In researching the mystery surrounding alleged exploitation in the wild of CVE-2020-2509, we found what make be an entirely new vulnerability.

A new version of Certipy has been released along with a forked BloodHound GUI that has PKI support! In this blog post, we will look at…

GLUFS allows you to automate the tedious process of finding leaks using format string vulnerabilities. - Diego-AltF4/GLUFS

In reading Yan Zhu’s excellent write-up of the JSON CSRF vulnerability she found in OkCupid one thing puzzled me: I was under the impression that browsers these days default to …

A brief guide to this helpful feature

Posted in r/netsec by u/sanitybit • 3 points and 1 comment

Elastic Security has long had open source roots. Learn how we're continuing to build on that foundation today by opening a new public repo, protection-artifacts.

Posted in r/netsec by u/Gallus • 0 points and 0 comments

RouterOS release 7.4beta4 introduced containers for MikroTik devices. From the changelog: container - added support for running Docker (TM) containers on AR...

Disclaimer: as many other security researchers […]

This post covers an interesting vulnerability we (Jayden and David) found in the io_uring subsystem of the Linux kernel.

Post the Office macros deprecation, a new malware delivery method is on the rise. Container file formats like ISOs/RARs/ZIPs and LNKs/DLLs can bypass Mark-of-the-Web, Microsoft’s prime defence.

Note: This is Part 1 in a series of posts discussing security analysis of printer drivers extracted and installed from public resources. This part explains how we located publicly available drivers distributed by WeWork and conducted initial analysis. Part…

Learn how passwordless authentication works and how it's built using WebAuthn.

Useful Techniques, Tactics, and Procedures for red teamers and defenders, alike! - GitHub - RoseSecurity/Red-Teaming-TTPs: Useful Techniques, Tactics, and Procedures for red teamers and defenders, ...