/r/netsec - Information Security News & Discussion

netsec

218,607 readers

520 users here now

Content Guidelines

/r/netsec only accepts quality technical posts. Non-technical posts are subject to moderation.

Content should focus on the "how."

Check the new queue for duplicates.

Always link to the original source.

Titles should provide context.

Ask questions in our Discussion Threads.

Hiring posts must go in the Hiring Threads.

Commercial advertisement is discouraged.

Do not submit prohibited topics.

Prohibited Topics & Sources

No populist news articles (CNN, BBC, FOX, etc.)

No curated lists.

No question posts.

No social media posts.

No image-only/video-only posts.

No livestreams.

No tech-support requests.

No full-disclosure posts.

No paywall/regwall content.

No commercial advertisements.

No crowdfunding posts.

No Personally Identifying Information!

Related Reddits

/r/blackhat - Hackers on Steroids

/r/computerforensics - IR Archaeologists

/r/crypto - Cryptography news and discussion

/r/Cyberpunk - High-Tech Low-Lifes

/r/HackBloc - Hacktivism & Crypto-anarchy

/r/lockpicking - Popular Hacker Hobby

/r/Malware - Malware reports and information

/r/netsecstudents - netsec for ~~noobs~~ students

/r/onions - Things That Make You Cry

/r/privacy - Orwell Was Right

/r/pwned - "What Security?"

/r/REMath - Math behind reverse engineering

/r/ReverseEngineering - Binary Reversing

/r/rootkit - Software and hardware rootkits

/r/securityCTF - CTF new and write-ups

/r/SocialEngineering - Free Candy

/r/sysadmin - Overworked Crushed Souls

/r/vrd - Vulnerability Research and Development

/r/xss - Cross Site Scripting

Thanks for flying air /r/netsec - please check the sidebar before submitting.

a community for 10 years

hiring thread/r/netsec's Q3 2017 Information Security Hiring Thread (self.netsec)

submitted 2 months ago by Katana__Blazing Crimson[M] - announcement

discussionThe /r/netsec Monthly Discussion Thread - September 2017 (self.netsec)

submitted 20 days ago by AutoModerator[M] - announcement

156

157

158

CCleaner update from Talos - Looking at the C2 (blog.talosintelligence.com)

submitted 8 hours ago by WorksAtCisco

289

290

291

Evidence Aurora Operation Still Active: Supply Chain Attack Through CCleaner (intezer.com)

submitted 17 hours ago by 0xbaadf00dsec

Joomla! Login Bypass via LDAP Injection (blog.ripstech.com)

submitted 11 hours ago by websecdev

PoC for CVE-2017-0785 Android information leak (Blueborne) (github.com)

submitted 6 hours ago by unbkenwost

Running unsigned code in Intel Management Engine (blackhat.com)

submitted 7 hours ago by jeffmcjunkin

SharpHound: Evolution of the BloodHound Ingestor [xpost /r/WindowsSecurity] (blog.cptjesus.com)

submitted 10 hours ago by m8urn

Breaking out of restricted windows environment (weirdgirlweb.wordpress.com)

submitted 19 hours ago by kapilajain23

BSides Augusta 2017 [Videos] (youtube.com)

submitted 16 hours ago by reaperb0t

Python object injection exploitation (defencely.com)

submitted 2 hours ago by pm_me_your_findings

Abusing delay load DLLs for remote code injection (hatriot.github.io)

submitted 12 hours ago by FILLABUSTA

204

205

206

pdfHVACKer - Bridging the Air-Gap by Manipulating the Environment Temperature (sicherheitsforschung-magdeburg.de)

submitted 1 day ago by 0xKaishakunin

Mystique may be used to discover infection markers that can be used to vaccinate endpoints against malware. It receives as input a malicious sample and automatically generates a list of mutexes that could be used to as “vaccines” against the sample. (github.com)

submitted 1 day ago by GelosSnake

Using ssdeep (fuzzy hash) in huge scale for file clustering (intezer.com)

submitted 1 day ago by desegel

Common WiFi Attacks And How To Detect Them (wtf.horse)

submitted 1 day ago by lennartkoopmann

pdfCure53 Browser Security White Paper (Chrome/Edge/IE) (cure53.de)

submitted 1 day ago by reknerxam

Surviving Apache Struts CVE-2017-5638 (alexgaynor.net)

submitted 1 day ago by kingkilr

Epson EasyMP Projector Takeover (CVE-2017-12860 / CVE-2017-12861) (rhinosecuritylabs.com)

submitted 1 day ago by oh_herro_sir

pdfKernel Driver mmap Handler Exploitation (labs.mwrinfosecurity.com)

submitted 1 day ago by maxxori

X41 Browser Security White Paper (Chrome/Edge/IE) (x41-dsec.de)

submitted 1 day ago by reknerxam

2020

2021

2022

CCleanup: A Vast Number of Machines at Risk (blog.talosintelligence.com)

submitted 2 days ago by moviuro

112

113

114

DigitalOcean suffers 1-Click Setup vulnerability affecting debian-sys-maint MySQL user (github.com)

submitted 2 days ago by hp777us

Have I been pwned list at 99.34% on Hashes.org by community effort. (hashes.org)

submitted 2 days ago by s3inlc

AWS Extender - A burp plugin for assessing cloud based web apps (virtuesecurity.com)

submitted 2 days ago by virtue-elliott

Linux Attack Surface Analysis -- dawgmon 1.0 release (anvilventures.com)

submitted 2 days ago by anvilventures

Optionsbleed - HTTP OPTIONS method can leak Apache's server memory (blog.fuzzing-project.org)

submitted 2 days ago by oherrala

view more: next ›

π Rendered by PID 43419 on app-266 at 2017-09-21 06:27:57.008912+00:00 running ea1c3d8 country code: IL.

netsec

Featured Posts

Content Guidelines

Discussion Guidelines

Prohibited Topics & Sources

Social

Related Reddits

MODERATORS