Spoof emails when SPF is present but DMARC is not allowing you to spoof the sender

How attackers can insert backdoors early in the boot process using systemd generators

Explore this post and more from the netsec community

This blog post discusses two erroneous computation patterns in Golang. By erroneous computation we mean simply that given certain input, a computer program with certain state returns incorrect output or enters an incorrect state. While clearly there are no…

Microsoft has introduced Windows Hello for Business (WHfB) to replace traditional password based authentication with a key based trust model. This implementation uses PIN or Bio-metrics which are l…

Sha256 algorithm explained online step by step visually

Qbot (aka QakBot, Quakbot, Pinkslipbot ) has been around for a long time having first been observed back in 2007. More info on Qbot can be found at the following links: Microsoft & Red Canary I…

The Case for Farm-to-Table Package SigningThe benefits and limitations of signing an open source package–using a private key to create a unique digital signature–are a surprisingly contentious topic. One of the maintainers associated with the Python Package…

Posted in r/netsec by u/Jazzlike-Vegetable69 • 2 points and 0 comments

Running malicious code in your CI, without access to your CI

TL;DR After Docker released a fix [1] for CVE-2021-21284 [2], it unintentionally created a new vulnerability that allows a low-privileged user on the host to execute files from Docker images....

Posted in r/netsec by u/0xdeadbeef0000 • 16 points and 5 comments

In this blog post, we’ll look at a Windows Print Spooler local privilege escalation vulnerability that I found and…

Simple C# implementation of PowerUpSQL. Contribute to mlcsec/SharpSQL development by creating an account on GitHub.

astrocamel, Blog, Portfolio, George Skouroupathis

Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang, focused on containerized environments. - GitHub - cyberark/kubesploit: Kubesplo...

Welcome to the Top 10 (new) Web Hacking Techniques of 2021, the latest iteration of our annual community-powered effort to identify the most significant web security research released in the last year

Posted in r/netsec by u/Jazzlike-Vegetable69 • 5 points and 1 comment

Security breaches have increased in recent years. The world is dangerously ill-equipped to handle the magnitude of these threats.

Denoscription Using firejail --private --private-cwd=. /usr/bin/sh leaks access to the entire filesystem. Steps to Reproduce cd into some subdirectory of $HOME. `firejail --private --private-cwd=. /u...

Home of the Advanced Persistent Tortellini - aka APTortellini, an Italian collective of hackers publishing technical research regarding offensive security.