The first comprehensive resource about relaying that will walk you through the attack primitives that continue to work today including some lesser known attacks.

Posted in r/netsec by u/CyberMasterV • 37 points and 10 comments

Apiiro's Security Research team has discovered a major vulnerability in Argo CD platform (CVE-2022-24348).

by Diego Freijo Welcome to the first dispatch coming out of the Ministry of Silly Ideas! It’s a space we’ve got inside Anvil where we encourage ourselves to come up with interesting-even-if-sounding-silly-at-first-glance ideas around security or IT in general.…

At Bitdefender, we care deeply about security, so we’ve been working with media
partners and IoT devices manufacturers to identify vulnerabilities in the
world’s best-selling connected devices.

🎵 This LAN is your LAN, this LAN is my LAN 🎵

Posted by Nhamatanda - 2 votes and 11 comments

In this episode I talk about the concept of Business Case, Types of Project Plans, Organizational Process, Change Management and Data Classification which are essentials from an exam and real life security practice perspective.
If you like this episode do…

Erik Steringer, NCC Group Overview TL;DR: Go check out As public cloud service consumption has grown, engineering and security professionals have responded with different tools and techniques to ac…

A major software supply chain critical vulnerability CVE-2022-24348 was discovered in the popular open-source CD platform Argo CD. See its impact on Kubernetes here

Posted by digicat - 210 votes and 14 comments

The most comprehensive negative testing / fuzz testing platform to hunt down bugs and zero-day vulnerabilities.

Posted by CyberMasterV - No votes and no comments

Spoof emails when SPF is present but DMARC is not allowing you to spoof the sender

How attackers can insert backdoors early in the boot process using systemd generators

Explore this post and more from the netsec community

This blog post discusses two erroneous computation patterns in Golang. By erroneous computation we mean simply that given certain input, a computer program with certain state returns incorrect output or enters an incorrect state. While clearly there are no…

Microsoft has introduced Windows Hello for Business (WHfB) to replace traditional password based authentication with a key based trust model. This implementation uses PIN or Bio-metrics which are l…

Sha256 algorithm explained online step by step visually

Qbot (aka QakBot, Quakbot, Pinkslipbot ) has been around for a long time having first been observed back in 2007. More info on Qbot can be found at the following links: Microsoft & Red Canary I…

The Case for Farm-to-Table Package SigningThe benefits and limitations of signing an open source package–using a private key to create a unique digital signature–are a surprisingly contentious topic. One of the maintainers associated with the Python Package…