At RedHunt Labs, (under Project Resonance), we frequently conduct internet-wide research in different shapes and formats to understand the state of security across the internet. In this iteration, we conducted a study about the current state of DNS configurations…

Disclosure of two novel techniques to attack and compromise a CA server by abusing the ManageCA permissions (AD CS)

A multi-threaded PDF password cracking utility equipped with commonly encountered password format builders and dictionary attacks. - GitHub - mufeedvh/pdfrip: A multi-threaded PDF password cracking...

A vulnerability in the Cisco Adaptive Security Device Manager (ASDM) Launcher could allow an unauthenticated, remote attacker to execute arbitrary code on a us…

We discovered an interesting code vulnerability that could be used to bypass hardening mechanisms in the popular WordPress CMS.

Advisories, proof of concept files and exploits that have been made public by @pedrib. - pedrib/PoC

Let's check if your target is vulnerable for client side prototype pollution. - kosmosec/proto-find

In this episode I talk about the concept of Security Roles and Responsibilities, Control Frameworks, Due care & Due Diligence, Policies, Standards, Procedures, Guidelines & Baseline and Threat Modeling which are essentials from an exam and real life security…

Rapid7’s Managed Threat Complete with unlimited incident response and vulnerability management. Contain costs and eliminate threats. Get Started Now.

multiple vulnerabilities in concrete cms part2. Privilege escalation, SSRF, password reset poisoning. Concrete CMS pentest

It is not uncommon a windows environment especially dedicated servers which are managed by developers or IT staff to have installed the Notepad++ text editor. Except of the storage of noscripts and a…

By: Jason Reaves and Joshua Platt

The IoT Inspector Research Lab uncovered a command injection vulnerability on Western Digital My Cloud Pro Series PR4100.

Build and Interact with a Set of Virtual Machines. Contribute to AranAilbhe/merOS-virt development by creating an account on GitHub.

JFrog’s Security Research team recently disclosed an RCE (remote code execution) issue in Apache Cassandra, which has been assigned to CVE-2021-44521 (CVSS 8.4). This Apache security vulnerability is easy to exploit and has the potential to wreak havoc on…

A CLI SAST (Static application security testing) tool which was built with the intent of finding vulnerable Clojure code via rules that use a simple pattern language. - GitHub - clj-holmes/clj-holm...

clojure deps SCA. Contribute to clj-holmes/clj-watson development by creating an account on GitHub.

GoIP-1 GSM gateway contains vulnerabilities that allow hackers to send SMS messages and make calls for free