With OpenSSH 8.5 agent forwarding was implemented for SFTP and SCP to allow remote copy operations. Agent forwarding has already been considered a security risk…

A comprehensive guide that provides a structured approach to reviewing the security architecture of a multi-cloud SaaS company and finding its most critical components.

Posted in r/netsec by u/tvjust • 2 points and 0 comments

A main component of Splunk Enterprise is Splunk patch indexer, which handles parsing and indexing of data. Discover more with Claroty.

CVE-2020-20093; 20094; 20095; 20096, 2022-28345 RTLO Injection URI Spoofing - GitHub - zadewg/RIUS: CVE-2020-20093; 20094; 20095; 20096, 2022-28345 RTLO Injection URI Spoofing

How I found various vulnerabilities and chained some of the vulnerabilities into an unauthenticated command execution in NETGEAR WAC124.

Sysdig has released the following binaries that will allow us to collect Okta events and using Falco OOTB rules to detect suspicious activity

See Datadog's proof of concept exploit for breaking out from unprivileged containers using the Dirty Pipe vulnerability.

Your phone is under constant attack from criminals, corporations and foreign governments.

Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.

It is likely that we have all seen PHP filters that prevent us from encountering vulnerabilities. Here in this blog post, I'll walk you through my thought process for bypassing a filter by looking for a bug in the filter itself in order to reach a bug!

Posted in r/netsec by u/Gallus • 72 points and 9 comments

“We use cookies to enhance your browsing experience, by clicking ACCEPT ALL you consent to our use of cookies”

Common Weakness Enumeration (CWE) is a list of software weaknesses.

One of our isolated network test environments is using the well known OPNSense firewall. It’s a widely used FreeBSD based open source…

Posted in r/netsec by u/AlmondOffSec • 56 points and 1 comment

CVE-2022-0995 exploit. Contribute to Bonfee/CVE-2022-0995 development by creating an account on GitHub.

This post discloses the exploit of CVE-2022-27666, which achieves local privilege escalation on the latest Ubuntu Desktop 21.10.

Contribute to httpvoid/writeups development by creating an account on GitHub.