Machine accounts play a role in red team operations as in a number of techniques are utilized for privilege escalation, lateral movement and domain escalation. However, there are also cases which a…

We will explore RDP security modes and learn how NetNTLMv2 hash capture via monster-in-the-middle works, putting it into practice using PyRDP.

Application security issues found by Assetnote

HTTP Protocol Stack Remote Code Execution Vulnerability CVE-2022-21907 - ZZ-SOCMAP/CVE-2022-21907

Demystifying containers with `containerd`

Learn how you can avoid potential TLS certificate issues and secure your android app in cases where you need to deviate from the default approach.

CVE-2021-34600: How predictable random numbers (literally) open the door for attackers: Our discovery of a flaw in the generation of AES keys, used for both physical and remote access, in a popular alarm system’s parameterization software. Includes a proof…

Dahua DVRs bruteforcer at port 37777. Contribute to d34db33f-1007/asleep_scanner development by creating an account on GitHub.

Robust and blazing fast open-redirect vulnerability scanner with ability of recursevely crawling all of web-forms, entry points, or links with data. - GitHub - d34db33f-1007/fuzz300: Robust and bl...

The security research team explains the attack scenario with a vulnerable AWS Lambda function could be used by attackers.

Prelude This post is about the personal experiences of me; A noobie hacker- who is super new into router reversing and the challenges I had to face, the research I did and the things I had learned …

Posted by Natalie Silvanovich, Project Zero Zoom  is a video conferencing platform that has gained popularity throughout the pandemic. U...

Learn about using SeeYouCM-Thief, a new tool that exploits common misconfigurations seen in environments that deployed Cisco phones.

Varonis Threat Labs discovered a way to bypass multi-factor authentication (MFA) for Box accounts that use an SMS code for login verification.

Phishers abusing free javanoscript hosting. Contribute to dfaram7/phishers_abuse_free_hosting development by creating an account on GitHub.

Increasing the Speed and Effectiveness of Password Sprays

We felt more like “Oh fuck, Databreach”





Dieser Artikel ist auch auf deutsch erschienen.

During the pandemic, grocery delivery services gained popularity.
New players on the market offer delivery in under an hour.
One of them is Gorillas, which…

CryptoLyzer is a multiprotocol cryptographic settings analyzer with SSL/TLS, SSH, and HTTP header analysis ability. The main purpose of the tool is to tell you what kind of cryptographic related settings are enabled on a client or server.

Home of the Advanced Persistent Tortellini - aka APTortellini, an Italian collective of hackers publishing technical research regarding offensive security.

OctopusWAF is a WAF( Web application firewall) with high performance, made in C language and use libevent. - GitHub - CoolerVoid/OctopusWAF: OctopusWAF is a WAF( Web application firewall) with high...

Lookup for interesting stuff in SMB shares. Contribute to oldboy21/SMBSR development by creating an account on GitHub.