Login
The site displays known exploited vulnerabilities (KEVs) that have been cataloged from over 50 public sources, including CISA, and (once we get some hits) my own private sensors.
Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, and other metadata.
The goal is to be an early warning system, even before being published by CISA.
Includes open public JSON API, CSV download and RSS feed.
Quick intro: I've been kicking around in infosec for about 5 years now, starting with Pentesting and later focusing mainly on bug bounties full-time for the last 3 or so (some might know me as RogueSMG from Twitter, or YouTube back in the day). My co-founder Kuldeep Pandya has been deep in it too (you might have seen his stuff at kuldeep.io).
TL;DR: Built "Barracks Social," a FREE, realistic social media sim WarZone to bridge the lab-to-real-world gap (evolving, no hints, reporting focus). Seeking honest beta feedback! Link: https://beta.barracks.army
Like many of you, we constantly felt that frustrating jump from standard labs/CTFs to the complexity and chaos of Real-World targets. We've had solved numerous Labs and played a few CTFs - but still couldn't feel "confident enough" to pick a Target and just Start Hacking. It felt like the available practice didn't quite build the right instincts.
To try and help bridge that gap, we started Barracks and built our first WarZone concept: "Barracks Social".
It's a simulated Social Networking site seeded with vulnerabilities inspired by Real-World reports including vulns we've personally found as well as from the community writeups. We designed it to be different:
We just launched the early Beta Platform with Barracks Social, and it's completely FREE to use, now and permanently. We're committed to keeping foundational training accessible and plan to release more free WarZones regularly too.
I'm NOT selling anything with this Post; We're just genuinely looking for feedback from students, learners, and fellow practitioners on this first free WarZone. Does this realistic approach help build practical skills? What works? What's frustrating?
It's definitely Beta (built by our small team!), expect rough edges.
If you want to try a different practice challenge and share your honest thoughts, access the free beta here:
Link: https://beta.barracks.army
For more details -> https://barracks.army
Happy to answer any questions in the comments! What are your biggest hurdles moving from labs to live targets?
Snowflake’s Cortex AI can return data that the requesting user shouldn’t have access to — even when proper Row Access Policies and RBAC are in place.
Hi all,
I often find myself needing to sanity-check a YARA rule against a test string or small binary, but spinning up the CLI or Docker feels heavy. So I built **YARA Playground** – a single-page web app that compiles `libyara` to WebAssembly and runs entirely client-side (no samples leave your browser).
• WASM YARA-X engine
• Shows pretty JSON, and tabular matches
• Supports 10 MiB binary upload, auto-persists last rule/sample
https://www.yaraplayground.com
Tech stack: Vite, TypeScript, CodeMirror, libyara-wasm (≈230 kB),
Would love feedback, feature requests or bug reports (especially edge-case rules).
I hope it's useful to someone, thanks!
This is an article about a fictitious business affected by malware that avoided detection from firewall and antivirus tools.
I’ve been researching AI-driven cyber threats and wanted to share some findings on AI hiveminds—collaborative autonomous agents that could redefine offensive security. I wrote a post on this, but here’s the technical gist:
You can read the full breakdown, including more on RL frameworks and future implications in the linked post.
What’s your take on this? Are we ready for AI-driven attacks at this scale? How would you approach defending against a hivemind exploiting vulns in real-time?
We recently ran an internal EntraIDiots CTF where players had to phish a user, register a device, grab a PRT, and use that to enroll Windows Hello for Business—because the only way to access the flag site was via phishing-resistant MFA.
The catch? To make WHFB registration work, the victim must have performed MFA in the last 10 minutes.In our CTF, we solved this by forcing MFA during device code flow authentication. But that’s not something you can do in a real-life red team scenario.
So we asked ourselves: how can we force a user we do not controlll to always perform MFA? That’s exactly what this blog explores.
MagicINFO exposes an endpoint with several flaws that, when combined, allow an unauthenticated attacker to upload a JSP file and execute arbitrary server-side code.
Have you tried AI-Infra-Guard V2 or other MCP security tools?
TL;DR: We discovered that AWS services like SageMaker, Glue, and EMR generate default IAM roles with overly broad permissions—including full access to all S3 buckets. These default roles can be exploited to escalate privileges, pivot between services, and even take over entire AWS accounts. For example, importing a malicious Hugging Face model into SageMaker can trigger code execution that compromises other AWS services. Similarly, a user with access only to the Glue service could escalate privileges and gain full administrative control. AWS has made fixes and notified users, but many environments remain exposed because these roles still exist—and many open-source projects continue to create similarly risky default roles.
As a small MCP research project, I’ve built a MCP server to interact with Elasticsearch where Sysmon logs are shipped. This allows LLM to perform log analysis to identify potential threats and malicious activities 🤖
Hi r/netsec, releasing a new side project I’ve been working on for awhile :D it's (supposed to be) a huge database of debug symbols/type info/offsets/etc, making it easier for reverse engineers to find & import pre-compiled structs of known libraries into IDA by leveraging DWARF information.
The workflow of this is basically: you search for a struct -> find your target lib/binary -> download it -> import it to your IDB file -> profit :) you got all the structs ready to use/recovered. This can be useful when you get stripped binaries/statically compiled.
So far i added some known libraries that are used in embedded devices such as json-c, Apache APR, random kernel modules such as Qualcomm’s GPU driver and more :D some others are imported from public deb repos.
i'm accepting new requests for structs and libs you'd like to see there hehe
We recently completed an in-depth survey and analysis of the domestic software security market in China (2025 edition).
The report explores:
Although the data focuses on China, many of the findings resonate globally, especially regarding DevSecOps adoption and evolving security expectations.
If you're a security vendor, CISO, security engineer, or just interested in how software security needs are shifting in 2025, feel free to check it out.
Would love to hear your thoughts!
🛡 AMSI Bypass via RPC Hijack (NdrClientCall3) This technique exploits the COM-level mechanics AMSI uses when delegating scan requests to antivirus (AV) providers through RPC. By hooking into the NdrClientCall3 function—used internally by the RPC runtime to marshal and dispatch function calls—we intercept AMSI scan requests before they're serialized and sent to the AV engine.
I uncovered a data breach compromising the personal information of over 300,000 individuals. After facing retaliation for reporting it, I’m now developing tools to assist victims in securing their data.
I’m seeking insights from network security professionals on effective methods for data protection and breach mitigation.
Use-After-Free (UAF) vulnerabilities within the Chrome Browser process have frequently been a key vector for sandbox escapes. These flaws could have led to critical exploits in the past, but thanks to Chrome’s latest security technology, MiraclePtr, they are no longer exploitable.
Large Language Models (LLMs) have revolutionized many industries by replacing the need to Google for answers. However, for cybersecurity workloads where current information is critical for accurate analysis, outdated LLM training data often results in hallucinations and incorrect answers. How can we build trust with LLMs for cyber security questions?
This blog explores why Retrieval-Augmented Generation (RAG) is essential to augment LLMs with current threat information. It overviews popular data retrieval techniques used by foundation model providers and why combining LLMs with RAG is the future of agentic cybersecurity analysis.
TL;DR — I built an automation that cloned and scanned tens of thousands of public GitHub repos for leaked secrets. For each repository I restored deleted files, found dangling blobs and unpacked .pack files to search in them for exposed API keys, tokens, and credentials. Ended up reporting a bunch of leaks and pulled in around $64k from bug bounties 🔥.
Click here for the challenge Or use the link: https://openprocessing.org/sketch/2620681
READ THE RULES FIRST
══════════════════════════════
If you see the sketch is private - This is part of the challenge. You can still solve it.
════════════════════════════
1: Discover the correct Hidden Password
2: Login with the *correct password*
3: Find the secret message after logging in
════════════════════════════
-Logging in some how without the correct password
-Logging in without finding the secret message
════════════════════════════
Check if won with this google form: https://forms.gle/ochGCy9awviQesVUA
FreshRSS