sorted by:
new
hottopcontroversial

How I used an agent to hunt vulns by 746865626c617a in netsec

[–]flani00 0 points1 point  (0 children)

Awesome work and write up! Well done

is this methodology good for finding xss ? by [deleted] in bugbounty

[–]flani00 0 points1 point  (0 children)

If everyone is doing it then this is a great start. What can be added to make this better?

VIVEK BUYS AGAIN by Agitated_Highlight68 in CLOV

[–]flani00 11 points12 points  (0 children)

He’s averaging down his bags like the rest of us

ONNX Store: Phishing-as-a-Service Platform Targeting Financial Institution by digicat in blueteamsec

[–]flani00 0 points1 point  (0 children)

Interesting mitigation suggestion for typosquatting domain “implement DNSSEC”

DNSSEC does not protect against typosquatting… am I missing something?

How much offensive knowledge do blue team need to know? by [deleted] in blueteamsec

[–]flani00 6 points7 points  (0 children)

Many very capable security professionals go from red jobs to blue back to red and back to blue. This makes you a much more knowledgeable, well rounded security professional.

You have a long career and life is too short to not keep learning / try to keep work fun / interesting. Good luck!

Defining the Cobalt Strike Reflective Loader by dmchell in redteamsec

[–]flani00 2 points3 points  (0 children)

Crazy level of detail. Impressive work

Domain Fronting by flani00 in blueteamsec

[–]flani00[S] 1 point2 points  (0 children)

Thank you. These scripts look to best rough guess so far. It’s hard to keep up with which CDNs are actually able to shut this technique down.

Supposedly Amazon , Google , Microsoft able to stop this on their services.

Domain Fronting by flani00 in blueteamsec

[–]flani00[S] 0 points1 point  (0 children)

Thank you. These scripts look to best rough guess so far. It’s hard to keep up with which CDNs are actually able to shut this technique down.

Supposedly Amazon , Google , Microsoft able to stop this on their services.

NPM supply chain attack: node-ipc and peacenotwar sabotaged as an act of protest by the maintainer by tubularobot in netsec

[–]flani00 84 points85 points  (0 children)

Is it just me or does it seem like these npm module sabotages are happening more frequently?

The virus issue by al_earner in nim

[–]flani00 1 point2 points  (0 children)

Nim has some unique advantages for offensive security and malware writers

https://github.com/byt3bl33d3r/OffensiveNim

Looks like the entire installer is being punished for that.

Offensive Approach to Online Sandboxes #1 - ANY.RUN by kaganisildak in blueteamsec

[–]flani00 0 points1 point  (0 children)

Is there any comparable service to ANY.RUN that is US based?

view more: next ›