/r/netsec's Q4 2023 Information Security Hiring Thread
OverviewIf you have open positions at your company for information security professionals and would like to hire from the /r/netsec user base, please leave a comment detailing any open job listings at your company.We would also like to encourage you to post internship positions as well. Many of our readers are currently in school or are just finishing their education.Please reserve top level comments for those posting open positions.Rules & GuidelinesInclude the company name in the post. If you want to be topsykret, go recruit elsewhere. Include the geographic location of the position along with the availability of relocation assistance or remote work.If you are a third party recruiter, you must disclose this in your posting.Please be thorough and upfront with the position details.Use of non-hr'd (realistic) requirements is encouraged.While it's fine to link to the position on your companies website, provide the important details in the comment.Mention if applicants should apply officially through HR, or directly through you.Please clearly list citizenship, visa, and security clearance requirements.You can see an example of acceptable posts by perusing past hiring threads.FeedbackFeedback and suggestions are welcome, but please don't hijack this thread (use moderator mail instead.)
Submitted October 05, 2023 at 12:11AM by netsec_burn
via reddit https://ift.tt/qVAoDt6
OverviewIf you have open positions at your company for information security professionals and would like to hire from the /r/netsec user base, please leave a comment detailing any open job listings at your company.We would also like to encourage you to post internship positions as well. Many of our readers are currently in school or are just finishing their education.Please reserve top level comments for those posting open positions.Rules & GuidelinesInclude the company name in the post. If you want to be topsykret, go recruit elsewhere. Include the geographic location of the position along with the availability of relocation assistance or remote work.If you are a third party recruiter, you must disclose this in your posting.Please be thorough and upfront with the position details.Use of non-hr'd (realistic) requirements is encouraged.While it's fine to link to the position on your companies website, provide the important details in the comment.Mention if applicants should apply officially through HR, or directly through you.Please clearly list citizenship, visa, and security clearance requirements.You can see an example of acceptable posts by perusing past hiring threads.FeedbackFeedback and suggestions are welcome, but please don't hijack this thread (use moderator mail instead.)
Submitted October 05, 2023 at 12:11AM by netsec_burn
via reddit https://ift.tt/qVAoDt6
Binarly REsearch - Multiple Critical Vulnerabilities in Supermicro BMCs
https://ift.tt/tYpduzv
Submitted October 05, 2023 at 01:49AM by netsec_burn
via reddit https://ift.tt/itdZDYw
https://ift.tt/tYpduzv
Submitted October 05, 2023 at 01:49AM by netsec_burn
via reddit https://ift.tt/itdZDYw
Critical Provesc Zero Day in Confluence
https://ift.tt/Wq2blu4
Submitted October 05, 2023 at 02:48AM by Cubensis-n-sanpedro
via reddit https://ift.tt/kYrVjCf
https://ift.tt/Wq2blu4
Submitted October 05, 2023 at 02:48AM by Cubensis-n-sanpedro
via reddit https://ift.tt/kYrVjCf
X.Org Hit By New Security Vulnerabilities - Two Date Back To 1988 With X11R2 - Hack Liberty
https://ift.tt/bjxYZ3I
Submitted October 05, 2023 at 05:40AM by DR_Kek-on-twitter
via reddit https://ift.tt/wUytB6r
https://ift.tt/bjxYZ3I
Submitted October 05, 2023 at 05:40AM by DR_Kek-on-twitter
via reddit https://ift.tt/wUytB6r
Pitfalls of relying on eBPF for security monitoring (and some solutions)
https://ift.tt/42Qlfng
Submitted October 05, 2023 at 12:23PM by sanitybit
via reddit https://ift.tt/t9aLo06
https://ift.tt/42Qlfng
Submitted October 05, 2023 at 12:23PM by sanitybit
via reddit https://ift.tt/t9aLo06
Trail of Bits Blog
Pitfalls of relying on eBPF for security monitoring (and some solutions)
By Artem Dinaburg eBPF (extended Berkeley Packet Filter) has emerged as the de facto Linux standard for security monitoring and endpoint observability. It is used by technologies such as BPFTrace, …
Introducing cmloot.py - New tooling for attacking Configuration Manager
https://ift.tt/jHtKn9y
Submitted October 05, 2023 at 03:11PM by ivxrehc
via reddit https://ift.tt/dt0M7G1
https://ift.tt/jHtKn9y
Submitted October 05, 2023 at 03:11PM by ivxrehc
via reddit https://ift.tt/dt0M7G1
Shelltrail - Swedish offensive security experts
Introducing cmloot.py - New tooling for attacking Configuration Manager | Shelltrail - Swedish offensive security experts
cmloot.py introduces new angles to exploit Configuration Manager, which has become the new black in internal security assessments of Active Directory environments.
Yet More Unauth Remote Command Execution Vulns in Firewalls - Sangfor Edition
https://ift.tt/DsYUGfa
Submitted October 05, 2023 at 02:58PM by dx7r__
via reddit https://ift.tt/FCvgYie
https://ift.tt/DsYUGfa
Submitted October 05, 2023 at 02:58PM by dx7r__
via reddit https://ift.tt/FCvgYie
watchTowr Labs
Yet More Unauth Remote Command Execution Vulns in Firewalls - Sangfor Edition
You’re likely seeing a trend - yes, we know, we look at a lot of enterprise-grade software and appliances. Today, we’re not here to change your expectations of us - we’re looking at more enterprise-grade software and appliances.
Today, we’re looking at Sangfor’s…
Today, we’re looking at Sangfor’s…
NetHunter Hacker IX: How to use MANA Toolkit to create Wi-Fi rogue access point and intercept traffic
https://ift.tt/zQujfs3
Submitted October 05, 2023 at 04:40PM by barakadua131
via reddit https://ift.tt/ajpEXns
https://ift.tt/zQujfs3
Submitted October 05, 2023 at 04:40PM by barakadua131
via reddit https://ift.tt/ajpEXns
Mobile Hacker
NetHunter Hacker IX: Use MANA Toolkit to create Wi-Fi rogue access point and intercept traffic Mobile Hacker
MANA allows you to perform various Wi-Fi attacks even using your Android device. The MANA (MITM And Network Attacks) Wireless Toolkit is a suite of tools that can be used to perform man-in-the-middle (MITM) attacks, create evil access point, denial of service…
Curl: Severity HIGH security problem to be announced with curl 8.4.0
https://ift.tt/QBSz2sW
Submitted October 05, 2023 at 04:24PM by Wiremask
via reddit https://ift.tt/wBxYgy3
https://ift.tt/QBSz2sW
Submitted October 05, 2023 at 04:24PM by Wiremask
via reddit https://ift.tt/wBxYgy3
GitHub
Severity HIGH security problem to be announced with curl 8.4.0 on Oct 11 · curl/curl · Discussion #12026
We are cutting the release cycle short and will release curl 8.4.0 on October 11, including fixes for a severity HIGH CVE and one severity LOW. The one rated HIGH is probably the worst curl securit...
Beyond XSS: Explore the Web Front-end Security Universe
https://ift.tt/1yIZq6g
Submitted October 05, 2023 at 02:26PM by Available-Egg-7367
via reddit https://ift.tt/aE27cSb
https://ift.tt/1yIZq6g
Submitted October 05, 2023 at 02:26PM by Available-Egg-7367
via reddit https://ift.tt/aE27cSb
aszx87410.github.io
About This Series | Beyond XSS
As a software engineer, you must be familiar with information security. In your work projects, you may have gone through security audits, including static code scanning, vulnerability scanning, or penetration testing. You may have even done more comprehensive…
GitHub - kitabisa/teler-proxy: 🔐 teler Proxy enabling seamless integration with teler WAF 🛡️ to protect locally running web service against a web-based attacks. 🥷
https://ift.tt/M9PEh8R
Submitted October 06, 2023 at 02:49PM by dwisiswant0
via reddit https://ift.tt/gM5VlXP
https://ift.tt/M9PEh8R
Submitted October 06, 2023 at 02:49PM by dwisiswant0
via reddit https://ift.tt/gM5VlXP
GitHub
GitHub - kitabisa/teler-proxy: 🔐 teler Proxy enabling seamless integration with teler WAF 🛡️ to protect locally running web service…
🔐 teler Proxy enabling seamless integration with teler WAF 🛡️ to protect locally running web service against a web-based attacks. 🥷 - GitHub - kitabisa/teler-proxy: 🔐 teler Proxy enabling seamless ...
8 Commandments of Red Cross (ICRC) to Hacker Groups: Do Not Harm Civilians
https://ift.tt/0EtVT4H
Submitted October 06, 2023 at 04:16PM by ziyahanalbeniz
via reddit https://ift.tt/fPLzNgv
https://ift.tt/0EtVT4H
Submitted October 06, 2023 at 04:16PM by ziyahanalbeniz
via reddit https://ift.tt/fPLzNgv
SOCRadar® Cyber Intelligence Inc.
8 Commandments of Red Cross (ICRC) to Hacker Groups: Do Not Harm Civilians
For the very first time, the International Committee of the Red Cross (ICRC) has released a set of guidelines outlining rules of engagement...
Predator Files: Technical deep-dive into Intellexa Alliance's surveillance products
https://ift.tt/Jfukc9E
Submitted October 06, 2023 at 06:13PM by DonnchaOC
via reddit https://ift.tt/pMbK94O
https://ift.tt/Jfukc9E
Submitted October 06, 2023 at 06:13PM by DonnchaOC
via reddit https://ift.tt/pMbK94O
Amnesty International Security Lab
Predator Files: Technical deep-dive into Intellexa Alliance's surveillance products - Amnesty International Security Lab
An expose the Intellexa Alliance's surveillance capabilities including advanced spyware, mass surveillance platforms, and tactical systems for targeting and intercepting nearby devices.
To Schnorr and beyond (Part 1)
https://ift.tt/8BT5sIV
Submitted October 06, 2023 at 07:31PM by feross
via reddit https://ift.tt/RWYDHsf
https://ift.tt/8BT5sIV
Submitted October 06, 2023 at 07:31PM by feross
via reddit https://ift.tt/RWYDHsf
A Few Thoughts on Cryptographic Engineering
To Schnorr and beyond (Part 1)
Warning: extremely wonky cryptography post. Also, possibly stupid and bound for nowhere. One of the hardest problems in applied cryptography (and perhaps all of computer science!) is explaining why…
Vulnerabilities.io - A single pane of glass for your software and software supply chain risks. We're a new platform and looking for user trials and feedback. Identify secrets in code, generate real-time software bill of materials and discover vulnerable third party dependencies. Sign up for free!
https://ift.tt/GEUmP5K
Submitted October 07, 2023 at 02:14AM by VulnerabilitiesIo
via reddit https://ift.tt/z7BsV6S
https://ift.tt/GEUmP5K
Submitted October 07, 2023 at 02:14AM by VulnerabilitiesIo
via reddit https://ift.tt/z7BsV6S
www.vulnerabilities.io
vulnerabilities.io - Vulnerability identification and management
Vulnerability identification and management in one place - a cost-effective developer friendly platform for managing vulnerabilities
Python scanner for critical Atlassian Confluence vulnerability (CVE-2023-22515)
https://ift.tt/f35Q1r6
Submitted October 07, 2023 at 03:20AM by kalibabka
via reddit https://ift.tt/gGJm3ZS
https://ift.tt/f35Q1r6
Submitted October 07, 2023 at 03:20AM by kalibabka
via reddit https://ift.tt/gGJm3ZS
GitHub
GitHub - ErikWynter/CVE-2023-22515-Scan: Scanner for CVE-2023-22515 - Broken Access Control Vulnerability in Atlassian Confluence
Scanner for CVE-2023-22515 - Broken Access Control Vulnerability in Atlassian Confluence - ErikWynter/CVE-2023-22515-Scan
Phishing 2FA 25 years ago
https://ift.tt/Khlpeqj
Submitted October 07, 2023 at 03:14AM by nantucket
via reddit https://ift.tt/YOABG6E
https://ift.tt/Khlpeqj
Submitted October 07, 2023 at 03:14AM by nantucket
via reddit https://ift.tt/YOABG6E
Livejournal
❅ phishing 2fa 25 years ago ❅
two-factor authentication is revered as the end all be all of account security. it shouldn't be. it's been easy to phish 2fa since the 90s. aol employees used physical "rsa securid" devices displaying 6 digits that changed once per minute. i once conceptualized…
AI based ethical hacking tool
https://ift.tt/9mIofP4
Submitted October 07, 2023 at 06:58AM by Civil_Alternative410
via reddit https://ift.tt/Nby4IZq
https://ift.tt/9mIofP4
Submitted October 07, 2023 at 06:58AM by Civil_Alternative410
via reddit https://ift.tt/Nby4IZq
GitHub
GitHub - berylliumsec/nebula: AI-Powered Ethical Hacking Assistant
AI-Powered Ethical Hacking Assistant. Contribute to berylliumsec/nebula development by creating an account on GitHub.
۶ attacking tumblr in 2011 ۶
https://ift.tt/br3KEu1
Submitted October 08, 2023 at 04:29AM by nantucket
via reddit https://ift.tt/iGzQy1L
https://ift.tt/br3KEu1
Submitted October 08, 2023 at 04:29AM by nantucket
via reddit https://ift.tt/iGzQy1L
Livejournal
۶ attacking tumblr in 2011 ۶
author : pad, x.com/123456 i was the most prolific tumblr spammer in 2011/2012. tumblr was popular then - so hacking/spamming it paid the rent. the most heavily publicized tumblr-related event i cast into existence was a scaled phishing attack. i wrote a…
Exploring What AI-powered Cyberattacks Could Look Like
https://ift.tt/CsNeAUI
Submitted October 08, 2023 at 10:07PM by sshh12
via reddit https://ift.tt/0ikGDhE
https://ift.tt/CsNeAUI
Submitted October 08, 2023 at 10:07PM by sshh12
via reddit https://ift.tt/0ikGDhE
blog.sshh.io
AI-powered Cyberattacks
What could cyberattacks look like with advanced generative AI capabilities?
WatchGuard Firewall Clientless SSO sends out its password hashes to random devices on the network.
https://ift.tt/RP9Arst
Submitted October 09, 2023 at 04:56AM by ezzzzz
via reddit https://ift.tt/x15Z8Sg
https://ift.tt/RP9Arst
Submitted October 09, 2023 at 04:56AM by ezzzzz
via reddit https://ift.tt/x15Z8Sg
Research Blog | Project Black
A Watchguard Vulnerability That's a "Feature" - GuardLapse
Picture this: a feature from a security appliance that willingly dispatches its password hashes to any device on the network. That is precisely what WatchGuard's SSO does under certain circumstances. Does a bad feature warrant filing a CVE? I'm not sure.