r/netsec monthly discussion & tool thread
Questions regarding netsec and discussion related directly to netsec are welcome here, as is sharing tool links.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on r/netsec.As always, the content & discussion guidelines should also be observed on r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted August 01, 2025 at 06:59PM by albinowax
via reddit https://ift.tt/JRwvOiM
Questions regarding netsec and discussion related directly to netsec are welcome here, as is sharing tool links.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on r/netsec.As always, the content & discussion guidelines should also be observed on r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted August 01, 2025 at 06:59PM by albinowax
via reddit https://ift.tt/JRwvOiM
Reddit
From the netsec community on Reddit
Explore this post and more from the netsec community
It opened the free, online, practical 'Introduction to Security' class from the Czech Technical University.
https://ift.tt/CsoZY5k
Submitted August 01, 2025 at 10:42PM by sebagarcia
via reddit https://ift.tt/72pwan5
https://ift.tt/CsoZY5k
Submitted August 01, 2025 at 10:42PM by sebagarcia
via reddit https://ift.tt/72pwan5
cybersecurity.bsy.fel.cvut.cz
Introduction to Security
Introduction to Security Class (BSY), FEL, Czech Technical University
What the Top 20 OSS Vulnerabilities Reveal About the Real Challenges in Security Governance
https://ift.tt/3lEqaCS
Submitted August 02, 2025 at 09:43AM by repoog
via reddit https://ift.tt/s0KIPzh
https://ift.tt/3lEqaCS
Submitted August 02, 2025 at 09:43AM by repoog
via reddit https://ift.tt/s0KIPzh
Medium
From the Top 20 Open Source Component Vulnerabilities: Rethinking the Challenges of Open Source Security Governance
How the most common open source vulnerabilities reveal deeper challenges in building sustainable, secure software systems.
Forced to give your password? Here is the solution.
https://www.veilith.com
Submitted August 02, 2025 at 04:32PM by marcusfrex
via reddit https://ift.tt/VHvxSu8
https://www.veilith.com
Submitted August 02, 2025 at 04:32PM by marcusfrex
via reddit https://ift.tt/VHvxSu8
Reddit
From the netsec community on Reddit: [ Removed by moderator ]
Posted by marcusfrex - 0 votes and 19 comments
Be patient and keep it simple.
https://ift.tt/GqSkDAF
Submitted August 02, 2025 at 09:01PM by anasbetis94
via reddit https://ift.tt/jKbGJPk
https://ift.tt/GqSkDAF
Submitted August 02, 2025 at 09:01PM by anasbetis94
via reddit https://ift.tt/jKbGJPk
Medium
Be Patient and Keep it Simple, The Bug is There
Good Day!
I designed a constant-free cryptographic hash function where entropy fully emerges from the input: Kaoru Hash (public blueprint with code and spec)
https://ift.tt/8fr4YnZ
Submitted August 04, 2025 at 07:50AM by No_Arachnid_5563
via reddit https://ift.tt/rVTINmM
https://ift.tt/8fr4YnZ
Submitted August 04, 2025 at 07:50AM by No_Arachnid_5563
via reddit https://ift.tt/rVTINmM
OSF
Kaoru Hash: A Constant-Free, Message-Emergent Hash Function Specification and Security Rationale
Kaoru Hash is a novel cryptographic blueprint for a deterministic, constant-free hash function where all entropy and structural complexity emerge from the input message itself.
Unlike traditional hash functions that rely on fixed tables, seeds, or externally…
Unlike traditional hash functions that rely on fixed tables, seeds, or externally…
Lateral Movement – BitLocker
https://ift.tt/ymYExGt
Submitted August 04, 2025 at 02:53PM by netbiosX
via reddit https://ift.tt/cErBzY2
https://ift.tt/ymYExGt
Submitted August 04, 2025 at 02:53PM by netbiosX
via reddit https://ift.tt/cErBzY2
Purple Team
Lateral Movement – BitLocker
BitLocker is a full disk encryption feature which was designed to protect data by providing encryption to entire volumes. In Windows endpoints (workstations, laptop devices etc.), BitLocker is typi…
Finding vulnerabilities in Claude code
https://cymulate.com/blog/cve-2025-547954-54795-claude-inverseprompt/
Submitted August 04, 2025 at 10:29PM by Fun_Preference1113
via reddit https://ift.tt/07IGcFw
https://cymulate.com/blog/cve-2025-547954-54795-claude-inverseprompt/
Submitted August 04, 2025 at 10:29PM by Fun_Preference1113
via reddit https://ift.tt/07IGcFw
Cymulate
InversePrompt: Turning Claude Against Itself, One Prompt at a Time (CVE-2025-54794 & CVE-2025-54795)
Discovered flaws in Claude Code expose path restriction bypass and command injection risks - turning AI inward with inverse prompting
Lateral Movement – BitLocker
https://ift.tt/ymYExGt
Submitted August 05, 2025 at 12:42PM by netbiosX
via reddit https://ift.tt/36CcoxJ
https://ift.tt/ymYExGt
Submitted August 05, 2025 at 12:42PM by netbiosX
via reddit https://ift.tt/36CcoxJ
Purple Team
Lateral Movement – BitLocker
BitLocker is a full disk encryption feature which was designed to protect data by providing encryption to entire volumes. In Windows endpoints (workstations, laptop devices etc.), BitLocker is typi…
OdooMap - A Pentesting Tool for Odoo Applications
https://ift.tt/DGz1OHC
Submitted August 05, 2025 at 09:17PM by Fluid-Profit-164
via reddit https://ift.tt/3xmHZW0
https://ift.tt/DGz1OHC
Submitted August 05, 2025 at 09:17PM by Fluid-Profit-164
via reddit https://ift.tt/3xmHZW0
GitHub
GitHub - MohamedKarrab/odoomap: A penetration testing tool for odoo applications.
A penetration testing tool for odoo applications. Contribute to MohamedKarrab/odoomap development by creating an account on GitHub.
HTTP/1.1 must die: the desync endgame (whitepaper)
https://ift.tt/P3GRgVz
Submitted August 07, 2025 at 05:19AM by albinowax
via reddit https://ift.tt/1IgjNOu
https://ift.tt/P3GRgVz
Submitted August 07, 2025 at 05:19AM by albinowax
via reddit https://ift.tt/1IgjNOu
Http1Mustdie
HTTP/1.1 Must Die
Upstream HTTP/1.1 is inherently insecure, and routinely exposes millions of websites to hostile takeover. Join the mission to kill HTTP/1.1 now
See 694201 POST requests to /aura in a pentest? It's probably Salesforce - run this tool against it.
https://ift.tt/tWybfNp
Submitted August 07, 2025 at 04:44PM by ezzzzz
via reddit https://ift.tt/241LdQN
https://ift.tt/tWybfNp
Submitted August 07, 2025 at 04:44PM by ezzzzz
via reddit https://ift.tt/241LdQN
Research Blog | Project Black
Salesforce Penetration Testing Fundamentals
This blog walks you through using our noscript to audit a Salesforce environment, uncovering excessive permissions and platform-specific risks like SOQL injection.
Cracking the Vault: how we found zero-day flaws in authentication, identity, and authorization in HashiCorp Vault
https://cyata.ai/blog/cracking-the-vault-how-we-found-zero-day-flaws-in-authentication-identity-and-authorization-in-hashicorp-vault/
Submitted August 07, 2025 at 06:37PM by moviuro
via reddit https://ift.tt/bvaZyXr
https://cyata.ai/blog/cracking-the-vault-how-we-found-zero-day-flaws-in-authentication-identity-and-authorization-in-hashicorp-vault/
Submitted August 07, 2025 at 06:37PM by moviuro
via reddit https://ift.tt/bvaZyXr
Cyata | The Control Plane for Agentic Identity
Cracking the Vault: how we found zero-day flaws in authentication, identity, and authorization in HashiCorp Vault - Cyata | The…
Introduction: when the trust model can’t be trusted Secrets vaults are the backbone of digital infrastructure. They store the credentials, tokens, and certificates that govern access to systems, services, APIs, and data. They’re not just a part of the trust…
New Infection Chain and ConfuserEx-Based Obfuscation for DarkCloud Stealer
https://unit42.paloaltonetworks.com/new-darkcloud-stealer-infection-chain
Submitted August 07, 2025 at 08:08PM by Super_Weather3575
via reddit https://ift.tt/j0dAMDK
https://unit42.paloaltonetworks.com/new-darkcloud-stealer-infection-chain
Submitted August 07, 2025 at 08:08PM by Super_Weather3575
via reddit https://ift.tt/j0dAMDK
Unit 42
New Infection Chain and ConfuserEx-Based Obfuscation for DarkCloud Stealer
DarkCloud Stealer's delivery has shifted. We explore three different attack chains that use ConfuserEx obfuscation and a final payload in Visual Basic 6.
Greedy Bear —Massive Crypto Wallet Attack Spans Across Multiple Vectors
https://ift.tt/QI0boBV
Submitted August 07, 2025 at 07:47PM by Ok-Inflation-4706
via reddit https://ift.tt/jnIDC5i
https://ift.tt/QI0boBV
Submitted August 07, 2025 at 07:47PM by Ok-Inflation-4706
via reddit https://ift.tt/jnIDC5i
Medium
GreedyBear: 650 Attack Tools, One Coordinated Campaign
Today Koi exposes one of the most notorious attack groups we’ve yet to encounter — Greedy Bear. The group lunched a coordinated attack…
We replaced passwords with something worse
https://blog.danielh.cc/blog/passwords
Submitted August 08, 2025 at 01:06AM by innpattag
via reddit https://ift.tt/giaApKY
https://blog.danielh.cc/blog/passwords
Submitted August 08, 2025 at 01:06AM by innpattag
via reddit https://ift.tt/giaApKY
blog.danielh.cc
We replaced passwords with something worse | Blog - Daniel Huang
where my words occasionally escape /dev/null
CVE-2024-12718: Path Escape via Python’s tarfile Extraction Filters
https://ift.tt/v86YEiC
Submitted August 08, 2025 at 01:05AM by innpattag
via reddit https://ift.tt/FoMTqXC
https://ift.tt/v86YEiC
Submitted August 08, 2025 at 01:05AM by innpattag
via reddit https://ift.tt/FoMTqXC
Upwind | Cloud Security Happens at Runtime
CVE-2024-12718: Path Escape via Python’s tarfile Extraction Filters - Upwind
A newly disclosed vulnerability in Python’s standard library, CVE-2024-12718, allows attackers to modify file metadata or file permissions outside the
Prompt injection engineering for attackers: Exploiting GitHub Copilot
https://ift.tt/bRdJVBy
Submitted August 08, 2025 at 02:14AM by rkhunter_
via reddit https://ift.tt/Qc84XLS
https://ift.tt/bRdJVBy
Submitted August 08, 2025 at 02:14AM by rkhunter_
via reddit https://ift.tt/Qc84XLS
The Trail of Bits Blog
Prompt injection engineering for attackers: Exploiting GitHub Copilot
Prompt injection pervades discussions about security for LLMs and AI agents. But there is little public information on how to write powerful, discreet, and reliable prompt injection exploits. In this post, we will design and implement a prompt injection exploit…
Blog: Exploiting Retbleed in the real world
https://ift.tt/MtCPWj0
Submitted August 08, 2025 at 03:07AM by sirdarckcat
via reddit https://ift.tt/DVtsg5i
https://ift.tt/MtCPWj0
Submitted August 08, 2025 at 03:07AM by sirdarckcat
via reddit https://ift.tt/DVtsg5i
Google
Blog: Exploiting Retbleed in the real world
Curious to hear about our experience exploiting Retbleed (a security vulnerability affecting modern CPUs)? Then check out this post to see how we pushed the boundaries of Retbleed exploitation and understand more about the security implications of this exploit…
Consent & Compromise: Abusing Entra OAuth for Fun and Access to Internal Microsoft Applications
https://ift.tt/m57jsPZ
Submitted August 08, 2025 at 03:00AM by vaizor
via reddit https://ift.tt/bZGd8Jr
https://ift.tt/m57jsPZ
Submitted August 08, 2025 at 03:00AM by vaizor
via reddit https://ift.tt/bZGd8Jr
Eye Research
Consent & Compromise: Abusing Entra OAuth for Fun and Access to Internal Microsoft Applications
The Eye Security Research team has uncovered a new critical misconfiguration that exposed sensitive data at internal Microsoft applications.
SquareX launches open-source toolkits to defend browsers
https://ift.tt/Llpy691
Submitted August 08, 2025 at 11:20AM by shadowlurker_6
via reddit https://ift.tt/jfr7iDS
https://ift.tt/Llpy691
Submitted August 08, 2025 at 11:20AM by shadowlurker_6
via reddit https://ift.tt/jfr7iDS
ChannelLife Australia
SquareX launches open-source toolkits to defend browsers
SquareX launches two open-source toolkits to help security teams simulate and defend against browser-based attacks that evade traditional enterprise defences.