So in “proxy” mode, Cowrie is pretty damn powerful. It proxies you through to a backend pool of live systems or virtual machines. It is god damn awesome. My previous detection methods b…

Aon’s Cyber Solutions discovered a security vulnerability affecting over 20 Mitsubishi Electric Air Conditioner Control Systems leading to information disclosure and/or denial of service via unauthenticated XML External Entity Injection (XXE). For a complete…

HTTP Request Smuggling is often left behind in bug bounty findings. But with the right extension, you can automate the task of finding HTTP…

Advanced Fuzzing Library - Slot your Fuzzer together in Rust! Scales across cores and machines. For Windows, Android, MacOS, Linux, no_std, ... - GitHub - AFLplusplus/LibAFL: Advanced Fuzzing Libra...

Random PowerShell noscripts worth sharing. Contribute to jokezone/PowerShell-Scripts development by creating an account on GitHub.

Posted by 0xdea - 33 votes and 4 comments

Security Scorecards - Security health metrics for Open Source - GitHub - ossf/scorecard: Security Scorecards - Security health metrics for Open Source

Posted in r/netsec by u/MilonMaze • 0 points and 0 comments

Kontra is an Application Security Training platform built for modern development teams.

Attack also targets oil & gas suppliers likely as a stepping-stone to infect companies that work with the suppliers.

Conti's rapid encryption speed is matched only by its rapid evolution. SentinelLabs' deep dive explores its development in unprecedented detail.

Run individual configuration, compliance and security controls or full compliance benchmarks for CIS, PCI, NIST, HIPAA, RBI CSF, and AWS Foundational Security Best Practices controls across all your AWS accounts using Steampipe.

I recently observed some malware (uploaded to my honeypot) that targets Hive OS's wallet configuration -- to redirect mined coins to the attacker.

Detection Script to help identify why your PC isn't Windows 11 Release Ready - rcmaehl/WhyNotWin11

Detection Script to help identify why your PC isn't Windows 11 Release Ready - rcmaehl/WhyNotWin11

tldr: do not expose Rendertron! If you run headless browsers for things other than testing, design the infra expecting they will get owned.

With many million users across all age groups and income levels, video games have become the world’s leading entertainment industry. Behind the fun experience t

Setting up an O.MG cable for keystroke injection attacks, and then forensically dumping the firmware for analysis.

Query nessus reports via SQL! Contribute to The-Login/nessSQL development by creating an account on GitHub.