Job Opening: Us Courts Penetration Tester at Security Innovation in Seattle .

Learn about password hashing, salting, and key derivation functions in Python.

Introduction

Unexpected “Expected” Behavior

This report will review an intrusion where the threat actor took advantage of a WebLogic remote code execution vulnerability (CVE-2020–14882) to gain initial access to the system before installing a coin miner (XMRig).

At @ConfiantIntel we had some “luck” finding a new malware targeting the new Apple flagship M1 computers. I put “luck” between quotes, as…

Run individual configuration, compliance and security controls or full compliance benchmarks for CIS for Zoom. - GitHub - turbot/steampipe-mod-zoom-compliance: Run individual configuration, complia...

Posted in r/netsec by u/lacraig2 • 16 points and 0 comments

Writeup for a cross-site noscripting bug I found in the AWS Console.

If you are coming back, and just here for the cheatsheet, you can find that here. If it’s your first time, hopefully you’ll read through the whole thing. Note: For my own sanity, I have inten…

One high risk XSS vulnerability was identified within the Froala application.

This is a write-up of the recent trends in credential stuffing attacks that the CUJO AI Labs detected in our honeypots. Find out what password brute-force techniques and tools attackers are using in 2021.

SSRF explained and the techniques to indentify, and bypass server side SSRF filtering.

The User Enrollment MDM option added with iOS 13 does not restrict MDM-deployed certificates to MDM-deployed applications, and in the absence of additional controls such as certificate pinning these certificates are, surprisingly, trusted by personally installed…

A privileged user can obtain remote code execution on Q'center through a manipulated QPKG installation package.

Kubernetes Goat 🐐 is a "Vulnerable by Design" Kubernetes Cluster. Designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security 🔐 - Git...

In this blog we discuss a project we are open sourcing: An In-memory Embedding of CPython. We provide a brief overview of this research and also share our results with the community. A paper [1] on this research was accepted in the USENIX Workshop on Offensive…

Posted in r/netsec by u/adulau • 2 points and 0 comments