Anatomy of a phishing attack

Use SQL to instantly query file, domain, URL and IP scanning results from VirusTotal. - GitHub - turbot/steampipe-plugin-virustotal: Use SQL to instantly query file, domain, URL and IP scanning res...

Today I wanted to write a blog post to answer the questions to the Noabar scenario located here: A little background on what Noabar is, this is a Windows machine in my home lab that I attacked to c…

Preface (日本語版も公開されています。) Cloudflare, which runs cdnjs, is running a “Vulnerability Disclosure Program” on HackerOne, which allows hackers to perform vulnerability assessments. This article describes vulnerabilities reported through this program and published…

Introduction

Posted in r/netsec by u/BIOS4breakfast • 29 points and 1 comment

A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀 - GitHub - dwisiswant0/ppfuzz: A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀

Posted in r/netsec by u/giuliomagnifico • 116 points and 9 comments

It’s easy to set up an IDS or other infrastructure to drop packets that match rules. There are many tools for real-time inspection of connections that can handle higher level protocols like HTTP or TLS.

### Discovered-by
Jakub Żoczek

### Impact
Possible remote code execution vulnerability in mailing action mail-whois

### Summary

Command `mail` from mailutils package used in mail actions...

PowerShell Script Obfuscator. Contribute to klezVirus/chameleon development by creating an account on GitHub.

Self-developed tools for Lateral Movement/Code Execution - klezVirus/CheeseTools

Read Excel Spreadsheets (XLS/XLSX) using Cobalt Strike's Execute-Assembly - GitHub - OG-Sadpanda/SharpExcelibur: Read Excel Spreadsheets (XLS/XLSX) using Cobalt Strike's Execute-Assembly

Read the contents of DOCX files using Cobalt Strike's Execute-Assembly - GitHub - OG-Sadpanda/SharpSword: Read the contents of DOCX files using Cobalt Strike's Execute-Assembly

Inject JavaScript to explore native apps on Windows, macOS, GNU/Linux, iOS, Android, and QNX

Penetration Tester | Ethical Hacker | Web Application Security

CNT hit by RansomEXX ransomware. Customer and corporate data compromised and hosted on the breached website. 190 GB of data supposedly stolen...

Q&A with one of the richest bug bounty hunters in the world, Cosmin who made over $2M in bug bounties. What is his advice for the new bug bounty hunters?