Login
After a few days of silence while being marked as prioritized, my report got closed as expected behavior. The reported bug - a PAC bypass (userland, not kernel PAC) as a result of certain structure/obj types of certain frameworks being unprotected. I argue that an OOB write is also expected behavior, its expected when a miscalculation happens in a program. Wtf. Any suggestions? Can't confirm nor deny I haven't gotten a good evaluation from CrowdFense, big time. Twitter seems too shitty to post this.
Somone who used VM already and someone who can recommend witch one is best to use? I have read that one i attached is best ?
Hey folks,
I just launched Mithra, a security scanner built specifically for REST APIs that integrate large language models like GPT, Claude, open-source LLMs , anyone!
LLM-backed endpoints introduce a new set of risks—prompt injection, context leakage, over-permissive outputs, even logic abuse through natural language. Traditional API scanners don't catch these.
Mithra scans for both OWASP API Top 10 and LLM-specific threats, directly with 3 clicks (no agents, no container dependencies). It’s designed for devs shipping LLM-powered features like search, summarization, chatbots, or completions.
What it does:
– Detects prompt injection, do anything now, Insecure output handling, sensitive information disclosure etc..
– Flags data/context leakage and logic gaps
Would love feedback from folks building or securing LLM interfaces. Happy to answer questions!
The international conference of the Honeynet Project is coming to Prague in June 2025. https://prague2025.honeynet.org/.
The site displays known exploited vulnerabilities (KEVs) that have been cataloged from over 50 public sources, including CISA, and (once we get some hits) my own private sensors.
Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, and other metadata.
The goal is to be an early warning system, even before being published by CISA.
Includes open public JSON API, CSV download and RSS feed.
Quick intro: I've been kicking around in infosec for about 5 years now, starting with Pentesting and later focusing mainly on bug bounties full-time for the last 3 or so (some might know me as RogueSMG from Twitter, or YouTube back in the day). My co-founder Kuldeep Pandya has been deep in it too (you might have seen his stuff at kuldeep.io).
TL;DR: Built "Barracks Social," a FREE, realistic social media sim WarZone to bridge the lab-to-real-world gap (evolving, no hints, reporting focus). Seeking honest beta feedback! Link: https://beta.barracks.army
Like many of you, we constantly felt that frustrating jump from standard labs/CTFs to the complexity and chaos of Real-World targets. We've had solved numerous Labs and played a few CTFs - but still couldn't feel "confident enough" to pick a Target and just Start Hacking. It felt like the available practice didn't quite build the right instincts.
To try and help bridge that gap, we started Barracks and built our first WarZone concept: "Barracks Social".
It's a simulated Social Networking site seeded with vulnerabilities inspired by Real-World reports including vulns we've personally found as well as from the community writeups. We designed it to be different:
We just launched the early Beta Platform with Barracks Social, and it's completely FREE to use, now and permanently. We're committed to keeping foundational training accessible and plan to release more free WarZones regularly too.
I'm NOT selling anything with this Post; We're just genuinely looking for feedback from students, learners, and fellow practitioners on this first free WarZone. Does this realistic approach help build practical skills? What works? What's frustrating?
It's definitely Beta (built by our small team!), expect rough edges.
If you want to try a different practice challenge and share your honest thoughts, access the free beta here:
Link: https://beta.barracks.army
For more details -> https://barracks.army
Happy to answer any questions in the comments! What are your biggest hurdles moving from labs to live targets?
Snowflake’s Cortex AI can return data that the requesting user shouldn’t have access to — even when proper Row Access Policies and RBAC are in place.
Hi all,
I often find myself needing to sanity-check a YARA rule against a test string or small binary, but spinning up the CLI or Docker feels heavy. So I built **YARA Playground** – a single-page web app that compiles `libyara` to WebAssembly and runs entirely client-side (no samples leave your browser).
• WASM YARA-X engine
• Shows pretty JSON, and tabular matches
• Supports 10 MiB binary upload, auto-persists last rule/sample
https://www.yaraplayground.com
Tech stack: Vite, TypeScript, CodeMirror, libyara-wasm (≈230 kB),
Would love feedback, feature requests or bug reports (especially edge-case rules).
I hope it's useful to someone, thanks!
This is an article about a fictitious business affected by malware that avoided detection from firewall and antivirus tools.
I’ve been researching AI-driven cyber threats and wanted to share some findings on AI hiveminds—collaborative autonomous agents that could redefine offensive security. I wrote a post on this, but here’s the technical gist:
You can read the full breakdown, including more on RL frameworks and future implications in the linked post.
What’s your take on this? Are we ready for AI-driven attacks at this scale? How would you approach defending against a hivemind exploiting vulns in real-time?
We recently ran an internal EntraIDiots CTF where players had to phish a user, register a device, grab a PRT, and use that to enroll Windows Hello for Business—because the only way to access the flag site was via phishing-resistant MFA.
The catch? To make WHFB registration work, the victim must have performed MFA in the last 10 minutes.In our CTF, we solved this by forcing MFA during device code flow authentication. But that’s not something you can do in a real-life red team scenario.
So we asked ourselves: how can we force a user we do not controlll to always perform MFA? That’s exactly what this blog explores.
MagicINFO exposes an endpoint with several flaws that, when combined, allow an unauthenticated attacker to upload a JSP file and execute arbitrary server-side code.
Have you tried AI-Infra-Guard V2 or other MCP security tools?
TL;DR: We discovered that AWS services like SageMaker, Glue, and EMR generate default IAM roles with overly broad permissions—including full access to all S3 buckets. These default roles can be exploited to escalate privileges, pivot between services, and even take over entire AWS accounts. For example, importing a malicious Hugging Face model into SageMaker can trigger code execution that compromises other AWS services. Similarly, a user with access only to the Glue service could escalate privileges and gain full administrative control. AWS has made fixes and notified users, but many environments remain exposed because these roles still exist—and many open-source projects continue to create similarly risky default roles.
As a small MCP research project, I’ve built a MCP server to interact with Elasticsearch where Sysmon logs are shipped. This allows LLM to perform log analysis to identify potential threats and malicious activities 🤖
Hi r/netsec, releasing a new side project I’ve been working on for awhile :D it's (supposed to be) a huge database of debug symbols/type info/offsets/etc, making it easier for reverse engineers to find & import pre-compiled structs of known libraries into IDA by leveraging DWARF information.
The workflow of this is basically: you search for a struct -> find your target lib/binary -> download it -> import it to your IDB file -> profit :) you got all the structs ready to use/recovered. This can be useful when you get stripped binaries/statically compiled.
So far i added some known libraries that are used in embedded devices such as json-c, Apache APR, random kernel modules such as Qualcomm’s GPU driver and more :D some others are imported from public deb repos.
i'm accepting new requests for structs and libs you'd like to see there hehe
We recently completed an in-depth survey and analysis of the domestic software security market in China (2025 edition).
The report explores:
Although the data focuses on China, many of the findings resonate globally, especially regarding DevSecOps adoption and evolving security expectations.
If you're a security vendor, CISO, security engineer, or just interested in how software security needs are shifting in 2025, feel free to check it out.
Would love to hear your thoughts!
FreshRSS 