Posted in r/netsec by u/4lreadytekken • 12 points and 9 comments

This class teaches Intel x86 reset vector firmware (aka BIOS). It requires you to have taken Arch1001, Arch2001, and Dbg1015.

Introducing the new Kubeconfig Canarytoken A while back we asked: “What will an attacker do if they find an AWS API key on your server?” (We are pretty convinced they will try to use it, and when t…

Threema boldly claims to be more secure than Signal. Does this hold up to scrutiny?

One of the great features of service meshes in Kubernetes is the ability to have an out-of-the-box zero-application-changes solution that delivers a powerful security feature: mTLS (mutual Transport Layer Security). But… why do we need mTLS? It’s because…

Posted in r/netsec by u/prabhus • 1 point and 0 comments

Automate finding relational vulnerabilities for a more accurate risk rating

AT&T inspired me to explore a little more.

Posted in r/netsec by u/CyberMasterV • 107 points and 3 comments

crashmon - A LLDB Based replacement for CrashWrangler - GitHub - ant4g0nist/crashmon: crashmon - A LLDB Based replacement for CrashWrangler

Scripts to secure and harden Mac OS X. Contribute to AtropineTears/TheMacHardeningScripts development by creating an account on GitHub.

A while back, I noticed that whenever I typed https:// into the search bar in Firefox on my phone, Google would helpfully try and autocomplete my search with a number of random domains. This immediatly nerd sniped me, so I thought it might be interesting…

When someone passed me hundreds of thousands of records on kids taken from CloudPets a few years ago, I had a nightmare of a time getting in touch with the company. They'd left a MongoDB instance exposed to the public without a password and someone had snagged…

Asymmetric private keys are among the most often leaked out. We’re open sourcing a tool that immediately tells you if one is sensitive https://github.com/trufflesecurity/driftwood With this tool we found the private keys for hundreds of TLS certificates…

The role of Certification Authority is to provide trust between different active directory entities or as an authentication mechanism in order to access specific resources such as web applications …

Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.

Posted in r/netsec by u/ma-ni • 485 points and 25 comments