Login
FreshRSS
Login
/r/netsec - Information Security News & Discussion
EJS - Server Side Prototype Pollution gadgets to RCE
By
/u/Gallus
β March 9
th
2023 at 23:44
submitted by
/u/Gallus
[link]
[comments]
/r/netsec - Information Security News & Discussion
Pwning Akuvox E11 Smart Intercom
By
/u/sh0n1z
β March 9
th
2023 at 19:00
submitted by
/u/sh0n1z
[link]
[comments]
/r/netsec - Information Security News & Discussion
Phineas Fisher's Hacktivist Writeups and Guides
By
/u/gabriel_schneider
β March 9
th
2023 at 11:22
submitted by
/u/gabriel_schneider
[link]
[comments]
/r/netsec - Information Security News & Discussion
The Threat on Your Desk: Building an Evil USB-C Dock
By
/u/Acceptable-Doubt-878
β March 9
th
2023 at 01:21
submitted by
/u/Acceptable-Doubt-878
[link]
[comments]
/r/netsec - Information Security News & Discussion
Jailbreaking LLM (ChatGPT) Sandboxes Using Linguistic Hacks
By
/u/alxjsn
β March 8
th
2023 at 19:45
submitted by
/u/alxjsn
[link]
[comments]
/r/netsec - Information Security News & Discussion
CorePlague: Severe Vulnerabilities in Jenkins Server Lead to Remote Code Execution
By
/u/ilay789
β March 8
th
2023 at 16:08
submitted by
/u/ilay789
[link]
[comments]
/r/netsec - Information Security News & Discussion
Fog of War - How the Ukraine Conflict Transformed the οΌ£yber Threat Landscape
By
/u/mycall
β March 8
th
2023 at 14:35
submitted by
/u/mycall
[link]
[comments]
/r/netsec - Information Security News & Discussion
ESXi Ransomware β A case study of Royal Ransomware
By
/u/CyberMasterV
β March 8
th
2023 at 13:02
submitted by
/u/CyberMasterV
[link]
[comments]
/r/netsec - Information Security News & Discussion
Beating an old PHP source code protector
By
/u/gid0rah
β March 8
th
2023 at 12:10
submitted by
/u/gid0rah
[link]
[comments]
/r/netsec - Information Security News & Discussion
Persistence β Event Log Online Help
By
/u/netbiosX
β March 8
th
2023 at 08:38
submitted by
/u/netbiosX
[link]
[comments]
/r/netsec - Information Security News & Discussion
I made a VS Code extension to view nmap results in a graph view. Helpful if you like to keep notes in MarkDown. Let me know what you think about it.
By
/u/marduc812
β March 7
th
2023 at 17:21
submitted by
/u/marduc812
[link]
[comments]
/r/netsec - Information Security News & Discussion
Open-source Static Code Analysis tool with sensitive-data prioritization
By
/u/rukhrunnin
β March 7
th
2023 at 17:12
submitted by
/u/rukhrunnin
[link]
[comments]
/r/netsec - Information Security News & Discussion
Authentication Bypass Vulnerability in Mura CMS and Masa CMS
By
/u/albinowax
β March 7
th
2023 at 16:56
submitted by
/u/albinowax
[link]
[comments]
/r/netsec - Information Security News & Discussion
RCE in Implementations of SHA-3, SHAKE, EdDSA
By
/u/Definitely_not_gpt3
β March 7
th
2023 at 16:03
submitted by
/u/Definitely_not_gpt3
[link]
[comments]
/r/netsec - Information Security News & Discussion
Avoiding Single-Point-of-Failure and securing the Root Infrastructure: TCG TPM 2.0
By
/u/hardenedvault
β March 7
th
2023 at 11:10
submitted by
/u/hardenedvault
[link]
[comments]
/r/netsec - Information Security News & Discussion
Harvesting Active Directory credentials via HTTP Request Smuggling
By
/u/albinowax
β March 7
th
2023 at 09:16
submitted by
/u/albinowax
[link]
[comments]
/r/netsec - Information Security News & Discussion
Manipulating Encrypted Traffic using PyCript for Manual and Automation
By
/u/Ano_F
β March 6
th
2023 at 18:22
submitted by
/u/Ano_F
[link]
[comments]
/r/netsec - Information Security News & Discussion
Insecure Toyota CRM exposed Mexican customer information
By
/u/EatonZ
β March 6
th
2023 at 18:19
submitted by
/u/EatonZ
[link]
[comments]
/r/netsec - Information Security News & Discussion
Protecting Android clipboard content from unintended exposure
By
/u/SCI_Rusher
β March 6
th
2023 at 17:57
submitted by
/u/SCI_Rusher
[link]
[comments]
/r/netsec - Information Security News & Discussion
Polynonce A Novel Attack against ECDSA. Paper, Code, and associated Story
By
/u/nhamiel
β March 6
th
2023 at 14:13
submitted by
/u/nhamiel
[link]
[comments]
/r/netsec - Information Security News & Discussion
Passive Takeover - uncovering (and emulating) an expensive subdomain takeover campaign
By
/u/-nbsp-
β March 5
th
2023 at 12:20
submitted by
/u/-nbsp-
[link]
[comments]
/r/netsec - Information Security News & Discussion
Obfuscating Rubeus using Codecepticon
By
/u/h0wlett
β March 5
th
2023 at 12:10
submitted by
/u/h0wlett
[link]
[comments]
/r/netsec - Information Security News & Discussion
Lord Of The Ring0 - Part 4 is out!
By
/u/Idov31
β March 5
th
2023 at 12:05
submitted by
/u/Idov31
[link]
[comments]
/r/netsec - Information Security News & Discussion
βStreamJackingβ - Hijacking Hundreds of YouTube Channels Per Day Propagating Elon Musk Branded Crypto Giveaway Scams
By
/u/lowlet3443
β March 5
th
2023 at 09:30
submitted by
/u/lowlet3443
[link]
[comments]
/r/netsec - Information Security News & Discussion
Hacking the Nintendo DSi Browser
By
/u/Gallus
β March 4
th
2023 at 07:17
submitted by
/u/Gallus
[link]
[comments]
/r/netsec - Information Security News & Discussion
Reverse SSH - A Fast, Stable Reverse Shell Handler
By
/u/Acceptable-Doubt-878
β March 3
rd
2023 at 00:40
submitted by
/u/Acceptable-Doubt-878
[link]
[comments]
/r/netsec - Information Security News & Discussion
Nosey Parker, a fast secrets detector, now enumerates GitHub repos, writes SARIF output, and has 90 default rules
By
/u/exploding_nun
β March 3
rd
2023 at 00:01
submitted by
/u/exploding_nun
[link]
[comments]
/r/netsec - Information Security News & Discussion
Backups of ALL customer vault data, including encrypted passwords and decrypted authenticator seeds, exfiltrated in 2022 LastPass breach, You will need to regenerate OTP KEYS for all services and if you have a weak master password or low iteration count,
By
/u/alexanderpas
β March 2
nd
2023 at 22:27
submitted by
/u/alexanderpas
[link]
[comments]
/r/netsec - Information Security News & Discussion
Lesser Known Persistence Techniques of WinXP are still effective on Win 10 and 11.
By
/u/jat0369
β March 2
nd
2023 at 19:37
submitted by
/u/jat0369
[link]
[comments]
/r/netsec - Information Security News & Discussion
Taking over booking.com accounts by abusing OAuth 2.0
By
/u/ynvb
β March 2
nd
2023 at 13:20
submitted by
/u/ynvb
[link]
[comments]
/r/netsec - Information Security News & Discussion
BlackLotus UEFI bootkit: Myth confirmed
By
/u/hardenedvault
β March 2
nd
2023 at 08:41
submitted by
/u/hardenedvault
[link]
[comments]
/r/netsec - Information Security News & Discussion
SSH PKI on top of Web PKI
By
/u/ptman
β March 2
nd
2023 at 08:10
submitted by
/u/ptman
[link]
[comments]
/r/netsec - Information Security News & Discussion
Gitpod remote code execution 0-day vulnerability via WebSockets
By
/u/lirantal
β March 1
st
2023 at 23:25
submitted by
/u/lirantal
[link]
[comments]
/r/netsec - Information Security News & Discussion
Incident Response in Google Cloud: Forensic Artifacts
By
/u/MiguelHzBz
β March 1
st
2023 at 22:32
submitted by
/u/MiguelHzBz
[link]
[comments]
/r/netsec - Information Security News & Discussion
Making New Connections β Leveraging Cisco AnyConnect Client to Drop and Run Payloads
By
/u/0xdea
β March 1
st
2023 at 16:30
submitted by
/u/0xdea
[link]
[comments]
/r/netsec - Information Security News & Discussion
CI/CD secrets extraction, tips and tricks
By
/u/Gallus
β March 1
st
2023 at 15:31
submitted by
/u/Gallus
[link]
[comments]
/r/netsec - Information Security News & Discussion
Indirect Prompt Injection on Bing Chat
By
/u/Gallus
β March 1
st
2023 at 10:19
submitted by
/u/Gallus
[link]
[comments]
/r/netsec - Information Security News & Discussion
Using JFrog Artifactory? Make sure it doesn't mistakenly expose your secrets, apparently it's not uncommon
By
/u/roy_6472
β March 1
st
2023 at 09:47
submitted by
/u/roy_6472
[link]
[comments]
/r/netsec - Information Security News & Discussion
First steps in CHERIoT Security Research | MSRC Blog
By
/u/unaligned_access
β February 28
th
2023 at 17:49
submitted by
/u/unaligned_access
[link]
[comments]
/r/netsec - Information Security News & Discussion
SCARLETEEL: Operation leveraging Terraform, Kubernetes, and AWS for data theft
By
/u/MiguelHzBz
β February 28
th
2023 at 17:34
submitted by
/u/MiguelHzBz
[link]
[comments]
/r/netsec - Information Security News & Discussion
Empowering weak primitives: file truncation to code execution with Git
By
/u/monoimpact
β February 28
th
2023 at 15:54
submitted by
/u/monoimpact
[link]
[comments]
/r/netsec - Information Security News & Discussion
How to conduct a Complete Kubernetes Security Config Review
By
/u/phoenixzeu
β February 28
th
2023 at 14:45
submitted by
/u/phoenixzeu
[link]
[comments]
/r/netsec - Information Security News & Discussion
Dirty Arbitrary File Write to RCE in Python uWSGI
By
/u/nibblesec
β February 28
th
2023 at 13:47
submitted by
/u/nibblesec
[link]
[comments]
/r/netsec - Information Security News & Discussion
Itβs All Bad News: An update on how the Lastpass breach affects Lastpass SSO
By
/u/csanders_
β February 27
th
2023 at 23:00
submitted by
/u/csanders_
[link]
[comments]
/r/netsec - Information Security News & Discussion
SPIP Remote Code Execution (pre-auth)
By
/u/EasyAd9596
β February 27
th
2023 at 21:59
submitted by
/u/EasyAd9596
[link]
[comments]
/r/netsec - Information Security News & Discussion
ParamAngler - tool for testing specific payload on each parameter
By
/u/spajky_yt
β February 27
th
2023 at 19:47
submitted by
/u/spajky_yt
[link]
[comments]
/r/netsec - Information Security News & Discussion
Lastpass Quietly indicates that Enterprise Users' K2s were accessed
By
/u/csanders_
β February 27
th
2023 at 19:42
submitted by
/u/csanders_
[link]
[comments]
/r/netsec - Information Security News & Discussion
RIG Exploit Kit: In-Depth Analysis
By
/u/wtfse
β February 27
th
2023 at 15:35
submitted by
/u/wtfse
[link]
[comments]
/r/netsec - Information Security News & Discussion
Scripts for playing with WinDbg JS API (hugsy/windbg_js_scripts)
By
/u/Gallus
β February 27
th
2023 at 01:27
submitted by
/u/Gallus
[link]
[comments]
/r/netsec - Information Security News & Discussion
open-appsec provides ML-based API Security add-on for Kong API Gateways
By
/u/Hen2022
β February 26
th
2023 at 10:00
submitted by
/u/Hen2022
[link]
[comments]
/r/netsec - Information Security News & Discussion
Wrote a hands-on blog series for anyone trying to get a start as a SOC analyst -- feedback welcome!
By
/u/skybound5
β February 25
th
2023 at 03:56
submitted by
/u/skybound5
[link]
[comments]
/r/netsec - Information Security News & Discussion
Yet, another packer/loader with my very own implementation of GetProcAddress and GetModuleHandle to dinamically fetch function addresses, as well as AES payload and function name encryption with a derived SHA256 key
By
/u/oldboy21
β February 24
th
2023 at 16:19
submitted by
/u/oldboy21
[link]
[comments]
/r/netsec - Information Security News & Discussion
A Review of Attacks Against Language-Based Package Managers
By
/u/panoptischall
β February 24
th
2023 at 12:21
submitted by
/u/panoptischall
[link]
[comments]
/r/netsec - Information Security News & Discussion
SSO Gadgets: Escalate (Self-)XSS to ATO
By
/u/albinowax
β February 24
th
2023 at 10:13
submitted by
/u/albinowax
[link]
[comments]
/r/netsec - Information Security News & Discussion
OpenEMR - Remote Code Execution in your Healthcare System
By
/u/_noraj_
β February 24
th
2023 at 09:20
submitted by
/u/_noraj_
[link]
[comments]
/r/netsec - Information Security News & Discussion
The code that wasn't there: Reading memory on an Android device by accident
By
/u/albinowax
β February 24
th
2023 at 08:30
submitted by
/u/albinowax
[link]
[comments]
/r/netsec - Information Security News & Discussion
520 Malware Packages Published to PyPI in Ongoing Attack
By
/u/louis11
β February 24
th
2023 at 01:31
submitted by
/u/louis11
[link]
[comments]
/r/netsec - Information Security News & Discussion
41 imposter HTTP libraries discovered on PyPI
By
/u/ledgit
β February 23
rd
2023 at 13:15
submitted by
/u/ledgit
[link]
[comments]
/r/netsec - Information Security News & Discussion
Detecting Server-Side Prototype Pollution
By
/u/dcthatch
β February 23
rd
2023 at 10:59
submitted by
/u/dcthatch
[link]
[comments]
/r/netsec - Information Security News & Discussion
AD Offsec Testing Tools Pre-Compiled, up to date, and ready to use
By
/u/Pleasant-Drawer729
β February 23
rd
2023 at 06:46
submitted by
/u/Pleasant-Drawer729
[link]
[comments]
Load more articles