medium.com/@ngocnb.915/sq…

Our team took apart Solarwinds Web Help Desk to discover some serious issues (hardcoded credentials, arbitrary HQL evaluation) - CVE-2021-35232 - we explain the discovery and exploitation process in our blog post: blog.assetnote.io/2022/01/23/sol…

Our CFP is up! Sign up, whether you're old or new to the field, if you have something to talk highly technical or more social or functional, or even if it's only adjacent to cyber! forms.gle/ope6ZC9yKocFd1…

Other day I asked for large repos of detection rules here is the running list of responses. Elastic - github.com/elastic/detect… Sigma - github.com/SigmaHQ/sigma Chronicle - github.com/chronicle/dete… Splunk - research.splunk.com/detections/ Falcon Force -github.com/FalconForceTea…

We've released a new blog post and a tool called Ghostbuster which eliminates dangling elastic IPs by performing analysis on your resources within all your AWS accounts. You can read about this here: blog.assetnote.io/2022/02/13/dan…

I've released the first episode of Bug Bounty Redacted today (Exposed Redis & HAProxy): youtube.com/watch?v=mWNaGn… This series walks you through real bug bounty reports that were rewarded, and explains the discovery process, and reporting process in detail. New episodes Monthly!

The second episode of Bug Bounty Redacted is out now! youtu.be/kcSc5jL-FdU This episode covers third party subdomain takeovers and exposed administration panels. There's also a free PentesterLab 1-month subscription code in the video. I wonder who will find it first?

If you missed it, you can watch my presentation on "Diving Deeper Into Subdomain Takeovers & Mitigations" here: youtube.com/watch?v=-vmZOS…

I am quite often asked if there are sites, training, and/or books that I would recommend to get into DFIR and of course, continue to learn. So I have created a sub-page Resources with my recommendations. I will continue to update this page over time. fancy4n6.com/dfir-resources/

🔥Get keen and block out the 23rd-25th September in your calendars as CTF days cause DUCTF 3.0 is coming! See y'all there hackers! 💻 duc.tf/ctftime #cybersecurity #ctf #infosec #ductf

Happening this 24-25th September ✏️ Mark your calendars as it has been resurrected! 🤩 Stay tuned👀 #cyberrevival #cseccon

🏆 It is time to reveal the top three hunters of Open My Heart - our Live #BugBounty with Lazada Singapore at #HITB2022SIN! 🥇 doomerhunter (Victor Poucheret) 🥈 Assetnote 🥉 Avi Huge congrats and thank you to all the hunters who attended this live hacking event! You rock! #YesWeRHackers

1/3 New video! In this video we walk through the first Azure attack workshop by Mandiant (part of Google Cloud) youtu.be/D5gYhr6J830 We cover: - Resetting app credentials and logging in as the service principal - Listing Azure key vaults, listing secrets and showing secret values

Shoutout to UTS Cyber Security Society for organising such a wonderful infosec conf! It had everything: cool venue, excellent and diverse speakers, a sweet lighting setup, a ctf room, a quiet room, rad artwork. Oh and this was their *first* conference. I'm in awe. Much ❤️❤️

Huge thanks to all CSECcon 2022 attendees, speakers, sponsors, volunteers, DUCTF, MQ MACS, ActivateUTS and UTS:CSEC! Link in bio to leave feedback and view photos! Check emails to see if you’re a CTF winner/your prizes, and reach out if you missed out on collecting your merch!

I am so excited to join the Volkis team in the new year 🐺😍

Our security research team at Assetnote discovered a critical RCE vulnerability in Avaya Device Services. This vulnerability has affected our customers and has also led to over $60k of findings in bug bounties. You can read the writeup of this issue here: blog.assetnote.io/2023/02/01/rce…

Our security research team Assetnote discovered a critical pre-authentication RCE vulnerability affecting Aspera Faspex. There are still thousands of unpatched instances on the internet. Pretty crazy bug. You can read about the finding here: blog.assetnote.io/2023/02/02/pre…

I was recently featured in the American Banker for my work in bug bounties targeting financial institutions. You can read about it here: Article: americanbanker.com/news/hack-me-i… Bypass paywall: 12ft.io/proxy?q=https%…

Thanks everyone who attended my keynote presentation at Security BSides Ahmedabad. I've published my slides here: drive.google.com/file/d/1aeNq_5… I hope that the keynote was informative and inspiring :)