Qualcomm is the market-dominant hardware vendor for non-Apple smartphones. Considering the [SoCs] they produce are predominant, it has become increasingly interesting to reverse-engineer and take over their boot chain in order to get a hold onto the highest…

This presentation is the outcome of a community driven project called "Top 20 Secure PLC Coding Practices", with document version 1.0 to be released on plc-security.com on June 15th, 2021, for downloading free or charge, and will have no restrictions on distribution…

As I'm preparing for the Pentest+ exam, I wanted to do a practice test walkthrough to help others out that are on the same path. This practice test is from Jason Dion (I got his permission to use it for this video) and you can find it here:
https://githu…

Microsoft Exchange Server is an email solution widely deployed within government and enterprises, and it is an integral part of both their daily operations and security. Needless to say, vulnerabilities in Exchange have long been the Holy Grail for attackers…

Web CTF CheatSheet 🐈. Contribute to ghamari1991/Web-CTF-Cheatsheet development by creating an account on GitHub.

Multiple vulnerabilities in cPanel/WHM. RCE and Privilege Escalation via stored XSS. Cross-Site WebSocket Hijacking.CSRF bypass

DeFi / Crypto - This is it rekt readers; the big one. $611M stolen from Poly Network, but has the hacker had a change of heart? They're returning the money bit by bit.

A collection of tutorials aimed particularly for newbie reverse engineers. 01. Olly + assembler + patching a basic reverseme 02. Keyfiling the reverseme + assembler 03. Basic nag removal + header problems 04. Basic + aesthetic patching 05. Comparing on changes…

Posted in r/netsec by u/_creosote • 10 points and 6 comments

If you are a bug bounty hunter or security researcher, you must be familiar with a technique called Fuzzing. In case you just newly…

Check Point Research reveals that a threat actor named Indra is responsible for the attacks against targets in Iran, as well as against companies in Syria.

what is ebpf linux kernel?
It is a kernel technology (starting in Linux 4.x) that allows programs to run without having to change the kernel source code or adding additional modules. It is a sort of lightweight, sandbox virtual machine (VM) inside the Linux…

The OS command-injection bug, in the web application firewall (WAF) platform known as FortiWeb, will get a patch at the end of the month.

In this video, I am talking about apache tomecat deserialization remote code execution vulnerability. This vulnerability is in PersistantManager.
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103…