[Tool Release] Ephemeral Vulnerability Scanner: 100% Client-Side, Zero Tracking, Cross-Platform System Analysis
https://secbyshresth.github.io/VulnScan/
Submitted November 26, 2025 at 02:38PM by shresthpaul133
via reddit https://ift.tt/hT0oCwS
https://secbyshresth.github.io/VulnScan/
Submitted November 26, 2025 at 02:38PM by shresthpaul133
via reddit https://ift.tt/hT0oCwS
secbyshresth.github.io
Ephemeral Vulnerability Scanner
Enterprise-grade client-side vulnerability analysis engine
TROOPERS25: Revisiting Cross Session Activation attacks
https://m.youtube.com/watch?v=7bPzqEiO6Tk&list=PL1eoQr97VfJmSBNAP-n5cs81ScoZ0lKrF&index=33&pp=iAQB
Submitted November 27, 2025 at 12:25AM by S3cur3Th1sSh1t
via reddit https://ift.tt/9zBk5hj
https://m.youtube.com/watch?v=7bPzqEiO6Tk&list=PL1eoQr97VfJmSBNAP-n5cs81ScoZ0lKrF&index=33&pp=iAQB
Submitted November 27, 2025 at 12:25AM by S3cur3Th1sSh1t
via reddit https://ift.tt/9zBk5hj
Reddit
From the netsec community on Reddit: TROOPERS25: Revisiting Cross Session Activation attacks
Posted by S3cur3Th1sSh1t - 4 votes and 1 comment
Desktop Application Security Verification Standard - DASVS
https://ift.tt/BvlQ1ki
Submitted November 27, 2025 at 12:00AM by bajk
via reddit https://ift.tt/nzITo2O
https://ift.tt/BvlQ1ki
Submitted November 27, 2025 at 12:00AM by bajk
via reddit https://ift.tt/nzITo2O
AFINE - digitally secure
Desktop Application Security Standard: Introducing DASVS - AFINE - digitally secure
An introduction to DASVS - a security standard designed to strengthen desktop application protection across Windows, macOS, and Linux.
Prepared Statements? Prepared to Be Vulnerable.
https://ift.tt/3fhB5X0
Submitted November 27, 2025 at 03:10AM by eqarmada2
via reddit https://ift.tt/HbCws7D
https://ift.tt/3fhB5X0
Submitted November 27, 2025 at 03:10AM by eqarmada2
via reddit https://ift.tt/HbCws7D
Taking down Next.js servers for 0.0001 cents a pop
https://ift.tt/mYvKhly
Submitted November 27, 2025 at 06:27AM by stephenalexbrowne
via reddit https://ift.tt/KvbQkty
https://ift.tt/mYvKhly
Submitted November 27, 2025 at 06:27AM by stephenalexbrowne
via reddit https://ift.tt/KvbQkty
Harmonyintelligence
Harmony Intelligence - Taking down Next.js servers for 0.0001 cents a pop
Our AI AppSec Agent discovered an unauthenticated DoS vulnerability that crashes a self-hosted Next.js server with a single HTTP request and negligible resources.
Zero the Hero (0tH) – Mach-O structural analysis tool (Rust) with full CodeSignature/SuperBlob parsing
https://zero-the-hero.run
Submitted November 27, 2025 at 12:04PM by gabriele70
via reddit https://ift.tt/cFv4WjE
https://zero-the-hero.run
Submitted November 27, 2025 at 12:04PM by gabriele70
via reddit https://ift.tt/cFv4WjE
Reddit
From the netsec community on Reddit: [ Removed by moderator ]
Posted by gabriele70 - 0 votes and 0 comments
The minefield between syntaxes: exploiting syntax confusions in the wild
https://ift.tt/iWXqH76
Submitted November 28, 2025 at 12:06AM by ad_nauseum1982
via reddit https://ift.tt/fMeKklW
https://ift.tt/iWXqH76
Submitted November 28, 2025 at 12:06AM by ad_nauseum1982
via reddit https://ift.tt/fMeKklW
YesWeHack
The minefield between syntaxes: exploit syntax confusion in the wild
Learn syntax confusion techniques using filename*, file://host:port, and PHP parse_url to bypass filters, poison caches and escalate SSRF.
Write Path Traversal to a RCE Art Department
https://ift.tt/jNh1Msb
Submitted November 28, 2025 at 06:36AM by alt69785
via reddit https://ift.tt/sSt7Q3i
https://ift.tt/jNh1Msb
Submitted November 28, 2025 at 06:36AM by alt69785
via reddit https://ift.tt/sSt7Q3i
Critical Thinking - Bug Bounty Podcast
Write Path Traversal to a RCE Art Department
Abusing Write Path Traversal for Living Off the Land Remote Code Execution
The Anatomy of a Bulletproof Hoster: A Data-Driven Reconstruction of Media Land
https://ift.tt/kpTSf5O
Submitted November 28, 2025 at 02:43PM by 0x5h4un
via reddit https://ift.tt/Oej2zGs
https://ift.tt/kpTSf5O
Submitted November 28, 2025 at 02:43PM by 0x5h4un
via reddit https://ift.tt/Oej2zGs
disclosing.observer
The Anatomy of a Bulletproof Hoster: A Data-Driven Reconstruction of Media Land - Disclosing.Observer
This post reconstructs how sanctioned Bulletproof Hoster Media Land’s internal platform organised users, subnoscriptions, and address space, based on a leaked ...
Anonymized case study: autonomous security assessment of a 500-AMR fleet using AI + MCP
https://ift.tt/q3j0erV
Submitted November 28, 2025 at 07:42PM by Obvious-Language4462
via reddit https://ift.tt/nMK9kFJ
https://ift.tt/q3j0erV
Submitted November 28, 2025 at 07:42PM by Obvious-Language4462
via reddit https://ift.tt/nMK9kFJ
Aliasrobotics
Case Study - CAI leverage MCP to secure Sublight Shipping's autonomous robot fleet
CAI using MCP, Model Context Protocol, to secure Sublight Shipping's autonomous robot fleet
Shai-Hulud 2.0: the supply chain attack that learned
https://ift.tt/AuxVsdg
Submitted November 28, 2025 at 07:37PM by mabote
via reddit https://ift.tt/uR81ZKS
https://ift.tt/AuxVsdg
Submitted November 28, 2025 at 07:37PM by mabote
via reddit https://ift.tt/uR81ZKS
GitGuardian Blog - Take Control of Your Secrets Security
Shai-Hulud 2.0: the supply chain attack that learned
On November 24, a new wave of the Shai-Hulud supply chain attack emerged. The threat actors exfiltrate stolen credentials directly to GitHub repositories created with compromised tokens.
CVE-2025-58360: GeoServer XXE Vulnerability Analysis
https://ift.tt/isbeCcH
Submitted November 28, 2025 at 08:18PM by Fit_Wing3352
via reddit https://ift.tt/PxcbinQ
https://ift.tt/isbeCcH
Submitted November 28, 2025 at 08:18PM by Fit_Wing3352
via reddit https://ift.tt/PxcbinQ
InfoSec Black Friday Dealz 2025
https://ift.tt/x2cWNb8
Submitted November 28, 2025 at 09:29PM by si9int
via reddit https://ift.tt/BizIrsa
https://ift.tt/x2cWNb8
Submitted November 28, 2025 at 09:29PM by si9int
via reddit https://ift.tt/BizIrsa
CTF challenge Malware Busters
https://ift.tt/7s5mfK1
Submitted November 29, 2025 at 03:12AM by Ok_Coyote6842
via reddit https://ift.tt/pdhsTHL
https://ift.tt/7s5mfK1
Submitted November 29, 2025 at 03:12AM by Ok_Coyote6842
via reddit https://ift.tt/pdhsTHL
Cloudsecuritychampionship
The Ultimate Cloud Security Championship | 12 Months × 12 Challenges
Join our monthly cloud security CTF challenge, built by top Wiz researchers. Solve real-world scenarios and rise to the top of the leaderboard.
Analysis of 8 Foundational Cache Poisoning Attacks (HackerOne, GitHub, Shopify) - Part 1
https://ift.tt/e5NFpm0
Submitted November 29, 2025 at 06:35PM by Empty_Hacker
via reddit https://ift.tt/ckrD6Uo
https://ift.tt/e5NFpm0
Submitted November 29, 2025 at 06:35PM by Empty_Hacker
via reddit https://ift.tt/ckrD6Uo
herish.me
Cache Poisoning: $100K+ Case Studies Part 1 | Herish Blog
Dive into $100K+ cache poisoning vulnerabilities. Part 1 covers real-world attacks on HackerOne, GitHub, and Shopify. Read the analysis!
Beyond Nmap: Building Custom Recon Pipelines
https://ift.tt/EUvfjGc
Submitted November 29, 2025 at 09:15PM by voidrane
via reddit https://ift.tt/6xFhqns
https://ift.tt/EUvfjGc
Submitted November 29, 2025 at 09:15PM by voidrane
via reddit https://ift.tt/6xFhqns
Simulating a Water Control System in my Home Office
https://ift.tt/mTHpf9i
Submitted November 29, 2025 at 10:40PM by RoseSec_
via reddit https://ift.tt/v0QyeC9
https://ift.tt/mTHpf9i
Submitted November 29, 2025 at 10:40PM by RoseSec_
via reddit https://ift.tt/v0QyeC9
rosecurity@dev
Homegrown Honeypots: Simulating a Water Control System in my Home Office
Background
ARMO CTRL: Cloud Threat Readiness Lab for Realistic Attack Testing
https://ift.tt/wt4zanq
Submitted December 01, 2025 at 05:48PM by Hefty-Bullfrog-9436
via reddit https://ift.tt/q2S7IGX
https://ift.tt/wt4zanq
Submitted December 01, 2025 at 05:48PM by Hefty-Bullfrog-9436
via reddit https://ift.tt/q2S7IGX
ARMO
ARMO CTRL: Cloud Threat Readiness Lab for Realistic Attack Testing- ARMO
Test your cloud and container security tools with ARMO CTRL, a controlled attack readiness lab that simulates real web-to-cloud attack paths for true detection validation.
Bind Link – EDR Tampering
https://ift.tt/UVy4QiG
Submitted December 01, 2025 at 06:10PM by netbiosX
via reddit https://ift.tt/4jSDZ9U
https://ift.tt/UVy4QiG
Submitted December 01, 2025 at 06:10PM by netbiosX
via reddit https://ift.tt/4jSDZ9U
Purple Team
Bind Link – EDR Tampering
The Bind Link API enables Administrators to create transparent mappings from a virtual path to a backing path (local or remote). The Bind Link feature was introduced in Windows 11 and according to …
How i found a europa.eu compromise
https://ift.tt/uyBxr76
Submitted December 01, 2025 at 07:22PM by unknownhad
via reddit https://ift.tt/AxeJQYy
https://ift.tt/uyBxr76
Submitted December 01, 2025 at 07:22PM by unknownhad
via reddit https://ift.tt/AxeJQYy
Himanshu Anand :: Threat Notes
how i found a europa.eu compromise (thanks to cricket)
TLDR
While looking for a way to stream the India vs Pakistan cricket match on 14th September 2025, I stumbled across a suspicious search result on a europa.eu dev subdomain. It was being abused for blackhat SEO and redirecting users to scam streaming sites.…
While looking for a way to stream the India vs Pakistan cricket match on 14th September 2025, I stumbled across a suspicious search result on a europa.eu dev subdomain. It was being abused for blackhat SEO and redirecting users to scam streaming sites.…
r/netsec monthly discussion & tool thread
Questions regarding netsec and discussion related directly to netsec are welcome here, as is sharing tool links.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on r/netsec.As always, the content & discussion guidelines should also be observed on r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted December 01, 2025 at 07:59PM by albinowax
via reddit https://ift.tt/2sgmDdQ
Questions regarding netsec and discussion related directly to netsec are welcome here, as is sharing tool links.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on r/netsec.As always, the content & discussion guidelines should also be observed on r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted December 01, 2025 at 07:59PM by albinowax
via reddit https://ift.tt/2sgmDdQ
Reddit
From the netsec community on Reddit
Explore this post and more from the netsec community