Netsec – Telegram
Netsec
@RNetsec
7.44K subscribers
22.4K links
This channel posts the feed from r/netsec.
For any suggestions dm @streaak
Donate to keep the bot running https://www.paypal.me/akhilgv
Download Telegram
About
Blog
Apps
Platform
Join
Netsec
7.44K subscribers
Netsec
Introducing Decompiler Explorer (🐶⚡️)
https://ift.tt/edNoWkj

Submitted July 14, 2022 at 03:28AM by Psifertex
via reddit https://ift.tt/7bcQAld
Binary Ninja
Binary Ninja - Introducing Decompiler Explorer
Binary Ninja is a modern reverse engineering platform with a noscriptable and extensible decompiler.
369 views
Netsec
This Salesforce Tableau Server XSS vulnerability will not get a CVE attributed. Here is the PoC and the fixed versions.
https://ift.tt/zGUqmpH

Submitted July 13, 2022 at 09:22PM by obilodeau
via reddit https://ift.tt/4BRrS8O
GoSecure
Tableau Server Leaks Sensitive Information From Reflected XSS - GoSecure
Penetration testing identifies Tableau Server was vulnerable to reflected XSS which could lead to exposure of sensitive data.
370 views
Netsec
Researching access tokens for fun and knowledge
https://ift.tt/Cl4Tzhn

Submitted July 14, 2022 at 04:15PM by One-Assistance-8552
via reddit https://ift.tt/qxgfnRJ
Huntandhackett
Researching access tokens for fun and knowledge
In this blog we dive into compound identities, Azure Key Vault, JWT tokens and bound identities. For fun and to understand their inner workings.
365 views
Netsec
BGGP3: Crash on the Cob
https://ift.tt/yV2IAlP

Submitted July 14, 2022 at 08:36PM by netsecfriends
via reddit https://ift.tt/Jm5PkTD
remyhax.xyz
BGGP3: Crash on the Cob
For this years Binary Golf Grand Prix I started off by learning to fuzz properly, use a debugger properly, and various tooling. The objective was originally to hit all of the bonus points:
+1024 pts, if you submit a writeup about your process and details…
364 views
Netsec
Exploiting Arbitrary Object Instantiations in PHP without Custom Classes
https://ift.tt/TSJPy54

Submitted July 14, 2022 at 08:34PM by albinowax
via reddit https://ift.tt/dihQfJZ
PT SWARM
Exploiting Arbitrary Object Instantiations in PHP without Custom Classes
We discovered an application with "new $a($b)" and no user-defined classes. We turned it to RCE.
396 views
Netsec
CVE-2022-29593
https://ift.tt/OYv1ncg

Submitted July 15, 2022 at 09:30AM by 9lyph
via reddit https://ift.tt/bJAdhCf
GitHub
GitHub - 9lyph/CVE-2022-29593
Contribute to 9lyph/CVE-2022-29593 development by creating an account on GitHub.
386 views
Netsec
IDA Plugin to reconstruct .proto files used in the analyzed binary
https://ift.tt/63ujKXB

Submitted July 15, 2022 at 01:02PM by Martypx00
via reddit https://ift.tt/UxrhDdl
GitHub
GitHub - Accenture/protobuf-finder: IDA Pro plugin for reconstructing original .proto files from binary.
IDA Pro plugin for reconstructing original .proto files from binary. - GitHub - Accenture/protobuf-finder: IDA Pro plugin for reconstructing original .proto files from binary.
427 views
Netsec
Mantis - The most powerful botnet
https://ift.tt/T8GnaBF

Submitted July 15, 2022 at 06:45PM by MiguelHzBz
via reddit https://ift.tt/P02Od7W
425 views
Netsec
How Windows Processes Work - CreateProcess Workflow (Part 2)
https://ift.tt/alR9jeQ

Submitted July 16, 2022 at 10:49PM by sciencestudent99
via reddit https://ift.tt/fXCzL0y
FourCore
Genesis - The Birth of a Windows Process (Part 2) - FourCore
What happens when you run an executable on your Windows machine? In this second and final part of the series, we will go through the exact flow CreateProcess carries out to launch a process on Windows.
419 views
Netsec
Build your first LLVM Obfuscator
https://ift.tt/zoBuEWT

Submitted July 17, 2022 at 03:59PM by CyberMasterV
via reddit https://ift.tt/a8Ev3Hj
Medium
Build your first LLVM Obfuscator
Welcome to a tutorial on building your first LLVM based obfuscator. In this post we will list the advantages of using LLVM tools, briefly…
452 views
Netsec
GitHub - karimhabush/cyberowl: A daily updated summary of the most frequent types of security incidents currently being reported from different sources.
https://ift.tt/dDkHIQL

Submitted July 17, 2022 at 07:32PM by karimhabush
via reddit https://ift.tt/GY1iNV7
GitHub
GitHub - karimhabush/cyberowl: A daily updated summary of the most frequent types of security incidents currently being reported…
A daily updated summary of the most frequent types of security incidents currently being reported from different sources. - GitHub - karimhabush/cyberowl: A daily updated summary of the most freque...
404 views
Netsec
A Deep Dive Into ALPHV/BlackCat Ransomware
https://ift.tt/fiwKnVb

Submitted July 18, 2022 at 07:39PM by CyberMasterV
via reddit https://ift.tt/eIYw1dB
SecurityScorecard
A Deep Dive Into ALPHV/BlackCat Ransomware
ALPHV/BlackCat is the first widely known ransomware written in Rust. The malware must run with an access token consisting of a 32-byte value (--access-token parameter), and other parameters can be specified. Learn about its particular behaviors.
358 views
Netsec
Research: Auditing WordPress Plugins (35 CVEs in 3 months)
https://ift.tt/K9Zj2ym

Submitted July 18, 2022 at 06:52PM by andersonmvd
via reddit https://ift.tt/hXg9CWc
cyllective Blog
Research: Auditing WordPress Plugins
A summarized post about security research of WordPress plugins and the explorational audit spree which followed.
368 views
Netsec
unRAR CVE-2022-30333 deep dive (including full exploit for Zimbra)
https://ift.tt/Ywy1q3L

Submitted July 18, 2022 at 10:30PM by iagox86
via reddit https://ift.tt/4rWzVGy
AttackerKB
CVE-2022-30333 | AttackerKB
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a…
356 views
Netsec
Disrupting Kill Chains with Just-in-Time Access Environments
https://ift.tt/PDTvYm8

Submitted July 18, 2022 at 09:54PM by mesok8
via reddit https://ift.tt/kuxc65m
Akeyless
Disrupting the Kill Chain with Just-in-Time Access | Akeyless
The classic perimeter concept evolved to focus on identities, so will our use of secrets. By virtually eliminating the long time window an attacker gets with compromised static secrets, dynamic secrets severely limit an attacker’s ability to maintain access…
333 views
Netsec
/r/netsec's Q3 2022 Information Security Hiring Thread
OverviewIf you have open positions at your company for information security professionals and would like to hire from the /r/netsec user base, please leave a comment detailing any open job listings at your company.We would also like to encourage you to post internship positions as well. Many of our readers are currently in school or are just finishing their education.Please reserve top level comments for those posting open positions.Rules & GuidelinesInclude the company name in the post. If you want to be topsykret, go recruit elsewhere. Include the geographic location of the position along with the availability of relocation assistance or remote work.If you are a third party recruiter, you must disclose this in your posting.Please be thorough and upfront with the position details.Use of non-hr'd (realistic) requirements is encouraged.While it's fine to link to the position on your companies website, provide the important details in the comment.Mention if applicants should apply officially through HR, or directly through you.Please clearly list citizenship, visa, and security clearance requirements.You can see an example of acceptable posts by perusing past hiring threads.FeedbackFeedback and suggestions are welcome, but please don't hijack this thread (use moderator mail instead.)

Submitted July 18, 2022 at 11:21PM by ranok
via reddit https://ift.tt/Du9mpl4
344 views
Netsec
new privesc on AWS (DataScientist policy)
https://ift.tt/stlRCkS

Submitted July 19, 2022 at 02:00AM by stk_
via reddit https://ift.tt/GxXfErQ
333 views
Netsec
chip-red-pill/MicrocodeDecryptor - understand how Intel mitigated spectre vulnerability, explore the implementation of Intel TXT, SGX,VT-x technologies
https://ift.tt/UuPEkdr

Submitted July 19, 2022 at 07:13AM by Gallus
via reddit https://ift.tt/ve0IupO
GitHub
GitHub - chip-red-pill/MicrocodeDecryptor
Contribute to chip-red-pill/MicrocodeDecryptor development by creating an account on GitHub.
333 views
Netsec
EJS, Server side template injection RCE (CVE-2022-29078)
https://ift.tt/2EmBV0e

Submitted July 19, 2022 at 07:10AM by Gallus
via reddit https://ift.tt/V5sYODi
Eslam Salem blog
EJS, Server side template injection RCE (CVE-2022-29078) - writeup
Note: The objective of this research or any similar researches is to improve the nodejs ecosystem security level.
Recently i was working on a related project using one of the most popular Nodejs templating engines Embedded JavaScript templates - EJS
In my…
370 views
Netsec
The Workings of Whatsapp's Backups (and why you should enable End-to-End Encrypted Backups)
https://ift.tt/obie6c7

Submitted July 19, 2022 at 05:45PM by IceCereal
via reddit https://ift.tt/92kYKB1
sudneela.github.io
The Workings of Whatsapp's Backups (and why you should enable End-to-End Encrypted Backups)
About This Blog Post This blog post is a technical report of a presentation that I presented on June 10, 2022 for the second task of my Mobile Security course. I decided to investigate how WhatsApp backs up messages to the cloud with the “end-to-end encrypted…
442 views
Netsec
Writeup for Pwn2Own Miami 2022: OPC UA .NET Standard Trusted Application Check Bypass
https://ift.tt/WE2Hw5k

Submitted July 19, 2022 at 10:21PM by xnyhps
via reddit https://ift.tt/0GOkSlm
sector7.computest.nl
Pwn2Own Miami 2022: OPC UA .NET Standard Trusted Application Check Bypass
This write-up is part 1 of a series of write-ups about the 5 vulnerabilities we demonstrated last April at Pwn2Own Miami. This is the write-up for the Trusted Application Check Bypass in the OPC Foundation’s OPC UA .NET Standard.
357 views