/r/netsec - Information Security News & Discussion

Diving into Pre-Created computer accounts in Active Directory

By /u/oddvarmoe — May 10^th 2022 at 13:12

submitted by /u/oddvarmoe
[link] [comments]

/r/netsec - Information Security News & Discussion

Learning Linux kernel exploitation - Part 2 - CVE-2022-0847 (DirtyPipe)

By /u/0x00rick — May 10^th 2022 at 14:24

submitted by /u/0x00rick
[link] [comments]

/r/netsec - Information Security News & Discussion

Certifried: Active Directory Domain Privilege Escalation (CVE-2022–26923)

By /u/ly4k_ — May 10^th 2022 at 20:46

submitted by /u/ly4k_
[link] [comments]

/r/netsec - Information Security News & Discussion

URL spoofing in Box, Google, and Zoom

By /u/rsobers — May 11^th 2022 at 20:25

submitted by /u/rsobers
[link] [comments]

/r/netsec - Information Security News & Discussion

Ddosify – Simple Load Testing Tool

By /u/binaryfor — May 11^th 2022 at 22:51

submitted by /u/binaryfor
[link] [comments]

/r/netsec - Information Security News & Discussion

Content Security Policy for Dummies

By /u/r0075h3ll — May 12^th 2022 at 03:48

submitted by /u/r0075h3ll
[link] [comments]

/r/netsec - Information Security News & Discussion

Hacking Electron Applications - 0x101

By /u/r0075h3ll — May 12^th 2022 at 03:49

submitted by /u/r0075h3ll
[link] [comments]

/r/netsec - Information Security News & Discussion

Zyxel Firewall Unauthenticated Command Inject (CVE-2022-30525)

By /u/chicksdigthelongrun — May 12^th 2022 at 16:02

submitted by /u/chicksdigthelongrun
[link] [comments]

/r/netsec - Information Security News & Discussion

Hunting evasive vulnerabilities

By /u/0xdea — May 13^th 2022 at 15:38

submitted by /u/0xdea
[link] [comments]

/r/netsec - Information Security News & Discussion

PowerShell Scripts used to run malicious shellcode. Reverse Shell vs Bind Shell

By /u/CyberMasterV — May 13^th 2022 at 17:57

submitted by /u/CyberMasterV
[link] [comments]

/r/netsec - Information Security News & Discussion

Reverse engineering Flutter apps

By /u/lmpact_ — May 14^th 2022 at 17:59

submitted by /u/lmpact_
[link] [comments]

/r/netsec - Information Security News & Discussion

Exploiting a Use-After-Free for code execution in every version of Python 3

By /u/DOTheLOGA — May 14^th 2022 at 18:40

submitted by /u/DOTheLOGA
[link] [comments]

/r/netsec - Information Security News & Discussion

"Zero-Days" Without Incident - Compromising Angular via Expired npm Publisher Email Domains

By /u/mandatoryprogrammer — May 14^th 2022 at 23:43

submitted by /u/mandatoryprogrammer
[link] [comments]

/r/netsec - Information Security News & Discussion

MITM_Intercept: A little less hackish way to intercept and modify non-HTTP protocols through Burp & others.

By /u/jat0369 — May 15^th 2022 at 17:14

submitted by /u/jat0369
[link] [comments]

/r/netsec - Information Security News & Discussion

Using Stolen IAM Credentials - Hacking The Cloud

By /u/RedTermSession — May 15^th 2022 at 21:48

submitted by /u/RedTermSession
[link] [comments]

/r/netsec - Information Security News & Discussion

Technical Advisory – Blueooth Low Energy Proximity Authentication Vulnerable to Relay Attacks

By /u/digicat — May 16^th 2022 at 05:36

submitted by /u/digicat
[link] [comments]

/r/netsec - Information Security News & Discussion

GitHub - gabriel-sztejnworcel/pipe-intercept: Intercept Windows Named Pipes communication using Burp or similar HTTP proxy tools

By /u/gabrielszt — May 16^th 2022 at 10:35

submitted by /u/gabrielszt
[link] [comments]

/r/netsec - Information Security News & Discussion

SMM Callouts in HP Products

By /u/lightgrains — May 16^th 2022 at 12:22

submitted by /u/lightgrains
[link] [comments]

/r/netsec - Information Security News & Discussion

From Project File to Code Execution: Exploiting XINJE PLC Program Tool

By /u/derp6996 — May 16^th 2022 at 13:44

submitted by /u/derp6996
[link] [comments]

/r/netsec - Information Security News & Discussion

Shielder - Printing Fake Fiscal Receipts - An Italian Job p.2

By /u/smaury — May 16^th 2022 at 16:17

submitted by /u/smaury
[link] [comments]

/r/netsec - Information Security News & Discussion

F5 BIG-IP critical vulnerability exploited by attackers to gain unauthenticated RCE

By /u/sciencestudent99 — May 16^th 2022 at 17:08

submitted by /u/sciencestudent99
[link] [comments]

/r/netsec - Information Security News & Discussion

Malcolm v6 released on GitHub, now including Suricata and more new protocol parsers

By /u/mmguero — May 16^th 2022 at 21:06

submitted by /u/mmguero
[link] [comments]

/r/netsec - Information Security News & Discussion

EMBA v1.0 - Black Hat Singapore Edt. - Version 1.0 of the firmware security analyzer EMBA is released

By /u/_m-1-k-3_ — May 17^th 2022 at 06:14

submitted by /u/_m-1-k-3_
[link] [comments]

/r/netsec - Information Security News & Discussion

Hacking Swagger-UI - from XSS to account takeovers

By /u/albinowax — May 17^th 2022 at 10:17

submitted by /u/albinowax
[link] [comments]

/r/netsec - Information Security News & Discussion

In hot pursuit of ‘cryware’: Defending hot wallets from attacks

By /u/SCI_Rusher — May 17^th 2022 at 16:22

submitted by /u/SCI_Rusher
[link] [comments]

/r/netsec - Information Security News & Discussion

We Love Relaying Credentials: A Technical Guide to Relaying Credentials Everywhere

By /u/mgalloar — May 17^th 2022 at 18:57

submitted by /u/mgalloar
[link] [comments]

/r/netsec - Information Security News & Discussion

Stealing Google Drive OAuth tokens from Dropbox

By /u/staz0t — May 17^th 2022 at 20:18

submitted by /u/staz0t
[link] [comments]

/r/netsec - Information Security News & Discussion

TProxy: Wireshark dissection with manual and scripted interception

By /u/mexicanw — May 18^th 2022 at 04:55

submitted by /u/mexicanw
[link] [comments]

/r/netsec - Information Security News & Discussion

Wizard Spider hacking group detailed analysis

By /u/wtfse — May 18^th 2022 at 12:52

submitted by /u/wtfse
[link] [comments]

/r/netsec - Information Security News & Discussion

Three ways to hack an ATM

By /u/DiabloHorn — May 14^th 2022 at 22:09

submitted by /u/DiabloHorn
[link] [comments]

/r/netsec - Information Security News & Discussion

Variant Cloud Analysis

By /u/Gallus — May 18^th 2022 at 14:23

submitted by /u/Gallus
[link] [comments]

/r/netsec - Information Security News & Discussion

Anonymous Social Network Yik Yak Breached Precise GPS Locations

By /u/mkdtsh — May 18^th 2022 at 20:46

submitted by /u/mkdtsh
[link] [comments]

/r/netsec - Information Security News & Discussion

Killnet Attacks Against Italy and NATO Countries

By /u/MiguelHzBz — May 19^th 2022 at 09:50

submitted by /u/MiguelHzBz
[link] [comments]

/r/netsec - Information Security News & Discussion

Hack The Box - Timing - Writeup by Mădălin Dogaru

By /u/Madalin_Dogaru — May 18^th 2022 at 19:00

submitted by /u/Madalin_Dogaru
[link] [comments]

/r/netsec - Information Security News & Discussion

Exploiting an Unbounded memcpy in a Guest-to-Host escape of Parallels Desktop

By /u/gaasedelen — May 19^th 2022 at 15:09

submitted by /u/gaasedelen
[link] [comments]

/r/netsec - Information Security News & Discussion

Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices

By /u/SCI_Rusher — May 19^th 2022 at 16:26

submitted by /u/SCI_Rusher
[link] [comments]

/r/netsec - Information Security News & Discussion

Scam and Malicious APK targeting Malaysian: MyMaidKL Technical Analysis

By /u/Rempah — May 19^th 2022 at 19:19

submitted by /u/Rempah
[link] [comments]

/r/netsec - Information Security News & Discussion

A journey into IoT - Unknown Chinese alarm - Part 2 - Firmware dump and analysis

By /u/0xdea — May 20^th 2022 at 08:26

submitted by /u/0xdea
[link] [comments]

/r/netsec - Information Security News & Discussion

Hacking Chinese IoT FoR $10000

By /u/sciencestudent99 — May 20^th 2022 at 19:17

submitted by /u/sciencestudent99
[link] [comments]

/r/netsec - Information Security News & Discussion

When eBPF meets TLS! A Security Focused Introduction to eBPF

By /u/guedou — May 20^th 2022 at 22:22

submitted by /u/guedou
[link] [comments]

/r/netsec - Information Security News & Discussion

Matryoshka Trap: Recursive MMIO Flaws Lead to VM Escape

By /u/Bison-Neat — May 20^th 2022 at 23:19

submitted by /u/Bison-Neat
[link] [comments]

/r/netsec - Information Security News & Discussion

Metastealer – filling the Racoon void

By /u/digicat — May 21^st 2022 at 14:30

submitted by /u/digicat
[link] [comments]

/r/netsec - Information Security News & Discussion

connmap - X11 desktop widget that shows location of your current network peers on a world map

By /u/jafarlihi — May 22^nd 2022 at 18:35

submitted by /u/jafarlihi
[link] [comments]

/r/netsec - Information Security News & Discussion

Exploit Development: No Code Execution? No Problem! Living The Age of VBS, HVCI, and Kernel CFG

By /u/0xdea — May 23^rd 2022 at 05:03

submitted by /u/0xdea
[link] [comments]

/r/netsec - Information Security News & Discussion

I wrote this more from an "analyze rootkit" perspective, but it's equally as valid for "driver bug hunting". Hope you enjoy.

By /u/0x4ndr3 — May 23^rd 2022 at 08:36

submitted by /u/0x4ndr3
[link] [comments]

/r/netsec - Information Security News & Discussion

mx-takeover focuses DNS MX records and detects misconfigured MX records.

By /u/0xmusana — May 23^rd 2022 at 15:26

submitted by /u/0xmusana
[link] [comments]

/r/netsec - Information Security News & Discussion

Beneath the surface: Uncovering the shift in web skimming

By /u/SCI_Rusher — May 23^rd 2022 at 16:24

submitted by /u/SCI_Rusher
[link] [comments]

/r/netsec - Information Security News & Discussion

Hiding MSFVENOM Payloads in USB NIC EEPROM

By /u/lightgrains — May 23^rd 2022 at 16:40

submitted by /u/lightgrains
[link] [comments]

/r/netsec - Information Security News & Discussion

A few Tailscale tricks for security testers

By /u/MysteriousHotel3017 — May 23^rd 2022 at 21:07

submitted by /u/MysteriousHotel3017
[link] [comments]

/r/netsec - Information Security News & Discussion

Cisco Issues Patch for New IOS XR Zero-Day Vulnerability Exploited in the Wild

By /u/Late_Ice_9288 — May 24^th 2022 at 01:48

submitted by /u/Late_Ice_9288
[link] [comments]

/r/netsec - Information Security News & Discussion

GitHub - Peco602/findwall: Check if your provider is blocking you!

By /u/Peco602 — May 24^th 2022 at 07:48

submitted by /u/Peco602
[link] [comments]

/r/netsec - Information Security News & Discussion

New Rhino Blog Post: CVE-2022-25237: Bonitasoft Authorization Bypass and RCE

By /u/hackers_and_builders — May 24^th 2022 at 15:14

submitted by /u/hackers_and_builders
[link] [comments]

/r/netsec - Information Security News & Discussion

fire: Fast tool to filter resolved domains (good for Bug Bounty purposes in a pipeline of scripts)

By /u/deleee — May 24^th 2022 at 19:30

submitted by /u/deleee
[link] [comments]

/r/netsec - Information Security News & Discussion

Finding Bugs in Windows Drivers, Part 1 – WDM

By /u/jat0369 — May 25^th 2022 at 06:00

submitted by /u/jat0369
[link] [comments]

/r/netsec - Information Security News & Discussion

The printer goes brrrrr!!!

By /u/0xdea — May 25^th 2022 at 12:06

submitted by /u/0xdea
[link] [comments]

/r/netsec - Information Security News & Discussion

seL4 Whitepaper released.

By /u/providerstatistics — May 25^th 2022 at 13:32

submitted by /u/providerstatistics
[link] [comments]

/r/netsec - Information Security News & Discussion

Tetragon: case study of security product's self-protection

By /u/hardenedvault — May 25^th 2022 at 13:53

submitted by /u/hardenedvault
[link] [comments]

/r/netsec - Information Security News & Discussion

Security Code Audit - For Fun and Fails

By /u/scopedsecurity — May 25^th 2022 at 15:04

submitted by /u/scopedsecurity
[link] [comments]

/r/netsec - Information Security News & Discussion

Zoom RCE via "xmpp stanza smuggling"

By /u/phree_radical — May 25^th 2022 at 21:51

submitted by /u/phree_radical
[link] [comments]

/r/netsec - Information Security News & Discussion

Pre-hijacked accounts (pdf, research paper)

By /u/ScottContini — May 25^th 2022 at 22:32

submitted by /u/ScottContini
[link] [comments]