Our case study of elFinder 2.1.57 describes several critical code vulnerabilities commonly found in web file managers and how to patch them.

A deep dive into macOS 11's internals reveals some security surprises that deserve to be more widely known.

Real-time meetings by Google. Using your browser, share your video, desktop, and presentations with teammates and customers.

Last week a friend of mine asked me to debug/RE some phishing emails that had been sent to them. These phishing emails were visually very clever and looked identical to the real site! But as I looked at the javanoscript I frankly became embarassed for the developer.

On April 7 2021, Thijs Alkemade and Daan Keuper demonstrated a zero-click remote code execution exploit in the Zoom video client during Pwn2Own 2021. Now that related bugs have been fixed for all users (see ZDI-21-971 and ZSB-22003) we can safely detail the…

Memory modification tool for re-signed ipa supports iOS apps running on iPhone and Apple Silicon Mac without jailbreaking. - GitHub - aktsk/ipa-medit: Memory modification tool for re-signed ipa sup...

PyHook is an offensive API hooking tool written in python designed to catch various credentials within the API call. - IlanKalendarov/PyHook

Use smb2 protocol to detect remote computer os version, support win7/server2008-win10/server2019 - w1u0u1/smb2os

TL;DR Find out how a vulnerability discovered in Samsung S10+/S9 kernel allows leaking of sensitive function address information. Vulnerability Summary Samsung S10+/S9 kernel […]

How to orienteer in a cloud environment, dig in to identify the risks that matter, and put together actionable plans that address short, medium, and long term goals.

Cobalt Strike Aggressor Script that Performs System/AV/EDR Recon - optiv/Registry-Recon

How failures related to validating conditions based on URLs can lead to security issues

Posted in r/netsec by u/mdulin2 • 8 points and 0 comments

The vulnerability in this post is real. The story and characters are obviously not.

Hi! Today I’m publishing a new […]

At IncludeSec we of course love to hack things, but we also love to use our skills and insights into security issues to explore innovative solutions, develop tools, and share resources. In this post we share a summary of a recent paper that I published with…

In May 2021, the Biden Administration signed Executive Order (EO) 14028, placing cloud security at the forefront of national security. Federal agencies are at different stages in their digital transformations yet are all facing similar challenges: rapidly…

PerimeterX Cybersecurity Researcher Ben Baryo discovered a skimmer served from recaptcha[.]tech and examined its progression over the course of two years.

In this paper, we identify a new class of optical TEMPEST attacks: recovering sound by analyzing optical emanations from a device’s power indicator LED. We analyze the response of the power indicator LED of various devices to sound and show that there is…