Introduction: So, before we dive right into things, just a few bits of advice; some programming knowledge, an understanding of what symbolic linking is within *nix and how it works, and also an und…

Uncover the full name of a target on Linkedin. Contribute to mxrch/revealin development by creating an account on GitHub.

The Biden Administration continues to take steps to safeguard U.S. critical infrastructure from growing, persistent, and sophisticated cyber threats. Recent high-profile attacks on critical infrastructure around the world, including the ransomware attacks…

Software Delivery Workflow For Kubernetes. Contribute to devtron-labs/devtron development by creating an account on GitHub.

CVE-2021-33909, codenamed Sequoia, affects Linux's file system and enables privilege escalation. Learn how to mitigate and detect it.

Web authentication testing framework. Contribute to DigeeX/raider development by creating an account on GitHub.

An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface. - nicocha30/ligolo-ng

CTV News has learned the personal information of British Columbians has been leaked online, with an unknown number of people and agencies potentially still vulnerable, after a data breach at a mental health services provider.

A general purpose memory allocator that implements an isolation security strategy to mitigate memory safety issues while maintaining good performance - GitHub - struct/isoalloc: A general purpose m...

Using deception and decoy accounts to detect threat actors

Understanding an application’s network communication is commonly one of the major tasks when performing grey or black box application security analyses. To make this process as efficient and convenient as possible, we developed hallucinate, a dynamic binary…

Posted in r/netsec by u/shapelez • 3 points and 0 comments

In the midst of an epic troll on a country-wide railway system, we discovered a new threat actor and their reusable wiper called Meteor.

Analysis and Exploitability of a buffer overflow vulnerability present in printer's drivers (CVE-2021-3438).

The Magnitude exploit kit, originally known as PopAds, has been around since at least 2012, which is an unusually long lifetime for an exploit kit. However, it’s not the same exploit kit today that it was nine years ago. Pretty much every part of Magnitude…

My list of “Probably Are Gonna Need It” security features for your web app – things that you should build up-front, not wait until you need them (when it’s already too late).

JFrog finds a new supply chain attack targeting python developers using the PyPI repository

Today, we are launching MLSEC.IO, a new machine learning security evasion competition as an educational effort for the AI and security communities to exercise their muscle to attack critical AI systems in a realistic setting.

Find active vulnerability disclosure programs from the Cybersecurity & Infrastructure Security Agency. Start hunting today!