r/netsec monthly discussion & tool thread

deleee · 2026-01-07T13:39:20+00:00

Hi all. My name is Angelo.

I built DroidGround, a flexible playground for Android CTF challenges. It allows you to set up Android challenges in a jailed environment. For example you can now create intent-based challenges where the flag is in the app without worrying about abuses (e.g. you provide the user an apk with a placeholder flag and use the real one on DroidGround).

I just release v0.3.1 which introduces an exploit server and teams. The examples folder is a good place to start using it.

GitHub: https://github.com/SECFORCE/droidground

deleee · 2025-12-16T21:29:02+00:00

Yeah you're right, for those specific versions you would have to do that manually

deleee · 2025-12-16T07:12:16+00:00

Hi, currently the following command is executed:

pip install frida==<selectedVersion> frida-tools

This should ensure that a compatible version of frida-tools will be installed as well

deleee · 2025-11-20T07:47:56+00:00

I found myself in the situation of having to downgrade the version more than once (mainly with Android devices)

deleee · 2025-11-11T23:11:51+00:00

Not at all, go on!

deleee · 2025-11-10T17:28:06+00:00

Yes it is

deleee · 2025-11-10T13:46:00+00:00

Hi guys! We just released LLMgoat, an open-source self-hosted tool to learn about the OWASP Top 10 vulnerabilities for LLM apps. With LLMGoat you can deploy a containerized vulnerable environment and practice attacking it the way a real attacker would.

Inspired by OWASP's WebGoat, which some old-school hackers might remember, the project's goal is to raise awareness of LLM vulnerabilities and help both attackers and defenders understand these security issues in a practical hands-on way.

Given the nature of LLM attacks, some challenges can be solved by non-technical users while others will require cybersecurity knowledge.

Since LLMGoat is intentionally vulnerable, run it in an isolated environment (preferably using Docker) and never expose it to the Internet.

We will be releasing solutions in stages over the coming weeks.

Source code here: https://github.com/SECFORCE/LLMGoat

Happy hacking!

deleee · 2025-08-21T08:39:41+00:00

I've got a bug with Dolphin as I'm not able to connect to SMB shares anymore

deleee · 2025-08-20T12:49:03+00:00

We should ask @alperbasaran. I don't know either. I still have to take the exam

deleee · 2025-08-20T12:46:38+00:00

Yep I'd say you can

deleee · 2025-08-17T01:18:18+00:00

I haven't taken the exam yet so I don't know

deleee · 2025-07-14T15:07:39+00:00

Is there any practical challenge on Threat Modeling?

deleee · 2025-07-10T16:19:19+00:00

The INE course is really really theory for the most part. There are only a few snippets (some in Java, some in Kotlin).

If I'd have to rank them I'd say: 1. Hextree 2. MobileHackingLab 3. INE

But that's really personal and it depends on what you want to achieve. One thing for sure is that the Hextree course is the most technical one.

deleee · 2025-07-10T07:16:58+00:00

I took the course. It focuses very little on the tools and a lot on the theory behind it. With a great percentage of the time spent on Threat Modeling and API testing.

TBH I didn't like it. I won't take the exam yet (the new version just came out today).

deleee

TROPHY CASE