Netsec – Telegram
Netsec
@RNetsec
7.36K subscribers
22.3K links
This channel posts the feed from r/netsec.
For any suggestions dm @streaak
Donate to keep the bot running https://www.paypal.me/akhilgv
Download Telegram
About
Blog
Apps
Platform
Join
Netsec
7.36K subscribers
Netsec
SeeProxy: Golang reverse proxy with CobaltStrike malleable profile validation.
https://ift.tt/Uw6bV5g

Submitted January 19, 2023 at 05:42PM by bambo_gambo
via reddit https://ift.tt/e6cbHoK
GitHub
GitHub - nopbrick/SeeProxy: Golang reverse proxy with CobaltStrike malleable profile validation.
Golang reverse proxy with CobaltStrike malleable profile validation. - GitHub - nopbrick/SeeProxy: Golang reverse proxy with CobaltStrike malleable profile validation.
356 views
Netsec
Exploiting CVE-2021-3490 for Container Escapes
https://ift.tt/r2cXUpe

Submitted January 19, 2023 at 05:01PM by Gallus
via reddit https://ift.tt/v3dSMqc
CrowdStrike.com
Exploiting CVE-2021-3490 for Container Escapes | CrowdStrike
Learn how to modify and exploit a Linux Kernel vulnerability to escape container environments, and how CrowdStrike can help to prevent and hunt for similar threats.
355 views
Netsec
POC Exploit for CVE-2022-47966 affecting multiple ManageEngine products
https://ift.tt/4cZl7zt

Submitted January 19, 2023 at 06:52PM by scopedsecurity
via reddit https://ift.tt/we3bRx4
GitHub
GitHub - horizon3ai/CVE-2022-47966: POC for CVE-2022-47966 affecting multiple ManageEngine products
POC for CVE-2022-47966 affecting multiple ManageEngine products - horizon3ai/CVE-2022-47966
387 views
Netsec
Simple, open-source, lightweight stress testing tool
https://ift.tt/CJDx5pf

Submitted January 19, 2023 at 09:38PM by chrisy_e
via reddit https://ift.tt/NblMW8E
GitHub
GitHub - getanteon/anteon: Anteon (formerly Ddosify) - Effortless Kubernetes Monitoring and Performance Testing. Available on CLI…
Anteon (formerly Ddosify) - Effortless Kubernetes Monitoring and Performance Testing. Available on CLI, Self-Hosted, and Cloud - getanteon/anteon
371 views
Netsec
New Remcos RATversion uses direct syscalls to evade detection.
https://ift.tt/nPdt9Wk

Submitted January 19, 2023 at 10:49PM by woja111
via reddit https://ift.tt/1IFTKng
Rapid7
Rapid7: Endpoint to Cloud, Command Your Attack Surface
374 views
Netsec
Aerleon a vendor agnostic firewall management system
https://ift.tt/5L72C9O

Submitted January 20, 2023 at 12:19AM by ankenyr
via reddit https://ift.tt/TFMavi7
GitHub
GitHub - aerleon/aerleon: Multi-platform ACL generation system
Multi-platform ACL generation system. Contribute to aerleon/aerleon development by creating an account on GitHub.
365 views
Netsec
How to completely own an airline in 3 easy steps
https://ift.tt/DsZiIY6

Submitted January 20, 2023 at 07:48AM by _vavkamil_
via reddit https://ift.tt/CoDSNga
maia :3
how to completely own an airline in 3 easy steps
and grab the TSA nofly list along the way
378 views
Netsec
Building a io_uring based network scanner in Rust
https://ift.tt/wxBmGOU

Submitted January 20, 2023 at 05:08PM by Gallus
via reddit https://ift.tt/zNESQx7
Synacktiv
Building a io_uring based network scanner in Rust
355 views
Netsec
Abusing Adopted Authority on IBM i
https://ift.tt/Cw3IhmT

Submitted January 20, 2023 at 07:03PM by buherator
via reddit https://ift.tt/Bb1S3hP
Silent Signal Techblog
Abusing Adopted Authority on IBM i
Because we can!
348 views
Netsec
Vijilan - Managed service Providers (msp)
https://ift.tt/UekdrDm

Submitted January 21, 2023 at 01:49AM by High_Sleep3694
via reddit https://ift.tt/LhX04gI
344 views
Netsec
CVE-2022-25637 - Multiple TOCTOU vulns in peripheral devices (Razer, EVGA, MSI, AMI)
https://ift.tt/1pkVzIm

Submitted January 21, 2023 at 01:17AM by jat0369
via reddit https://ift.tt/5FAweZ3
Cyberark
Inglourious Drivers – A Journey of Finding Vulnerabilities in Drivers
TL;DR I discovered multiple bugs in OEM vendors for peripheral devices, which affected many users of these OEM vendors (Razer, EVGA, MSI, AMI). Many of the vulnerabilities originated in a...
348 views
Netsec
The SSL Certificate Issuer Field is a Lie
https://ift.tt/D1rc5lE

Submitted January 21, 2023 at 05:03AM by self
via reddit https://ift.tt/r75RsEW
www.agwa.name
The SSL Certificate Issuer Field is a Lie
Why certificates issued by "Cloudflare" and "Baltimore" are really issued by DigiCert
319 views
Netsec
libgit2 fails to verify SSH keys by default
https://ift.tt/LWFxzGD

Submitted January 21, 2023 at 06:38AM by bascule
via reddit https://ift.tt/4CILrWk
GitHub
libgit2 fails to verify SSH keys by default
libgit2, when compiled using the optional, included [libssh2](https://www.libssh2.org) backend, fails to verify SSH keys by default.

## Denoscription

When using an SSH remote with the optional,...
341 views
Netsec
U-Boot – Unchecked Download Size and Direction in USB DFU (CVE-2022-2347)
https://ift.tt/XqyNErx

Submitted January 21, 2023 at 10:35AM by Gallus
via reddit https://ift.tt/wnxofi3
NCC Group Research Blog
Technical Advisory – U-Boot – Unchecked Download Size and Direction in USB DFU (CVE-2022-2347)
Vendor: DENX Software Engineering Vendor URL: Versions affected: v2012.10-rc1 to v2023.01-rc1 Systems Affected: All systems with CONFIG_DFU_OVER_USB or CONFIG_SPL_DFU enabled Author: <Sultan Qas…
353 views
Netsec
Somnium: Script to test netsec detection capabilities.
https://ift.tt/78GsYK4

Submitted January 21, 2023 at 11:57AM by Th4ray
via reddit https://ift.tt/zWSYNFi
GitHub
GitHub - asluppiter/Somnium: Script to test NetSec capabilities.
Script to test NetSec capabilities. Contribute to asluppiter/Somnium development by creating an account on GitHub.
379 views
Netsec
Researchers release PoC for iTLB-multihit bug affecting Intel cpus (crashes host from guest in most hypervisors).
https://ift.tt/ALHzVxB

Submitted January 21, 2023 at 11:36PM by Ch0pdr0p
via reddit https://ift.tt/VvgspW3
GitHub
GitHub - ergot86/itlb_poc: iTLB multihit PoC
iTLB multihit PoC. Contribute to ergot86/itlb_poc development by creating an account on GitHub.
356 views
Netsec
Using a service with markdown capabilities? Good chance it's vulnerable and attackers can easily take it down
https://ift.tt/Gscn2OB

Submitted January 22, 2023 at 01:45PM by roy_6472
via reddit https://ift.tt/uqhl8FO
Legitsecurity
The MarkdownTime Vulnerability: How to Avoid This DoS Attack on Business Critical Services
We explore a vulnerability we found in a popular implementation of the markdown engine and the potential Denial-of-Service (DoS) attack that it could cause on projects rendering markdown.
357 views
Netsec
Git repository of Linux forensic/monitoring noscripts (small side project for implementing ideas and testing stuff I read somewhere)
https://ift.tt/bUvIxPY

Submitted January 22, 2023 at 05:25PM by sqall01
via reddit https://ift.tt/5uAQRjx
GitHub
GitHub - sqall01/LSMS: Linux Security and Monitoring Scripts
Linux Security and Monitoring Scripts. Contribute to sqall01/LSMS development by creating an account on GitHub.
338 views
Netsec
Studying Conformance of MANRS Members (routing security)
https://ift.tt/D7bMCPI

Submitted January 22, 2023 at 07:34PM by danyork
via reddit https://ift.tt/MZejxE5
325 views
Netsec
(In)Security of the "Pass" password manager
https://ift.tt/h9T27pm

Submitted January 22, 2023 at 09:48PM by Gallus
via reddit https://ift.tt/AzftlXw
rot256.dev
(In)Security of the "Pass" password manager
What is Pass? What is “Pass; the standard unix password manager”?
Password management should be simple and follow Unix philosophy. With pass, each password lives inside of a gpg encrypted file whose filename is the noscript of the website or resource that requires…
345 views
Netsec
CVE-2020-36109 POC - ASUS routers stack overflow
https://ift.tt/lJQWuO2

Submitted January 22, 2023 at 10:29PM by NoPaleontologist7419
via reddit https://ift.tt/OPB5Xcm
GitHub
GitHub - sunn1day/CVE-2020-36109-POC: CVE-2020-36109 PoC causing DoS
CVE-2020-36109 PoC causing DoS. Contribute to sunn1day/CVE-2020-36109-POC development by creating an account on GitHub.
339 views