Paul shows us another exploit for FFmpeg. The vulnerability is located in the RTMP protocol. While working with the binary format of the protocol requires a lot of work, the exploit itself is very easy.

Vulnerable Version: https://github.com/FFmpeg/FFmp…

Our guest for this episode of the OWASP DevSlop Show is Paul Ionescu; Paul is a Security Architect and OWASP Chapter Leader from Ottawa, Canada. He is the creator and maintainer of the Secure Coding Dojo open source project.

Code review is, hopefully, part…

While working for browser-based attacks on the URL bar, I learned a way where it was still possible to spoof address bar in safari. None…

Facebook bug bounty remote crash bug

A story of turning an Informative bug to critical bug

Since the dawn of the World Wide Web, attackers have been involved in discovering techniques to compromise systems. Likewise security…

Earn $$. Learn What You Need to Get Certified (90% Off): https://nulb.app/cwlshop

How to Run an OSINT Investigation on a Phone Number
Full Tutorial: http://bit.ly/PhoneOSINT
Subscribe to Null Byte: https://goo.gl/J6wEnH
Kody's Twitter: https://twitter.com/KodyKinzie…

Roger Grimes, Data-Driven Defense Evangelist, KnowBe4, Inc.

Passwords are finally being left behind in favor of two-factor (2FA) and multifactor (MFA) authentication. Some vendors are promoting “unhackable” 5FA solutions. It’s all a lie. All authentication…

Live every Sunday on Twitch:
https://twitch.tv/nahamsec

Follow me on social media:
https://twitter.com/nahamsec
https://instagram.com/nahamsec
https://twitch.com/nahamsec
https://hackerone.com/nahamsec
https://facebook.com/nahamsec1

Free $100 DigitalOcean…

Microsoft Releases Patch for Critical Windows CryptoAPI Spoofing Flaw (CVE-2020-0601) Discovered by the NSA.

**Summary:**

Dovecot supports enforcing the login user name to be the one encoded in the SSL client certificate, thus restricting the username. Using SSL certificates that do not even contain the...