Introduction In part three of this series, we will analyse Brute Ratel, a command and control framework developed by Dark Vortex. As the C2 is lesser known, we can see...

Beside bug fixes this release introduces many new features and it was so much fun working on it. We think this release is very beautiful and we are really proud of it! You are invited to celebrate ...

On Tuesday, December 7th 2021 I discovered a critical vulnerability in Cloudflare’s Email Routing service. This vulnerabilty enabled anyone to modify the routing configuration of any domain using the service. A bad actor could have overwritten the destination…

Identity and Access Management has always been a major area of concern and focus for organizations, across all the different systems in the estate, including source control management systems (SCM), and specifically GitHub. Organizations spend a great deal…

A tool to take domains from stdin and output to stdout if have at least one IP address associated with the selected country.

Paranoid's library contains implementations of checks for well known weaknesses on cryptographic artifacts. - google/paranoid_crypto

Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. Official Twitter/X account @PersistSniper. Made w...

Akamai researchers have analyzed ASNs to determine some shocking stats about the state of malicious IPs and where they are from.

Last months I’ve been working on a new project called didsomeoneclone.me. Last years I’ve been analyzing many phishing websites for fun. During those analysi...

In researching the mystery surrounding alleged exploitation in the wild of CVE-2020-2509, we found what make be an entirely new vulnerability.

A new version of Certipy has been released along with a forked BloodHound GUI that has PKI support! In this blog post, we will look at…

GLUFS allows you to automate the tedious process of finding leaks using format string vulnerabilities. - Diego-AltF4/GLUFS

In reading Yan Zhu’s excellent write-up of the JSON CSRF vulnerability she found in OkCupid one thing puzzled me: I was under the impression that browsers these days default to …

A brief guide to this helpful feature

Posted in r/netsec by u/sanitybit • 3 points and 1 comment

Elastic Security has long had open source roots. Learn how we're continuing to build on that foundation today by opening a new public repo, protection-artifacts.

Posted in r/netsec by u/Gallus • 0 points and 0 comments