Claroty's Biannual ICS Risk and Vulnerability Report provides an analysis of OT, ICS, and IoT vulnerabilities disclosed in the 2H of 2021.

Posted in r/netsec by u/yesyoucantrip • 1 point and 0 comments

Posted in r/netsec by u/addelindh • 93 points and 6 comments

Despite the fact that it is not a 'real' vulnerability, escaping privileged Docker containers is nevertheless pretty funny. And because there will always be people who will come up with reasons or excuses to run a privileged container (even though you really…

PyShell is new tool made for bug bounty, ethical hacking, penetration testers or red-teamers. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Unlike other webshells, the main goal of the tool is to use as little…

As we come to the end of the first quarter of 2022, we want to take some time to look back over our cases from 2021, in aggregate, and look at some of the top tactics, techniques and procedures (TT…

SCodeScanner stands for Source Code scanner where the user can scans the source code for finding the Critical Vulnerabilities. - GitHub - agrawalsmart7/scodescanner: SCodeScanner stands for Source...

AutoWarp is a critical vulnerability in Microsoft Azure Automation Service that allows unauthorized access to other customer accounts using the service.

Posted in r/netsec by u/nathanAbejeM • 0 points and 0 comments

Posted in r/netsec by u/moviuro • 2 points and 0 comments

Posted in r/netsec by u/nathanAbejeM • 3 points and 0 comments

We disclosed several GKE Autopilot vulnerabilities and attack techniques to Google. The issues are now fixed – we provide a technical analysis.

RESEARCH // TLSTORM TLStorm Three critical vulnerabilities discovered in APC Smart-UPS devices can allow attackers to remotely manipulate the power of

DomainProactive helps businesses stay on top of Internet security and best practices.

A new reflection/amplification distributed denial-of-service (DDoS) vector with a record-breaking potential amplification ratio of 4,294,967,296:1 has been abused by attackers in the wild to launch multiple high-impact DDoS attacks

In the course of these two articles, we will share an analysis of some aspects of reversing a low-level binary.

Posted in r/netsec by u/eberkut • 1 point and 0 comments

Core module for Forgiva Enterprise connecting Forgiva Server to Forgiva Webclient. - GitHub - Sceptive/forgiva-integrator: Core module for Forgiva Enterprise connecting Forgiva Server to Forgiva We...

Yarn, Pip, Composer & friends: Learn about 3 types of vulnerabilities we found in popular package managers that can be used by attackers to target developers.

Contribute to Accenture/VulFi development by creating an account on GitHub.

BHI (or Spectre-BHB) is a revival of cross-privilege Spectre-v2 attacks on modern systems deploying in-hardware defenses. And we have a very neat end-to-end exploit leaking arbitrary kernel memory on modern Intel CPUs to prove it