Hidden parameters discovery suite. Contribute to Impact-I/x8-Burp development by creating an account on GitHub.

Some notes about retrieving an OpenSSH shielded private key from ssh-agent process memory (gcore dump)

A pre-DDoS security assessment tool. Contribute to Cyberlands-io/epiphany development by creating an account on GitHub.

Many Windows applications have multiple ways in which the same command line can be expressed, usually for compatibility or ease-of-use reasons. As a result, command-line arguments are implemented inconsistently making detecting specific commands harder due…

Meet JWTs cousin: CWT: machine-friendly, saves processing power, and is especially suitable for IoT devices. Provides same features as…

Many Windows applications have multiple ways in which the same command line can be expressed, usually for compatibility or ease-of-use reasons. As a result, command-line arguments are implemented inconsistently making detecting specific commands harder due…

Auch wenn man die Clubhouse-App gar nicht verwendet, kann die eigene Nummer im Leak enthalten sein.

July 25 & 26 10am – 10pm sgt HITB LOCKDOWN 002 Days Hours Minutes Presentation materials https://conference.hitb.org/hitblockdown002/materials/ HITB Lockdown Livestream 25th & 26th July 10am - 10pm SGT AGENDA HITB Virtual Labs 25th & 26th July 2pm - 6pm SGT…

Reconky is an great Content Discovery bash noscript for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward. - GitHub - ShivamRai200...

Websites tend to scan the open ports of their users, from the browser, to identify new/returning users better.
Can ‘localhost’ be abused…

Websites tend to scan the open ports of their users, from the browser, to identify new/returning users better.
Can ‘localhost’ be abused…

Sometimes, functions included in Python RE are misused by developers and when you see this it can be possible to bypass weak input validation functions.

LemonDuck, an actively updated and robust malware that’s primarily known for its botnet and cryptocurrency mining objectives, adopted more sophisticated behavior and escalated its operations. Today, beyond using resources for its traditional bot and mining…

This is a tutorial detailing various non-conventional methods of circumventing signature based WAF or IDS software. Rather than focusing on signature evasion, and bypassing of blacklisted character…

Scan your iPhone for NSO Group's Pegasus malware using Mobile Verification Toolkit (MVT) by Amnesty International

Vulnerability Summary ManageEngine OpManager is a popular Java-based network monitoring solution used by large companies such as NASA, DHL or Siemens. Among other things, it allows the monitoring of network devices such as routers, webcams, servers, firewalls…

The OAuth flow implemented in Mattermost server v5.32 > v5.36 is affected by a reflected XSS. An unauthenticated attacker might gain access to the victim's session.

Many Windows applications have multiple ways in which the same command line can be expressed, usually for compatibility or ease-of-use reasons. As a result, command-line arguments are implemented inconsistently making detecting specific commands harder due…

What to take into account when you developing MVP with front-end \ web, mobile, back-end \ api and cloud pieces - and need to securely store at least some customer data

Posted in r/netsec by u/0xdea • 57 points and 4 comments