Open Source code - https://github.com/fluxninja/aperture
Architecture
How is it different than a simple Firewall and API Gateway - This new approach separates rate limit infrastructure from application code and integrates using SDK. This helps with distributed architecture and makes it resilient to attacks at scale that could have brought down the app because while allowing access to users who need to send a burst of traffic for legitimate usage.

submitted by /u/gitcommitshow
[link] [comments]

/r/netsec - Information Security News & Discussion

Ivanti Connect Secure CVE-2024-22024 - Are We Now Part Of Ivanti? - watchTowr Labs

By /u/dx7r__ — February 9^th 2024 at 05:01

submitted by /u/dx7r__
[link] [comments]

/r/netsec - Information Security News & Discussion

Form Tools Remote Code Execution: We Need To Talk About PHP - watchTowr Labs

By /u/dx7r__ — February 9^th 2024 at 02:02

submitted by /u/dx7r__
[link] [comments]

/r/netsec - Information Security News & Discussion

IncludeSec's part 2 of understanding of prompt injection via the internals of transformer-based LLMs

By /u/907jessejones — February 9^th 2024 at 01:39

submitted by /u/907jessejones
[link] [comments]

/r/netsec - Information Security News & Discussion

Java applet + serialization in 2024! What could go wrong?

By /u/0xdea — February 8^th 2024 at 13:36

submitted by /u/0xdea
[link] [comments]

/r/netsec - Information Security News & Discussion

New TOTOLINK vulnerability allows remote unauthenticated attackers to become authenticated due to a stack overflow vulnerability in the web interface!

By /u/Status_Resolve2971 — February 8^th 2024 at 10:33

submitted by /u/Status_Resolve2971
[link] [comments]

/r/netsec - Information Security News & Discussion

Shellcode evasion using Wasm/Wat and Rust

By /u/flamedpt — February 8^th 2024 at 09:56

submitted by /u/flamedpt
[link] [comments]

/r/netsec - Information Security News & Discussion

ShmooCon 2024 Videos are up!

By /u/mubix — February 7^th 2024 at 20:21

submitted by /u/mubix
[link] [comments]

/r/netsec - Information Security News & Discussion

Unpack RedLine stealer to extract config using pe-sieve -Part 2 - Securityinbits

By /u/securityinbits — February 7^th 2024 at 13:22

submitted by /u/securityinbits
[link] [comments]

/r/netsec - Information Security News & Discussion

How to create a Secure, Random Password with JavaScript

By /u/hannob — February 7^th 2024 at 06:39

submitted by /u/hannob
[link] [comments]

/r/netsec - Information Security News & Discussion

Enumerate AWS tags, account ids, and org ids of accessible AWS resources

By /u/dagrz-cloudsec — February 7^th 2024 at 03:02

submitted by /u/dagrz-cloudsec
[link] [comments]

/r/netsec - Information Security News & Discussion

apk.sh makes reverse engineering Android apps easier, automating some repetitive tasks like pulling, decoding, rebuilding and patching an APK.

By /u/recovo_recovo — February 6^th 2024 at 21:38

submitted by /u/recovo_recovo
[link] [comments]

/r/netsec - Information Security News & Discussion

NTLM Relay Gat: Automating Mass Exploitation of ntlmrelayx Authenticated Sessions

By /u/ad0nis — February 6^th 2024 at 19:57

submitted by /u/ad0nis
[link] [comments]

/r/netsec - Information Security News & Discussion

Using Scapy for Network Fuzzing on Vsftpd

By /u/Altrntiv-to-security — February 6^th 2024 at 18:38

submitted by /u/Altrntiv-to-security
[link] [comments]

/r/netsec - Information Security News & Discussion

Trends in Phishing, Fraud, 'Dark AI Models', and how to better protect yourself.

By /u/Seaerkin2 — February 6^th 2024 at 16:57

submitted by /u/Seaerkin2
[link] [comments]

/r/netsec - Information Security News & Discussion

Rust Won't Save Us: An Analysis of 2023's Known Exploited Vulnerabilities – Horizon3.ai

By /u/scopedsecurity — February 6^th 2024 at 11:18

submitted by /u/scopedsecurity
[link] [comments]

/r/netsec - Information Security News & Discussion

WordPress Security Providers Falsely Claimed Cloudflare's Plugin Contained Vulnerability

By /u/PluginVulns — February 5^th 2024 at 18:25

submitted by /u/PluginVulns
[link] [comments]

/r/netsec - Information Security News & Discussion

Persistence – Windows Setup Script

By /u/netbiosX — February 5^th 2024 at 11:30

submitted by /u/netbiosX
[link] [comments]

/r/netsec - Information Security News & Discussion

How I Hacked My Air Purifier to Remove Cloud Dependency [Detailed Write-Up]

By /u/jmswrnr — February 4^th 2024 at 23:52

submitted by /u/jmswrnr
[link] [comments]

/r/netsec - Information Security News & Discussion

Deluder: Python utility for intercepting traffic of applications. Deluder can be used as an alternative for EchoMirage. It supports OpenSSL, GnuTLS, SChannel, WinSock and Linux Sockets out of the box. There is also support for remote hosts and optional GU

By /u/vutmajk — February 3^rd 2024 at 15:45

submitted by /u/vutmajk
[link] [comments]

/r/netsec - Information Security News & Discussion

There Are Too Many Damn Honeypots

By /u/chicksdigthelongrun — February 2^nd 2024 at 21:23

submitted by /u/chicksdigthelongrun
[link] [comments]

/r/netsec - Information Security News & Discussion

ModSecurity: Path Confusion and easy bypass on v2 and v3

By /u/theMiddleBlue — February 2^nd 2024 at 10:54

submitted by /u/theMiddleBlue
[link] [comments]

/r/netsec - Information Security News & Discussion

Your Security Program Is Shit

By /u/burpadurp — February 1^st 2024 at 19:29

submitted by /u/burpadurp
[link] [comments]

/r/netsec - Information Security News & Discussion

Opera zero Day vulnerability for cross platform execution "MyFlaw"

By /u/Altrntiv-to-security — February 1^st 2024 at 18:18

submitted by /u/Altrntiv-to-security
[link] [comments]

/r/netsec - Information Security News & Discussion

De4py: A toolkit for python reverse engineering

By /u/AhmedMinegames — February 1^st 2024 at 16:17

submitted by /u/AhmedMinegames
[link] [comments]

/r/netsec - Information Security News & Discussion

Frog4Shell — FritzFrog Botnet Adds One-Days to Its Arsenal

By /u/oridavid1231 — February 1^st 2024 at 15:29

submitted by /u/oridavid1231
[link] [comments]

/r/netsec - Information Security News & Discussion

🔍 Dive into the RedLine Stealer Infection Chain - Part 1 - Securityinbits

By /u/securityinbits — February 1^st 2024 at 10:23

submitted by /u/securityinbits
[link] [comments]

/r/netsec - Information Security News & Discussion

SmuggleFuzz: HTTP Downgrade detection fuzzer - Feedback welcome

By /u/Moopanger — February 1^st 2024 at 05:14

submitted by /u/Moopanger
[link] [comments]

/r/netsec - Information Security News & Discussion

Leaky Vessels: Docker and runc Container Breakout Vulnerabilities - January 2024

By /u/pentesticals — January 31^st 2024 at 20:54

Multiple vulns in Docker disclosed by Snyk Security Labs

submitted by /u/pentesticals
[link] [comments]

/r/netsec - Information Security News & Discussion

Defending against the Attack of the Clone[d website]s!

By /u/ranok — January 31^st 2024 at 20:44

submitted by /u/ranok
[link] [comments]

/r/netsec - Information Security News & Discussion

Softing Update Fixes RCE Vulns in its OPC UA Integration Server

By /u/derp6996 — January 31^st 2024 at 18:29

submitted by /u/derp6996
[link] [comments]

/r/netsec - Information Security News & Discussion

Technical Analysis of the poorly written PLAY ransomware.

By /u/jat0369 — January 31^st 2024 at 14:23

submitted by /u/jat0369
[link] [comments]

/r/netsec - Information Security News & Discussion

CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog()

By /u/netsec_burn — January 31^st 2024 at 13:39

submitted by /u/netsec_burn
[link] [comments]

/r/netsec - Information Security News & Discussion

Ivanti Connect Secure patch released to address CVE-2023-46805 & CVE-2024-21887 - comes with disclosure of new vulnerabilities: CVE-2024-21888 and CVE-2024-21893

By /u/TheDarthSnarf — January 31^st 2024 at 13:34

submitted by /u/TheDarthSnarf
[link] [comments]

/r/netsec - Information Security News & Discussion

Kasseika Ransomware Deploys BYOVD Attacks Abuses PsExec and Exploits Martini Driver

By /u/dimhum547 — January 31^st 2024 at 10:46

submitted by /u/dimhum547
[link] [comments]

/r/netsec - Information Security News & Discussion

Faction: Open-source pentesting report generation and collaboration framework - Help Net Security

By /u/ascetik — January 30^th 2024 at 19:39

submitted by /u/ascetik
[link] [comments]

/r/netsec - Information Security News & Discussion

Intro to Websockets & Writing a WebSocket Server in Rust - any feedback welcome!

By /u/vaktibabat — January 30^th 2024 at 18:56

submitted by /u/vaktibabat
[link] [comments]

/r/netsec - Information Security News & Discussion

[KIS-2024-01] XenForo <= 2.2.13 (ArchiveImport.php) Zip Slip Vulnerability

By /u/eg1x — January 30^th 2024 at 18:17

submitted by /u/eg1x
[link] [comments]

/r/netsec - Information Security News & Discussion

Analysis Of Multiple Vulnerabilities In Ofbiz

By /u/appsec1337 — January 30^th 2024 at 17:00

submitted by /u/appsec1337
[link] [comments]

/r/netsec - Information Security News & Discussion

New Visual Studio Code plugin for IaC security (plus collaboration, semgrep integration)

By /u/nibblesec — January 30^th 2024 at 16:40

submitted by /u/nibblesec
[link] [comments]

/r/netsec - Information Security News & Discussion

Post-auth blind Python code injection vulnerabilities detected in personal cloud storage device

By /u/BugProve — January 30^th 2024 at 15:04

submitted by /u/BugProve
[link] [comments]

/r/netsec - Information Security News & Discussion

Hunting for (Un)authenticated n-days in Asus Routers - Shielder

By /u/smaury — January 30^th 2024 at 13:34

submitted by /u/smaury
[link] [comments]

/r/netsec - Information Security News & Discussion

GitHub - mlcsec/SigFinder: Identify binaries with Authenticode digital signatures signed to an internal CA/domain

By /u/Frequent_Passenger82 — January 30^th 2024 at 13:15

submitted by /u/Frequent_Passenger82
[link] [comments]

/r/netsec - Information Security News & Discussion

bof-launcher: Beacon Object File (BOF) launcher - library for executing BOF files in C/C++/Zig applications

By /u/mzet- — January 30^th 2024 at 08:32

submitted by /u/mzet-
[link] [comments]

/r/netsec - Information Security News & Discussion

Exploring secureCodeBox — An Open-Source Continuous Security Testing Solution for DevSecOps

By /u/theowni — January 29^th 2024 at 21:06

submitted by /u/theowni
[link] [comments]

/r/netsec - Information Security News & Discussion

LLM Assisted Jailbreak & Doxing

By /u/katahdinsecurity — January 29^th 2024 at 20:19

submitted by /u/katahdinsecurity
[link] [comments]

/r/netsec - Information Security News & Discussion

Import Device Tree Information onto your Ghidra memory map in order to simplify bootloader, kernel and driver reverse engineering

By /u/AssociationTop7723 — January 29^th 2024 at 20:05

submitted by /u/AssociationTop7723
[link] [comments]