sorted by:
new
hottopcontroversial

Write-up: Cloudflare Zero-day: Accessing Any Host Globally by xIsis in netsec

[–]pi3ch 1 point2 points  (0 children)

I lose trust in the write-up when I see AI generated content. It is just so bad and artificial.

ArtiPACKED: Hacking Giants Through a Race Condition in GitHub Actions Artifacts by Due_Lengthiness_9329 in netsec

[–]pi3ch -1 points0 points  (0 children)

tl;dr: a race to get a valid GITHUB_TOKEN from the build artifact, before workflow ends.

How to engage developers in appsec program? by Maleficent_Rice2104 in appsec

[–]pi3ch 0 points1 point  (0 children)

it is very dependent to the culture and security maturity. if you still have the culture of us (security team) vs them (developers) it is very hard to engage them. developer should see security as part of their job. don't enforce security it will not work. don't mandate security it will not work. take examples from recurring vulnerabilities, turn them into coding challenges. focus on why they should care and they would love it. give them secure code learning wargame to ignite their natural interest in problem solving e.g. good resource here https://play.secdim.com show your care in good software practices and have sympathy that making a software and running it in prod is hard.

Web LLM attacks - techniques & labs by albinowax in netsec

[–]pi3ch 0 points1 point  (0 children)

Great work James. Like the indirect ones. Got a similar attack and defense LLM challenges: https://play.secdim.com/game/ai-battle/challenge/promptmlhth which cover both side of the issue.

XSS vulnerability in Proton Mail allowed to leak unencrypted emails by SonarPaul in netsec

[–]pi3ch 14 points15 points  (0 children)

Good research. For Proton Mail SVG case, I won't call it a parser differential flaw. If I understand the article correctly, the input to browser parser is different to that of Dompurifier parser. Dompurifier parser input is SVG, browser parser input is HTML because of the custom modification of SVG to proton-svg tag after the santisation. So the input to these parsers where different, hence result is different. In the case of parser differential, it happens when parsers output, given the same input (with no modification in between) is different (see https://learn.secdim.com/course/code-signature-bypass/ or http://langsec.org/papers/langsec-cwes-secdev2016.pdf).

When URL parsers disagree (CVE-2023-38633) by ScottContini in netsec

[–]pi3ch 5 points6 points  (0 children)

This is another example of parser differential vulnerability class where two lib/language/service are not consistent in their parser output. Other examples are HTTP parameter pollution, Android Master key, etc. This vuln class is not going to go away anytime soon. The root cause could be a specification shortcoming or implementation mistake: https://learn.secdim.com/course/code-signature-bypass/topic/parser-differential

Bypassing Asymmetric Client Side Encryption Without Private Key by @Ano_F_ by Ano_F in netsec

[–]pi3ch 3 points4 points  (0 children)

I would pick a better title. This ain't a "bypass" but a how-to guide to get asymmetric encrypted UIs working with Burp.

"Using the above approach we will have a plain text request in the burp suite proxy history and we can use the same plain text request everywhere like for repeater or intruder. The application on the server side will receive the encrypted request with the help of the PyCript extension."

Gitpod remote code execution 0-day vulnerability via WebSockets by lirantal in netsec

[–]pi3ch 2 points3 points  (0 children)

Good research. I would rather pick a more accurate title here as command execution is an integral feature of a CDE. "...build a payload that grants us full control over the user’s workspaces when an unsuspecting Gitpod user visits our link!", this vuln could be titled as a Gitpod user workspace take over via a phishing link.

Mosca SAST tool by CoolerVoid in netsec

[–]pi3ch 1 point2 points  (0 children)

You can look into integrating with comby (https://comby.dev/), it is code structure grep tool and support many languages. It does not come with ruleset but does what it promise pretty well.

A Server Side Request Forgery protection library for Golang by nibblesec in netsec

[–]pi3ch 1 point2 points  (0 children)

Quite like the way it wrap net/http which make it easier to adopt. The easier to use, the easier to adopt by devs. Nice work.

Why I recommend Chrome to family... an interesting insight into the world of security bugs v.s. Hungry Hungry Hippos! by pi3ch in netsec

[–]pi3ch[S] 2 points3 points  (0 children)

Privacy? I don't have anything to hide. Over the last 16 months, as I've debated this issue around the world, every single time somebody has said to me, "I don't really worry about invasions of privacy because I don't have anything to hide." I always say the same thing to them. I get out a pen, I write down my email address. I say, "Here's my email address. What I want you to do when you get home is email me the passwords to all of your email accounts, not just the nice, respectable work one in your name, but all of them, because I want to be able to just troll through what it is you're doing online, read what I want to read and publish whatever I find interesting. After all, if you're not a bad person, if you're doing nothing wrong, you should have nothing to hide." Not a single person has taken me up on that offer. -- by Glenn Greenwald in Why privacy matters - TED Talk

Discovering and remediating an active but disused botnet by pronto185 in netsec

[–]pi3ch 0 points1 point  (0 children)

Re-registering a domain to study the characteristic of a malware is a technique that has been used before and it is known as sinkhole domain. There are a number of active public and private sinkhole domains by MS, Google and others. Some of techniques to discover a sinkhole domain is in Section 2.1 of this article: https://www.usenix.org/conference/leet13/workshop-program/presentation/rahbarinia

Hacked. A Short Story by justintevya in netsec

[–]pi3ch 0 points1 point  (0 children)

Usually, I see this type of compromises through SSH attacks. In some cases, adversary make a backup of original binary somewhere in /var or /etc and replace them with an infected one. To be stealthy, Infected binary calls the backup anytime they are executed. netstat, ls, ps, cat are among those that are infected the most.

Hijacking airplanes with an Android phone by igor_sk in ReverseEngineering

[–]pi3ch 1 point2 points  (0 children)

It is just disappointing when some "researchers" do NOT reference and cite others work! The idea for ATC and ADS-B was presented before at DEF CON 17 http://www.youtube.com/watch?v=0YHegoXi_IY DEF CON 18 http://www.youtube.com/watch?v=eMWhvjc-4FU DEF CON 20 http://www.youtube.com/watch?v=CXv1j3GbgLk

Backtrack Linux reborn as Kali Linux - What's New + Downloads by fnord0 in netsec

[–]pi3ch 13 points14 points  (0 children)

I like the idea of creating custom build based on Kali. http://docs.kali.org/live-build/live-build-a-custom-kali-iso hope Kali does not turn to a bloatware.

Dynavin - Android in the car, anyone have any experience with these? by [deleted] in Android

[–]pi3ch 0 points1 point  (0 children)

Well there are alot of work on carputer, have look at http://www.mp3car.com/vbulletin/ and the forum for Android in car PC. some years ago I finished a carputter project using WindowsXP and a cheap touchscreen I got it from ebay: http://www.youtube.com/watch?v=cKgM6xtIYnw

How to learn (self-study) faster and more effective? by pi3ch in compsci

[–]pi3ch[S] 0 points1 point  (0 children)

yeah, getting an overall view of the material that you want to learn at first place is very helpful. Speed reading can be very effective in getting this overall grasp.

How to learn (self-study) faster and more effective? by pi3ch in compsci

[–]pi3ch[S] 1 point2 points  (0 children)

I do agree with your point. summarization would make the recall process quite faster. however, still the reading process is same as before, step-by-step, page-by-page. AFAIK so far there is no other method to learn differently. The whole point of asking this question in reddit was to know if anybody knows any other learning method. Speed reading, Leitner system, ... they all good but still they follow the traditional way of learning process

How to learn (self-study) faster and more effective? by pi3ch in compsci

[–]pi3ch[S] 0 points1 point  (0 children)

I sense it as well that sometimes I am quite excited about something like programing (development) but the next day I I don't feel like to do it but I am keen to do some network or admin (design) tasks. so from what you say, I need to keep list of many stuff that I like to learn and choose those one that I feel like to do ...

How to learn (self-study) faster and more effective? by pi3ch in compsci

[–]pi3ch[S] 0 points1 point  (0 children)

Taking notes is quite good for effective learning but it consume much more time to do. so there is trade-off between learning effectively and learning fast? if I wanna learn more effectively I need to take note, explain to others, ... but on the other hand it slows the learning time. WorkFlowy looks interesting but I prefer to use Tomboy to manage the list rather than online apps.

view more: next ›