What’s dumber than an open redirect? This.

Posted in r/netsec by u/gquere • 27 points and 1 comment

In this blog post we explain how hardware security modules (HSM) help protect sensitive data and how Teleport 7.2 uses HSM to make remote access more secure.

This post is a short notice about vulnerabilities in VMware products I found earlier this year. During a penetration test of a freshly built environment, I took a closer look at VMware Unified Access …

Posted in r/netsec by u/thinkst • 2 points and 0 comments

Frida's finally getting Swifty. Contribute to frida/frida-swift-bridge development by creating an account on GitHub.

sgCheckup generates nmap output based on scanning your AWS Security Groups for unexpected open ports. - goldfiglabs/sgCheckup

packet captures of real-world ddos attacks. Contribute to StopDDoS/packet-captures development by creating an account on GitHub.

In part two of our series on securing SQL server applications, we explore a scenario in which you do not want to incur the overhead of encryption for every application. See the solution here.

SSH lateral movement cheat sheet, a collection of lateral movement techniques to move deeper through the network.

What's best way to test API security? You need to go fuzz yourself! Leading API hacker Alissa Knight show how to test APIs through fuzzing.

https://zeronights.ru/en/reports-en/weird-proxies-2-and-a-bit-of-magic/

Reverse proxies and their variations are used everywhere in modern web applications for routing, caching, and access differentiation. This talk is dedicated to new research results…

Posted in r/netsec by u/hjaltmann • 8 points and 0 comments

Learn more about reversing real-world macOS malware in this new series for intermediate to advanced analysts, starting with these r2 tips!

We’re changing which keys are supported in SSH and removing unencrypted Git protocol. If you’re an SSH user, read on for the details and timeline.

During a recent engagement, we identified a recurring and interesting scenario involving smart router devices. We define smart router devices as devices with functionality that requires them to provide services beyond basic routing to an internal LAN network…

Claroty Team82 discloses details on a vulnerability that can be used to crash a SIP IoT Client with a single malformed header packet.

Posted in r/netsec by u/gquere • 1 point and 0 comments

Posted in r/netsec by u/sanitybit • 3 points and 1 comment