Login
FreshRSS
Login
/r/netsec - Information Security News & Discussion
Latest Developments in Unblob (Firmware Extraction Tool)
By
/u/g_e_r_h_a_r_d
β May 10
th
2023 at 06:54
submitted by
/u/g_e_r_h_a_r_d
[link]
[comments]
/r/netsec - Information Security News & Discussion
PwnAssistant - Controlling /home's via a Home Assistant RCE
By
/u/ffyns
β May 10
th
2023 at 01:24
submitted by
/u/ffyns
[link]
[comments]
/r/netsec - Information Security News & Discussion
Escaping Parallels Desktop with Plist Injection
By
/u/DOTheLOGA
β May 9
th
2023 at 22:39
submitted by
/u/DOTheLOGA
[link]
[comments]
/r/netsec - Information Security News & Discussion
An analysis of partial/intermittent encryption, along with our newest OSS ransomware recovery tool...WHITE PHOENIX.
By
/u/jat0369
β May 9
th
2023 at 21:48
submitted by
/u/jat0369
[link]
[comments]
/r/netsec - Information Security News & Discussion
An AWS IAM Wishlist
By
/u/VariousAd5147
β May 9
th
2023 at 21:38
submitted by
/u/VariousAd5147
[link]
[comments]
/r/netsec - Information Security News & Discussion
Using AI to find software vulnerabilities in XNU
By
/u/TimGMichaud
β May 9
th
2023 at 17:47
submitted by
/u/TimGMichaud
[link]
[comments]
/r/netsec - Information Security News & Discussion
Introducing resocks - An Encrypted Back-Connect SOCKS Proxy for Network Pivoting
By
/u/RedTeamPentesting
β May 9
th
2023 at 15:43
submitted by
/u/RedTeamPentesting
[link]
[comments]
/r/netsec - Information Security News & Discussion
A smorgasbord of a bug chain: postMessage, JSONP, WAF bypass, DOM-based XSS, CORS, CSRF...
By
/u/poltess0
β May 9
th
2023 at 09:22
submitted by
/u/poltess0
[link]
[comments]
/r/netsec - Information Security News & Discussion
Backdooring Electron Apps
By
/u/nv1t
β May 9
th
2023 at 07:24
submitted by
/u/nv1t
[link]
[comments]
/r/netsec - Information Security News & Discussion
Vulnerability Analysis with Ghidra Scripting
By
/u/cy1337
β May 8
th
2023 at 22:20
submitted by
/u/cy1337
[link]
[comments]
/r/netsec - Information Security News & Discussion
GitHub - almandin/ntdsdotsqlite: A small utility to translate NTDS.dit files to SQLite format.
By
/u/almandin_jv
β May 8
th
2023 at 17:47
submitted by
/u/almandin_jv
[link]
[comments]
/r/netsec - Information Security News & Discussion
PRFs, PRPs and other fantastic things
By
/u/feross
β May 8
th
2023 at 15:02
submitted by
/u/feross
[link]
[comments]
/r/netsec - Information Security News & Discussion
Backhand v0.12.0: Now supporting custom Squashfs images
By
/u/arch_rust
β May 8
th
2023 at 11:29
submitted by
/u/arch_rust
[link]
[comments]
/r/netsec - Information Security News & Discussion
Building a Red Team Infrastructure in 2023
By
/u/co1nc1dence
β May 8
th
2023 at 09:18
submitted by
/u/co1nc1dence
[link]
[comments]
/r/netsec - Information Security News & Discussion
ETWHash - "He who listens, shall receive" - Nettitude Labs
By
/u/lefterispanos
β May 8
th
2023 at 07:10
submitted by
/u/lefterispanos
[link]
[comments]
/r/netsec - Information Security News & Discussion
Evading MDATP for Full Endpoint Compromising
By
/u/florilsk
β May 7
th
2023 at 20:27
submitted by
/u/florilsk
[link]
[comments]
/r/netsec - Information Security News & Discussion
Breaking down Reverse shell commands
By
/u/adityatelange
β May 7
th
2023 at 16:34
submitted by
/u/adityatelange
[link]
[comments]
/r/netsec - Information Security News & Discussion
Dependabot Confusion: Gaining Access to Private GitHub Repositories using Dependabot
By
/u/giraffesecurity
β May 6
th
2023 at 19:38
submitted by
/u/giraffesecurity
[link]
[comments]
/r/netsec - Information Security News & Discussion
I created a GitHub repo for learning application security from scratch. It's perfect for beginners and includes a comprehensive list of reference links. But it's not complete yet! Contributors are welcome to add more details.
By
/u/Ano_F
β May 6
th
2023 at 18:26
submitted by
/u/Ano_F
[link]
[comments]
/r/netsec - Information Security News & Discussion
Cookie Bugs - Smuggling & Injection
By
/u/albinowax
β May 6
th
2023 at 08:42
submitted by
/u/albinowax
[link]
[comments]
/r/netsec - Information Security News & Discussion
gowhois - Support for various whois servers
By
/u/oil_sardine
β May 6
th
2023 at 03:46
submitted by
/u/oil_sardine
[link]
[comments]
/r/netsec - Information Security News & Discussion
Google Chrome WebRTC RTCStatsCollector out of bounds memory access vulnerability
By
/u/Gallus
β May 5
th
2023 at 11:23
submitted by
/u/Gallus
[link]
[comments]
/r/netsec - Information Security News & Discussion
Redash SAML Authentication Bypass
By
/u/albinowax
β May 5
th
2023 at 09:33
submitted by
/u/albinowax
[link]
[comments]
/r/netsec - Information Security News & Discussion
Remote Bitcoin Upstream Drain / Financial Attack
By
/u/SharpAd1823
β May 5
th
2023 at 07:51
submitted by
/u/SharpAd1823
[link]
[comments]
/r/netsec - Information Security News & Discussion
PaperCut Exploitation: A Different Path to Code Execution
By
/u/chicksdigthelongrun
β May 4
th
2023 at 14:31
submitted by
/u/chicksdigthelongrun
[link]
[comments]
/r/netsec - Information Security News & Discussion
Introducing SpiderSuite: Advance web security crawler
By
/u/3nock_N
β May 4
th
2023 at 13:14
submitted by
/u/3nock_N
[link]
[comments]
/r/netsec - Information Security News & Discussion
I had a machine running for two weeks on the public cloud. Every few seconds there was an automated SSH login attempt. Here is the full list of usernames - some of which are quite curious.
By
/u/scared_codeless
β May 4
th
2023 at 11:09
submitted by
/u/scared_codeless
[link]
[comments]
/r/netsec - Information Security News & Discussion
Uncovering drIBAN fraud operations - Chapter 1 | Cleafy Labs
By
/u/f3d_0x0
β May 4
th
2023 at 10:13
submitted by
/u/f3d_0x0
[link]
[comments]
/r/netsec - Information Security News & Discussion
From Chaos to Clarity: How to Secure Your Supply Chain with Attestations
By
/u/BarakScribe
β May 4
th
2023 at 09:13
submitted by
/u/BarakScribe
[link]
[comments]
/r/netsec - Information Security News & Discussion
Apache Solr 8.3.1 RCE from exposed administration interface
By
/u/IIIWeedWizard420III
β May 4
th
2023 at 07:04
submitted by
/u/IIIWeedWizard420III
[link]
[comments]
/r/netsec - Information Security News & Discussion
How to Analyze Java Malware β A Case Study of STRRAT
By
/u/CyberMasterV
β May 4
th
2023 at 06:16
submitted by
/u/CyberMasterV
[link]
[comments]
/r/netsec - Information Security News & Discussion
So long passwords, thanks for all the phish
By
/u/ScottContini
β May 3
rd
2023 at 23:08
submitted by
/u/ScottContini
[link]
[comments]
/r/netsec - Information Security News & Discussion
OpenPubkey adds public keys to OpenID (OIDC) without breaking compatibility with IDPs
By
/u/xor_rotate
β May 3
rd
2023 at 18:05
submitted by
/u/xor_rotate
[link]
[comments]
/r/netsec - Information Security News & Discussion
Vulnerability Spotlight: Vulnerabilities in IBM AIX could lead to command injection with elevated privileges
By
/u/timb_machine
β May 3
rd
2023 at 15:41
submitted by
/u/timb_machine
[link]
[comments]
/r/netsec - Information Security News & Discussion
Dracon β Open Source ASOC got major upgrades
By
/u/___foo_bar___
β May 3
rd
2023 at 15:26
submitted by
/u/___foo_bar___
[link]
[comments]
/r/netsec - Information Security News & Discussion
Reverse engineering tricks: identifying opaque network protocols
By
/u/iagox86
β May 3
rd
2023 at 14:32
submitted by
/u/iagox86
[link]
[comments]
/r/netsec - Information Security News & Discussion
Java Exploitation Restrictions in Modern JDK Times
By
/u/Tough_Indication_710
β April 30
th
2023 at 15:40
submitted by
/u/Tough_Indication_710
[link]
[comments]
/r/netsec - Information Security News & Discussion
Evasive Panda APT group delivers malware via updates for popular Chinese software
By
/u/montouesto
β April 30
th
2023 at 12:11
submitted by
/u/montouesto
[link]
[comments]
/r/netsec - Information Security News & Discussion
Rapture, a Ransomware Family With Similarities to Paradise
By
/u/montouesto
β May 3
rd
2023 at 05:41
submitted by
/u/montouesto
[link]
[comments]
/r/netsec - Information Security News & Discussion
Exploring Algorithm Confusion Attacks on JWT: Exploiting ECDSA
By
/u/Gallus
β May 2
nd
2023 at 22:51
submitted by
/u/Gallus
[link]
[comments]
/r/netsec - Information Security News & Discussion
A Guide to Privilege Escalation with AWS Identity Center (formerly known as AWS SSO)
By
/u/jsonpile
β May 2
nd
2023 at 17:08
submitted by
/u/jsonpile
[link]
[comments]
/r/netsec - Information Security News & Discussion
Easy Pentest Reporting Tool SysReptor released (Community Edition)
By
/u/Pleasant-Drawer729
β May 2
nd
2023 at 13:52
submitted by
/u/Pleasant-Drawer729
[link]
[comments]
/r/netsec - Information Security News & Discussion
Databricks platform root privilege escalation and bypassing cluster isolation
By
/u/0x9000
β May 2
nd
2023 at 13:12
submitted by
/u/0x9000
[link]
[comments]
/r/netsec - Information Security News & Discussion
Exploiting an Order of Operations Bug to Achieve RCE in Oracle Opera
By
/u/Mempodipper
β May 2
nd
2023 at 04:19
submitted by
/u/Mempodipper
[link]
[comments]
/r/netsec - Information Security News & Discussion
CoinMiner (KONO DIO DA) Distributed to Linux SSH Servers
By
/u/montouesto
β May 2
nd
2023 at 03:23
submitted by
/u/montouesto
[link]
[comments]
/r/netsec - Information Security News & Discussion
[PAPERBUG] Nomadic Octopusβ Paperbug Campaign
By
/u/wtfse
β May 1
st
2023 at 16:36
submitted by
/u/wtfse
[link]
[comments]
/r/netsec - Information Security News & Discussion
Practical Risks to Machine Learning Systems -- Pickle Serialization of Shared Models
By
/u/SUPACOMPUTA
β May 1
st
2023 at 15:41
submitted by
/u/SUPACOMPUTA
[link]
[comments]
/r/netsec - Information Security News & Discussion
Azure DevOps CICD Pipelines - Command Injection with Parameters, Variables and a discussion on Runner hijacking
By
/u/MysteriousHotel3017
β May 1
st
2023 at 08:42
submitted by
/u/MysteriousHotel3017
[link]
[comments]
/r/netsec - Information Security News & Discussion
Sharing a tool I developed to help Blue Teamers discover Persistence on Windows - please check it out!
By
/u/panscanner
β April 30
th
2023 at 13:52
submitted by
/u/panscanner
[link]
[comments]
/r/netsec - Information Security News & Discussion
Elastic Security Labs discovers the LOBSHOT malware
By
/u/montouesto
β April 30
th
2023 at 12:10
submitted by
/u/montouesto
[link]
[comments]
/r/netsec - Information Security News & Discussion
assetnote/ghostbuster: Eliminate dangling elastic IPs by performing analysis on your resources within all your AWS accounts.
By
/u/Mempodipper
β April 30
th
2023 at 12:08
submitted by
/u/Mempodipper
[link]
[comments]
/r/netsec - Information Security News & Discussion
Automate Burp Certificate Installation on Android with ChatGPT's Python Tool
By
/u/Ano_F
β April 30
th
2023 at 05:25
submitted by
/u/Ano_F
[link]
[comments]
/r/netsec - Information Security News & Discussion
State of DNS Rebinding in 2023
By
/u/Tough_Indication_710
β April 29
th
2023 at 00:50
submitted by
/u/Tough_Indication_710
[link]
[comments]
/r/netsec - Information Security News & Discussion
How Cloud Environments Are Exploited for Smishing Campaigns
By
/u/permis0
β April 28
th
2023 at 17:55
submitted by
/u/permis0
[link]
[comments]
/r/netsec - Information Security News & Discussion
Chinese Alloy Taurus Updates PingPull Malware
By
/u/EspoJ
β April 28
th
2023 at 12:54
submitted by
/u/EspoJ
[link]
[comments]
/r/netsec - Information Security News & Discussion
Finding XSS in a million websites (cPanel CVE-2023-29489)
By
/u/Mempodipper
β April 27
th
2023 at 01:12
submitted by
/u/Mempodipper
[link]
[comments]
/r/netsec - Information Security News & Discussion
Microsoft Exchange Powershell Remoting Deserialization leading to RCE (CVE-2023-21707)
By
/u/scopedsecurity
β April 28
th
2023 at 10:39
submitted by
/u/scopedsecurity
[link]
[comments]
/r/netsec - Information Security News & Discussion
CVE-2022-37955: Vulnerability in Microsoft Windows Group Policy Updates Leads to Improper Link Resolution Before File Access (Privilege Escalation CWE-59)
By
/u/usdAG
β April 28
th
2023 at 09:13
submitted by
/u/usdAG
[link]
[comments]
/r/netsec - Information Security News & Discussion
Dissecting Npm Malware: Five Packages And Their Evil Install Scripts
By
/u/sculabobone
β April 28
th
2023 at 07:48
submitted by
/u/sculabobone
[link]
[comments]
/r/netsec - Information Security News & Discussion
Android greybox fuzzing with AFL++ Frida mode
By
/u/jeandrew
β April 27
th
2023 at 16:36
submitted by
/u/jeandrew
[link]
[comments]
Load more articles