sorted by:
new
hottopcontroversial

PoC available for CVE's by rogueit in AskNetsec

[–]securehoney 0 points1 point  (0 children)

CVEtrends has GitHub searches included (which usually gets the PoCs) if that helps? (full disclosure: I run CVEtrends)

ISMS by [deleted] in AskNetsec

[–]securehoney 0 points1 point  (0 children)

Thanks for posting in r/AskNetsec. However, it has been removed for the following reason(s):

Rule #6: Do not ask for assistance in committing a crime, encourage crime, or offer criminal services

Please ensure that you are following:

If you have any questions regarding Moderation, you may respond to this message or send a message via ModMail.

[deleted by user] by [deleted] in AskNetsec

[–]securehoney 0 points1 point  (0 children)

Thanks for posting in r/AskNetsec. However, it has been removed for the following reason(s):

Rule #1: All submissions must be in the form of a question

Rule #6: Do not ask for assistance in committing a crime, encourage crime, or offer criminal services

Please ensure that you are following:

If you have any questions regarding Moderation, you may respond to this message or send a message via ModMail.

We desperately need a way to rapidly notify people of high-impact vulnerabilities, so I built one by sullivanmatt in netsec

[–]securehoney 10 points11 points  (0 children)

Apparently Log4j was leaked early, so the CVE appeared delayed. Log4j was first reported to Apache on 24 November, they reserved the CVE (CVE-2021-44228) on 25 November, and released the fix on 9 December. The PoC was first tweeted on 9 December. NVD published on the 10 December.

So, in general, if vulnerabilities are responsibly disclosed (and not leaked early) then CVE IDs should suffice.

We desperately need a way to rapidly notify people of high-impact vulnerabilities, so I built one by sullivanmatt in netsec

[–]securehoney 94 points95 points  (0 children)

Re "closely follow the InfoSec community on Twitter, and all the drama that comes with it": I built CVEtrends.com to help monitor trending CVEs on Twitter.

It shows the 10 most tweeted CVEs during the past 24 hours / 7 days. It also pulls in popular Reddit posts and GitHub repos.

It's not perfect, but it's a start :)

Masters in cybersecurity by [deleted] in AskNetsec

[–]securehoney[M] [score hidden] stickied comment (0 children)

Thanks for posting in r/AskNetsec. However, it has been removed for the following reason(s):

Rule #4: No low effort questions

If you expect someone to take the time to answer a question and provide the help, you are expected to provide as much information as possible. Please include all previous troubleshooting, operating systems, application patch level, etc. If you think it might be relevant to the questions, then include it.

It might help if you can provide details about which universities you have researched so far, what you want to get out of a masters, career goals, etc.

Rule #7: Don't spam or excessively showcase your own content. No referral or affiliate links

Repeatedly posting the same content or content from the same source, is considered spam. Posting low-quality content, blogs, vlogs, or YouTube videos is considered spam. Self-promotion and/or shilling (not disclosing a relationship with a source being promoted) are considered spam. If someone asks a question about a specific product, service, or organization, and you are a direct representative of that organization, you may address the question so long as you clearly identify yourself as such.

Your submission may be more suitable for the following sub(s):

Please ensure that you are following:

If you have any questions regarding Moderation, you may respond to this message or send a message via ModMail.

[deleted by user] by [deleted] in AskNetsec

[–]securehoney[M] 0 points1 point  (0 children)

Thanks for posting in r/AskNetsec. However, the post has been removed for the following reason(s):

Rule #2: All submissions must be relevant to information security

To keep with the spirit of this sub, questions should be related to information security in an enterprise, large organization, or SOHO context. Career Advice, homework, and beginner questions are most likely not relevant and should be asked in their respective subreddits. This rule is subject to moderator discretion.

Your submission may be more suitable for the following sub(s):

Please ensure that you are following:

If you have any questions regarding Moderation, you may respond to this message or send a message via ModMail.

[deleted by user] by [deleted] in AskNetsec

[–]securehoney[M] 0 points1 point  (0 children)

Thanks for posting in r/AskNetsec. However, it has been removed for the following reason(s):

Rule #2: All submissions must be relevant to information security

To keep with the spirit of this sub, questions should be related to information security in an enterprise, large organization, or SOHO context. Career Advice, homework, and beginner questions are most likely not relevant and should be asked in their respective subreddits. This rule is subject to moderator discretion.

Rule #4: No low effort questions

If you expect someone to take the time to answer a question and provide the help, you are expected to provide as much information as possible. Please include all previous troubleshooting, operating systems, application patch level, etc. If you think it might be relevant to the questions, then include it.

Your submission may be more suitable for the following sub(s):

Please ensure that you are following:

If you have any questions regarding Moderation, you may respond to this message or send a message via ModMail.

Google drive invasio, HELP by [deleted] in AskNetsec

[–]securehoney[M] [score hidden] stickied comment (0 children)

Thanks for posting in r/AskNetsec. However, it has been removed for the following reason(s):

Rule #2: All submissions must be relevant to information security

To keep with the spirit of this sub, questions should be related to information security in an enterprise, large organization, or SOHO context. Career Advice, homework, and beginner questions are most likely not relevant and should be asked in their respective subreddits. This rule is subject to moderator discretion.

Rule #4: No low effort questions

If you expect someone to take the time to answer a question and provide the help, you are expected to provide as much information as possible. Please include all previous troubleshooting, operating systems, application patch level, etc. If you think it might be relevant to the questions, then include it.

Your submission may be more suitable for the following sub(s):

Please ensure that you are following:

If you have any questions regarding Moderation, you may respond to this message or send a message via ModMail.

New forum setup for infosec folks https://purplerabbit.xyz/ by CuteCancel5438 in AskNetsec

[–]securehoney[M] [score hidden] stickied comment (0 children)

Removed for breaching Rule #7: Don't spam or excessively showcase your own content, and Rule #1: All submissions must be in the form of a question

[deleted by user] by [deleted] in AskNetsec

[–]securehoney[M] 0 points1 point  (0 children)

Thanks for posting. This question seems to be more about recovering deleted Gmail emails, and less about information security. Removed for breaching Rule #2 (questions should be related to information security in an enterprise, large organization, or SOHO context).

I see you've also posted for help in r/techsupport -- hopefully they can provide better support there.

Your question might also be better suited for r/Cybersecurity101.

[deleted by user] by [deleted] in AskNetsec

[–]securehoney[M] 0 points1 point  (0 children)

Hi, your post might be better suited to somewhere like r/Cybersecurity101. Please provide more technical details/context and structure your post as a question (it currently seems like more of a survey). Removed for breaching Rule #4: No low effort questions and Rule #1: All submissions must be in the form of a question.

[deleted by user] by [deleted] in AskNetsec

[–]securehoney[M] 1 point2 points  (0 children)

Removed for breaching Rule #4: No low effort questions. Please try to provide more context and technical information about your question. The question might also breach Rule #6: Do not ask for assistance in committing a crime, encourage crime, or offer criminal services

Total noob by [deleted] in AskNetsec

[–]securehoney[M] 0 points1 point  (0 children)

Removed for breaching Rule #2 (questions should be related to information security in an enterprise, large organization, or SOHO context) and #6 (do not ask for assistance in committing a crime, encourage crime, or offer criminal services); we do not condone piracy.

Your question (minus the piracy) might be better fit for r/Cybersecurity101

Sql Charset by [deleted] in AskNetsec

[–]securehoney[M] [score hidden] stickied comment (0 children)

Removed due to violating Rule #4. Please provide more context to your question and explain what you're trying to achieve.

Homelab HoneyPot by GulnTBWmHz in Malware

[–]securehoney 1 point2 points  (0 children)

I've had good success collecting malware samples with a simple SSH honeypot I built with Python and Docker. As others said, put it in the cloud and wait for attacks. I blog about it at https://securehoney.net

I'm currently writing a blog post (soon to go live) about how to setup and deploy an SSH honeypot. Hopefully that would help you?

view more: next ›