Explore OpenAPI security best practices. Learn the key methods and how they're implemented. See how liblab enhances SDK creation.

Following the adventure of manually discovering network-based vulnerabilities in the Linux kernel, I'm adding ksmbd-fuzzing functionality to the already extensive kernel-fuzzing tool that is Syzkaller.

0x01 PrefaceHere is the explicit denoscription about Spring Kafka deserialization vulnerability in Vmware security bulletin. Reference https://spring.io/security/cve-2023-34040 According to the descrip

The article covers the concept of SBOM, its advantages, popular formats and practical implementations for both Java and Python projects.

Introduction When fuzzing large-scale applications, using a single server (even with 4 64-core AMD Ryzen CPUs) may not be powerful enough by itself. That’s where parallelized/distributed fuzzing comes in (i.e. automatic sharing of results between fuzzing…

IT-Sicherheit beim elektronischen Gesundheitsdossier im Fürstentum Liechtenstein

Due to a recent Google change, MFA isn't truly MFA.

Learn about VulnCheck's development of an exploit for CVE-2023-36845, leading to stealthy code execution on Juniper firewalls, while also assessing the prevalence of unpatched systems in the wild.

AMBERSQUID is a cloud-native cryptojacking operation that leverages AWS services and can cost victims more than $10,000/day.

Defend yourself against tracking and surveillance. Circumvent censorship.

CVE-2023-38346 is a directory traversal vulnerability in Wind River's tarExtract function in VxWorks discovered by Pentagrid during a penetration test and source code review.

Explore this post and more from the netsec community

Dissecting DarkGate’s new key log encryption and tools to decrypt key log files

Crawlector is a threat hunting framework designed for scanning websites for malicious objects. - MFMokbel/Crawlector

The recent discontinuation of the JavaScript code virtualization tool “vm2” sounds the alarm for under-maintained open source packages. This post discusses the factors that led to its discontinuation and what can be done to save “isolated-vm”, the best alternative…