Posted in r/netsec by u/gid0rah • 21 points and 0 comments

Windows Event Log Killer. Contribute to hlldz/Phant0m development by creating an account on GitHub.

Hello, I’m Shiga( @Ga_ryo_ ), a security engineer at Flatt Security Inc.

We're disclosing patched vulnerabilities in KDE Discover and the Gnome Shell Extensions website, as well as unpatched vulnerabilities in the PlingStore app and Pling-based Linux marketplace websites (e.g. appimagehub.com, store.kde.org, gnome-look.org).

Technical details of achieving cross-site noscripting (XSS) attacks by using HTML parsing logic where lexical parsers are used to nullify dangerous content.

Attack Surface Analyzer can help you analyze your operating system's security configuration for changes during software installation. - GitHub - microsoft/AttackSurfaceAnalyzer: Attack Surf...

Semgrep now has 1st-class integration into GitLab

D3FEND is a knowledge base of cybersecurity countermeasure techniques. In the simplest sense, it is a catalog of defensive cybersecurity techniques and their relationships to offensive/adversary techniques. The primary goal of the initial D3FEND release is…

Introduction

Find the latest telecom Industry news, online Industry information, views & updates. Get online news from the Indian Telecom Industry on ET Telecom.

Post describing my research wardialing Finnish freephones.

The differences between TLS 1.2 and TLS 1.3 are extensive and significant, offering improvements in both performance and security.

A deep dive tool comparison

Unless you are living under the rock, you have seen that recently @harmj0y and @tifkin_ published their amazing research on Active Directory Certificate Services (AD CS). If you haven’t checked it out already read their post first.

PALO ALTO, Calif. & TEL AVIV, Israel, June 23, 2021--Nearly 60% of organizations said they consider lack of visibility and inadequate identity/access security a major threat to their cloud infrastructure

Until this time, Linux has experienced only a small number of viruses. Some of these viruses still exist but aren’t active, and they certainly don’t propagate.

New security research on top of a novel detection of PyPI packages containing a crypto-miner. We present actionable solutions for developers and discuss automated detection and deobfuscate techincs.

A widespread phishing campaign in operation since May is using a mix of old and new evasion tricks to drop IcedID malware.