Hacker News
- Unparalleled RDP Monitoring Reveal Attackers’ Tradecraft https://www.gosecure.net/blog/2023/08/09/how-unparalleled-rdp-monitoring-reveal-attackers-tradecraft/ 3 comments
- Current MFA fatigue attack campaign targeting Microsoft Office 365 users https://www.gosecure.net/blog/2022/02/14/current-mfa-fatigue-attack-campaign-targeting-microsoft-office-365-users/ 184 comments
- Scientific notation bug in MySQL left AWS WAF vulnerable to SQL injection https://www.gosecure.net/blog/2021/10/19/a-scientific-notation-bug-in-mysql-left-aws-waf-clients-vulnerable-to-sql-injection/ 41 comments
- Another AWS WAF bypass allowing SQLi caused by an unorthodox MSSQL design choice https://www.gosecure.net/blog/2023/06/21/aws-waf-clients-left-vulnerable-to-sql-injection-due-to-unorthodox-mssql-design-choice/ 17 comments netsec
- RDP is susceptible to a transparent Net-NTLMv2 hash-stealing attack. When disclosed, Microsoft responded: “not a vulnerability, […] by design”. https://www.gosecure.net/blog/2023/04/26/never-connect-to-rdp-servers-over-untrusted-networks/ 56 comments netsec
- PyRDP 1.2.0 released – Can perform Net-NTLM hash capture before the certificate error on RDP https://www.gosecure.net/blog/2022/12/23/a-new-pyrdp-release-the-rudolph-desktop-protocol/ 7 comments netsec
- A study of cracked passwords from breaches demonstrates which geographical factors have the most impact on password strength https://www.gosecure.net/blog/2022/09/26/tell-me-where-you-live-and-i-will-tell-you-about-your-password-understanding-the-macrosocial-factors-influencing-passwords-strength/ 2 comments technology
- A study of cracked passwords from breaches demonstrates which geographical factors have the most impact on password strength https://www.gosecure.net/blog/2022/09/26/tell-me-where-you-live-and-i-will-tell-you-about-your-password-understanding-the-macrosocial-factors-influencing-passwords-strength/ 8 comments netsec
- How to Steal Browser’s Autofill Credentials via Cross-Site Scripting (XSS) https://www.gosecure.net/blog/2022/06/29/did-you-know-your-browsers-autofill-credentials-could-be-stolen-via-cross-site-scripting-xss/ 4 comments netsec
- Capturing RDP NetNTLMv2 Hashes: Attack details and a Technical How-To Guide - GoSecure https://www.gosecure.net/blog/2022/01/17/capturing-rdp-netntlmv2-hashes-attack-details-and-a-technical-how-to-guide/ 2 comments netsec
- Achieve RCE or lateral movement by abusing WSUS to perform NTLM relay attacks https://www.gosecure.net/blog/2021/11/22/gosecure-investigates-abusing-windows-server-update-services-wsus-to-enable-ntlm-relaying-attacks/ 6 comments netsec
- A Scientific Notation Bug in MySQL left AWS WAF Clients Vulnerable to SQL Injection https://www.gosecure.net/blog/2021/10/19/a-scientific-notation-bug-in-mysql-left-aws-waf-clients-vulnerable-to-sql-injection/ 2 comments netsec
- Write-up on the Authenticated Remote Code Execution in Pulse Secure VPN (CVE-2020-8218) https://www.gosecure.net/blog/2020/08/26/forget-your-perimeter-rce-in-pulse-connect-secure/ 4 comments netsec
- Paper: Cybersecurity Perception vs Reality. A study of the disconnect between defenders' perception of security measures and their real efficiency according to pentesters. https://www.gosecure.net/blog/2020/07/16/research-on-perceptions-vs-reality-in-cybersecurity/ 3 comments netsec
- A Frida Script to Bypass Mono/Xamarin based Certificate Pinning on Android Devices for Mobile Assessments and Man-in-the-Middle https://www.gosecure.net/blog/2020/04/06/bypassing-xamarin-certificate-pinning-on-android/ 3 comments netsec
- Open source Malboxes now deploys Windows desktop OS to AWS ready for malware detonation and analysis with many tools preinstalled https://www.gosecure.net/blog/2020/02/21/cloudy-with-a-chance-of-malware-malboxes-now-deploys-to-aws/ 3 comments netsec