this post was submitted on 11 Jun 2023
2 points (100.0% liked)

Research

296 readers
1 users here now

/r/netsec's branch in the fediverse.

A community-curated aggregator of technical research. Our mission is to extract signal from the noise.

Only post technical content here. New tools (and major releases of existing ones), novel techniques, deep dives and post mortems are the ideal content. CTF and bug bounty writeups could be acceptable if they showcase lesser known approaches or techniques.

Non-technical content (both beginner and CISO level) will be considered spam.

founded 2 years ago
MODERATORS
 

If you're working on a research or side project, this is your platform to share your findings, roadblocks, breakthroughs, and more. Doesn't matter if it's still a work in progress or has been recently published - all stages of research are welcome.

Maybe you're not actively researching, but you're closely following an interesting development in the industry or a certain researcher's work - feel free to share that here too!

Or perhaps, you've got an idea for a project or research you wish to undertake, but need resources, collaborators, or simply some guidance - let the community know.

Here's a simple guideline to kickstart the conversation:

  • What's the research about? (Give a brief overview of the project or topic)
  • Current progress/Findings (If applicable)
  • Challenges and roadblocks (What issues are you facing or expect to face?)
  • Help needed (Are you looking for collaborators, resources, advice, etc.?)
all 3 comments
sorted by: hot top controversial new old
[โ€“] [email protected] 1 points 2 years ago

I played around with WebSockets and wrote a new tool: https://github.com/doyensec/wsrepl

It's an interactive REPL interface like websocat, but it's meant specifically for pentesting, not debugging, and it's easily extensible in Python (while still retaining REPL interface). In future releases I'd like to expand the extensibility by adding declarative style configuration (the ultimate feature would be something like what Burp's Autorize plugin does, but for websockets).

[โ€“] [email protected] 1 points 2 years ago

I would like to go deeper on malware development and move to mobile devices. I would like to also study a new language like nim or zig. But the fact that nim has tab-driven codeblocks and zig is not memory safe doesn't convince me much.