Netsec – Telegram
Netsec
@RNetsec
7.46K subscribers
22.4K links
This channel posts the feed from r/netsec.
For any suggestions dm @streaak
Donate to keep the bot running https://www.paypal.me/akhilgv
Download Telegram
About
Blog
Apps
Platform
Join
Netsec
7.46K subscribers
Netsec
Digging for SSRF in NextJS apps
https://ift.tt/MHoKWwF

Submitted May 10, 2024 at 04:09AM by Mempodipper
via reddit https://ift.tt/lFJYMfK
www.assetnote.io
Digging for SSRF in NextJS apps
At Assetnote, we encounter sites running NextJS extremely often; in this blog post we will detail some common misconfigurations we find in NextJS websites, along with a vulnerability we found in the framework.
808 views
Netsec
SSL/TLS, part 3: Toy TLS 1.2 client in ~1600 SLOC of Python.
https://ift.tt/Cm17OlU

Submitted May 10, 2024 at 04:54PM by yurichev
via reddit https://ift.tt/YDrxQzh
760 views
Netsec
Kinsing Demystified - A Comprehensive Technical Guide
https://ift.tt/A5dWMkH

Submitted May 10, 2024 at 06:14PM by Pale_Fly_2673
via reddit https://ift.tt/TIX84c3
756 views
Netsec
Unmasking Adversary Cloud Defense Evasion Strategies: Modify Cloud Compute Infrastructure Part 1
https://ift.tt/keI3EW5

Submitted May 10, 2024 at 08:59PM by permis0
via reddit https://ift.tt/CrNzsJf
permiso.io
Unmasking Adversary Cloud Defense Evasion Strategies: Modify Cloud Compute Infrastructure Part 1
The MITRE ATT&CK Cloud Matrix for Enterprise includes a broad spectrum of tactics and techniques that adversaries use in cloud computing environments. This blog post focuses on techniques related to adversary attempt to modify cloud account's compute service…
789 views
Netsec
Parallel-Committees": A Novelle Secure and High-Performance Distributed Database Architecture
https://ift.tt/3fHgh56

Submitted May 11, 2024 at 02:05AM by SS41BR
via reddit https://ift.tt/tsSJPkG
ResearchGate
(PDF) Novel Fault-Tolerant, Self-Configurable, Scalable, Secure, Decentralized, and High-Performance Distributed Database Replication…
PDF | Describing the originality of the PhD work: *Main contribution and achievement of the thesis: The primary contribution of this thesis is the... | Find, read and cite all the research you need on ResearchGate
772 views
Netsec
Lumma Stealer Malware Analysis
https://ift.tt/3ibD0uc

Submitted May 12, 2024 at 02:03AM by AdvancedFinish6896
via reddit https://ift.tt/p85lCu2
878 views
Netsec
16 years of CVE-2008-0166 - Debian OpenSSL Bug - breaking DKIM and BIMI in 2024
https://ift.tt/IyfOJbL

Submitted May 12, 2024 at 04:59PM by hannob
via reddit https://ift.tt/Ulpe3gy
16years.secvuln.info
16 years of CVE-2008-0166 - Debian OpenSSL Bug
Many DKIM setups used cryptographic keys vulnerable to the 2008 Debian OpenSSL Bug (CVE-2008-0166) in 2024.
806 views
Netsec
Fuzz just about anything (network, GUI, editors, compilers, etc.) with Program Environment Fuzzing
https://ift.tt/R6ES0V4

Submitted May 13, 2024 at 09:11AM by zoomT
via reddit https://ift.tt/fjCxvqO
GitHub
GitHub - GJDuck/EnvFuzz: Fuzz anything with Program Environment Fuzzing
Fuzz anything with Program Environment Fuzzing. Contribute to GJDuck/EnvFuzz development by creating an account on GitHub.
783 views
Netsec
[KIS-2024-04] Cacti <= 1.2.26 Remote Code Execution Vulnerability
https://ift.tt/Yo92kRN

Submitted May 13, 2024 at 02:33PM by eg1x
via reddit https://ift.tt/T39mWFf
Karmainsecurity
Cacti <= 1.2.26 (import.php) Remote Code Execution Vulnerability | Karma(In)Security
This is the personal website of Egidio Romano, a very curious guy from Sicily, Italy. He's a computer security enthusiast, particularly addicted to webapp security.
720 views
Netsec
TrollPersist
https://ift.tt/qWE4ps9

Submitted May 13, 2024 at 10:33PM by cybersectroll
via reddit https://ift.tt/numFAIB
GitHub
GitHub - cybersectroll/SharpPersistSD
Contribute to cybersectroll/SharpPersistSD development by creating an account on GitHub.
663 views
Netsec
cybersectroll/SharpPersistSD
https://ift.tt/W3uU425

Submitted May 14, 2024 at 12:38AM by cybersectroll
via reddit https://ift.tt/gp0XBm5
GitHub
GitHub - cybersectroll/SharpPersistSD
Contribute to cybersectroll/SharpPersistSD development by creating an account on GitHub.
772 views
Netsec
Pwnie Award Nominated Songs
https://www.youtube.com/playlist?list=PLuoKBCfw80oKXW0nQABYqiRQRs5BQUo4Q

Submitted May 14, 2024 at 01:25AM by seyyid_
via reddit https://ift.tt/7d1Bkfc
Reddit
From the netsec community on Reddit: Pwnie Award Nominated Songs
Posted by seyyid_ - 5 votes and 0 comments
742 views
Netsec
Response Filter Denial of Service (RFDoS): shut down a website by triggering WAF rule
https://ift.tt/gP120qH

Submitted May 14, 2024 at 12:00PM by theMiddleBlue
via reddit https://ift.tt/MQujLIr
Sicuranext Blog
Response Filter Denial of Service (RFDoS): shut down a website by triggering WAF rule
TL;DR: Basically, if a target website is protected by a WAF using the OWASP Core Rule Set or Comodo Rule Set or Atomicorp Rule Set, you can send the string ORA-1234 or OracleDrive or ASL-CONFIG-FILE in a comment, product review, registration form, e-commerce…
718 views
Netsec
Credential leakage risks hiding in Frontend code (real statistics from Korean websites)
https://ift.tt/pXJTBEv

Submitted May 14, 2024 at 06:25PM by Late-Capital-9686
via reddit https://ift.tt/8IclFBu
784 views
Netsec
"Password cracking: past, present, future" OffensiveCon 2024 keynote talk slides
https://ift.tt/mleO4Y0

Submitted May 14, 2024 at 07:20PM by solardiz
via reddit https://ift.tt/e2Oy1RW
800 views
Netsec
Executing Cobalt Strike's BOFs on ARM-based Linux devices
https://ift.tt/4AWHt72

Submitted May 15, 2024 at 05:28PM by mzet-
via reddit https://ift.tt/sefTNLQ
722 views
Netsec
Threat actors misusing Quick Assist in social engineering attacks leading to ransomware
https://ift.tt/pBFSYhK

Submitted May 15, 2024 at 10:54PM by SCI_Rusher
via reddit https://ift.tt/fsM78dq
Microsoft News
Threat actors misusing Quick Assist in social engineering attacks leading to ransomware
Microsoft Threat Intelligence has observed Storm-1811 misusing the client management tool Quick Assist to target users in social engineering attacks that lead to malware like Qakbot followed by Black Basta ransomware deployment.
719 views
Netsec
Patch Diffing CVE-2024-3400 from a Palo Alto NGFW Marketplace AMI
https://ift.tt/6XOcLPu

Submitted May 16, 2024 at 09:29AM by _meatball_
via reddit https://ift.tt/zf76lN9
Sprocket Security
Patch Diffing CVE-2024-3400 in Palo Alto NGFW Marketplace AMI
Testing CVE-2024-3400 against a live non-production instance using Palo Alto NGFW AWS Marketplace AMI.
709 views
Netsec
How an Employee's Personal GitHub Repository Compromised Azure’s Internal Container Registry
https://ift.tt/Xb7p0WT

Submitted May 16, 2024 at 08:36PM by Pale_Fly_2673
via reddit https://ift.tt/EX5hfGj
Aqua
Employee Personal GitHub Repos Expose Internal Azure and Red Hat Secrets
Our research reveals that personal repositories often expose sensitive corporate data, leading to severe security breaches
706 views
Netsec
CSTC: Bringing the CyberChef to the BurpSuite
https://ift.tt/ryFmvUg

Submitted May 16, 2024 at 09:23PM by usdAG
via reddit https://ift.tt/oVZj4XB
GitHub
GitHub - usdAG/cstc: CSTC is a Burp Suite extension that allows request/response modification using a GUI analogous to CyberChef
CSTC is a Burp Suite extension that allows request/response modification using a GUI analogous to CyberChef - GitHub - usdAG/cstc: CSTC is a Burp Suite extension that allows request/response modif...
681 views
Netsec
Sasori: A dynamic web crawler built on top of Puppeteer
https://ift.tt/at6UPDw

Submitted May 16, 2024 at 11:12PM by 5up3r54iy4n
via reddit https://ift.tt/3jFATzu
GitHub
GitHub - karthikuj/sasori: Sasori is a dynamic web crawler powered by Puppeteer, designed for lightning-fast endpoint discovery.
Sasori is a dynamic web crawler powered by Puppeteer, designed for lightning-fast endpoint discovery. - karthikuj/sasori
664 views