Hide the threat - GPO lateral movement
https://ift.tt/YuevCKp
Submitted November 25, 2025 at 07:02PM by -vzh-
via reddit https://ift.tt/wliPftu
https://ift.tt/YuevCKp
Submitted November 25, 2025 at 07:02PM by -vzh-
via reddit https://ift.tt/wliPftu
INTRINSEC
Hide the threat - GPO lateral movement
Learn how to perform and understand lateral mouvement though GPO mechanism during pentest and red team assessments.
An Evening with Claude (Code) - SpecterOps
https://ift.tt/Wh5XTrq
Submitted November 26, 2025 at 01:52AM by alt69785
via reddit https://ift.tt/t0QCVjw
https://ift.tt/Wh5XTrq
Submitted November 26, 2025 at 01:52AM by alt69785
via reddit https://ift.tt/t0QCVjw
SpecterOps
An Evening with Claude (Code) - SpecterOps
This blog post explores a bug, (CVE-2025-64755), I found while trying to find a command execution primitive within Claude Code to demonstrate the risks of web-hosted MCP to a client.
We made a new tool, QuicDraw(H3), because HTTP/3 race condition testing is currently trash.
https://ift.tt/bHhJzkv
Submitted November 26, 2025 at 01:02PM by ES_CY
via reddit https://ift.tt/2Xl7oBC
https://ift.tt/bHhJzkv
Submitted November 26, 2025 at 01:02PM by ES_CY
via reddit https://ift.tt/2Xl7oBC
Cyberark
Racing and Fuzzing HTTP/3: Open-sourcing QuicDraw(H3)
This blog post provides a dive into HTTP/3’s evolution for security engineers, an overview of our research journey, and what led us to develop the open-source tool QuicDraw, which can be used for...
[Tool Release] Ephemeral Vulnerability Scanner: 100% Client-Side, Zero Tracking, Cross-Platform System Analysis
https://secbyshresth.github.io/VulnScan/
Submitted November 26, 2025 at 02:38PM by shresthpaul133
via reddit https://ift.tt/hT0oCwS
https://secbyshresth.github.io/VulnScan/
Submitted November 26, 2025 at 02:38PM by shresthpaul133
via reddit https://ift.tt/hT0oCwS
secbyshresth.github.io
Ephemeral Vulnerability Scanner
Enterprise-grade client-side vulnerability analysis engine
TROOPERS25: Revisiting Cross Session Activation attacks
https://m.youtube.com/watch?v=7bPzqEiO6Tk&list=PL1eoQr97VfJmSBNAP-n5cs81ScoZ0lKrF&index=33&pp=iAQB
Submitted November 27, 2025 at 12:25AM by S3cur3Th1sSh1t
via reddit https://ift.tt/9zBk5hj
https://m.youtube.com/watch?v=7bPzqEiO6Tk&list=PL1eoQr97VfJmSBNAP-n5cs81ScoZ0lKrF&index=33&pp=iAQB
Submitted November 27, 2025 at 12:25AM by S3cur3Th1sSh1t
via reddit https://ift.tt/9zBk5hj
Reddit
From the netsec community on Reddit: TROOPERS25: Revisiting Cross Session Activation attacks
Posted by S3cur3Th1sSh1t - 4 votes and 1 comment
Desktop Application Security Verification Standard - DASVS
https://ift.tt/BvlQ1ki
Submitted November 27, 2025 at 12:00AM by bajk
via reddit https://ift.tt/nzITo2O
https://ift.tt/BvlQ1ki
Submitted November 27, 2025 at 12:00AM by bajk
via reddit https://ift.tt/nzITo2O
AFINE - digitally secure
Desktop Application Security Standard: Introducing DASVS - AFINE - digitally secure
An introduction to DASVS - a security standard designed to strengthen desktop application protection across Windows, macOS, and Linux.
Prepared Statements? Prepared to Be Vulnerable.
https://ift.tt/3fhB5X0
Submitted November 27, 2025 at 03:10AM by eqarmada2
via reddit https://ift.tt/HbCws7D
https://ift.tt/3fhB5X0
Submitted November 27, 2025 at 03:10AM by eqarmada2
via reddit https://ift.tt/HbCws7D
Taking down Next.js servers for 0.0001 cents a pop
https://ift.tt/mYvKhly
Submitted November 27, 2025 at 06:27AM by stephenalexbrowne
via reddit https://ift.tt/KvbQkty
https://ift.tt/mYvKhly
Submitted November 27, 2025 at 06:27AM by stephenalexbrowne
via reddit https://ift.tt/KvbQkty
Harmonyintelligence
Harmony Intelligence - Taking down Next.js servers for 0.0001 cents a pop
Our AI AppSec Agent discovered an unauthenticated DoS vulnerability that crashes a self-hosted Next.js server with a single HTTP request and negligible resources.
Zero the Hero (0tH) – Mach-O structural analysis tool (Rust) with full CodeSignature/SuperBlob parsing
https://zero-the-hero.run
Submitted November 27, 2025 at 12:04PM by gabriele70
via reddit https://ift.tt/cFv4WjE
https://zero-the-hero.run
Submitted November 27, 2025 at 12:04PM by gabriele70
via reddit https://ift.tt/cFv4WjE
Reddit
From the netsec community on Reddit: [ Removed by moderator ]
Posted by gabriele70 - 0 votes and 0 comments
The minefield between syntaxes: exploiting syntax confusions in the wild
https://ift.tt/iWXqH76
Submitted November 28, 2025 at 12:06AM by ad_nauseum1982
via reddit https://ift.tt/fMeKklW
https://ift.tt/iWXqH76
Submitted November 28, 2025 at 12:06AM by ad_nauseum1982
via reddit https://ift.tt/fMeKklW
YesWeHack
The minefield between syntaxes: exploit syntax confusion in the wild
Learn syntax confusion techniques using filename*, file://host:port, and PHP parse_url to bypass filters, poison caches and escalate SSRF.
Write Path Traversal to a RCE Art Department
https://ift.tt/jNh1Msb
Submitted November 28, 2025 at 06:36AM by alt69785
via reddit https://ift.tt/sSt7Q3i
https://ift.tt/jNh1Msb
Submitted November 28, 2025 at 06:36AM by alt69785
via reddit https://ift.tt/sSt7Q3i
Critical Thinking - Bug Bounty Podcast
Write Path Traversal to a RCE Art Department
Abusing Write Path Traversal for Living Off the Land Remote Code Execution
The Anatomy of a Bulletproof Hoster: A Data-Driven Reconstruction of Media Land
https://ift.tt/kpTSf5O
Submitted November 28, 2025 at 02:43PM by 0x5h4un
via reddit https://ift.tt/Oej2zGs
https://ift.tt/kpTSf5O
Submitted November 28, 2025 at 02:43PM by 0x5h4un
via reddit https://ift.tt/Oej2zGs
disclosing.observer
The Anatomy of a Bulletproof Hoster: A Data-Driven Reconstruction of Media Land - Disclosing.Observer
This post reconstructs how sanctioned Bulletproof Hoster Media Land’s internal platform organised users, subnoscriptions, and address space, based on a leaked ...
Anonymized case study: autonomous security assessment of a 500-AMR fleet using AI + MCP
https://ift.tt/q3j0erV
Submitted November 28, 2025 at 07:42PM by Obvious-Language4462
via reddit https://ift.tt/nMK9kFJ
https://ift.tt/q3j0erV
Submitted November 28, 2025 at 07:42PM by Obvious-Language4462
via reddit https://ift.tt/nMK9kFJ
Aliasrobotics
Case Study - CAI leverage MCP to secure Sublight Shipping's autonomous robot fleet
CAI using MCP, Model Context Protocol, to secure Sublight Shipping's autonomous robot fleet
Shai-Hulud 2.0: the supply chain attack that learned
https://ift.tt/AuxVsdg
Submitted November 28, 2025 at 07:37PM by mabote
via reddit https://ift.tt/uR81ZKS
https://ift.tt/AuxVsdg
Submitted November 28, 2025 at 07:37PM by mabote
via reddit https://ift.tt/uR81ZKS
GitGuardian Blog - Take Control of Your Secrets Security
Shai-Hulud 2.0: the supply chain attack that learned
On November 24, a new wave of the Shai-Hulud supply chain attack emerged. The threat actors exfiltrate stolen credentials directly to GitHub repositories created with compromised tokens.
CVE-2025-58360: GeoServer XXE Vulnerability Analysis
https://ift.tt/isbeCcH
Submitted November 28, 2025 at 08:18PM by Fit_Wing3352
via reddit https://ift.tt/PxcbinQ
https://ift.tt/isbeCcH
Submitted November 28, 2025 at 08:18PM by Fit_Wing3352
via reddit https://ift.tt/PxcbinQ
InfoSec Black Friday Dealz 2025
https://ift.tt/x2cWNb8
Submitted November 28, 2025 at 09:29PM by si9int
via reddit https://ift.tt/BizIrsa
https://ift.tt/x2cWNb8
Submitted November 28, 2025 at 09:29PM by si9int
via reddit https://ift.tt/BizIrsa
CTF challenge Malware Busters
https://ift.tt/7s5mfK1
Submitted November 29, 2025 at 03:12AM by Ok_Coyote6842
via reddit https://ift.tt/pdhsTHL
https://ift.tt/7s5mfK1
Submitted November 29, 2025 at 03:12AM by Ok_Coyote6842
via reddit https://ift.tt/pdhsTHL
Cloudsecuritychampionship
The Ultimate Cloud Security Championship | 12 Months × 12 Challenges
Join our monthly cloud security CTF challenge, built by top Wiz researchers. Solve real-world scenarios and rise to the top of the leaderboard.
Analysis of 8 Foundational Cache Poisoning Attacks (HackerOne, GitHub, Shopify) - Part 1
https://ift.tt/e5NFpm0
Submitted November 29, 2025 at 06:35PM by Empty_Hacker
via reddit https://ift.tt/ckrD6Uo
https://ift.tt/e5NFpm0
Submitted November 29, 2025 at 06:35PM by Empty_Hacker
via reddit https://ift.tt/ckrD6Uo
herish.me
Cache Poisoning: $100K+ Case Studies Part 1 | Herish Blog
Dive into $100K+ cache poisoning vulnerabilities. Part 1 covers real-world attacks on HackerOne, GitHub, and Shopify. Read the analysis!
Beyond Nmap: Building Custom Recon Pipelines
https://ift.tt/EUvfjGc
Submitted November 29, 2025 at 09:15PM by voidrane
via reddit https://ift.tt/6xFhqns
https://ift.tt/EUvfjGc
Submitted November 29, 2025 at 09:15PM by voidrane
via reddit https://ift.tt/6xFhqns
Simulating a Water Control System in my Home Office
https://ift.tt/mTHpf9i
Submitted November 29, 2025 at 10:40PM by RoseSec_
via reddit https://ift.tt/v0QyeC9
https://ift.tt/mTHpf9i
Submitted November 29, 2025 at 10:40PM by RoseSec_
via reddit https://ift.tt/v0QyeC9
rosecurity@dev
Homegrown Honeypots: Simulating a Water Control System in my Home Office
Background
ARMO CTRL: Cloud Threat Readiness Lab for Realistic Attack Testing
https://ift.tt/wt4zanq
Submitted December 01, 2025 at 05:48PM by Hefty-Bullfrog-9436
via reddit https://ift.tt/q2S7IGX
https://ift.tt/wt4zanq
Submitted December 01, 2025 at 05:48PM by Hefty-Bullfrog-9436
via reddit https://ift.tt/q2S7IGX
ARMO
ARMO CTRL: Cloud Threat Readiness Lab for Realistic Attack Testing- ARMO
Test your cloud and container security tools with ARMO CTRL, a controlled attack readiness lab that simulates real web-to-cloud attack paths for true detection validation.