Got another anecdotal one this week! In a short summary, here, I will walk through the role that DNS, and DNS servers play in an enterprise network. Then, I’ll demonstrate how we can glean ba…

Not all SSL configurations on websites are equal, and a growing number push for HTTPS everywhere. There is an increasing demand to check and quantify that little padlock in your browser. Some simple online tools provide

In this post, we look at different techniques to hide Windows API imports in a program in order to fly under the radar of static analysis tools.

Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths. - BishopFox/GadgetProbe

Researchers have discovered multiple instances of unsigned firmware in computer peripherals that can be used by malicious actors to attack laptops and servers running Windows and Linux.

This is no basic listicle

I‘m going to share an (ab)use of a Windows feature which can result in bypassing User Group Policy (as well as a few other interesting…

Updog is a replacement for Python's SimpleHTTPServer. It allows uploading and downloading via HTTP/S, can set ad hoc SSL certificates and use http basic auth. - sc0tfree/updog

Automatically remediating poorly implemented security groups

During a performance evaluation, an unfortunate interaction of the STACKLEAK plugin with the RAP plugin was noticed that lead to unnecessary bloat. This blog post highlights the steps that have been taken to resolve the source of the problem.

Partially driven by the upcoming inclusion of Cyber Security by the IMO (International Maritime Organisation), 2019 was a really busy year for maritime security

Posted in r/netsec by u/RedditGeneralUser • 0 points and 0 comments

Automating regular expression denial-of-service detection

We engaged Doyensec to perform a security assessment of our firmware, v3.0.1 at the time of testing. During a 10 person/days project, Doyensec discovered and reported 3 vulnerabilities in our firmware. While two of the issues are considered informational…

Posted in r/netsec by u/kamic • 2 points and 0 comments

The casino and hotel giant said “it was confident that no financial, payment card or password data was involved in this matter.”

Email is unsafe and cannot be made safe. The tools we have today to encrypt email are badly flawed. Even if those flaws were fixed, email would remain unsafe. Its problems cannot plausibly be mitigated. Avoid encrypted email.
Technologists hate this argument.…

Cybersecurity’s Fastest Growing Platform Now Valued at Over $1 Billion

Last October I dived into the world of Jira Software (version 8.4.1) in the hope of discovering new vulnerabilities. Initially, I came…