In this section, we'll explain the basics of information disclosure vulnerabilities and describe how you can find and exploit them. We'll also offer some ...

Security is the poster child of a Non-Functional Requirement: most people don’t care until the proverbial fecal matter hits the rotary propeller. Consequences can range from losing reputation to legal liability to putting the business out. In my post on running…

Over 90 WordPress themes, plugins backdoored in supply chain attack

(source: bleepingcomputer.com)
A product can be seen as a production line. That's what The Phoenix Project novel argues. It makes sense to me. Things gets assembled and passed around, work…

Part 5 of a series covering fuzzer development using LibAFL

Chrome is deprecating access to private network endpoints from non-secure public websites as part of the Private Network Access specification. Read on for recommended actions.

Writeup by: Oliver Lyak (ly4k)
Solved by: Zopazz, Oliver Lyak (ly4k)
QLaaS QLaaS (Qiling as a Service) was a Clone-and-Pwn challenge with difficulty Schrödinger …

In the last few days, Linux maintainers disclosed a broadly available Linux kernel vulnerability - CVE-2022-0185- what does it mean for Kubernetes?

The mobile banking malware BRATA keeps evolving. Read here the new Technical Report, which explains in detail how it monitors banks account and how to prevent it.

Our previous report on Cobalt Strike focused on the most frequently used capabilities that we had observed. In this report, we will focus on the network traffic it produced, and provide some easy w…

Or, how you could use GitHub to compromise 9.5K Twitter accounts without doing any “hacking”

TypeScript Scenario-Based Web Application Fuzzing Framework - GitHub - shfz/shfz: TypeScript Scenario-Based Web Application Fuzzing Framework

A new shellcode injection technique. Given as C++ header or standalone Rust program. - GitHub - Idov31/FunctionStomping: A new shellcode injection technique. Given as C++ header or standalone Rust ...

Application security issues found by Assetnote

We explore the history of image unblurring and present a simple yet effective technique to get a high-resolution image from a pixelated video in order to recover redacted information (with no guessing involved).

In September '21, I came across this story  "Swiss Post Offers up to €230,000 for Critical Vulnerabilities in e-Voting System" while catchi...

Posted in r/netsec by u/k3nfr4 • 0 points and 1 comment

TrustedSec's blog is an expert source of information on information security trends and best practices for strategic risk management.

Posted in r/netsec by u/lormayna • 630 points and 166 comments