AT&T inspired me to explore a little more.

Posted in r/netsec by u/CyberMasterV • 107 points and 3 comments

crashmon - A LLDB Based replacement for CrashWrangler - GitHub - ant4g0nist/crashmon: crashmon - A LLDB Based replacement for CrashWrangler

Scripts to secure and harden Mac OS X. Contribute to AtropineTears/TheMacHardeningScripts development by creating an account on GitHub.

A while back, I noticed that whenever I typed https:// into the search bar in Firefox on my phone, Google would helpfully try and autocomplete my search with a number of random domains. This immediatly nerd sniped me, so I thought it might be interesting…

When someone passed me hundreds of thousands of records on kids taken from CloudPets a few years ago, I had a nightmare of a time getting in touch with the company. They'd left a MongoDB instance exposed to the public without a password and someone had snagged…

Asymmetric private keys are among the most often leaked out. We’re open sourcing a tool that immediately tells you if one is sensitive https://github.com/trufflesecurity/driftwood With this tool we found the private keys for hundreds of TLS certificates…

The role of Certification Authority is to provide trust between different active directory entities or as an authentication mechanism in order to access specific resources such as web applications …

Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.

Posted in r/netsec by u/ma-ni • 485 points and 25 comments

Background Embedded devices with limited memory and storage resources are likely to leverage a tool such as BusyBox, which is marketed as the Swiss Army Knife of embedded Linux. BusyBox is a software suite of many useful Unix utilities, known as applets,…

The Mosque-Cathedral of Córdoba is a chronicle of

Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.

Modern web applications typically rely on chains of multiple servers, which forward HTTP requests to one another. The attack surface created by this forwarding is increasingly receiving more attention, including the recent popularisation of cache poisoning...

FullHunt is releasing a public API to find all attack surfaces, exposed services, DNS records, subdomains, and public assets for FREE!FullHunt API ReleaseAft...

Advisory for CVE-2021-41765, a critical SQL injection vulnerability leading to remote code execution, by the Horizon3.ai red team.

November 2021 release of PcapPlusPlus (v21.11)
This package contains

Binaries compiled for Ubuntu 20.04 LTS, 18.04 LTS,16.04 LTS
Binaries compiled for CentOS 7
Binaries compiled for Fedora 34
Bina...