Login
FreshRSS
Login
/r/netsec - Information Security News & Discussion
Reverse SSH - A Fast, Stable Reverse Shell Handler
By
/u/Acceptable-Doubt-878
β March 3
rd
2023 at 00:40
submitted by
/u/Acceptable-Doubt-878
[link]
[comments]
/r/netsec - Information Security News & Discussion
Nosey Parker, a fast secrets detector, now enumerates GitHub repos, writes SARIF output, and has 90 default rules
By
/u/exploding_nun
β March 3
rd
2023 at 00:01
submitted by
/u/exploding_nun
[link]
[comments]
/r/netsec - Information Security News & Discussion
Backups of ALL customer vault data, including encrypted passwords and decrypted authenticator seeds, exfiltrated in 2022 LastPass breach, You will need to regenerate OTP KEYS for all services and if you have a weak master password or low iteration count,
By
/u/alexanderpas
β March 2
nd
2023 at 22:27
submitted by
/u/alexanderpas
[link]
[comments]
/r/netsec - Information Security News & Discussion
Lesser Known Persistence Techniques of WinXP are still effective on Win 10 and 11.
By
/u/jat0369
β March 2
nd
2023 at 19:37
submitted by
/u/jat0369
[link]
[comments]
/r/netsec - Information Security News & Discussion
Taking over booking.com accounts by abusing OAuth 2.0
By
/u/ynvb
β March 2
nd
2023 at 13:20
submitted by
/u/ynvb
[link]
[comments]
/r/netsec - Information Security News & Discussion
BlackLotus UEFI bootkit: Myth confirmed
By
/u/hardenedvault
β March 2
nd
2023 at 08:41
submitted by
/u/hardenedvault
[link]
[comments]
/r/netsec - Information Security News & Discussion
SSH PKI on top of Web PKI
By
/u/ptman
β March 2
nd
2023 at 08:10
submitted by
/u/ptman
[link]
[comments]
/r/netsec - Information Security News & Discussion
Gitpod remote code execution 0-day vulnerability via WebSockets
By
/u/lirantal
β March 1
st
2023 at 23:25
submitted by
/u/lirantal
[link]
[comments]
/r/netsec - Information Security News & Discussion
Incident Response in Google Cloud: Forensic Artifacts
By
/u/MiguelHzBz
β March 1
st
2023 at 22:32
submitted by
/u/MiguelHzBz
[link]
[comments]
/r/netsec - Information Security News & Discussion
Making New Connections β Leveraging Cisco AnyConnect Client to Drop and Run Payloads
By
/u/0xdea
β March 1
st
2023 at 16:30
submitted by
/u/0xdea
[link]
[comments]
/r/netsec - Information Security News & Discussion
CI/CD secrets extraction, tips and tricks
By
/u/Gallus
β March 1
st
2023 at 15:31
submitted by
/u/Gallus
[link]
[comments]
/r/netsec - Information Security News & Discussion
Indirect Prompt Injection on Bing Chat
By
/u/Gallus
β March 1
st
2023 at 10:19
submitted by
/u/Gallus
[link]
[comments]
/r/netsec - Information Security News & Discussion
Using JFrog Artifactory? Make sure it doesn't mistakenly expose your secrets, apparently it's not uncommon
By
/u/roy_6472
β March 1
st
2023 at 09:47
submitted by
/u/roy_6472
[link]
[comments]
/r/netsec - Information Security News & Discussion
First steps in CHERIoT Security Research | MSRC Blog
By
/u/unaligned_access
β February 28
th
2023 at 17:49
submitted by
/u/unaligned_access
[link]
[comments]
/r/netsec - Information Security News & Discussion
SCARLETEEL: Operation leveraging Terraform, Kubernetes, and AWS for data theft
By
/u/MiguelHzBz
β February 28
th
2023 at 17:34
submitted by
/u/MiguelHzBz
[link]
[comments]
/r/netsec - Information Security News & Discussion
Empowering weak primitives: file truncation to code execution with Git
By
/u/monoimpact
β February 28
th
2023 at 15:54
submitted by
/u/monoimpact
[link]
[comments]
/r/netsec - Information Security News & Discussion
How to conduct a Complete Kubernetes Security Config Review
By
/u/phoenixzeu
β February 28
th
2023 at 14:45
submitted by
/u/phoenixzeu
[link]
[comments]
/r/netsec - Information Security News & Discussion
Dirty Arbitrary File Write to RCE in Python uWSGI
By
/u/nibblesec
β February 28
th
2023 at 13:47
submitted by
/u/nibblesec
[link]
[comments]
/r/netsec - Information Security News & Discussion
Itβs All Bad News: An update on how the Lastpass breach affects Lastpass SSO
By
/u/csanders_
β February 27
th
2023 at 23:00
submitted by
/u/csanders_
[link]
[comments]
/r/netsec - Information Security News & Discussion
SPIP Remote Code Execution (pre-auth)
By
/u/EasyAd9596
β February 27
th
2023 at 21:59
submitted by
/u/EasyAd9596
[link]
[comments]
/r/netsec - Information Security News & Discussion
ParamAngler - tool for testing specific payload on each parameter
By
/u/spajky_yt
β February 27
th
2023 at 19:47
submitted by
/u/spajky_yt
[link]
[comments]
/r/netsec - Information Security News & Discussion
Lastpass Quietly indicates that Enterprise Users' K2s were accessed
By
/u/csanders_
β February 27
th
2023 at 19:42
submitted by
/u/csanders_
[link]
[comments]
/r/netsec - Information Security News & Discussion
RIG Exploit Kit: In-Depth Analysis
By
/u/wtfse
β February 27
th
2023 at 15:35
submitted by
/u/wtfse
[link]
[comments]
/r/netsec - Information Security News & Discussion
Scripts for playing with WinDbg JS API (hugsy/windbg_js_scripts)
By
/u/Gallus
β February 27
th
2023 at 01:27
submitted by
/u/Gallus
[link]
[comments]
/r/netsec - Information Security News & Discussion
open-appsec provides ML-based API Security add-on for Kong API Gateways
By
/u/Hen2022
β February 26
th
2023 at 10:00
submitted by
/u/Hen2022
[link]
[comments]
/r/netsec - Information Security News & Discussion
Wrote a hands-on blog series for anyone trying to get a start as a SOC analyst -- feedback welcome!
By
/u/skybound5
β February 25
th
2023 at 03:56
submitted by
/u/skybound5
[link]
[comments]
/r/netsec - Information Security News & Discussion
Yet, another packer/loader with my very own implementation of GetProcAddress and GetModuleHandle to dinamically fetch function addresses, as well as AES payload and function name encryption with a derived SHA256 key
By
/u/oldboy21
β February 24
th
2023 at 16:19
submitted by
/u/oldboy21
[link]
[comments]
/r/netsec - Information Security News & Discussion
A Review of Attacks Against Language-Based Package Managers
By
/u/panoptischall
β February 24
th
2023 at 12:21
submitted by
/u/panoptischall
[link]
[comments]
/r/netsec - Information Security News & Discussion
SSO Gadgets: Escalate (Self-)XSS to ATO
By
/u/albinowax
β February 24
th
2023 at 10:13
submitted by
/u/albinowax
[link]
[comments]
/r/netsec - Information Security News & Discussion
OpenEMR - Remote Code Execution in your Healthcare System
By
/u/_noraj_
β February 24
th
2023 at 09:20
submitted by
/u/_noraj_
[link]
[comments]
/r/netsec - Information Security News & Discussion
The code that wasn't there: Reading memory on an Android device by accident
By
/u/albinowax
β February 24
th
2023 at 08:30
submitted by
/u/albinowax
[link]
[comments]
/r/netsec - Information Security News & Discussion
520 Malware Packages Published to PyPI in Ongoing Attack
By
/u/louis11
β February 24
th
2023 at 01:31
submitted by
/u/louis11
[link]
[comments]
/r/netsec - Information Security News & Discussion
41 imposter HTTP libraries discovered on PyPI
By
/u/ledgit
β February 23
rd
2023 at 13:15
submitted by
/u/ledgit
[link]
[comments]
/r/netsec - Information Security News & Discussion
Detecting Server-Side Prototype Pollution
By
/u/dcthatch
β February 23
rd
2023 at 10:59
submitted by
/u/dcthatch
[link]
[comments]
/r/netsec - Information Security News & Discussion
AD Offsec Testing Tools Pre-Compiled, up to date, and ready to use
By
/u/Pleasant-Drawer729
β February 23
rd
2023 at 06:46
submitted by
/u/Pleasant-Drawer729
[link]
[comments]
/r/netsec - Information Security News & Discussion
Vulnerability write-up - "Dangerous assumptions" (6 CVEs in Node.js packages)
By
/u/ThomasRinsma
β February 22
nd
2023 at 16:40
submitted by
/u/ThomasRinsma
[link]
[comments]
/r/netsec - Information Security News & Discussion
Disabling ClamAV as an Unprivileged User
By
/u/DLLCoolJ
β February 22
nd
2023 at 12:58
submitted by
/u/DLLCoolJ
[link]
[comments]
/r/netsec - Information Security News & Discussion
Multiple vulnerabilities in Nokia BTS Airscale ASIKA [PDF]
By
/u/Gallus
β February 22
nd
2023 at 10:15
submitted by
/u/Gallus
[link]
[comments]
/r/netsec - Information Security News & Discussion
Introducing Burp DOM Scanner, a Burp Suite's extension to scan and crawl Single Page Applications. It can discover and verify DOM based XSS by tracking JavaScript execution.
By
/u/filippo_cavallarin
β February 21
st
2023 at 10:48
submitted by
/u/filippo_cavallarin
[link]
[comments]
/r/netsec - Information Security News & Discussion
Let's build a Chrome extension that steals everything
By
/u/ScottContini
β February 22
nd
2023 at 01:53
submitted by
/u/ScottContini
[link]
[comments]
/r/netsec - Information Security News & Discussion
Introducing Sublime: A new, open approach to email security
By
/u/Glomar-Response
β February 21
st
2023 at 21:53
submitted by
/u/Glomar-Response
[link]
[comments]
/r/netsec - Information Security News & Discussion
OWASP Kubernetes Top 10 - Tools & Techniques
By
/u/MiguelHzBz
β February 21
st
2023 at 15:45
submitted by
/u/MiguelHzBz
[link]
[comments]
/r/netsec - Information Security News & Discussion
ClamAV Critical Patch Review
By
/u/g_e_r_h_a_r_d
β February 21
st
2023 at 15:02
submitted by
/u/g_e_r_h_a_r_d
[link]
[comments]
/r/netsec - Information Security News & Discussion
A Deep Dive Into a PoshC2 Implant
By
/u/CyberMasterV
β February 21
st
2023 at 15:02
submitted by
/u/CyberMasterV
[link]
[comments]
/r/netsec - Information Security News & Discussion
Fortinet FortiNAC CVE-2022-39952 Deep-Dive, IOCs, and POC
By
/u/scopedsecurity
β February 21
st
2023 at 12:52
submitted by
/u/scopedsecurity
[link]
[comments]
/r/netsec - Information Security News & Discussion
New OSCP Reporting Tool (SysReptor)
By
/u/Pleasant-Drawer729
β February 21
st
2023 at 06:54
submitted by
/u/Pleasant-Drawer729
[link]
[comments]
/r/netsec - Information Security News & Discussion
CVE-2022-24942 Heap-based buffer overflow in Silicon Labs Gecko SDK
By
/u/attilaszia
β February 20
th
2023 at 19:18
submitted by
/u/attilaszia
[link]
[comments]
/r/netsec - Information Security News & Discussion
Legitify added support for GPT-based security recommendations for GitHub & GitLab assets
By
/u/dotanoam
β February 20
th
2023 at 15:35
submitted by
/u/dotanoam
[link]
[comments]
/r/netsec - Information Security News & Discussion
GitHub - zblurx/dploot: DPAPI looting remotely in Python
By
/u/scopedsecurity
β February 20
th
2023 at 15:24
submitted by
/u/scopedsecurity
[link]
[comments]
/r/netsec - Information Security News & Discussion
New OpenSecurityTraining2 class, "Hardware 1101: Intel SPI Analysis"
By
/u/OpenSecurityTraining
β February 20
th
2023 at 02:43
submitted by
/u/OpenSecurityTraining
[link]
[comments]
/r/netsec - Information Security News & Discussion
Return of the 0ktapus? Coinbase fend of UNC3944/ScatteredSpider attack that used SMS Phishing and attempted MFA bypass
By
/u/SuaveHobo
β February 19
th
2023 at 04:11
submitted by
/u/SuaveHobo
[link]
[comments]
/r/netsec - Information Security News & Discussion
Small utility to chunk up a large BloodHound JSON file into smaller files for faster importing.
By
/u/ustayready
β February 18
th
2023 at 22:38
submitted by
/u/ustayready
[link]
[comments]
/r/netsec - Information Security News & Discussion
mast1c0re: Part 3 β Escaping the PS5 emulator
By
/u/ArbitraryWrite
β February 18
th
2023 at 22:36
submitted by
/u/ArbitraryWrite
[link]
[comments]
/r/netsec - Information Security News & Discussion
Azure B2C Crypto Misuse and Account Compromise
By
/u/dlorenc
β February 18
th
2023 at 13:33
submitted by
/u/dlorenc
[link]
[comments]
/r/netsec - Information Security News & Discussion
chvancooten/NimPlant: A light-weight first-stage C2 implant written in Nim.
By
/u/Vegetable_Treat_5017
β February 18
th
2023 at 03:03
submitted by
/u/Vegetable_Treat_5017
[link]
[comments]
/r/netsec - Information Security News & Discussion
ICS and OT Vulnerabilities Analysis for 2022
By
/u/derp6996
β February 17
th
2023 at 15:39
submitted by
/u/derp6996
[link]
[comments]
/r/netsec - Information Security News & Discussion
How we Hacked Apple Twice in one day for Fun (and Profit)
By
/u/pectoral
β February 17
th
2023 at 14:44
submitted by
/u/pectoral
[link]
[comments]
/r/netsec - Information Security News & Discussion
Ghidra Golf: A Reverse Engineering CTF
By
/u/DLLCoolJ
β February 17
th
2023 at 11:47
submitted by
/u/DLLCoolJ
[link]
[comments]
/r/netsec - Information Security News & Discussion
Introducing Proxy Enriched Sequence Diagrams (PESD). New Burp Plugin.
By
/u/nibblesec
β February 17
th
2023 at 11:33
submitted by
/u/nibblesec
[link]
[comments]
/r/netsec - Information Security News & Discussion
Reinforcement learning for red/blue team automation
By
/u/limmen
β February 17
th
2023 at 09:47
submitted by
/u/limmen
[link]
[comments]
Load more articles