Research

Skip Navigation

/r/netsec's branch in the fediverse.

A community-curated aggregator of technical research. Our mission is to extract signal from the noise.

Only post technical content here. New tools (and major releases of existing ones), novel techniques, deep dives and post mortems are the ideal content. CTF and bug bounty writeups could be acceptable if they showcase lesser known approaches or techniques.

Non-technical content (both beginner and CISO level) will be considered spam.

Members

296

Posts

10

Active Today

1

Created

2 yr. ago

Sort

Research @infosec.pub
Featured

What's your side project of a month?

1
Research @infosec.pub
diegantobass @lemmy.world
6mo ago

Open Research devroom @ FOSDEM2025 anyone ?

research-fosdem.github.io Open Research Devroom
A place to discuss the creation and use of Free Libre Open Source Software in research context: science, investigative journalism, activism, OSINT…

Call for proposals!

0
Research @infosec.pub
alphanerd4 @lemmy.world
9mo ago

umb.libguides.com Research Guides: Primary Sources: A Research Guide: Open Access
including American Memory

0
Research @infosec.pub
ranok @sopuli.xyz
2y ago

Q2'23 ThinkstScapes Infosec research review

s3.eu-west-1.amazonaws.com /www.thinkst.com/thinkstscapes/ThinkstScapes-2023-Q2-lowres.pdf

0
Research @infosec.pub
himazawa @infosec.pub
2y ago

RowPress: Amplifying Read Disturbance in Modern DRAM Chips

people.inf.ethz.ch /omutlu/pub/RowPress_isca23.pdf

0
Research @infosec.pub
execveat @infosec.pub
2y ago

blog.millerti.me WWDC23: Passkeys
All the passkeys news not fit to print or film or whatever

0
Research @infosec.pub
execveat @infosec.pub
2y ago

BChecks (SDL for defining custom scans) available in Burp 2023.6

portswigger.net BChecks worked examples
BChecks are defined by importing .bcheck files into Burp Suite Professional. This section provides some example definitions that correspond to real-world ...

It's like nuclei templates I guess, but built into Burp. Only available in the Early Adopter release for now.

0
Research @infosec.pub
execveat @infosec.pub
2y ago

Every Signature is Broken: On the Insecurity of Microsoft Office’s OOXML Signatures

www.usenix.org /system/files/sec23summer_235-rohlmann-prepub.pdf

OOXML signatures are rendered pretty much useless due to 3 flaws in specification and 2 flaws in implementation.
"The vulnerabilities have been acknowledged by Microsoft. However, Microsoft has decided that the vulnerabilities do not require immediate attention."

0
Research @infosec.pub
execveat @infosec.pub
2y ago

neodyme.io CS:GO: From Zero to 0-day
We identified three independent remote code execution (RCE) vulnerabilities in the popular Counter-Strike: Global Offensive game. Each vulnerability can be triggered when the game client connects to our malicious python CS:GO server. This post details our journey through the CS:GO binary and conduct...

They've chained 4 logic bugs to achieve RCE in CS:GO, pretty impressive. Valve sucks at communication and bug bounty payouts though.

0
Research @infosec.pub
mjh @infosec.pub
2y ago

Side projects for May/June 2023 (🔒podcast)

video.infosec.exchange Lockpodcast
Lockpodcast is a podcast made by @mj@treehouse.systems I wanted to play around with some video editing so I decided to try making some video with it. You can find it here. https://lockpodcast.com

h/t @NeonPayload@infosec.pub for the video.
My slipping goal for the past month has been the continued production of a weekly podcast. Nothing long, short form that could be listened to on a train or in the car.
The challenge I'm facing head on is how to make it unique. Sure, I can do NPR reading the news but who cares and who is that, what is my target audience. My simple solution so far is to go back and try to find a style and content that people can't get from a dozen different sources on their phone already.
Ideas and recommendations appreciated.

0

0 active users