Practical Bypasses for MFA with Poor Implementations

Contribute to Piosec/Golconda development by creating an account on GitHub.

It looks like authentication, but is it really?

How BLS approaches Threat Matrices and how we’re improving their effectiveness within the community

A Golang tool to whitelist ASN's based on organization name - GitHub - jordanpotti/goAllowOrgs: A Golang tool to whitelist ASN's based on organization name

Join us two days before the conference for some pre-con training. Thats right! We are offering two in-person training courses this year; offensive and defensive.

This blog is an introduction for my newly released post exploitation / privilege escalation tool SharpImpersonation. The code base makes heavy use of Tokenva...

Network Analysis Tool. Contribute to odedshimon/BruteShark development by creating an account on GitHub.

This Powershell noscript is designed to be run on a supported (by Microsoft) Windows host. It checks for the most common issues that will prevent successful credentialed scans by Nessus.

This article explains the pre-auth remote code execution exploit against Kaseya VSA that was used in the recent REvil ransomware attack.

Sloth 🦥 is a coverage guided fuzzing framework for fuzzing Android Native libraries that makes use of libFuzzer and QEMU user-mode emulation - GitHub - ant4g0nist/Sloth: Sloth 🦥 is a coverage guide...

An online platform for learning and teaching cyber security, all through your browser.

This article on email security demonstrates how administrators can protect email from attackers impersonating its domain

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more - GitHub - aquasecurity/trivy: Find vulnerabilities, misconfigurations, secrets,...

The Schneider Electric electric car charging stations product line "EVlink" is affected by two vulnerabilities that allow a remote attacker to execute arbitrary commands on the system. Attackers can change the charging station configuration arbitrarily, charge…

AIL Framework released version 3.6

AIL Framework version 3.6 released with new features (such as YARA retrohunt), significant performance improvements, refactoring of the modules and many bugs wer...

Assorted writings. Contribute to vtriolet/writings development by creating an account on GitHub.

This project hosts security advisories and their accompanying proof-of-concepts related to research conducted at Google which impact non-Google owned code.

With the rise of internet and increasing risks of getting hacked, it's more than necessary nowadays that we have an extra layer of security on our accounts, since password alone is not enough. Thus, using Phone numbers for 2FA sounds much more secure, but…