The techniques for DACL-based attacks against User and Computer objects in Active Directory have been established for years. If we…

Light-weight UNIX backdoor. Contribute to phath0m/JadedWraith development by creating an account on GitHub.

A few weeks back, the messaging service WhatsApp sued the Indian government over new legislation that could undermine its end-to-end encryption (E2EE) software. The legislation requires, among othe…

Posted in r/netsec by u/hermajordoctor • 1 point and 1 comment

Posted in r/netsec by u/thatmemforensicsguy • 7 points and 0 comments

Preface (日本語版も公開されています。) While PyPI has a security page, they don’t have a clear policy for vulnerability assessments.1 This article describes the vulnerabilities that were reported as potential vulnerabilities, using publicly available information. This…

The Print Spooler is responsible to manage and process printer jobs. It runs as a service with SYSTEM level privileges on windows environments. Abuse of the Print Spooler service is not new and suc…

The second quarter of 2021 was expected to be much quieter than the Q1 in DDoS attacks; hence we're looking at the late spring and early summer months of April, May and June, with somewhat cooled business buzz globally. Although, some attacking activity was…

Our Director of Cyber Threat Research, Kev Breen, recently discovered a vulnerability in a piece of stalkerware. What followed was a dilemma that has lasted months. Together, the Immersive Labs team has decided to help educate people on the dangers of stalkerware…

Learn how to Phish using EvilGinx2 and GoPhish

A while back, SecurityTrails announced that they would be running a contest dubbed

Posted in r/netsec by u/pimterry • 303 points and 30 comments

In the following post I go through how to escape from a truly air gapped network using Apple Wireless Direct Link -network and leveraging…

Find and fix security issues in your Android app’s code with AppSweep: a mobile application security testing solution, based on ProGuard technology.

A checklist of practices for organizations dealing with account takeover (ATO) - ato-checklist/README.md at master · magoo/ato-checklist

A walkthrough of my first experience in router hacking

I imagine we've all heard about the recent 'Sequoia' bug discovered by the Qualys Research team. It's a fascinating bug so I decided to do variant analysis using CodeQL!

Overview