/r/netsec
@r-netsec-bot.bsky.social
Follow for new posts submitted to the netsec subreddit. Unofficial.
Automated by @kiding.bsky.social.
Automated by @kiding.bsky.social.
Simulating a Water Control System in my Home Office
Homegrown Honeypots: Simulating a Water Control System in my Home Office
Background
rosesecurity.dev
November 29, 2025 at 5:13 PM
Simulating a Water Control System in my Home Office
Beyond Nmap: Building Custom Recon Pipelines
Just a moment...
chaincoder.hashnode.dev
November 29, 2025 at 3:58 PM
Beyond Nmap: Building Custom Recon Pipelines
Analysis of 8 Foundational Cache Poisoning Attacks (HackerOne, GitHub, Shopify) - Part 1
Cache Poisoning: $100K+ Case Studies Part 1 | Herish Blog
Dive into $100K+ cache poisoning vulnerabilities. Part 1 covers real-world attacks on HackerOne, GitHub, and Shopify. Read the analysis!
herish.me
November 29, 2025 at 1:13 PM
Analysis of 8 Foundational Cache Poisoning Attacks (HackerOne, GitHub, Shopify) - Part 1
CTF challenge Malware Busters
The Ultimate Cloud Security Championship | 12 Months × 12 Challenges
Join our monthly cloud security CTF challenge, built by top Wiz researchers. Solve real-world scenarios and rise to the top of the leaderboard.
cloudsecuritychampionship.com
November 28, 2025 at 9:43 PM
CTF challenge Malware Busters
InfoSec Black Friday Dealz 2025
Docsify-This
Markdown Web Publishing
docsify-this.net
November 28, 2025 at 4:13 PM
InfoSec Black Friday Dealz 2025
CVE-2025-58360: GeoServer XXE Vulnerability Analysis
HelixGuard
Supply chain security, vulnerability intelligence, and malware detection.
helixguard.ai
November 28, 2025 at 2:58 PM
CVE-2025-58360: GeoServer XXE Vulnerability Analysis
Shai-Hulud 2.0: the supply chain attack that learned
Shai-Hulud 2.0: the supply chain attack that learned
On November 24, a new wave of the Shai-Hulud supply chain attack emerged. The threat actors exfiltrate stolen credentials directly to GitHub repositories created with compromised tokens.
blog.gitguardian.com
November 28, 2025 at 2:13 PM
Shai-Hulud 2.0: the supply chain attack that learned
The Anatomy of a Bulletproof Hoster: A Data-Driven Reconstruction of Media Land
The Anatomy of a Bulletproof Hoster: A Data-Driven Reconstruction of Media Land - Disclosing.Observer
disclosing.observer
November 28, 2025 at 9:28 AM
The Anatomy of a Bulletproof Hoster: A Data-Driven Reconstruction of Media Land
Write Path Traversal to a RCE Art Department
Write Path Traversal to a RCE Art Department
Abusing Write Path Traversal for Living Off the Land Remote Code Execution
lab.ctbb.show
November 28, 2025 at 1:13 AM
Write Path Traversal to a RCE Art Department
The minefield between syntaxes: exploiting syntax confusions in the wild
The minefield between syntaxes: exploit syntax confusion in the wild
Learn syntax confusion techniques using filename*, file://host:port, and PHP parse_url to bypass filters, poison caches and escalate SSRF.
www.yeswehack.com
November 27, 2025 at 6:43 PM
The minefield between syntaxes: exploiting syntax confusions in the wild
Zero the Hero (0tH) – Mach-O structural analysis tool (Rust) with full CodeSignature/SuperBlob parsing
Zero the Hero
zero-the-hero.run
November 27, 2025 at 6:43 AM
Zero the Hero (0tH) – Mach-O structural analysis tool (Rust) with full CodeSignature/SuperBlob parsing
Taking down Next.js servers for 0.0001 cents a pop
Harmony Intelligence - Taking down Next.js servers for 0.0001 cents a pop
Our AI AppSec Agent discovered an unauthenticated DoS vulnerability that crashes a self-hosted Next.js server with a single HTTP request and negligible resources.
www.harmonyintelligence.com
November 27, 2025 at 12:58 AM
Taking down Next.js servers for 0.0001 cents a pop
TROOPERS25: Revisiting Cross Session Activation attacks
- YouTube
m.youtube.com
November 26, 2025 at 6:58 PM
TROOPERS25: Revisiting Cross Session Activation attacks
Desktop Application Security Verification Standard - DASVS
Just a moment...
afine.com
November 26, 2025 at 6:43 PM
Desktop Application Security Verification Standard - DASVS
[Tool Release] Ephemeral Vulnerability Scanner: 100% Client-Side, Zero Tracking, Cross-Platform System Analysis
Ephemeral Vulnerability Scanner
Enterprise-grade client-side vulnerability analysis engine
secbyshresth.github.io
November 26, 2025 at 9:13 AM
[Tool Release] Ephemeral Vulnerability Scanner: 100% Client-Side, Zero Tracking, Cross-Platform System Analysis
We made a new tool, QuicDraw(H3), because HTTP/3 race condition testing is currently trash.
Racing and Fuzzing HTTP/3: Open-sourcing QuicDraw(H3)
This blog post provides a dive into HTTP/3’s evolution for security engineers, an overview of our research journey, and what led us to develop the open-source tool QuicDraw, which can be used for...
www.cyberark.com
November 26, 2025 at 7:43 AM
We made a new tool, QuicDraw(H3), because HTTP/3 race condition testing is currently trash.
An Evening with Claude (Code) - SpecterOps
An Evening with Claude (Code) - SpecterOps
This blog post explores a bug, (CVE-2025-64755), I found while trying to find a command execution primitive within Claude Code to demonstrate the risks of web-hosted MCP to a client.
specterops.io
November 25, 2025 at 8:28 PM
An Evening with Claude (Code) - SpecterOps
The security researcher's guide to mathematics
Just a moment...
muellerberndt.medium.com
November 25, 2025 at 11:28 AM
The security researcher's guide to mathematics
Stop Putting Your Passwords Into Random Websites (Yes, Seriously, You Are The Problem) - watchTowr Labs
Stop Putting Your Passwords Into Random Websites (Yes, Seriously, You Are The Problem)
Welcome to watchTowr vs the Internet, part 68.
That feeling you’re experiencing? Dread. You should be used to it by now.
As is fast becoming an unofficial and, apparently, frowned upon tradition - we identified incredible amounts of publicly exposed passwords, secrets, keys and more for very sensitive environments
labs.watchtowr.com
November 25, 2025 at 11:13 AM
Stop Putting Your Passwords Into Random Websites (Yes, Seriously, You Are The Problem) - watchTowr Labs
There's a New Way to Scale Digital security Teams: Digital Security Teammates
Digital Security Teammates vs. Traditional AI SOC
Unlike black-box AI SOC tools, Digital Security Teammates from Secure.com deliver 70% less manual work with full transparency.
www.secure.com
November 25, 2025 at 6:58 AM
There's a New Way to Scale Digital security Teams: Digital Security Teammates
The challenge to test my software consists of breaking a meta-cloaker.
Error
www.facebook.com
November 24, 2025 at 9:28 PM
The challenge to test my software consists of breaking a meta-cloaker.
A systemic flaw in Binance’s IP Whitelisting model: listenKeys bypass the protection entirely
Just a moment...
technopathy.club
November 24, 2025 at 7:58 PM
A systemic flaw in Binance’s IP Whitelisting model: listenKeys bypass the protection entirely
Shai-Hulud Returns: Over 300 NPM Packages and 21K Github Repos infected via Fake Bun Runtime Within Hours
HelixGuard
Supply chain security, vulnerability intelligence, and malware detection.
helixguard.ai
November 24, 2025 at 10:13 AM
Shai-Hulud Returns: Over 300 NPM Packages and 21K Github Repos infected via Fake Bun Runtime Within Hours
Good and well-renowned Universities Worldwide for Master’s in Infosec (Preferably Europe - Public Universities; Open to Other countries/continents)
test.com
November 24, 2025 at 1:13 AM
Good and well-renowned Universities Worldwide for Master’s in Infosec (Preferably Europe - Public Universities; Open to Other countries/continents)
NocturneNotes — Secure Rust + GTK4 note‑taking with AES‑256‑GCM
JEGLY
www.jegly.xyz
November 23, 2025 at 11:13 AM
NocturneNotes — Secure Rust + GTK4 note‑taking with AES‑256‑GCM