If you're reading this you're underslept and over-caffeinated due to log4j. Thank you for your service. I have some good news. I know a super-smart guy

Introducing a minimalistic Meterpreter stager written in Go (letme.go), useful in red teaming engagements.

Twitter: @s4tan Download: https://github.com/enkomio/AlanFramework Documentation: https://github.com/enkomio/AlanFramework/tree/mai...

Everyone heard of log4j by now

Wireless and hardware security, firmware, mobile, pentest, trainings, development, hacking

The Visual Studio Code server in Windows Subsystem for Linux uses a local
WebSocket WebSocket connection to communicate with the Remote WSL extension.
JavaScript in websites can connect to this server and execute arbitrary commands
on the target system. Assigned…

Leaders in Information Security

I wanted to write this blog post to talk a bit about Cobalt Strike, function hooking and the Windows heap.  We will be targeting BeaconEye (https://github.com/CCob/BeaconEye) as our detection tool...

Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps. - GitHub - mufeedvh/moonwalk: Cover your tracks during Linux Exploitation by leaving zer...

Posted by James Wetter and Nicky Ringland, Open Source Insights Team  Editors Note: The below numbers were calculated based on both log4j-co...

Microsoft Team's link preview feature is susceptible to spoofing and vulnerable to Server-Side Request Forgery. Team's Android users can be DoS'ed and, in the past, their IP address could be leaked.

 Responder 3.1.1.0 comes with full IPv6 support by default, which allows you to perform more attacks on IPv4 and IPv6 networks. As pointed b...

Elastic Security has identified active intrusions leveraging the newly identified BLISTER malware loader utilizing valid code-signing certificates to evade detection. We are providing detection guidance for security teams to protect themselves.