Learn about fuzzing testing, including who should fuzz, what types of fuzzers exist, how to write a good harness to perform blackbox analysis on a given program.

Semgrep rules for GitHub Actions

It’s widely reported worldwide that Facebook, WhatsApp, and Instagram are down at the moment.

Techniques for pentesting and exploiting file read conditions in web applications, also with a pinch of recommendations for…

IoT Inspector identified security vulnerabilities affecting the UPnP implementation of Broadcom’s SDK that affect vendors such as Cisco or Linksys.

A tool to extract the IdP cert from vCenter backups and log in as Administrator - horizon3ai/vcenter_saml_login

Yamale, schema validator for YAML files. Attackers can bypass security and run arbitrary code. See the details, fix and recommendations from the JFrog security team.

Posted in r/netsec by u/mateusnr • 237 points and 14 comments

Tool to decrypt iOS apps using r2frida. Contribute to as0ler/r2flutch development by creating an account on GitHub.

Welcome to the magical world of proactive SIMs.

This post attempts to explore the security and privacy concerns related with vaccine credential systems, by way of threat modelling and exploring the various risks and attacks conceivable against such systems.... Furthermore, we'll look at these concerns…

Open Source Intelligence

Interested in correlating events from network monitoring tools to host activity? Support for Community ID hashing in osquery allows osquery’s endpoint instrumentation to be easily correlated with…

Pwn stuff. Contribute to mm0r1/exploits development by creating an account on GitHub.

We recently discovered a novel REBOL exploit technique used for command-and-control. We've coined this the REBOL Yell. Read about the exploit and preventing it.

Deploying the Tpot honeypot on Google Cloud using Terraform