Elastic EDR 0-day: Part 2 - Technical Details and the Trigger
https://ift.tt/PcIZgd5
Submitted August 29, 2025 at 08:05PM by Minimum_Call_3677
via reddit https://ift.tt/iMsdkt5
https://ift.tt/PcIZgd5
Submitted August 29, 2025 at 08:05PM by Minimum_Call_3677
via reddit https://ift.tt/iMsdkt5
AI Waifu RAT: A Ring3 malware-like RAT based on LLM manipulation is circulating in the wild.
https://ryingo.gitbook.io/writeups-ai_waifu_rat
Submitted August 29, 2025 at 08:40PM by Classic_Yesterday165
via reddit https://ift.tt/0VzorWj
https://ryingo.gitbook.io/writeups-ai_waifu_rat
Submitted August 29, 2025 at 08:40PM by Classic_Yesterday165
via reddit https://ift.tt/0VzorWj
Hidden in plain sight: a misconfigured upload path that invited trouble
https://ift.tt/ifUPlmy
Submitted August 29, 2025 at 10:26PM by Varonis-Dan
via reddit https://ift.tt/uXqR1LI
https://ift.tt/ifUPlmy
Submitted August 29, 2025 at 10:26PM by Varonis-Dan
via reddit https://ift.tt/uXqR1LI
Varonis
Hidden in Plain Sight: A Misconfigured Upload Path That Invited Trouble
A misconfigured upload path exposed a Linux web server to attack. Varonis Threat Labs reveals how it happened and how to prevent future breaches.
Netskope Client for Windows - Local Privilege Escalation via Rogue Server (CVE-2025-0309)
https://ift.tt/ZKFVXIL
Submitted August 30, 2025 at 08:21PM by AlmondOffSec
via reddit https://ift.tt/30dchNL
https://ift.tt/ZKFVXIL
Submitted August 30, 2025 at 08:21PM by AlmondOffSec
via reddit https://ift.tt/30dchNL
Amberwolf
Advisory - Netskope Client for Windows - Local Privilege Escalation via Rogue Server (CVE-2025-0309)
AmberWolf Security Research Blog
ZERO-DAY ALERT: Automated Discovery of Critical CWMP Stack Overflow in TP-Link Routers
https://ift.tt/vt2pM3D
Submitted September 01, 2025 at 08:27AM by Mehrrun
via reddit https://ift.tt/ExupCQh
https://ift.tt/vt2pM3D
Submitted September 01, 2025 at 08:27AM by Mehrrun
via reddit https://ift.tt/ExupCQh
Medium
ZERO-DAY ALERT: Automated Discovery of Critical CWMP Stack Overflow in TP-Link Routers
Critical Zero-Day Discovery
Introducing ICMP Echo Streams (iStreams)
https://ift.tt/qBHergf
Submitted September 01, 2025 at 05:41PM by MFMokbel
via reddit https://ift.tt/xJwP5DF
https://ift.tt/qBHergf
Submitted September 01, 2025 at 05:41PM by MFMokbel
via reddit https://ift.tt/xJwP5DF
PacketSmith
Introducing ICMP Echo Streams - PacketSmith
Introducing ICMP Echo Streams (iStreams) Introduction With version 2.0, we have added the capability to construct ICMPv4/v6 Echo streams, which we refer to throughout the document as iStreams (note the ‘i’). PacketSmith is the only known tool capable of constructing…
r/netsec monthly discussion & tool thread
Questions regarding netsec and discussion related directly to netsec are welcome here, as is sharing tool links.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on r/netsec.As always, the content & discussion guidelines should also be observed on r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted September 01, 2025 at 06:59PM by albinowax
via reddit https://ift.tt/VPKBnd7
Questions regarding netsec and discussion related directly to netsec are welcome here, as is sharing tool links.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on r/netsec.As always, the content & discussion guidelines should also be observed on r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted September 01, 2025 at 06:59PM by albinowax
via reddit https://ift.tt/VPKBnd7
Reddit
From the netsec community on Reddit
Explore this post and more from the netsec community
[Article] IPv6 Security: Attacks and Detection Methods
https://ift.tt/TsO8Zzx
Submitted September 01, 2025 at 10:31PM by caster0x00
via reddit https://ift.tt/Ua7L4iQ
https://ift.tt/TsO8Zzx
Submitted September 01, 2025 at 10:31PM by caster0x00
via reddit https://ift.tt/Ua7L4iQ
Caster
Legless: IPv6 Security
IPv6 often remains active in corporate networks. In this article, I will discuss attacks on IPv6 and detection methods.
Ksmbd Fuzzing Improvements and Vulnerability Discovery
https://ift.tt/vkSOVRC
Submitted September 02, 2025 at 03:01PM by nibblesec
via reddit https://ift.tt/C8iE7Iq
https://ift.tt/vkSOVRC
Submitted September 02, 2025 at 03:01PM by nibblesec
via reddit https://ift.tt/C8iE7Iq
Doyensec
ksmbd - Fuzzing Improvements and Vulnerability Discovery (2/3)
This is a follow-up to the article originally published here.
Golden dMSA
https://ift.tt/3GoQBXT
Submitted September 02, 2025 at 04:21PM by netbiosX
via reddit https://ift.tt/I1wbt6A
https://ift.tt/3GoQBXT
Submitted September 02, 2025 at 04:21PM by netbiosX
via reddit https://ift.tt/I1wbt6A
Purple Team
Golden dMSA
Delegated Managed Service Account (dMSA) was introduced by Microsoft in Windows Server 2025 to prevent Kerberos related attacks such as Kerberoasting by binding authentication of service accounts t…
Deep Specter Research Uncovers a Global Phishing Empire
https://ift.tt/zl8dkbh
Submitted September 02, 2025 at 07:00PM by Disscom
via reddit https://ift.tt/Du2Zrax
https://ift.tt/zl8dkbh
Submitted September 02, 2025 at 07:00PM by Disscom
via reddit https://ift.tt/Du2Zrax
Medium
The Cloak and the Dagger: How Google and Cloudflare Missed a Global Phishing Empire
Intro
RapperBot: infection → DDoS in seconds (deep dive write-up)
https://ift.tt/VBLA59S
Submitted September 02, 2025 at 08:28PM by JollyCartoonist3702
via reddit https://ift.tt/NgalAp3
https://ift.tt/VBLA59S
Submitted September 02, 2025 at 08:28PM by JollyCartoonist3702
via reddit https://ift.tt/NgalAp3
Bitsight
Dissecting RapperBot Botnet: From Infection to DDoS & More
The Bitsight TRACE threat research team dissects RapperBot botnet: from the point of infection to DDoS attack. Read a comprehensive breakdown, including IoCs.
Wanted: Technical Co-Founder for AI Pentesting Agent Startup backed by TryHackMe.
https://ift.tt/yBfNW6J
Submitted September 03, 2025 at 04:40AM by 7331senb
via reddit https://ift.tt/dKYlqkT
https://ift.tt/yBfNW6J
Submitted September 03, 2025 at 04:40AM by 7331senb
via reddit https://ift.tt/dKYlqkT
TryHackMe on Notion
Wanted: Technical Co-Founder for AI Pentesting Agent Startup backed by TryHackMe. | Notion
This is a unique opportunity to join as the technical co-founder of a new cyber security AI startup with all the unfair advantages for success: an enormous proprietary training dataset, a $2B market, and $1M in seed capital (backed by TryHackMe) to hit the…
anti-patterns and patterns for achieving secure generation of code via AI
https://ift.tt/vrqkdRM
Submitted September 03, 2025 at 12:50PM by geoffreyhuntley
via reddit https://ift.tt/oiPAxu9
https://ift.tt/vrqkdRM
Submitted September 03, 2025 at 12:50PM by geoffreyhuntley
via reddit https://ift.tt/oiPAxu9
Geoffrey Huntley
anti-patterns and patterns for achieving secure generation of code via AI
I just finished up a phone call with a "stealth startup" that was pitching an idea that agents could generate code securely via an MCP server. Needless to say, the phone call did not go well. What follows is a recap of the conversation where I just shot down…
Secondary Context Path Traversal in Omnissa Workspace ONE UEM
https://ift.tt/wileKOf
Submitted September 03, 2025 at 04:04PM by Mempodipper
via reddit https://ift.tt/ioU4GWf
https://ift.tt/wileKOf
Submitted September 03, 2025 at 04:04PM by Mempodipper
via reddit https://ift.tt/ioU4GWf
Searchlight Cyber
Secondary Context Path Traversal in Omnissa Workspace ONE
Secondary Context Path Traversal vulnerability in Omnissa Workspace One UEM (CVE-2025-25231) that leads to pre-auth API access as a super admin.
How They Got In — DaVita’s Data Breach
https://ift.tt/G5clHpg
Submitted September 03, 2025 at 06:41PM by Disscom
via reddit https://ift.tt/B1LTdRA
https://ift.tt/G5clHpg
Submitted September 03, 2025 at 06:41PM by Disscom
via reddit https://ift.tt/B1LTdRA
Medium
How They Got In — DaVita Inc.
Intro: How They Got In: Dissecting Major Breaches from the Hacker’s View
Kernel-hack-drill and a new approach to exploiting CVE-2024-50264 in the Linux kernel
https://a13xp0p0v.github.io/2025/09/02/kernel-hack-drill-and-CVE-2024-50264.html
Submitted September 03, 2025 at 06:10PM by netsec_burn
via reddit https://ift.tt/BvysqkY
https://a13xp0p0v.github.io/2025/09/02/kernel-hack-drill-and-CVE-2024-50264.html
Submitted September 03, 2025 at 06:10PM by netsec_burn
via reddit https://ift.tt/BvysqkY
Alexander Popov
Kernel-hack-drill and a new approach to exploiting CVE-2024-50264 in the Linux kernel
Some memory corruption bugs are much harder to exploit than others. They can involve race conditions, crash the system, and impose limitations that make a researcher's life difficult. Working with such fragile vulnerabilities demands significant time and…
Inline Style Exfiltration: leaking data with chained CSS conditionals
https://portswigger.net/research/inline-style-exfiltration
Submitted September 03, 2025 at 07:22PM by Gallus
via reddit https://ift.tt/SKQMHzB
https://portswigger.net/research/inline-style-exfiltration
Submitted September 03, 2025 at 07:22PM by Gallus
via reddit https://ift.tt/SKQMHzB
PortSwigger Research
Inline Style Exfiltration: leaking data with chained CSS conditionals
I discovered how to use CSS to steal attribute data without selectors and stylesheet imports! This means you can now exploit CSS injection via style attributes! Learn how below: Someone asked if you c
Effective Incident Response
https://ift.tt/ArP2sD6
Submitted September 03, 2025 at 07:22PM by EssJayJay
via reddit https://ift.tt/pERuqcg
https://ift.tt/ArP2sD6
Submitted September 03, 2025 at 07:22PM by EssJayJay
via reddit https://ift.tt/pERuqcg
Marshal madness: A brief history of Ruby deserialization exploits
https://ift.tt/7dFAYtv
Submitted September 03, 2025 at 07:20PM by Gallus
via reddit https://ift.tt/j7n4C2G
https://ift.tt/7dFAYtv
Submitted September 03, 2025 at 07:20PM by Gallus
via reddit https://ift.tt/j7n4C2G
The Trail of Bits Blog
Marshal madness: A brief history of Ruby deserialization exploits
This post traces the decade-long evolution of Ruby Marshal deserialization exploits, demonstrating how security researchers have repeatedly bypassed patches and why fundamental changes to the Ruby ecosystem are needed rather than continued patch-and-hope…
Guide pour relayer NTLM sur HTTP - l'exemple de GLPI
https://ift.tt/gXxiKNM
Submitted September 04, 2025 at 03:32PM by MobetaSec
via reddit https://ift.tt/cv4VKhO
https://ift.tt/gXxiKNM
Submitted September 04, 2025 at 03:32PM by MobetaSec
via reddit https://ift.tt/cv4VKhO
Mobeta
Guide pour relayer NTLM sur HTTP - l'exemple de GLPI | Mobeta
Apprenez à relayer NTLM sur HTTP via GLPI en pentest interne. Guide technique avec ntlmrelayx, Impacket et recommandations sécurité.