We analyzed the top 1,000 GitHub organizations. It involved scanning 38,691 GitHub repositories (Ruby, Python, JavaScript, Go, and PHP code).

Tools to assess the DNS security of web applications - GitHub - The-Login/DNS-Reset-Checker: Tools to assess the DNS security of web applications

CVE-2021-36934 manual mitigation in commandprompt. - CVE-2021-36934.bat

A BurpSuite extension to parse 5GC NF OpenAPI 3.0 files to assess 5G core networks - GitHub - PentHertz/5GC_API_parse: A BurpSuite extension to parse 5GC NF OpenAPI 3.0 files to assess 5G core netw...

The popular Punkspider web vulnerability scanning tool is returning with bigger scale, broader reach and coverage of attacks in the OWASP Top 10.

The "Forgot password?" feature and how DNS vulnerabilities may allow the takeover of user accounts.

Coming up in today's blog post: I'll be exploring recent cyber attacks targeting my SSH honeypots. From cryptojacking motives to techniques used by attackers.

An introduction to KRSI and how you can use it to dynamically prevent data exfiltration based on IP ranges.

Hardening results

Hidden parameters discovery suite. Contribute to Impact-I/x8-Burp development by creating an account on GitHub.

Some notes about retrieving an OpenSSH shielded private key from ssh-agent process memory (gcore dump)

A pre-DDoS security assessment tool. Contribute to Cyberlands-io/epiphany development by creating an account on GitHub.

Many Windows applications have multiple ways in which the same command line can be expressed, usually for compatibility or ease-of-use reasons. As a result, command-line arguments are implemented inconsistently making detecting specific commands harder due…

Meet JWTs cousin: CWT: machine-friendly, saves processing power, and is especially suitable for IoT devices. Provides same features as…

Many Windows applications have multiple ways in which the same command line can be expressed, usually for compatibility or ease-of-use reasons. As a result, command-line arguments are implemented inconsistently making detecting specific commands harder due…

Auch wenn man die Clubhouse-App gar nicht verwendet, kann die eigene Nummer im Leak enthalten sein.

July 25 & 26 10am – 10pm sgt HITB LOCKDOWN 002 Days Hours Minutes Presentation materials https://conference.hitb.org/hitblockdown002/materials/ HITB Lockdown Livestream 25th & 26th July 10am - 10pm SGT AGENDA HITB Virtual Labs 25th & 26th July 2pm - 6pm SGT…

Reconky is an great Content Discovery bash noscript for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward. - GitHub - ShivamRai200...

Websites tend to scan the open ports of their users, from the browser, to identify new/returning users better.
Can ‘localhost’ be abused…