NSO’s Group Pegasus spyware was mentioned multiple times during 2021 in the media. It has been heavily analyzed by organizations such as Amnesty Forensics Analysis of the NSO Group’s Pegasus Spyware

“Are slack webhooks a secret or not?”

Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.

PinataHub is the most wide and comprehensive database of publicly leaked secrets from careless developers.

Posted in r/netsec by u/YashitM • 7 points and 2 comments

In this article we discuss a software bug introduced in Safari 15’s implementation of the IndexedDB API that lets any website track your internet activity and even reveal your identity.

Free copy of The Cyber Plumber's Handbook. Contribute to opsdisk/the_cyber_plumbers_handbook development by creating an account on GitHub.

Last December, Log4Shell shortened the nights of many people in the JVM world. Worse, using the earthquake analogy caused many aftershocks after the initial quake. I immediately made the connection between Log4Shell and the Security Manager. At first, I didn’t…

Machine accounts play a role in red team operations as in a number of techniques are utilized for privilege escalation, lateral movement and domain escalation. However, there are also cases which a…

We will explore RDP security modes and learn how NetNTLMv2 hash capture via monster-in-the-middle works, putting it into practice using PyRDP.

Application security issues found by Assetnote

HTTP Protocol Stack Remote Code Execution Vulnerability CVE-2022-21907 - ZZ-SOCMAP/CVE-2022-21907

Demystifying containers with `containerd`

Learn how you can avoid potential TLS certificate issues and secure your android app in cases where you need to deviate from the default approach.

CVE-2021-34600: How predictable random numbers (literally) open the door for attackers: Our discovery of a flaw in the generation of AES keys, used for both physical and remote access, in a popular alarm system’s parameterization software. Includes a proof…

Dahua DVRs bruteforcer at port 37777. Contribute to d34db33f-1007/asleep_scanner development by creating an account on GitHub.

Robust and blazing fast open-redirect vulnerability scanner with ability of recursevely crawling all of web-forms, entry points, or links with data. - GitHub - d34db33f-1007/fuzz300: Robust and bl...

The security research team explains the attack scenario with a vulnerable AWS Lambda function could be used by attackers.

Prelude This post is about the personal experiences of me; A noobie hacker- who is super new into router reversing and the challenges I had to face, the research I did and the things I had learned …

Posted by Natalie Silvanovich, Project Zero Zoom  is a video conferencing platform that has gained popularity throughout the pandemic. U...