Use SQL to instantly query file, domain, URL and IP scanning results from VirusTotal. - GitHub - turbot/steampipe-plugin-virustotal: Use SQL to instantly query file, domain, URL and IP scanning res...

Today I wanted to write a blog post to answer the questions to the Noabar scenario located here: A little background on what Noabar is, this is a Windows machine in my home lab that I attacked to c…

Preface (日本語版も公開されています。) Cloudflare, which runs cdnjs, is running a “Vulnerability Disclosure Program” on HackerOne, which allows hackers to perform vulnerability assessments. This article describes vulnerabilities reported through this program and published…

Introduction

Posted in r/netsec by u/BIOS4breakfast • 29 points and 1 comment

A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀 - GitHub - dwisiswant0/ppfuzz: A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀

Posted in r/netsec by u/giuliomagnifico • 116 points and 9 comments

It’s easy to set up an IDS or other infrastructure to drop packets that match rules. There are many tools for real-time inspection of connections that can handle higher level protocols like HTTP or TLS.

### Discovered-by
Jakub Żoczek

### Impact
Possible remote code execution vulnerability in mailing action mail-whois

### Summary

Command `mail` from mailutils package used in mail actions...

PowerShell Script Obfuscator. Contribute to klezVirus/chameleon development by creating an account on GitHub.

Self-developed tools for Lateral Movement/Code Execution - klezVirus/CheeseTools

Read Excel Spreadsheets (XLS/XLSX) using Cobalt Strike's Execute-Assembly - GitHub - OG-Sadpanda/SharpExcelibur: Read Excel Spreadsheets (XLS/XLSX) using Cobalt Strike's Execute-Assembly

Read the contents of DOCX files using Cobalt Strike's Execute-Assembly - GitHub - OG-Sadpanda/SharpSword: Read the contents of DOCX files using Cobalt Strike's Execute-Assembly

Inject JavaScript to explore native apps on Windows, macOS, GNU/Linux, iOS, Android, and QNX

Penetration Tester | Ethical Hacker | Web Application Security

CNT hit by RansomEXX ransomware. Customer and corporate data compromised and hosted on the breached website. 190 GB of data supposedly stolen...

Q&A with one of the richest bug bounty hunters in the world, Cosmin who made over $2M in bug bounties. What is his advice for the new bug bounty hunters?

NSO Group claims that its Pegasus spyware is only used to “investigate terrorism and crime” and “leaves no traces whatsoever”. This Forensic Methodology Report shows that neither of these statements are true. This report accompanies the release of the Pegasus…