Zero the Hero (0tH) – Mach-O structural analysis tool (Rust) with full CodeSignature/SuperBlob parsing
https://zero-the-hero.run
Submitted November 27, 2025 at 12:04PM by gabriele70
via reddit https://ift.tt/cFv4WjE
https://zero-the-hero.run
Submitted November 27, 2025 at 12:04PM by gabriele70
via reddit https://ift.tt/cFv4WjE
Reddit
From the netsec community on Reddit: [ Removed by moderator ]
Posted by gabriele70 - 0 votes and 0 comments
The minefield between syntaxes: exploiting syntax confusions in the wild
https://ift.tt/iWXqH76
Submitted November 28, 2025 at 12:06AM by ad_nauseum1982
via reddit https://ift.tt/fMeKklW
https://ift.tt/iWXqH76
Submitted November 28, 2025 at 12:06AM by ad_nauseum1982
via reddit https://ift.tt/fMeKklW
YesWeHack
The minefield between syntaxes: exploit syntax confusion in the wild
Learn syntax confusion techniques using filename*, file://host:port, and PHP parse_url to bypass filters, poison caches and escalate SSRF.
Write Path Traversal to a RCE Art Department
https://ift.tt/jNh1Msb
Submitted November 28, 2025 at 06:36AM by alt69785
via reddit https://ift.tt/sSt7Q3i
https://ift.tt/jNh1Msb
Submitted November 28, 2025 at 06:36AM by alt69785
via reddit https://ift.tt/sSt7Q3i
Critical Thinking - Bug Bounty Podcast
Write Path Traversal to a RCE Art Department
Abusing Write Path Traversal for Living Off the Land Remote Code Execution
The Anatomy of a Bulletproof Hoster: A Data-Driven Reconstruction of Media Land
https://ift.tt/kpTSf5O
Submitted November 28, 2025 at 02:43PM by 0x5h4un
via reddit https://ift.tt/Oej2zGs
https://ift.tt/kpTSf5O
Submitted November 28, 2025 at 02:43PM by 0x5h4un
via reddit https://ift.tt/Oej2zGs
disclosing.observer
The Anatomy of a Bulletproof Hoster: A Data-Driven Reconstruction of Media Land - Disclosing.Observer
This post reconstructs how sanctioned Bulletproof Hoster Media Land’s internal platform organised users, subnoscriptions, and address space, based on a leaked ...
Anonymized case study: autonomous security assessment of a 500-AMR fleet using AI + MCP
https://ift.tt/q3j0erV
Submitted November 28, 2025 at 07:42PM by Obvious-Language4462
via reddit https://ift.tt/nMK9kFJ
https://ift.tt/q3j0erV
Submitted November 28, 2025 at 07:42PM by Obvious-Language4462
via reddit https://ift.tt/nMK9kFJ
Aliasrobotics
Case Study - CAI leverage MCP to secure Sublight Shipping's autonomous robot fleet
CAI using MCP, Model Context Protocol, to secure Sublight Shipping's autonomous robot fleet
Shai-Hulud 2.0: the supply chain attack that learned
https://ift.tt/AuxVsdg
Submitted November 28, 2025 at 07:37PM by mabote
via reddit https://ift.tt/uR81ZKS
https://ift.tt/AuxVsdg
Submitted November 28, 2025 at 07:37PM by mabote
via reddit https://ift.tt/uR81ZKS
GitGuardian Blog - Take Control of Your Secrets Security
Shai-Hulud 2.0: the supply chain attack that learned
On November 24, a new wave of the Shai-Hulud supply chain attack emerged. The threat actors exfiltrate stolen credentials directly to GitHub repositories created with compromised tokens.
CVE-2025-58360: GeoServer XXE Vulnerability Analysis
https://ift.tt/isbeCcH
Submitted November 28, 2025 at 08:18PM by Fit_Wing3352
via reddit https://ift.tt/PxcbinQ
https://ift.tt/isbeCcH
Submitted November 28, 2025 at 08:18PM by Fit_Wing3352
via reddit https://ift.tt/PxcbinQ
InfoSec Black Friday Dealz 2025
https://ift.tt/x2cWNb8
Submitted November 28, 2025 at 09:29PM by si9int
via reddit https://ift.tt/BizIrsa
https://ift.tt/x2cWNb8
Submitted November 28, 2025 at 09:29PM by si9int
via reddit https://ift.tt/BizIrsa
CTF challenge Malware Busters
https://ift.tt/7s5mfK1
Submitted November 29, 2025 at 03:12AM by Ok_Coyote6842
via reddit https://ift.tt/pdhsTHL
https://ift.tt/7s5mfK1
Submitted November 29, 2025 at 03:12AM by Ok_Coyote6842
via reddit https://ift.tt/pdhsTHL
Cloudsecuritychampionship
The Ultimate Cloud Security Championship | 12 Months × 12 Challenges
Join our monthly cloud security CTF challenge, built by top Wiz researchers. Solve real-world scenarios and rise to the top of the leaderboard.
Analysis of 8 Foundational Cache Poisoning Attacks (HackerOne, GitHub, Shopify) - Part 1
https://ift.tt/e5NFpm0
Submitted November 29, 2025 at 06:35PM by Empty_Hacker
via reddit https://ift.tt/ckrD6Uo
https://ift.tt/e5NFpm0
Submitted November 29, 2025 at 06:35PM by Empty_Hacker
via reddit https://ift.tt/ckrD6Uo
herish.me
Cache Poisoning: $100K+ Case Studies Part 1 | Herish Blog
Dive into $100K+ cache poisoning vulnerabilities. Part 1 covers real-world attacks on HackerOne, GitHub, and Shopify. Read the analysis!
Beyond Nmap: Building Custom Recon Pipelines
https://ift.tt/EUvfjGc
Submitted November 29, 2025 at 09:15PM by voidrane
via reddit https://ift.tt/6xFhqns
https://ift.tt/EUvfjGc
Submitted November 29, 2025 at 09:15PM by voidrane
via reddit https://ift.tt/6xFhqns
Simulating a Water Control System in my Home Office
https://ift.tt/mTHpf9i
Submitted November 29, 2025 at 10:40PM by RoseSec_
via reddit https://ift.tt/v0QyeC9
https://ift.tt/mTHpf9i
Submitted November 29, 2025 at 10:40PM by RoseSec_
via reddit https://ift.tt/v0QyeC9
rosecurity@dev
Homegrown Honeypots: Simulating a Water Control System in my Home Office
Background
ARMO CTRL: Cloud Threat Readiness Lab for Realistic Attack Testing
https://ift.tt/wt4zanq
Submitted December 01, 2025 at 05:48PM by Hefty-Bullfrog-9436
via reddit https://ift.tt/q2S7IGX
https://ift.tt/wt4zanq
Submitted December 01, 2025 at 05:48PM by Hefty-Bullfrog-9436
via reddit https://ift.tt/q2S7IGX
ARMO
ARMO CTRL: Cloud Threat Readiness Lab for Realistic Attack Testing- ARMO
Test your cloud and container security tools with ARMO CTRL, a controlled attack readiness lab that simulates real web-to-cloud attack paths for true detection validation.
Bind Link – EDR Tampering
https://ift.tt/UVy4QiG
Submitted December 01, 2025 at 06:10PM by netbiosX
via reddit https://ift.tt/4jSDZ9U
https://ift.tt/UVy4QiG
Submitted December 01, 2025 at 06:10PM by netbiosX
via reddit https://ift.tt/4jSDZ9U
Purple Team
Bind Link – EDR Tampering
The Bind Link API enables Administrators to create transparent mappings from a virtual path to a backing path (local or remote). The Bind Link feature was introduced in Windows 11 and according to …
How i found a europa.eu compromise
https://ift.tt/uyBxr76
Submitted December 01, 2025 at 07:22PM by unknownhad
via reddit https://ift.tt/AxeJQYy
https://ift.tt/uyBxr76
Submitted December 01, 2025 at 07:22PM by unknownhad
via reddit https://ift.tt/AxeJQYy
Himanshu Anand :: Threat Notes
how i found a europa.eu compromise (thanks to cricket)
TLDR
While looking for a way to stream the India vs Pakistan cricket match on 14th September 2025, I stumbled across a suspicious search result on a europa.eu dev subdomain. It was being abused for blackhat SEO and redirecting users to scam streaming sites.…
While looking for a way to stream the India vs Pakistan cricket match on 14th September 2025, I stumbled across a suspicious search result on a europa.eu dev subdomain. It was being abused for blackhat SEO and redirecting users to scam streaming sites.…
r/netsec monthly discussion & tool thread
Questions regarding netsec and discussion related directly to netsec are welcome here, as is sharing tool links.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on r/netsec.As always, the content & discussion guidelines should also be observed on r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted December 01, 2025 at 07:59PM by albinowax
via reddit https://ift.tt/2sgmDdQ
Questions regarding netsec and discussion related directly to netsec are welcome here, as is sharing tool links.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on r/netsec.As always, the content & discussion guidelines should also be observed on r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted December 01, 2025 at 07:59PM by albinowax
via reddit https://ift.tt/2sgmDdQ
Reddit
From the netsec community on Reddit
Explore this post and more from the netsec community
Security Audit of OpenEXR · Luma
https://ift.tt/Oq4oARj
Submitted December 01, 2025 at 09:14PM by smaury
via reddit https://ift.tt/MyvYrjo
https://ift.tt/Oq4oARj
Submitted December 01, 2025 at 09:14PM by smaury
via reddit https://ift.tt/MyvYrjo
Luma
Security Audit of OpenEXR · Luma
Denoscription
Join security researchers Pietro and Davide from Shielder as they take us through a source code security audit of the Academy Software Foundation's…
Join security researchers Pietro and Davide from Shielder as they take us through a source code security audit of the Academy Software Foundation's…
Shai Hulud 2.0: Analysis and Community Resources
https://ift.tt/IoaZRmB
Submitted December 01, 2025 at 10:59PM by alt69785
via reddit https://ift.tt/sSoxfrt
https://ift.tt/IoaZRmB
Submitted December 01, 2025 at 10:59PM by alt69785
via reddit https://ift.tt/sSoxfrt
pulse.latio.tech
Shai Hulud 2.0: Analysis and Community Resources
We've complied all the best tools, prevention methods and articles for responding to Shai Hulud 2.0 and share our analysis so teams can understand the impact
Need feedback on Synthetic HTTP Requests Dataset for AI WAF Training I created
https://ift.tt/GoT6Neq
Submitted December 02, 2025 at 06:13AM by muneebdev
via reddit https://ift.tt/DrYVtI1
https://ift.tt/GoT6Neq
Submitted December 02, 2025 at 06:13AM by muneebdev
via reddit https://ift.tt/DrYVtI1
huggingface.co
notesbymuneeb/ai-waf-dataset · Datasets at Hugging Face
We’re on a journey to advance and democratize artificial intelligence through open source and open science.
Need Guidance: Where to take report on 15 potential Linux Kernel / VFS Vulnerabilities (including LPE Race Condition fix)
https://drive.google.com/file/d/1N5qRue78v1B-JoprkNpxydImZOnYJ_55/view?usp=drivesdk
Submitted December 02, 2025 at 07:50AM by EarCommercial6342
via reddit https://ift.tt/3piBunF
https://drive.google.com/file/d/1N5qRue78v1B-JoprkNpxydImZOnYJ_55/view?usp=drivesdk
Submitted December 02, 2025 at 07:50AM by EarCommercial6342
via reddit https://ift.tt/3piBunF
Reddit
From the netsec community on Reddit: Need Guidance: Where to take report on 15 potential Linux Kernel / VFS Vulnerabilities (including…
Posted by EarCommercial6342 - 0 votes and 1 comment
How Hackers Use NPMSCan.com to Hack Web Apps (Next.js, Nuxt.js, React, Bun)
https://ift.tt/HFmU1lC
Submitted December 02, 2025 at 03:27PM by kryakrya_it
via reddit https://ift.tt/gpwJyQl
https://ift.tt/HFmU1lC
Submitted December 02, 2025 at 03:27PM by kryakrya_it
via reddit https://ift.tt/gpwJyQl
BlockHacks
How Hackers Use NPMSCan.com to Hack Web Apps (Next.js, Nuxt.js, React, Bun)
Deep-dive, no-login supply-chain analysis of popular npm ecosystems (Next.js, Nuxt.js, React, Bun) using NPMSCan to surface real-world attack paths: auth bypass, cache poisoning, SSRF, Nuxt payload traversal, legacy React XSS, and Bun command injection.