Technical Information Security Content & Discussion

1

Methodology - Security Research: How we discovered over 18,000 API secret tokens & $20M in Stripe tokens (escape.tech)

submitted 11 months ago by [email protected] to c/[email protected]

0 comments fedilink

This is an automated archive.

The original was posted on /r/netsec by /u/AlarmingApartment236 on 2024-01-24 12:42:13+00:00.

2

1

Kubernetes Scheduling And Secure Design (blog.doyensec.com)

submitted 11 months ago by [email protected] to c/[email protected]

0 comments fedilink

This is an automated archive.

The original was posted on /r/netsec by /u/nibblesec on 2024-01-24 08:52:39+00:00.

3

1

15 MCQ questions for practice related to security (practicepedia.in)

submitted 11 months ago by [email protected] to c/[email protected]

0 comments fedilink

This is an automated archive.

The original was posted on /r/netsec by /u/eren_rndm on 2024-01-24 06:29:20+00:00.

4

1

Improving LLM Security Against Prompt Injection: AppSec Guidance For Pentesters and Developers (blog.includesecurity.com)

submitted 11 months ago by [email protected] to c/[email protected]

0 comments fedilink

This is an automated archive.

The original was posted on /r/netsec by /u/907jessejones on 2024-01-23 21:20:28+00:00.

5

1

CVE-2024-0204: Fortra GoAnywhere MFT Authentication Bypass Deep-Dive, IOCs, and Exploit (www.horizon3.ai)

submitted 11 months ago by [email protected] to c/[email protected]

0 comments fedilink

This is an automated archive.

The original was posted on /r/netsec by /u/scopedsecurity on 2024-01-23 20:52:56+00:00.

6

1

Windows - Data Protection API - A journey into various DPAPI potential abuses from an offensive security perspective (tierzerosecurity.co.nz)

submitted 11 months ago by [email protected] to c/[email protected]

0 comments fedilink

This is an automated archive.

The original was posted on /r/netsec by /u/clod81 on 2024-01-23 19:18:51+00:00.

7

1

A recent analysis of the Cactus Ransomware (www.shadowstackre.com)

submitted 11 months ago by [email protected] to c/[email protected]

0 comments fedilink

This is an automated archive.

The original was posted on /r/netsec by /u/ShadowStackRE on 2024-01-23 14:28:24+00:00.

8

1

Export Controls: Explained (www.nextlabs.com)

submitted 11 months ago by [email protected] to c/[email protected]

0 comments fedilink

This is an automated archive.

The original was posted on /r/netsec by /u/zolakrystie on 2024-01-23 11:35:13+00:00.

9

1

Typhooncon 2024 has less than 2 weeks left for CFT submissions. Don't miss out! (typhooncon.com)

submitted 11 months ago by [email protected] to c/[email protected]

0 comments fedilink

This is an automated archive.

The original was posted on /r/netsec by /u/Straight-Zombie-646 on 2024-01-23 10:34:20+00:00.

10

1

Exploiting 0-click Android Bluetooth vulnerability to inject keystrokes without pairing (CVE-2023-45866) (www.mobile-hacker.com)

submitted 11 months ago by [email protected] to c/[email protected]

0 comments fedilink

This is an automated archive.

The original was posted on /r/netsec by /u/barakadua131 on 2024-01-23 09:44:41+00:00.

11

1

[VNCERT/CC] CVE-2023-22527 realworld poc The original PoC: payload is length limited Solution: 1. Write the script file in parts 2. Run the script (github.com)

submitted 11 months ago by [email protected] to c/[email protected]

0 comments fedilink

This is an automated archive.

The original was posted on /r/netsec by /u/arleth94 on 2024-01-23 07:31:46+00:00.

12

1

Many CVE Records Are Listing the Wrong Versions of Software as Being Affected (www.pluginvulnerabilities.com)

submitted 11 months ago by [email protected] to c/[email protected]

0 comments fedilink

This is an automated archive.

The original was posted on /r/netsec by /u/PluginVulns on 2024-01-22 18:56:46+00:00.

13

1

EC2 Privilege Escalation Through User Data (hackingthe.cloud)

submitted 11 months ago by [email protected] to c/[email protected]

0 comments fedilink

This is an automated archive.

The original was posted on /r/netsec by /u/RedTermSession on 2024-01-22 17:32:09+00:00.

14

1

How a vulnerability in WifiKey's AC Gateway allows remote attackers to trigger a pre-auth RCE (ssd-disclosure.com)

submitted 11 months ago by [email protected] to c/[email protected]

0 comments fedilink

This is an automated archive.

The original was posted on /r/netsec by /u/SSDisclosure on 2024-01-22 16:54:20+00:00.

15

1

Vulnerability in Gambio pertains to an insecure deserialization flaw, which ultimately allows an attacker to execute remote code on affected systems. (herolab.usd.de)

submitted 11 months ago by [email protected] to c/[email protected]

0 comments fedilink

This is an automated archive.

The original was posted on /r/netsec by /u/usdAG on 2024-01-22 12:53:34+00:00.

16

1

Domain Escalation – Backup Operator (pentestlab.blog)

submitted 11 months ago by [email protected] to c/[email protected]

0 comments fedilink

This is an automated archive.

The original was posted on /r/netsec by /u/netbiosX on 2024-01-22 11:07:35+00:00.

17

1

AsyncRAT: Config Decryption Techniques and Salt Analysis - Securityinbits (www.securityinbits.com)

submitted 11 months ago by [email protected] to c/[email protected]

0 comments fedilink

This is an automated archive.

The original was posted on /r/netsec by /u/securityinbits on 2024-01-22 04:59:40+00:00.

18

1

Just released v10.1 of scanme a go package for scanning private and public IPs for open TCP ports 👁️ - it would be great to have some feedback from you pros, thanks in advance for any contribution! (github.com)

submitted 11 months ago by [email protected] to c/[email protected]

0 comments fedilink

This is an automated archive.

The original was posted on /r/netsec by /u/Technical_Shelter621 on 2024-01-21 15:02:49+00:00.

19

1

LogBoost - A tool for parsing and enriching IP addresses in any type of log/file with GEO, DNS, OSINT IOCs and ASN context (github.com)

submitted 11 months ago by [email protected] to c/[email protected]

0 comments fedilink

This is an automated archive.

The original was posted on /r/netsec by /u/panscanner on 2024-01-20 15:00:19+00:00.

20

1

Technical Deepdive of the Okta HAR Breach Incident (www.rezonate.io)

submitted 11 months ago by [email protected] to c/[email protected]

0 comments fedilink

This is an automated archive.

The original was posted on /r/netsec by /u/Or1rez on 2024-01-19 17:29:02+00:00.

21

1

Taking over WhatsApp accounts by reading voicemails (medium.com)

submitted 11 months ago by [email protected] to c/[email protected]

0 comments fedilink

This is an automated archive.

The original was posted on /r/netsec by /u/AffectionateOrchid10 on 2024-01-19 13:56:33+00:00.

22

1

npm Package Found Delivering RAT Through Signed Microsoft Executable (blog.phylum.io)

submitted 11 months ago by [email protected] to c/[email protected]

0 comments fedilink

This is an automated archive.

The original was posted on /r/netsec by /u/louis11 on 2024-01-19 03:17:35+00:00.

23

0

High Signal Detection and Exploitation of Ivanti's Pulse Connect Secure Auth Bypass & RCE (www.assetnote.io)

submitted 11 months ago by [email protected] to c/[email protected]

0 comments fedilink

This is an automated archive.

The original was posted on /r/netsec by /u/Mempodipper on 2024-01-19 00:50:10+00:00.

24

0

How Praetorian Discovered a Critical TensorFlow Supply Chain Attack (www.praetorian.com)

submitted 11 months ago by [email protected] to c/[email protected]

0 comments fedilink

This is an automated archive.

The original was posted on /r/netsec by /u/cyberforce218 on 2024-01-18 22:05:32+00:00.

25

1

Outlook Vulnerability Discovery and New Ways to Leak NTLM Hashes (www.varonis.com)

submitted 11 months ago by [email protected] to c/[email protected]

0 comments fedilink

This is an automated archive.

The original was posted on /r/netsec by /u/lohacker0 on 2024-01-18 15:59:31+00:00.

Technical Information Security Content &amp; Discussion

This is an automated archive.

This is an automated archive.

This is an automated archive.

This is an automated archive.

This is an automated archive.

This is an automated archive.

This is an automated archive.

This is an automated archive.

This is an automated archive.

This is an automated archive.

This is an automated archive.

This is an automated archive.

This is an automated archive.

This is an automated archive.

This is an automated archive.

This is an automated archive.

This is an automated archive.

This is an automated archive.

This is an automated archive.

This is an automated archive.

This is an automated archive.

This is an automated archive.

This is an automated archive.

This is an automated archive.

This is an automated archive.

Technical Information Security Content & Discussion