Back in 2007 my buddy [redacted] wanted to buy the domain name fucktube.com as we were adult webmasters at the time. He was out of luck. A quick WHOIS search revealed that "fucktube.com" had already been registered on GoDaddy. This was at a time when *tube…

This is the fourth installment about designing a WiFi router into a phone charger for security, pentesting and red teaming; (part zero…

The Mosque-Cathedral of Córdoba is a chronicle of

I've often found that while performing password guessing on a network, I'll find valid credentials, but the password will be expired.  This presents a challenge, because the credentials are of limited use until they are reset. [crayon-62ffff147e8c4710256389/]…

I should start by saying that there were several AOL screen name exploits around that time, regime2k, etc. It was the golden age of AOL hacking, or "hacking" if you're an efnet elitist — but this exploit was different. It was skid treasure. I skipped school.…

Security Consultant Thomas Wearing and Incident Responder Jordan LaRose join forces to explore how developers might best build detective controls into their web apps.

In 2009 Dropcode and I hacked DG, a now defunct forum operated by nerdcore artist Why Tea? Cracker © '-' This was when DG was huge. 100K members huge. The timing was perfect. digitalgangster.com when it was cool YTC coded a php noscript called ` touruploader.php…

IAM Vulnerable is an open-source tool designed to help penetration testers better understand how to identify and exploit misconfigurations. Get the tool!

A Proof-of-Concept tool utilizing open DNS resolvers to produce an amplification attack against web servers. Using Shodan APIs and native Linux commands, this tool is in development to cripple web ...

Financially motivatedt threat actor breaks certificate parsing to avoid detection

I want to share my frustrating experience participating in Apple Security Bounty program. I've reported four 0-day vulnerabilities this year between March 10 and May 4, as of now three of them are...

I want to share my frustrating experience participating in Apple Security Bounty program. I've reported four 0-day vulnerabilities this year between March 10 and May 4, as of now three of them are...

Title CVE-2021-39246 – Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlation attack excessive verbose logging – Windows, macOS, Linux CVE ID CVE-2021-39246 CVSS Score 6.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Internal ID SICK-2021…

Exploiting smart TVs.