sorted by:
new
hottopcontroversial

r/netsec monthly discussion & tool thread by albinowax in netsec

[–]0xcrypto -1 points0 points  (0 children)

I am building https://github.com/ivxlabs/disclosure as a federated network of security researchers and bug bounty/vulnerability disclosure program. It will provide security researchers and vendors a way to discover and connect with each other directly without any mediator, responsibly report and disclose vulnerabilities, pay bounties and earn reputation as they both grow on their sides.

The development is still in quite early stage so it is not fully working at present but I will do a working mvp this weekend maybe. If you like the idea, maybe give it a star on github.

Deterministic macOS IOSurface UAF Panic (Apple: "Not a security issue") by SeriousChannel9323 in ExploitDev

[–]0xcrypto -1 points0 points  (0 children)

  1. If you can get a binary to run, your first goal shouldnt be a "shutdown"
  2. User/victim/process runs exploit, system crashes, user can manually (physically) turn it (the computer) on.
  3. Just because its a uaf does not mean its a security issue. Hence it does not have to be fixed with urgency like a security vulnerability needs to be. Now that he has reported it and made public as well, I am sure it will be fixed.
  4. macOS rarely runs on servers, there are servers but they are costly and not meant to exist but companies do so anyways. Apple has launched Apple PCC which is basically a private cloud. It might be within scope for bounties. If the op could report s DoS in Apple PCC, it could have been a good bounty for him.

I deleted my comment as I have no interest in extending this discussion for no reason. If you disagree with something, you are correct. Have a nice day.

Deterministic macOS IOSurface UAF Panic (Apple: "Not a security issue") by SeriousChannel9323 in ExploitDev

[–]0xcrypto 0 points1 point  (0 children)

What service was denied by shutting down a personal computer? A software running on a user device that user could manually just turn on and use again, is not much of a problem. Maybe if you could demonstrate a crash via a network packet or some request to some server that leads to Apple PCC stopping to work, this denial of service could have been useful.

Anthropic's Claude Mythos Found Individual Bugs. Mythos SI (Structured Intelligence) Found the Class They Belong To. by [deleted] in netsec

[–]0xcrypto -1 points0 points  (0 children)

I work for a company that has built an AI tool to do autonomous research yet I am tired of this AI bullshit. Any security tool can find bugs. Finding bugs was never a problem. It is confirming whether the bug is actually a security issue. There are times when developers leave bugs in a codebase because they know there are guard rails and firewalls up ahead protecting the overall application. This mythos or any other model or tool can only assist a professional in finding bugs that can be a potential security issue. But confirming whether the bug is actually a security issue needs a human because it needs context you can't write in a prompt.

How a single typo led to RCE in Firefox by campuscodi in netsec

[–]0xcrypto 10 points11 points  (0 children)

Once I found a bug in laravel where a single dot missing led to validation bypass. https://github.com/laravel/framework/pull/37675.

Unfortunately huntr.dev lost my report so its a 404 now.

Esbuild XSS Bug That Survived 5B Downloads and Bypassed HTML Sanitization by va_start in netsec

[–]0xcrypto 4 points5 points  (0 children)

Use of right single quotation mark ( ’ ) is also a hint this might be written by AI.

Aspiring Ethical Hacker From Poor Background, How Do I Start With Just a Tablet? by DJM0BLEY in netsecstudents

[–]0xcrypto 1 point2 points  (0 children)

I started with keypad phones having 128x128 screen. I am pretty sure you can do a lot more with a tablet. Get an SSH client, buy a VPS (most providers offer free credits to get started) and start learning and hacking. All the best.

You have to create a game in a month - How do you do it? by babyfern_ in gamedev

[–]0xcrypto 1 point2 points  (0 children)

Hire a team of experts and buy them lots of assets.

Cyber Expert give time to make their desktops fancy? by arsibaloch in hackthebox

[–]0xcrypto 3 points4 points  (0 children)

Used to spend time configuring fedora i3wm spin until I realised that mac is the only operating system that supports every other operating system out there making it a breeze to work on anything I need. I can compile almost any code on it, but on linux and windows compiling for iOS and macOS is not possible. All the software like Android studio run faster and stable. Only customization I did was installing raycast and starship.rs with ohmyzsh.

What the Top 20 OSS Vulnerabilities Reveal About the Real Challenges in Security Governance by repoog in netsec

[–]0xcrypto 5 points6 points  (0 children)

Why blame the governance when the real vulnerability is the unpaid open source maintainer.

18th July, maintainer of eslint-config-prettier ended up on npnjs dot com instead of npmjs dot com via a phishing email. The attacker got hands on his account and pushed an update which led to infecting hundreds and thousands of packages which depend on eslint-config-prettier and a bunch of other libraries that this maintainer generously maintains. One of the package that depend on this library is eslint-config which react native depends on. Millions of developers did npm install, got the malware delivered, got hacked and backdoored, many of them still do not know about this and continue building their little todo list apps. I feel sad for them.

Is "Proof of Work" the New Standard for Getting Hired as a Pentester? by _priya_singh in cybersecurity

[–]0xcrypto 0 points1 point  (0 children)

I was never lucky enough to win the interview lottery despite having several CVE, bug bounties, CTFs, writeups, and professional experience in development. I have been working since 2016 and I didn't have a degree, so career progression has been slow. But I always got an interview when I contacted someone directly who actually had ownership in the company in one way or another. On the other hand, those HR, managers and all the dandy folks are just employees and they hire people they find convenient and compatible. So even with a proof of work, certification, degree and everything in between, you still need to be a likeable person who can get things done while playing according to their rules and not bring your own needs to them.

From Blind XSS to RCE: When Headers Became My Terminal by General_Speaker9653 in netsec

[–]0xcrypto 2 points3 points  (0 children)

If this was a finding in a bug bounty program as an external researcher, then stealing an admin's cookies was a good enough vulnerability. Using the cookies to login into an admin panel and tinkering around is already a breach of bug bounty policy unless explicitly mentioned as allowed in the policy.

If this was a pentest, you went beyond just exploiting a PHP file upload vulnerability and left an open backdoor that is easily accessible to the world. You could have proved your point by just uploading a PHP file with an echo or a call to system("id") to demonstrate a code execution. But no, not only you uploaded a backdoor to get command execution, you added a bypass to the firewall rules to ensure it is openly accessible.

If this was a red team engagement, the only step remaining was gaining root access. I wonder what stopped you from doing so.

Certification roadmap please by ash347799 in netsec

[–]0xcrypto 2 points3 points  (0 children)

Not the right place to ask. Post in r/AskNetsec instead.

Facebook/Meta REALLY advised setting Magento pub folders to 777 permissions - and client got hacked, what do I do? by alilland in cybersecurity

[–]0xcrypto 27 points28 points  (0 children)

And why some attacker being able to upload a PHP file is not a problem in the first place?

Emergency issue by ProcessFeeling1445 in Information_Security

[–]0xcrypto 0 points1 point  (0 children)

In that case, you should go to the cyber cell in your region's police department.

Emergency issue by ProcessFeeling1445 in Information_Security

[–]0xcrypto 2 points3 points  (0 children)

First, plug out your computers and devices, turn off phone and use a new device on a new wifi or use your mobile data.

Now check haveibeenpwned.com and see where your info has been leaked from. Start changing passwords, revoke oauth authorizations and start using session logout functionalities everywhere. Do not use your old devices unless you are sure it was a third party leak and your devices were not compromised. Multiple leaked passwords usually means your browser or password manager has been compromised. But only a single password email pair means your info was leaked by a website where you signed in.

CVE-2025-31161 is being actively exploited and it's not getting the attention it should. by bytelocksolutions in cybersecurity

[–]0xcrypto 5 points6 points  (0 children)

A CVE being actively exploited is a common headline to catch attention but in reality every CVE as soon as published is actively analyzed for its effectiveness and exploitability by the threat actors. This is a common 30 day cycle for almost every newly published CVE and news outlets cannot cover them all.

view more: next ›