Facebook Server Side Request Forgery (SSRF)The following could have given the ability to make arbitrary HTTP requests to servers within Facebook’s production network Facebook SSRF via /me/personas There exists a SSRF in the graph.facebook.com/me/personas…

In reading Yan Zhu’s excellent write-up of the JSON CSRF vulnerability she found in OkCupid one thing puzzled me: I was under the impression that browsers these days default to …

We can increase our capabilities to distribute our HTTP requests over a larger and larger pool of networks.

"Golden" certificates. Contribute to GhostPack/ForgeCert development by creating an account on GitHub.

Active Directory certificate abuse. Contribute to GhostPack/Certify development by creating an account on GitHub.

Group-IB TI analysts examined Prometheus TDS — an underground service designed to distribute malicious files and redirect users to phishing and malicious sites.

A new version of TitanHQ’s cloud-based anti-spam service and anti-spam software was released on March 5, 2018. SpamTitan version 7.00 includes patches for recently identified vulnerabilities in the ClamAV antivirus engine and a change to the primary AV engine…

Anonymous peer-to-peer distributed communication layer built with open source tools and designed to run any traditional Internet service such as email, IRC or web hosting.

In this research paper James Kettle introduces multiple new classes of HTTP/2-exclusive attacks, demonstrated on popular websites and servers.

Recover old Snaps that have “disappeared” from Snapchat - GitHub - sdushantha/snaprecovery: Recover old Snaps that have “disappeared” from Snapchat

Microsoft recently added additional security checks that address the Windows container escape that enabled Siloscape.

Corero SecureWatch Managed Services 9.7.2.0020 does not correctly check swa-monitor and cns-monitor user's privileges, allowing a user to perform actions not belonging to his role.

Corero SecureWatch Managed Services 9.7.2.0020 is affected by a Path Traversal vulnerability via the `snap_file` parameter in the `/it-IT/splunkd/__raw/services/get_snapshot` HTTP API endpoint. A 'low privileged' attacker can read any file on the target host.

Let's explore this modern static analysis tool and how it allows us to identify patterns in our code for linting or security purposes.

This is 🍊 speaking

Zuthaka is an open source application designed to assist red-teaming efforts, by simplifying the task of managing different APTs and other post-exploitation tools. - GitHub - pucarasec/zuthaka: Zu...

SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion. - GitHub - Tylous/SourcePoint: SourcePoint is a C2 profile generator for Cobalt Stri...

Awesome-Cellular-Hacking. Contribute to W00t3k/Awesome-Cellular-Hacking development by creating an account on GitHub.