Login
FreshRSS
Login
/r/netsec - Information Security News & Discussion
"Understanding a Payload's Life (featuring Meterpreter & other guests)". Understanding the life of a Meterpreter payload from its generation to its execution. How all the pieces fit together!
By
/u/attl4s
β March 14
th
2023 at 08:28
submitted by
/u/attl4s
[link]
[comments]
/r/netsec - Information Security News & Discussion
Dolibarr ERP/CRM 16.x is vulnerable to a pre-auth customer database theft
By
/u/qwerty0x41
β March 14
th
2023 at 06:55
submitted by
/u/qwerty0x41
[link]
[comments]
/r/netsec - Information Security News & Discussion
Dissecting Exfiltrator-22: A Post-Exploitation Framework
By
/u/navneetmuffin
β March 14
th
2023 at 05:40
submitted by
/u/navneetmuffin
[link]
[comments]
/r/netsec - Information Security News & Discussion
Vendor Acknowledges Smart Intercom RCE Vulns
By
/u/derp6996
β March 13
th
2023 at 19:31
submitted by
/u/derp6996
[link]
[comments]
/r/netsec - Information Security News & Discussion
DEV-1101 enables high-volume AiTM campaigns with open-source phishing kit
By
/u/SCI_Rusher
β March 13
th
2023 at 16:22
submitted by
/u/SCI_Rusher
[link]
[comments]
/r/netsec - Information Security News & Discussion
Persistence β Context Menu
By
/u/netbiosX
β March 13
th
2023 at 15:41
submitted by
/u/netbiosX
[link]
[comments]
/r/netsec - Information Security News & Discussion
Pinduoduo malicious code sample and sheller
By
/u/sysadminsith
β March 13
th
2023 at 04:20
submitted by
/u/sysadminsith
[link]
[comments]
/r/netsec - Information Security News & Discussion
Clipchamp ( Microsoft Office Product) - Google IAP Authorization bypass allowed access to Internal Environment Leading to Zero Interaction Account takeover
By
/u/vikzsharma
β March 12
th
2023 at 11:04
submitted by
/u/vikzsharma
[link]
[comments]
/r/netsec - Information Security News & Discussion
New Cosmos Blockchain API DoS
By
/u/SharpAd1823
β March 12
th
2023 at 01:01
submitted by
/u/SharpAd1823
[link]
[comments]
/r/netsec - Information Security News & Discussion
Crawlector - A threat hunting framework designed for scanning websites for malicious objects.
By
/u/MFMokbel
β March 11
th
2023 at 22:28
submitted by
/u/MFMokbel
[link]
[comments]
/r/netsec - Information Security News & Discussion
πββοΈ ProtoDeep - Decode and analyze protobuf efficiently
By
/u/mxrchreborn
β March 11
th
2023 at 14:52
submitted by
/u/mxrchreborn
[link]
[comments]
/r/netsec - Information Security News & Discussion
A Comprehensive Synopsis of 217 Subdomain Takeover Reports - by Cyjax researcher @_nynan
By
/u/ObscureError
β March 11
th
2023 at 12:43
submitted by
/u/ObscureError
[link]
[comments]
/r/netsec - Information Security News & Discussion
WebGL fuzzer based on IDL definition by @ant4g0nist
By
/u/ant4g0nist
β March 11
th
2023 at 11:06
submitted by
/u/ant4g0nist
[link]
[comments]
/r/netsec - Information Security News & Discussion
Fixing cringeworthy bugs in the OpenBSD console code
By
/u/Gallus
β March 11
th
2023 at 02:05
submitted by
/u/Gallus
[link]
[comments]
/r/netsec - Information Security News & Discussion
Bypassing Asymmetric Client Side Encryption Without Private Key by @Ano_F_
By
/u/Ano_F
β March 10
th
2023 at 21:39
submitted by
/u/Ano_F
[link]
[comments]
/r/netsec - Information Security News & Discussion
Unauthorized access to organization secrets in GitHub
By
/u/albinowax
β March 10
th
2023 at 15:54
submitted by
/u/albinowax
[link]
[comments]
/r/netsec - Information Security News & Discussion
The oldest privesc: injecting careless administratorsβ terminals using TTY pushback
By
/u/gquere
β March 10
th
2023 at 12:38
submitted by
/u/gquere
[link]
[comments]
/r/netsec - Information Security News & Discussion
Infra-Red, In Situ (IRIS) Inspection of Silicon
By
/u/Gallus
β March 10
th
2023 at 08:47
submitted by
/u/Gallus
[link]
[comments]
/r/netsec - Information Security News & Discussion
I know what pizza you ordered!
By
/u/df_works
β March 10
th
2023 at 08:11
submitted by
/u/df_works
[link]
[comments]
/r/netsec - Information Security News & Discussion
Leveraging ssh-keygen for Arbitrary Execution (and Privilege Escalation)
By
/u/SeanPesce
β March 10
th
2023 at 02:54
submitted by
/u/SeanPesce
[link]
[comments]
/r/netsec - Information Security News & Discussion
EJS - Server Side Prototype Pollution gadgets to RCE
By
/u/Gallus
β March 9
th
2023 at 23:44
submitted by
/u/Gallus
[link]
[comments]
/r/netsec - Information Security News & Discussion
Pwning Akuvox E11 Smart Intercom
By
/u/sh0n1z
β March 9
th
2023 at 19:00
submitted by
/u/sh0n1z
[link]
[comments]
/r/netsec - Information Security News & Discussion
Phineas Fisher's Hacktivist Writeups and Guides
By
/u/gabriel_schneider
β March 9
th
2023 at 11:22
submitted by
/u/gabriel_schneider
[link]
[comments]
/r/netsec - Information Security News & Discussion
The Threat on Your Desk: Building an Evil USB-C Dock
By
/u/Acceptable-Doubt-878
β March 9
th
2023 at 01:21
submitted by
/u/Acceptable-Doubt-878
[link]
[comments]
/r/netsec - Information Security News & Discussion
Jailbreaking LLM (ChatGPT) Sandboxes Using Linguistic Hacks
By
/u/alxjsn
β March 8
th
2023 at 19:45
submitted by
/u/alxjsn
[link]
[comments]
/r/netsec - Information Security News & Discussion
CorePlague: Severe Vulnerabilities in Jenkins Server Lead to Remote Code Execution
By
/u/ilay789
β March 8
th
2023 at 16:08
submitted by
/u/ilay789
[link]
[comments]
/r/netsec - Information Security News & Discussion
Fog of War - How the Ukraine Conflict Transformed the οΌ£yber Threat Landscape
By
/u/mycall
β March 8
th
2023 at 14:35
submitted by
/u/mycall
[link]
[comments]
/r/netsec - Information Security News & Discussion
ESXi Ransomware β A case study of Royal Ransomware
By
/u/CyberMasterV
β March 8
th
2023 at 13:02
submitted by
/u/CyberMasterV
[link]
[comments]
/r/netsec - Information Security News & Discussion
Beating an old PHP source code protector
By
/u/gid0rah
β March 8
th
2023 at 12:10
submitted by
/u/gid0rah
[link]
[comments]
/r/netsec - Information Security News & Discussion
Persistence β Event Log Online Help
By
/u/netbiosX
β March 8
th
2023 at 08:38
submitted by
/u/netbiosX
[link]
[comments]
/r/netsec - Information Security News & Discussion
I made a VS Code extension to view nmap results in a graph view. Helpful if you like to keep notes in MarkDown. Let me know what you think about it.
By
/u/marduc812
β March 7
th
2023 at 17:21
submitted by
/u/marduc812
[link]
[comments]
/r/netsec - Information Security News & Discussion
Open-source Static Code Analysis tool with sensitive-data prioritization
By
/u/rukhrunnin
β March 7
th
2023 at 17:12
submitted by
/u/rukhrunnin
[link]
[comments]
/r/netsec - Information Security News & Discussion
Authentication Bypass Vulnerability in Mura CMS and Masa CMS
By
/u/albinowax
β March 7
th
2023 at 16:56
submitted by
/u/albinowax
[link]
[comments]
/r/netsec - Information Security News & Discussion
RCE in Implementations of SHA-3, SHAKE, EdDSA
By
/u/Definitely_not_gpt3
β March 7
th
2023 at 16:03
submitted by
/u/Definitely_not_gpt3
[link]
[comments]
/r/netsec - Information Security News & Discussion
Avoiding Single-Point-of-Failure and securing the Root Infrastructure: TCG TPM 2.0
By
/u/hardenedvault
β March 7
th
2023 at 11:10
submitted by
/u/hardenedvault
[link]
[comments]
/r/netsec - Information Security News & Discussion
Harvesting Active Directory credentials via HTTP Request Smuggling
By
/u/albinowax
β March 7
th
2023 at 09:16
submitted by
/u/albinowax
[link]
[comments]
/r/netsec - Information Security News & Discussion
Manipulating Encrypted Traffic using PyCript for Manual and Automation
By
/u/Ano_F
β March 6
th
2023 at 18:22
submitted by
/u/Ano_F
[link]
[comments]
/r/netsec - Information Security News & Discussion
Insecure Toyota CRM exposed Mexican customer information
By
/u/EatonZ
β March 6
th
2023 at 18:19
submitted by
/u/EatonZ
[link]
[comments]
/r/netsec - Information Security News & Discussion
Protecting Android clipboard content from unintended exposure
By
/u/SCI_Rusher
β March 6
th
2023 at 17:57
submitted by
/u/SCI_Rusher
[link]
[comments]
/r/netsec - Information Security News & Discussion
Polynonce A Novel Attack against ECDSA. Paper, Code, and associated Story
By
/u/nhamiel
β March 6
th
2023 at 14:13
submitted by
/u/nhamiel
[link]
[comments]
/r/netsec - Information Security News & Discussion
Passive Takeover - uncovering (and emulating) an expensive subdomain takeover campaign
By
/u/-nbsp-
β March 5
th
2023 at 12:20
submitted by
/u/-nbsp-
[link]
[comments]
/r/netsec - Information Security News & Discussion
Obfuscating Rubeus using Codecepticon
By
/u/h0wlett
β March 5
th
2023 at 12:10
submitted by
/u/h0wlett
[link]
[comments]
/r/netsec - Information Security News & Discussion
Lord Of The Ring0 - Part 4 is out!
By
/u/Idov31
β March 5
th
2023 at 12:05
submitted by
/u/Idov31
[link]
[comments]
/r/netsec - Information Security News & Discussion
βStreamJackingβ - Hijacking Hundreds of YouTube Channels Per Day Propagating Elon Musk Branded Crypto Giveaway Scams
By
/u/lowlet3443
β March 5
th
2023 at 09:30
submitted by
/u/lowlet3443
[link]
[comments]
/r/netsec - Information Security News & Discussion
Hacking the Nintendo DSi Browser
By
/u/Gallus
β March 4
th
2023 at 07:17
submitted by
/u/Gallus
[link]
[comments]
/r/netsec - Information Security News & Discussion
Reverse SSH - A Fast, Stable Reverse Shell Handler
By
/u/Acceptable-Doubt-878
β March 3
rd
2023 at 00:40
submitted by
/u/Acceptable-Doubt-878
[link]
[comments]
/r/netsec - Information Security News & Discussion
Nosey Parker, a fast secrets detector, now enumerates GitHub repos, writes SARIF output, and has 90 default rules
By
/u/exploding_nun
β March 3
rd
2023 at 00:01
submitted by
/u/exploding_nun
[link]
[comments]
/r/netsec - Information Security News & Discussion
Backups of ALL customer vault data, including encrypted passwords and decrypted authenticator seeds, exfiltrated in 2022 LastPass breach, You will need to regenerate OTP KEYS for all services and if you have a weak master password or low iteration count,
By
/u/alexanderpas
β March 2
nd
2023 at 22:27
submitted by
/u/alexanderpas
[link]
[comments]
/r/netsec - Information Security News & Discussion
Lesser Known Persistence Techniques of WinXP are still effective on Win 10 and 11.
By
/u/jat0369
β March 2
nd
2023 at 19:37
submitted by
/u/jat0369
[link]
[comments]
/r/netsec - Information Security News & Discussion
Taking over booking.com accounts by abusing OAuth 2.0
By
/u/ynvb
β March 2
nd
2023 at 13:20
submitted by
/u/ynvb
[link]
[comments]
/r/netsec - Information Security News & Discussion
BlackLotus UEFI bootkit: Myth confirmed
By
/u/hardenedvault
β March 2
nd
2023 at 08:41
submitted by
/u/hardenedvault
[link]
[comments]
/r/netsec - Information Security News & Discussion
SSH PKI on top of Web PKI
By
/u/ptman
β March 2
nd
2023 at 08:10
submitted by
/u/ptman
[link]
[comments]
/r/netsec - Information Security News & Discussion
Gitpod remote code execution 0-day vulnerability via WebSockets
By
/u/lirantal
β March 1
st
2023 at 23:25
submitted by
/u/lirantal
[link]
[comments]
/r/netsec - Information Security News & Discussion
Incident Response in Google Cloud: Forensic Artifacts
By
/u/MiguelHzBz
β March 1
st
2023 at 22:32
submitted by
/u/MiguelHzBz
[link]
[comments]
/r/netsec - Information Security News & Discussion
Making New Connections β Leveraging Cisco AnyConnect Client to Drop and Run Payloads
By
/u/0xdea
β March 1
st
2023 at 16:30
submitted by
/u/0xdea
[link]
[comments]
/r/netsec - Information Security News & Discussion
CI/CD secrets extraction, tips and tricks
By
/u/Gallus
β March 1
st
2023 at 15:31
submitted by
/u/Gallus
[link]
[comments]
/r/netsec - Information Security News & Discussion
Indirect Prompt Injection on Bing Chat
By
/u/Gallus
β March 1
st
2023 at 10:19
submitted by
/u/Gallus
[link]
[comments]
/r/netsec - Information Security News & Discussion
Using JFrog Artifactory? Make sure it doesn't mistakenly expose your secrets, apparently it's not uncommon
By
/u/roy_6472
β March 1
st
2023 at 09:47
submitted by
/u/roy_6472
[link]
[comments]
/r/netsec - Information Security News & Discussion
First steps in CHERIoT Security Research | MSRC Blog
By
/u/unaligned_access
β February 28
th
2023 at 17:49
submitted by
/u/unaligned_access
[link]
[comments]
/r/netsec - Information Security News & Discussion
SCARLETEEL: Operation leveraging Terraform, Kubernetes, and AWS for data theft
By
/u/MiguelHzBz
β February 28
th
2023 at 17:34
submitted by
/u/MiguelHzBz
[link]
[comments]
Load more articles