Wiz Research discovers a chain of critical vulnerabilities in the widely used Azure Database for PostgreSQL Flexible Server.

Download Fiddler Everywhere, the professionally built and supported web debugging proxy tool for Windows, macOS, and Linux. Free and fully-functional trial.

Google hacking, sometimes, referred to as Google Dorking, is an information-gathering technique used by an attacker leveraging advanced…

Posted in r/netsec by u/AlmondOffSec • 14 points and 0 comments

That noscript would have sounded very weird to me a year ago but that’s exactly what happened. Let me walk you through how we were approached by a client for a code review, had to find a zero day just to get started (CVE-2022-29856), and ultimately “decrypted…

Open source compliance tool for development platforms. - GitHub - reposaur/reposaur: Open source compliance tool for development platforms.

Colibri Loader uses a novel method of Persistence which makes use of Get-Variable cmdlet to run its executable every time powershell is launched. Here we cover the method, why it works, and how to detect such TTPs.

Interactive Kubernetes Security Learning Playground

Signal detector aims to help developers to stay ahead of threats

This post describes the techniques, tactics and procedures we observed during recent LAPSUS$ incidents.

Python module hijacking POC. Contribute to echo-devim/pyjacktrick development by creating an account on GitHub.

CLI program for automating the setup, configuration, and use of cybersecurity solutions - GitHub - MutableSecurity/mutablesecurity: CLI program for automating the setup, configuration, and use of c...

As the main routing device of the network, most routers can be set up and managed through their web enabled admin portal. This paper proposes a new method for router admin portal vulnerability mining...

Posted in r/netsec by u/xeonproc • 17 points and 9 comments

Rari Capital, a decentralized finance (DeFI) platform, has recently been hacked for more than $80 million in various crypto assets held in multiple lending pools. In a recent tweet by the smart contract audit company BlockSec, an unknown hacker targeted Rari…

Introduction As an ethical hacker, network scanning techniques, also known as path tracing, can assist you in learning about a network’s logical configuration. You can employ network scanning techniques to see if there are any firewalls, intrusion detection…

Trust Office 365? Think again. Phishing attacks are exploiting trust in collaboration platforms. Cato security analyst Zohar Buber explains.

On April 28 and April 30, respectively, Supply Chain Defender identified, blocked, and reported two packages we deemed were malicious versions of original

Using Data Memory-Dependent Prefetchers to Leak Data at Rest

This article describes how masscan works and why it is very fast.

There’s this thing called Windows Delivery Optimization which allows “you to get Windows updates and Microsoft Store apps from sources in addition to Microsoft, like other PCs on your local network, or PCs on the internet that are downloading the same files.