Static Token And Credential Scanner. Contribute to stacscan/stacs development by creating an account on GitHub.

Enhancing the security audit logging of Harbor with OpenResty - Why and how I achieved the audit logging functionality in Harbor Private Container Registry

Introduction This post describes the work we’ve done on fuzzing the Windows RDP client and server, the challenges of doing so, and some of the results. The Remote Desktop Protocol (RDP) by...

A story of too much access and a false sense of security.

This Pegasus Spyware virus is very dangerous and that spyware multiple ways attacks of that system that saw that article... techflashes.com

Phylum is continually working to improve our author risk analysis to allow users to manage the risk presented by using code written by random strangers on the Internet. The work documented here provides valuable evidence as input into Phylum’s author risk…

DNSTake — A fast tool to check missing hosted DNS zones that can lead to subdomain takeover - GitHub - pwnesia/dnstake: DNSTake — A fast tool to check missing hosted DNS zones that can lead to subd...

A US company, Zimperium, claims that it can protect organisations and individuals from Pegasus although it is not clear if it claims.

This tech-blog post demonstrates how PrintNightmare (CVE-2021-34527) attack is implemented in the Cymulate Continuous Security Validation Platform.

A (not so) regular newsletter on getting the boring parts of AppSec right

Broken Access Control (BAC) > Server-Side Request Forgery (SSRF)

Intro In our research, we expose adversarial Tactics, Techniques and Procedures (TTPs) as well as the tools they use to execute their mission objectives. In most of our cases, we see the threat act…

BSidesSF 2024 CFP is Closed! Thanks to all who submitted.We received a total of 334 reviewable submissions (up 59.8% from 209 in 2023), but could only accept 60. This means we had an unusual...

A deep dive into specifics around cobalt strike malleable c2 profiles and key information that is new in cobalt strike 4.4.

Application security issues found by Assetnote

Since my last post, I had the pleasure to participate in a lot of CTFs.