Posted in r/netsec by u/AlmondOffSec • 56 points and 1 comment

CVE-2022-0995 exploit. Contribute to Bonfee/CVE-2022-0995 development by creating an account on GitHub.

This post discloses the exploit of CVE-2022-27666, which achieves local privilege escalation on the latest Ubuntu Desktop 21.10.

Contribute to httpvoid/writeups development by creating an account on GitHub.

I tend to find ways of occupying myself with new exciting things. It might be a new language I try to learn to speak (not much success there), a new instrument I try to learn to play (I have no mus…

Posted in r/netsec by u/Gallus • 1 point and 0 comments

Cyber security – even in a time of global unrest – remains a balance of different risks. Ian Levy, the NCSC's Technical Director, explains why.

We covered the basic best practices to perform DFIR Kubernetes. We also simulated how to inspect and respond to a breach.

Through my experiences and in my research, I found the following job attributes were the most important to cybersecurity professionals.

Pre-Built Vulnerable Environments Based on Docker-Compose - vulhub/vulhub

Overview Recently, NSFOCUS CERT detected that Spring Cloud officially fixed a SPEL expression injection vulnerability in Spring Cloud Function, because the parameter “spring.cloud.function.routing-expression” in the request header is processed as a Spel expression…

Advisories, proof of concept files and exploits that have been made public by @pedrib. - PoC/DCNMPwn.md at master · pedrib/PoC

Code level discussion of web scraping, gray hat automation, growth hacking and bounty hunting

Team Nautilus uncovered and analyzed the first Python-based ransomware attack that targets misconfigured Jupyter Notebooks in the wild and encrypts files

Introducing RedDrop — a quick and easy web server for capturing and processing encoded and encrypted payloads and tar archives.

This research aims is to share TOP 3 Different Stealer Malware (Raccoon, Redline, and Vidar) behaviours, statistics and their properties.

We've been taking a look at the new zero-day exploit, dubbed Spring4Shell, supposedly discovered in Spring Core to determine if it's a problem or not, as well as explained another RCE vulnerability found in Spring.

Posted in r/netsec by u/krabsonsecurity • 70 points and 0 comments

Update: March 31, 2022 A patch has officially been released. https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement https://tanzu.vmware.com/security/cve-2022-22965 Overview Spring Core on JDK9+ is vulnerable to remote code execution due…

LunaSec - Open Source AppSec platform that automatically notifies you the next time vulnerabilities like Log4Shell or node-ipc happen. Track your dependencies and builds in a centralized service. G...