Casper-fs is a Custom Hidden Linux Kernel Module generator. Each module works in the file system to protect and hide secret files. - GitHub - CoolerVoid/casper-fs: Casper-fs is a Custom Hidden Linu...

Multiple vulnerabilities (CVE-2022-26500, CVE-2022-26501) in Veeam Backup & Replication allow executing malicious code remotely without authentication. This may lead to gaining control over the target system.

An automated setup for fuzzing Redis w/ AFL++. Contribute to 0xbigshaq/redis-afl development by creating an account on GitHub.

An automated setup for compiling & fuzzing Apache httpd server - 0xbigshaq/apache-afl

CVE-ID: CVE-2021-34979 ZDI Identifier: ZDI-CAN-13512

FirmWire is a full-system baseband firmware emulation platform for fuzzing, debugging, and root-cause analysis of smartphone baseband firmwares - GitHub - FirmWire/FirmWire: FirmWire is a full-syst...

CVE-2022-0847 or "Dirty Pipe", is a Linux kernel flaw that allows attackers to escalate privileges. We analyze the vulnerability in-depth in this blog.

Posted in r/netsec by u/D4r1 • 208 points and 7 comments

An AWS/GitLab CICD themed CTF.

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) released a Cybersecurity Technical Report, “Kubernetes Hardening Guidance,” today. This report

Posted in r/netsec by u/yawkat • 0 points and 0 comments

Posted in r/netsec by u/Late_Ice_9288 • 63 points and 3 comments

JFrog’s Security Research team discovered 7 vulnerabilities in the ClickHouse database management software. Learn about the issues and how to mitigate the risks.

In October 2021, Apple released a fix for CVE-2021-30833. This was an arbitrary file-write vulnerability in the xar utility and was due to improper handling of path separation (forward-slash) characters when processing files contained within directory symlinks.…

With this series, we present the results of our research on the security of popular developer tools with the goal of making this ecosystem safer: today’s article revisits Git integrations.

Learn how CrowdStrike discovered a new vulnerability in the CRI-O Container Engine (CVE-2022-0811), and what organizations can do to remediate this vulnerability.

TL;DR Jump to the Ideas list.
Introduction This year is the second time we participate as a fork - Rizin, effectively continuing the tradition since the year 2015 (as the radare2 project).
Mentors Members of the Rizin and Cutter core teams have volunteered…

Open Source Security Guide. Learn all about Security Standards, Frameworks, Threat Models, Encryption, and Benchmarks. - GitHub - mikeroyal/Open-Source-Security-Guide: Open Source Security Guide. ...