A community for technical news and discussion of information security and closely related topics.

Docker is a popular tool that has become synonymous with containers. Docker can build images and run containers. The tool also allows its users to upload their docker images to Docker Hub - the container image registry from Docker Inc. that helps share images.…

This week at Black Hat Europe 2021, Marloes Venema (Radboud University Nijmegen) and me, presented our work on attacking attribute-based encryption implementations: Attribute-based encryption Attri…

The discovery and analysis of a new threat: Krane malware – a cryptominer botnet that has the ability to spread laterally.

Familiarity is what makes spear phishing attacks successful.

exploit

Execute ELF files without dropping them on disk. Contribute to nnsee/fileless-elf-exec development by creating an account on GitHub.

Discord is the easiest way to communicate over voice, video, and text. Chat, hang out, and stay close with your friends and communities.

Israel has been caught hacking the phones of six Palestinian human rights staffers. It’s the latest incident in Israel’s larger web of blatantly undemocratic mass surveillance practices.

This blog post will discuss our findings that we presented in our Blackhat Europe talk noscriptd "Exploiting CSP in Webkit to break Authentication/Authorization", a vulnerability that enabled us to takeover user accounts on most of the web applications out thereby…

This blog post will discuss our findings that we presented in our Blackhat Europe talk noscriptd "Exploiting CSP in Webkit to break Authentication/Authorization", a vulnerability that enabled us to takeover user accounts on most of the web applications out thereby…

Posted in r/netsec by u/CyberMasterV • 26 points and 6 comments

Posted in r/netsec by u/digicat • 153 points and 14 comments

Multiple vulnerabilities in concrete cms. File upload, double race condition, RCE, turbo intruder.

And a few reason why you should consider it.

In late September 2021, we observed an intrusion in which initial access was gained by the threat actor exploiting multiple vulnerabilities in Microsoft Exchange. The threat actors in this case wer…

Domain persistence techniques enable red teams that have compromised the domain to operate with the highest level of privileges in a large period. One of the most common domain persistence techniqu…

Posted in r/netsec by u/braincrowd • 1 point and 0 comments

Modernizing the CIA's operational infrastructure. Multi/Hybrid Cloud Docker Swarm clusters and mesh VPN networks 🐿