First off all the goal off this blog is not to steal internet or clone modems !!! We are working on a way where cert’s will only be used…

OWASP is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving…

Parent PID Spoofing is often used by red teams to evade detection from EDR (Endpoint Detection and Response) solutions that are capable to discover anomalies in the relationship of parent/child processes in order to identify malicious processes.

The video…

SkySafe Miscellaneous Reverse Engineering Blog. Contribute to skysafe/reblog development by creating an account on GitHub.

Dr Silvio Cesare @silviocesare   Summary In this blog post I’ll discuss how to exploit the Linux kernel via a stack smashin...

Posted in r/netsec by u/hanwint • 5 points and 0 comments

Introduction

TL;DR We have found malicious Office documents containing VBA source code only, and no compiled code. Documents like these are more likely to evade anti-virus detection due to a technique we dubbed…

GWT is a Java web framework and GWTUpload is a library extending it with easier file upload.
We found a vulnerability allowing to abuse the upload process and cause a denial-of-service of a web application.

Generic Signature Format for SIEM Systems. Contribute to Neo23x0/sigma development by creating an account on GitHub.

Posted in r/netsec by u/mrmeeseeks2014 • 0 points and 0 comments

This most recent Patch Tuesday, Microsoft released an Important-rated patch to address a remote code execution bug in Microsoft Exchange Server. This vulnerability was reported to us by an anonymous researcher and affects all supported versions of Microsoft…

Reversing, exploiting, pentesting, ctf writeups... && ++hacking

This post focuses on silver ticket and golden ticket. What are they, how are they used, what can be done with them, we will uncover everything there is to know.

Authentication is one of the biggest problems of security since the beginning of the internet. In most cases, we are using passwords for authentication. But it usually causes problems since people are using weak passwords, reusing the same passwords on different…

I’ve been on a wargame streak! After doing Leviathan, I jumped into Krypton and completed it; and this post is in a way a write-up of Krypton. Krypton, Leviathan, in case these words sound alien to you: well they’re wargames—or Ctfs—hosted by Overthewire.org.…

Posted in r/netsec by u/oherrala • 4 points and 0 comments

Some of the other security features of content security policy including upgrade-insecure-requests, block-all-mixed-content, frame-ancestors, sandbox, form-actions, and more.