😈 Cloud services as exfiltration mechanisms Exfiltrate info from a network with no permissions, bypassing data perimeter IAM conditions → Make a request to attacker-controlled S3 bucket → Even if denied, info in request is logged (exfiltrated) airwalkreply.com/cloud-services…

Learn more about how having a security-oriented scheduling strategy for #k8s can limit opportunities for lateral movement within your environment in our latest blog post. #doyensec #Kubernetes #security #appsec blog.doyensec.com/2024/01/23/k8s…

🎉PortSwigger 's "Top 10 Web Hacking Techniques" voting is open. #Doyensec has 2 🔥 entries - vote now! 1️⃣ A New Vector For “Dirty” Arbitrary File Write to RCE - Maxence SCHMITT & phosphore 2️⃣ SSRF Cross Protocol Redirect Bypass - Szymon Drosdzol portswigger.net/polls/top-10-w…

this is one way to hide your mirai.

I usually don't like to talk about myself cause I think I have nothing to say. But this could be a lot useful to someone who is starting his/her career in the security field. So thank you to Doyensec for pushing me out of my comfort zone!

anyOneFollowingOnXzBackdoorCase reddit.com/r/programmerhu…

For all macOS privacy pwning enthusiast - a new TCC blog post just landed on my blog: wojciechregula.blog/post/tcc-bypas…

a vuln research podcast called TOCTOUh

State of the art XSS using the ISO-2022-JP charset hackvertor.co.uk/hack-pad/2

What infosec really needs is another podcast and more discord servers.

Very common technique to drain crypto funds from developers these days. Stay safe

Vendor-specific implementations are a goldmine for 0 interaction, high-impact bugs. Time for security research to refocus beyond AOSP's already strong security assurances

The truth is, a non-negligible part of the infosec crowd lacks a solid understanding of the systems they aim to protect. There's a difference between asking open, constructive questions ('Is it secure? Could it be abused?') and jumping straight to sensational claims about APTs/TI

It's hard to believe, but due to H100 restrictions, DeepSeek was forced to train R1 manually, with thousands of Chinese citizens holding flags to act as logic gates.

This is one of the craziest ideas I've ever seen. He converted a drawing of a bird into a spectrogram (PNG -> Soundwave) then played it to a Starling who sung it back reproducing the PNG. Using the birds brain as a hard drive with 2mbps read write speed. youtube.com/watch?si=HMtVd…

Injecting (or hiding) fire, barcodes, or humans into CCD cameras with electromagnetic shots. 📷 💉🌲🔥🌲 More details on: LinkedIn: linkedin.com/posts/dlaskov_… Substack: it4sec.substack.com/p/injecting-or…