitted by
/u/poltess0
[link]
[comments]
/r/netsec - Information Security News & Discussion
Secure Boot to Heads: A brief history of #Linux Boot Integrity
By
/u/maltfield
β February 16
th
2023 at 16:26
submitted by
/u/maltfield
[link]
[comments]
/r/netsec - Information Security News & Discussion
Researcher infiltrates phishing syndicate to learn TTP's
By
/u/CyberArkLabs
β February 16
th
2023 at 15:40
submitted by
/u/CyberArkLabs
[link]
[comments]
/r/netsec - Information Security News & Discussion
Server-side prototype pollution: Black-box detection without the DoS
By
/u/Gallus
β February 15
th
2023 at 16:42
submitted by
/u/Gallus
[link]
[comments]
Load more articles