Netsec – Telegram
Netsec
@RNetsec
7.39K subscribers
22.4K links
This channel posts the feed from r/netsec.
For any suggestions dm @streaak
Donate to keep the bot running https://www.paypal.me/akhilgv
Download Telegram
About
Blog
Apps
Platform
Join
Netsec
7.39K subscribers
Netsec
The Gemini protocol seen by this HTTP client person
https://ift.tt/RcYHdni

Submitted May 30, 2023 at 12:29PM by Xadartt
via reddit https://ift.tt/lwMFUAH
501 views
Netsec
Return-Oriented Programming (ROP) Exploits
https://ift.tt/U9Aj63o

Submitted May 30, 2023 at 12:15PM by 0x5FC3
via reddit https://ift.tt/c9CNPh7
pop.rdi.sh
ROP Exploits
Your favourite ROP gadget
496 views
Netsec
[CVE-2023-32749] Pydio Cells: Unauthorised Role Assignments
https://ift.tt/Yz4Oty6

Submitted May 30, 2023 at 02:48PM by RedTeamPentesting
via reddit https://ift.tt/r6iPj4w
www.redteam-pentesting.de
RedTeam Pentesting - Pydio Cells: Unauthorised Role Assignments
Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user, it is possible to assign the new user arbitrary roles. By assigning all roles…
493 views
Netsec
Exploring Android Heap allocations in jemalloc 'new'
https://ift.tt/sHdVCJQ

Submitted May 30, 2023 at 03:40PM by Gallus
via reddit https://ift.tt/5U6biye
Synacktiv
Exploring Android Heap allocations in jemalloc 'new'
When writing an exploit for a memory corruption vulnerability, knowing the heap allocator internals is often required to shape the heap as desired. This article will dive into one of Android libc allo
513 views
Netsec
Introducing ScrapingKit
https://ift.tt/nRPSikT

Submitted May 30, 2023 at 03:40PM by ZephrX112
via reddit https://ift.tt/fzeAJsP
Lares Labs
Introducing ScrapingKit
A toolkit for scraping windows apps for keywords to find quick wins on outlook and domain shares.
489 views
Netsec
Fickle Multi-Factor Authentication in Microsoft 365
https://ift.tt/s5BGt6Q

Submitted May 30, 2023 at 02:57PM by CptWin_NZ
via reddit https://ift.tt/o56IiVx
blog.cybercx.co.nz
Fickle Multi-Factor Authentication in Microsoft 365
MFA is widely accepted as necessary in our threat-filled environment, and often forms a critical part of compliance frameworks. Once applied though, what assurance does an organisation have that its configuration is impermeable?
494 views
Netsec
A deep-dive on Pluck CMS vulnerability CVE-2023-25828
https://ift.tt/maUTl7S

Submitted May 30, 2023 at 05:34PM by FineDines
via reddit https://ift.tt/FRo9w3p
Application Security Blog
A deep-dive on Pluck CMS vulnerability CVE-2023-25828
CVE-2023-25828; history, mitigation analysis, and everything you need to know about the remote code execution vulnerability in Pluck CMS. 
517 views
Netsec
New macOS vulnerability, Migraine, could bypass System Integrity Protection
https://ift.tt/6uXP7jU

Submitted May 30, 2023 at 09:52PM by SCI_Rusher
via reddit https://ift.tt/XGDZBna
Microsoft Security Blog
New macOS vulnerability, Migraine, could bypass System Integrity Protection | Microsoft Security Blog
A new vulnerability, which we refer to as “Migraine”, could allow an attacker with root access to bypass System Integrity Protection (SIP) in macOS and perform arbitrary operations on a device.
595 views
Netsec
Google Chrome's V8 JIT Compiler Analysis & Exploit Write-Up (CVE-2020-16040)
https://ift.tt/Cu9LrzG

Submitted May 31, 2023 at 05:35AM by ac1db1tch3z
via reddit https://ift.tt/rvVhisQ
575 views
Netsec
Pass The eWPTX v2 using free resources and labs!
https://ift.tt/GtLvaRE

Submitted May 31, 2023 at 11:49AM by grumpzsux
via reddit https://ift.tt/tpa6JBY
Bug Bounty Hunter. Wannabe Hacker.
Pass the eWPTXv2 Exam on Your First Attempt in 2023!
Finally! As promised, I am sharing my tips and tricks on how to pass the eWPTXv2 exam by INE and eLearnSecurity on your first attempt, using nothing but free resources. This exam is by far the hardest exam that I have taken to date, and I thought it ...
639 views
Netsec
Undercover drIBAN fraud operations 2 - From sLoad to Ramnit | Cleafy Lab
https://ift.tt/Zj9F6ng

Submitted May 31, 2023 at 04:02PM by f3d_0x0
via reddit https://ift.tt/znkTlXB
Cleafy
Undercovering drIBAN fraud operations 2 | Cleafy Labs
The threat intelligence team of Cleafy analyzed undercovering drIBAN fraud operations. Read here the second episode of the series of technical analysis.
553 views
Netsec
I found a remote code execution bug in VSCode that can be triggered from untrusted workspaces. Microsoft fixed it but marked it as moderate severity and ineligible under their bug bounty program.
https://ift.tt/pNZ59qn

Submitted May 31, 2023 at 09:19PM by ammar2
via reddit https://ift.tt/SwzXimx
Ammar's Blog
VSCode Remote Code Execution advisory
My blog, mostly about programming
562 views
Netsec
Bypassing SELinux with init_module
https://ift.tt/DOury1o

Submitted May 31, 2023 at 11:43PM by SeanPesce
via reddit https://ift.tt/UkVRvEH
Blogspot
Bypassing SELinux with init_module
  TL;DR There are two Linux system calls for loading a kernel module - init_module and finit_module . By leveraging ...
522 views
Netsec
XSS vulnerability in the ASP.NET application: examining CVE-2023-24322 in mojoPortal CMS
https://ift.tt/JW1NhA9

Submitted May 31, 2023 at 03:00PM by Hell_walker13
via reddit https://ift.tt/s4gF0np
PVS-Studio
XSS vulnerability in the ASP.NET application: examining CVE-2023…
In this article, we will thoroughly examine the XSS vulnerability in a CMS written in C#. Let′s recall the theory, figure out how the security defect looks from a user′s perspective and in …
530 views
Netsec
chonked pt.1: MiniDLNA 1.3.2 HTTP Chunk Parsing Heap Overflow - Root Cause Analysis
https://ift.tt/aJZXf6b

Submitted June 01, 2023 at 07:45AM by ahigherporpoise
via reddit https://ift.tt/R1L7Juk
hyprblog
chonked pt.1: MiniDLNA 1.3.2 HTTP Chunk Parsing Heap Overflow (CVE-2023-33476) Root Cause Analysis
first part in a two-part series going over a heap overflow in MiniDLNA, a media server commonly deployed in embedded environments. this post provides a summary and root cause analysis of the vulnerability.
516 views
Netsec
[CVE-2021-33690] SSRF vulnerability in SAP NetWeaver DI || CVSS 9.9/10 || RedRays
https://ift.tt/9MRtY34

Submitted June 01, 2023 at 01:43PM by vah_13
via reddit https://ift.tt/xgayK9Y
RedRays - Your SAP Security Solution
[CVE-2021-33690] SSRF vulnerability in SAP NetWeaver DI
Explore the critical Server-Side Request Forgery (SSRF) vulnerability, CVE-2021-33690, in SAP NetWeaver Development Infrastructure, affecting versions 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50. This vulnerability allows attackers with server access to execute…
480 views
Netsec
Welcome New Moderators!
Hey /r/netsec,I'm thrilled to bring some exciting news to you all today. We've expanded our moderation team to include a group of passionate information security professionals who are dedicated to helping /r/netsec continue to serve as your go-to resource for high-quality, technical security content.Please join me in extending a warm welcome to our new moderators:/u/rejuicekeve/u/netsec_burn/u/ustayready/u/qwerty0x41/u/infinitelogins/u/Gallus/u/shellsharks/u/jsonpile/u/voidnull/u/execveatAll of these folks have a shared passion for information security, and a shared vision for /r/netsec as a curated, community-sourced aggregator for top-tier security content and research. We're all here to help cut through the noise of fear-mongering and low quality clickbait, and stick to our roots by rewarding the folks who create high-quality original content.Our new moderators will be working closely with the existing team to uphold and enforce our content guidelines. We believe in open discussion and collaboration, and any disagreements about content removal, spam decisions, bans, or user-facing activity will be handled through conversation with the mod team.I am incredibly excited for this new chapter in /r/netsec, and I am grateful to each of you for making this community what it is. Let's continue to build a thriving and engaging space for high-quality, technical security discourse together.- /u/sanitybitGreetz to SophSec and Busticati worldwide.

Submitted June 01, 2023 at 01:19PM by sanitybit
via reddit https://ift.tt/nfTVgUY
Reddit
r/netsec on Reddit: Welcome New Moderators!
Posted by u/sanitybit - 89 votes and 9 comments
469 views
Netsec
[Fixed] [CVE-2021-33690] SSRF vulnerability in SAP NetWeaver DI
https://ift.tt/9MRtY34

Submitted June 01, 2023 at 02:10PM by vah_13
via reddit https://ift.tt/CWQvk4A
RedRays - Your SAP Security Solution
[CVE-2021-33690] SSRF vulnerability in SAP NetWeaver DI
Explore the critical Server-Side Request Forgery (SSRF) vulnerability, CVE-2021-33690, in SAP NetWeaver Development Infrastructure, affecting versions 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50. This vulnerability allows attackers with server access to execute…
445 views
Netsec
CSP Bypass Unveiled: The Hidden Threat of Bookmarklets
https://ift.tt/MkPUJ1f

Submitted June 01, 2023 at 03:25PM by ziyahanalbeniz
via reddit https://ift.tt/GAd5NYi
SOCRadar® Cyber Intelligence Inc.
CSP Bypass Unveiled: The Hidden Threat of Bookmarklets
A newly developed method for enticing victims involves the addition of bookmarklets and enticing them to click on specific websites.
465 views
Netsec
ChatGPT for Pentesters - A few useful scenarios pentesters need daily
https://ift.tt/zJ0X7Kr

Submitted June 01, 2023 at 03:13PM by ziyahanalbeniz
via reddit https://ift.tt/ZGDcCmH
Medium
ChatGPT for Pentesters
Can we use generative AI or ChatGPT, the most known and used application for penetration testing?
566 views
Netsec
[CVE-2023-33243] STARFACE: Authentication with Password Hash Possible
https://ift.tt/ACuO1lg

Submitted June 01, 2023 at 05:35PM by RedTeamPentesting
via reddit https://ift.tt/X4J7sN0
www.redteam-pentesting.de
STARFACE: Authentication with Password Hash Possible
RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows authentication using the SHA512 hash of the password instead of the cleartext password. While storing password hashes instead of cleartext passwords in an application's…
583 views