/r/netsec - Information Security News & Discussion

netsec

179,130 readers

196 users here now

Content Guidelines

Always link to the original source.

Questions belong in the weekly discussion thread.

No curated lists.

Titles should provide context.

Content should focus on the "how."

Check the new queue for duplicates.

No images/screenshots/comics.

No content behind a paywall/regwall.

Commercial advertisement is discouraged. ^(details)

All hiring posts go in the quarterly hiring thread.

Use /r/privacy for privacy related posts.

Use /r/pwned for compromises.

Use /r/Malware for malware write-ups.

No requests for tech support.

/r/netsec is not a forum for full-disclosure.

Related Reddits

/r/blackhat - Hackers on Steroids

/r/computerforensics - IR Archaeologists

/r/crypto - Cryptography news and discussion

/r/Cyberpunk - High-Tech Low-Lifes

/r/HackBloc - Hacktivism & Crypto-anarchy

/r/lockpicking - Popular Hacker Hobby

/r/Malware - Malware reports and information

/r/netsecstudents - netsec for ~~noobs~~ students

/r/onions - Things That Make You Cry

/r/privacy - Orwell Was Right

/r/pwned - "What Security?"

/r/REMath - Math behind reverse engineering

/r/ReverseEngineering - Binary Reversing

/r/rootkit - Software and hardware rootkits

/r/securityCTF - CTF new and write-ups

/r/SocialEngineering - Free Candy

/r/sysadmin - Overworked Crushed Souls

/r/vrd - Vulnerability Research and Development

/r/xss - Cross Site Scripting

a community for 9 years

232

233

234

Hiring Thread/r/netsec's Q1 2017 Information Security Hiring Thread (self.netsec)

submitted 7 days ago by ranokTrusted Contributor[M] - announcement

discussionThe /r/netsec Weekly Discussion Thread - January 16, 2017 (self.netsec)

submitted 2 days ago by AutoModerator[M] - announcement

Huawei OTT Vulnerability (FREE TV FOR EVERYONE) - 60 days fixing period expired NO PATCH (linkedin.com)

submitted 8 hours ago by nebojsa_terzic

•

Practical JSONP injection (securitycafe.ro)

submitted 9 minutes ago by Matasareanu13

413

414

415

FACEBOOK’S IMAGETRAGICK STORY (4lemon.ru)

submitted 1 day ago by Wick3dGeek

HashSuite Droid (aka JTR on Android) will melt your device (hashsuite.openwall.net)

submitted 5 hours ago by phlame64

Bypassing Control Flow Guard in Windows 10 (improsec.com)

submitted 18 hours ago by digicat

CVE-2016-3873: Arbitrary Kernel Write in Nexus 9 (sagi.io)

submitted 20 hours ago by micgob

509

510

511

The Line of Death (textslashplain.com)

submitted 1 day ago by Involder

More routers with simple command injections... (seclists.org)

submitted 1 day ago by bitolas

Hardware hacking + Red Team = Meraki RCE: When Red Team and Vulnerability Research fell in love. Part 1 (research.trust.salesforce.com)

submitted 1 day ago by javuto

(Windows) Shellcode: Resolving API addresses in memory (modexp.wordpress.com)

submitted 1 day ago by pacotes

131

132

133

Deconstructing Secure HTTP without HTTPS (poshsecurity.com)

submitted 2 days ago by kieranjacobsen

Practical Android Debugging Via KGDB (blog.trendmicro.com)

submitted 1 day ago by mackwage

891

892

893

Stealing passwords from McDonald's users (finnwea.com)

submitted 3 days ago by Wick3dGeek

Wide Impact: Highly Effective Gmail Phishing Technique Being Exploited (wordfence.com)

submitted 2 days ago by catlasshrugged

Hardening Windows 10 with zero-day exploit mitigations (blogs.technet.microsoft.com)

submitted 3 days ago by based2

Hooking Android System Calls for Pleasure and Benefit (vantagepoint.sg)

submitted 3 days ago by secaggr

Qira - Timeless Debugger (qira.me)

submitted 3 days ago by RenegadeUser

125

126

127

How to steal PDFs by injecting JavaScript (insert-script.blogspot.in)

submitted 3 days ago by 1lastBr3ath

186

187

188

p0wnedShell - PowerShell Runspace Post Exploitation Toolkit (github.com)

submitted 4 days ago by manunkind13

Key rotation, user experience, and crypto reporting (tonyarcieri.com)

submitted 3 days ago by bascule

Here's a (somewhat messy) MongoDB proxy honeypot I wrote. (github.com)

submitted 4 days ago by Plazmaz1

126

127

128

Exploiting Misconfigured Apache server-status Instances with server-status_PWN (blog.mazinahmed.net)

submitted 4 days ago by mazen160

380

381

382

A practical guide to RFID badge copying (blog.nviso.be)

submitted 5 days ago by daanraman

[Gentoo exploit] Nginx Root Privilege Escalation Vulnerability exploitable on Gentoo pkgs (CVE-2016-1247 update) (legalhackers.com)

submitted 5 days ago by dawid_golunski

407

408

409

Google Infrastructure Security Design Overview (cloud.google.com)

submitted 5 days ago by sanderD

view more: next ›

π Rendered by PID 7231 on app-338 at 2017-01-18 15:20:30.943911+00:00 running 5f46ce6 country code: IL.

netsec

Content Guidelines

Discussion Guidelines

Featured Posts

Social

Related Reddits

MODERATORS