UUTCTF is a student CTF organized by Urmia University of Technology. It is the CTF contest of P0SCon Cyber-Security C...

As we come across interesting things that we want to share with the community we will document them here as a tech note.

Poc, Presentation of Monitor OSD Exploitation, and shenanigans of high quality. - RedBalloonShenanigans/MonitorDarkly

    Hi everyone, I will tell bug I found. This bug is out of scope. I think that this bug may give you idea. Then, I decided to tell.

I’ve been meaning to get around to doing one of these in a public blog for a bit, so I figured I would pick one of the more involved…

At the beginning of March,while researching one site I discovered the new functionality. The functionality allowed the user to login via…

Hola Infosec! Thanks for showing so much love to my previous story. Just like my last writup, today also I am going to share an…

Semmle security researcher Man Yue Mo explains how he used CodeQL’s Data Flow library to discover multiple RCE vulnerabilities (CVE-2018-11776) in Apache Struts.

Today I am gonna share a simple but critical vulnerability with you guys. This vulnerability called payment price manipulation, by using…

A vulnerability in Bitdefender Antivirus allowed any website to run arbitrary code with user's privileges. This was caused by issues very similar to ones found in other antivirus products before.

Two days ago, I found a simple, limited XSS, so, I developed it to be a One-click full account takeover.

Have you ever wondered how hackers find and exploit IDOR (Insecure Direct Object Reference)?
In this video STÖK get schooled by Fisher who shows him how to setup and hunt for IDORS using BURP Suite & plugins like Autorize and AutoRepeter.

Fisher:
https:…

Justin Sun has offered $1 million to the person who finds those responsible for the recent Twitter hacks.