Post describing my experiment of finding out how commonly nameservers are misconfigured to allow zone transfers

Learn best practices to build and deploy a security-hardened SSH bastion host based on OpenSSH server.

Orca Security’s vulnerability researcher, Tzah Pahima, discovered a zero day AWS CloudFormation vulnerability, which AWS quickly mitigated within 6 days.

NSO’s Group Pegasus spyware was mentioned multiple times during 2021 in the media. It has been heavily analyzed by organizations such as Amnesty Forensics Analysis of the NSO Group’s Pegasus Spyware

“Are slack webhooks a secret or not?”

Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.

PinataHub is the most wide and comprehensive database of publicly leaked secrets from careless developers.

Posted in r/netsec by u/YashitM • 7 points and 2 comments

In this article we discuss a software bug introduced in Safari 15’s implementation of the IndexedDB API that lets any website track your internet activity and even reveal your identity.

Free copy of The Cyber Plumber's Handbook. Contribute to opsdisk/the_cyber_plumbers_handbook development by creating an account on GitHub.

Last December, Log4Shell shortened the nights of many people in the JVM world. Worse, using the earthquake analogy caused many aftershocks after the initial quake. I immediately made the connection between Log4Shell and the Security Manager. At first, I didn’t…

Machine accounts play a role in red team operations as in a number of techniques are utilized for privilege escalation, lateral movement and domain escalation. However, there are also cases which a…

We will explore RDP security modes and learn how NetNTLMv2 hash capture via monster-in-the-middle works, putting it into practice using PyRDP.

Application security issues found by Assetnote

HTTP Protocol Stack Remote Code Execution Vulnerability CVE-2022-21907 - ZZ-SOCMAP/CVE-2022-21907

Demystifying containers with `containerd`

Learn how you can avoid potential TLS certificate issues and secure your android app in cases where you need to deviate from the default approach.

CVE-2021-34600: How predictable random numbers (literally) open the door for attackers: Our discovery of a flaw in the generation of AES keys, used for both physical and remote access, in a popular alarm system’s parameterization software. Includes a proof…

Dahua DVRs bruteforcer at port 37777. Contribute to d34db33f-1007/asleep_scanner development by creating an account on GitHub.

Robust and blazing fast open-redirect vulnerability scanner with ability of recursevely crawling all of web-forms, entry points, or links with data. - GitHub - d34db33f-1007/fuzz300: Robust and bl...