CryptoLyzer is a multiprotocol cryptographic settings analyzer with SSL/TLS, SSH, and HTTP header analysis ability. The main purpose of the tool is to tell you what kind of cryptographic related settings are enabled on a client or server.

Home of the Advanced Persistent Tortellini - aka APTortellini, an Italian collective of hackers publishing technical research regarding offensive security.

OctopusWAF is a WAF( Web application firewall) with high performance, made in C language and use libevent. - GitHub - CoolerVoid/OctopusWAF: OctopusWAF is a WAF( Web application firewall) with high...

Lookup for interesting stuff in SMB shares. Contribute to oldboy21/SMBSR development by creating an account on GitHub.

Posted in r/netsec by u/unaligned_access • 2 points and 0 comments

Google lists 4,840,000 results to the search of "malware detection tools." Is malware detection a silver bullet, or is there a smarter method to prevent malware attacks? We believe there is one.

Opensource, cross-platform and portable toolkit for automating routine processes when carrying out various works for testing!

Hundreds of Offensive and Useful Docker Images for Network Intrusion. The name says it all. - GitHub - cybersecsi/HOUDINI: Hundreds of Offensive and Useful Docker Images for Network Intrusion. The ...

During my 6-months intership, I developed a tool to ease vunerability research on Java applications.

Linux maintainers and vendors disclosed a heap overflow vulnerability in the Linux Kernel causing DoS, escape container or elevate privileges

Posted in r/netsec by u/Gallus • 88 points and 8 comments

A robust Red Team proxy written in Go. Contribute to chdav/GoWard development by creating an account on GitHub.

In this section, we'll explain the basics of information disclosure vulnerabilities and describe how you can find and exploit them. We'll also offer some ...

Security is the poster child of a Non-Functional Requirement: most people don’t care until the proverbial fecal matter hits the rotary propeller. Consequences can range from losing reputation to legal liability to putting the business out. In my post on running…

Over 90 WordPress themes, plugins backdoored in supply chain attack

(source: bleepingcomputer.com)
A product can be seen as a production line. That's what The Phoenix Project novel argues. It makes sense to me. Things gets assembled and passed around, work…

Part 5 of a series covering fuzzer development using LibAFL

Chrome is deprecating access to private network endpoints from non-secure public websites as part of the Private Network Access specification. Read on for recommended actions.

Writeup by: Oliver Lyak (ly4k)
Solved by: Zopazz, Oliver Lyak (ly4k)
QLaaS QLaaS (Qiling as a Service) was a Clone-and-Pwn challenge with difficulty Schrödinger …

In the last few days, Linux maintainers disclosed a broadly available Linux kernel vulnerability - CVE-2022-0185- what does it mean for Kubernetes?