When self study for OSCP certification,I stumble upon HTB machine that have CVE-2019-17420 vulnerability. I look for public exploit and there was one written in python. As challenge for me self was to recreate this exploit in golang. So lets get started.

Penetration testing, one of the great aspects of cybersecurity, working in different projects will increase your contact with large and…

iosiro identified a critical bug in the fixed-interest-rate lending protocol 88mph. The bug was reported to 88mph through Immunefi for a bounty of $42,069. This blog post details the bug and the disclosure process.

Threat investigation methods the SOC can use to deal with stolen AWS credential, Okta SuperHuman activity, phishing attempts and malicious email alerts.

At Elastic, we’ve been working closely with the team at Prelude to help security teams of all skill levels, arming all analysts and red teams alike. Learn how teams can use Prelude Operator in conjunc...

This is the second part of a blog about putting a WiFi router into a phone charger; please see part zero here and feel free to join our…

Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.

Posted in r/netsec by u/0xdea • 1 point and 0 comments

Posted in r/netsec by u/root_at_remote_host • 1 point and 0 comments

Active Directory Certificate Services (ADCS) have never really been under security scrutiny until a few years ago (by C. Falta and later Q&D Security). We will therefore focus today on how similar techniques can be used to gain Domain Admins privileges.

In this article we will dive into Network Traffic visualization using the Python programming language, Wireshark and Google Maps. This…

CVE/Research Publications. Contribute to 1d8/publications development by creating an account on GitHub.

Active Directory Certificate Services has a lot of attack potential!

In this episode, Ben interviews Feross Aboukhadijeh about Wormhole. Wormhole is a file sending tool that lets you quickly share files with end-to-end encryption and a link that automatically expires. So you can keep what you share private and make sure your…

As security teams continue to advance, it has become essential for attacker’s to have complete control over every part of their operation, from the infrastructure down to individual actions that...

Into