Web authentication testing framework. Contribute to DigeeX/raider development by creating an account on GitHub.

An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface. - nicocha30/ligolo-ng

CTV News has learned the personal information of British Columbians has been leaked online, with an unknown number of people and agencies potentially still vulnerable, after a data breach at a mental health services provider.

A general purpose memory allocator that implements an isolation security strategy to mitigate memory safety issues while maintaining good performance - GitHub - struct/isoalloc: A general purpose m...

Using deception and decoy accounts to detect threat actors

Understanding an application’s network communication is commonly one of the major tasks when performing grey or black box application security analyses. To make this process as efficient and convenient as possible, we developed hallucinate, a dynamic binary…

Posted in r/netsec by u/shapelez • 3 points and 0 comments

In the midst of an epic troll on a country-wide railway system, we discovered a new threat actor and their reusable wiper called Meteor.

Analysis and Exploitability of a buffer overflow vulnerability present in printer's drivers (CVE-2021-3438).

The Magnitude exploit kit, originally known as PopAds, has been around since at least 2012, which is an unusually long lifetime for an exploit kit. However, it’s not the same exploit kit today that it was nine years ago. Pretty much every part of Magnitude…

My list of “Probably Are Gonna Need It” security features for your web app – things that you should build up-front, not wait until you need them (when it’s already too late).

JFrog finds a new supply chain attack targeting python developers using the PyPI repository

Today, we are launching MLSEC.IO, a new machine learning security evasion competition as an educational effort for the AI and security communities to exercise their muscle to attack critical AI systems in a realistic setting.

Find active vulnerability disclosure programs from the Cybersecurity & Infrastructure Security Agency. Start hunting today!

Techniques based on named pipes for pool overflow exploitation targeting the most recent (and oldest) Windows versions demonstrated on CVE-2020-17087 and an off-by-one overflow - GitHub - vp777/Win...

The techniques for DACL-based attacks against User and Computer objects in Active Directory have been established for years. If we…

Light-weight UNIX backdoor. Contribute to phath0m/JadedWraith development by creating an account on GitHub.