Microsoft Exchange Server is an email solution widely deployed within government and enterprises, and it is an integral part of both their daily operations and security. Needless to say, vulnerabilities in Exchange have long been the Holy Grail for attackers…

Web CTF CheatSheet 🐈. Contribute to ghamari1991/Web-CTF-Cheatsheet development by creating an account on GitHub.

Multiple vulnerabilities in cPanel/WHM. RCE and Privilege Escalation via stored XSS. Cross-Site WebSocket Hijacking.CSRF bypass

DeFi / Crypto - This is it rekt readers; the big one. $611M stolen from Poly Network, but has the hacker had a change of heart? They're returning the money bit by bit.

A collection of tutorials aimed particularly for newbie reverse engineers. 01. Olly + assembler + patching a basic reverseme 02. Keyfiling the reverseme + assembler 03. Basic nag removal + header problems 04. Basic + aesthetic patching 05. Comparing on changes…

Posted in r/netsec by u/_creosote • 10 points and 6 comments

If you are a bug bounty hunter or security researcher, you must be familiar with a technique called Fuzzing. In case you just newly…

Check Point Research reveals that a threat actor named Indra is responsible for the attacks against targets in Iran, as well as against companies in Syria.

what is ebpf linux kernel?
It is a kernel technology (starting in Linux 4.x) that allows programs to run without having to change the kernel source code or adding additional modules. It is a sort of lightweight, sandbox virtual machine (VM) inside the Linux…

The OS command-injection bug, in the web application firewall (WAF) platform known as FortiWeb, will get a patch at the end of the month.

In this video, I am talking about apache tomecat deserialization remote code execution vulnerability. This vulnerability is in PersistantManager.
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103…

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻 - jakejarvis/awesome-shodan-queries

On April 7 2021, Thijs Alkemade and Daan Keuper demonstrated a zero-click remote code execution exploit in the Zoom video client during Pwn2Own 2021. Now that related bugs have been fixed for all users (see ZDI-21-971 and ZSB-22003) we can safely detail the…

What is SaltStack?
SaltStack, also known as Salt, is a configuration management and orchestration tool. It uses a central repository to provision new servers and other IT infrastructure, to make changes to existing ones, and to install software in IT environments.…