The popular Punkspider web vulnerability scanning tool is returning with bigger scale, broader reach and coverage of attacks in the OWASP Top 10.

The "Forgot password?" feature and how DNS vulnerabilities may allow the takeover of user accounts.

Coming up in today's blog post: I'll be exploring recent cyber attacks targeting my SSH honeypots. From cryptojacking motives to techniques used by attackers.

An introduction to KRSI and how you can use it to dynamically prevent data exfiltration based on IP ranges.

Hardening results

Hidden parameters discovery suite. Contribute to Impact-I/x8-Burp development by creating an account on GitHub.

Some notes about retrieving an OpenSSH shielded private key from ssh-agent process memory (gcore dump)

A pre-DDoS security assessment tool. Contribute to Cyberlands-io/epiphany development by creating an account on GitHub.

Many Windows applications have multiple ways in which the same command line can be expressed, usually for compatibility or ease-of-use reasons. As a result, command-line arguments are implemented inconsistently making detecting specific commands harder due…

Meet JWTs cousin: CWT: machine-friendly, saves processing power, and is especially suitable for IoT devices. Provides same features as…

Many Windows applications have multiple ways in which the same command line can be expressed, usually for compatibility or ease-of-use reasons. As a result, command-line arguments are implemented inconsistently making detecting specific commands harder due…

Auch wenn man die Clubhouse-App gar nicht verwendet, kann die eigene Nummer im Leak enthalten sein.

July 25 & 26 10am – 10pm sgt HITB LOCKDOWN 002 Days Hours Minutes Presentation materials https://conference.hitb.org/hitblockdown002/materials/ HITB Lockdown Livestream 25th & 26th July 10am - 10pm SGT AGENDA HITB Virtual Labs 25th & 26th July 2pm - 6pm SGT…

Reconky is an great Content Discovery bash noscript for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward. - GitHub - ShivamRai200...

Websites tend to scan the open ports of their users, from the browser, to identify new/returning users better.
Can ‘localhost’ be abused…

Websites tend to scan the open ports of their users, from the browser, to identify new/returning users better.
Can ‘localhost’ be abused…

Sometimes, functions included in Python RE are misused by developers and when you see this it can be possible to bypass weak input validation functions.

LemonDuck, an actively updated and robust malware that’s primarily known for its botnet and cryptocurrency mining objectives, adopted more sophisticated behavior and escalated its operations. Today, beyond using resources for its traditional bot and mining…

This is a tutorial detailing various non-conventional methods of circumventing signature based WAF or IDS software. Rather than focusing on signature evasion, and bypassing of blacklisted character…

Scan your iPhone for NSO Group's Pegasus malware using Mobile Verification Toolkit (MVT) by Amnesty International