As the noscript states, the latest release of Certipy contains many new features, techniques and improvements. This blog post dives into the…

rconn is a multiplatform program for creating generic reverse connections. Lets you consume services that are behind firewall or NAT without opening ports or port-forwarding. - GitHub - jafarlihi/r...

A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability…

Warning to the reader
This is my first time doing kernel exploit development - so the following probably contains some errors which I apologise in advance for.

A command-line tool to quickly analyze all IPs in a file and see which ones have open ports/ vulnerabilities. Can also be fed data from stdin to be...

Contribute to halencarjunior/plsc4n development by creating an account on GitHub.

CVE-2021-28500 Talkative Marmot For those of you who that don’t want to read the whole back story and just want to see what CVE-2021-28500 (#TalkativeMarmot) is, you can review Arista’s full detailed security advisory here.
Essentially, this is an authentication…

It was found that unexpected behaviors in the query’s escape function could cause a SQL injection in mysqljs/mysql

We built an AirTag clone capable of silently and continuously tracking someone. The device accomplishes this by sending just one beacon per generated public key, thereby staying invisible to tracking notifications for iOS users and Apple’s Tracker Detect…

Today I wanted to talk about using the deception technology called New-HoneyHash.ps1. This is a tool that was inspired by Mark Baggett and authored by Matt Graeber, that will inject fake credential…

Command line fuzzer and bruteforcer 🌪 wfuzz for command - GitHub - ariary/cfuzz: Command line fuzzer and bruteforcer 🌪 wfuzz for command

Download the Practical Guide to Attacking JWT (JSON Web Tokens). Must read for pentesters, developers, security professionals and researchers.

We recently discovered a code vulnerability in Horde Webmail that can be used by attackers to take over email accounts by sending a malicious email.

Posted in r/netsec by u/0xdeadbeef0000 • 13 points and 0 comments

Posted in r/netsec by u/Neustradamus • 3 points and 0 comments

Posted in r/netsec by u/MysteriousHotel3017 • 1 point and 0 comments

Posted in r/netsec by u/VVX7 • 1 point and 0 comments

pfSense <= 2.5.2 allows authenticated users to inject arbitrary sed-specific code, which leads to an Arbitrary File Write, resulting in a Remote Code Execution. The vulnerability is also exploitable through a Cross-Site Request Forgery.

The advisory data can be readily adopted, adapted, and exchanged. Learn more here.

I have bad news. I first noticed this one day like any other, and once I noticed it, I couldn’t escape the reality. Hacking is boring. This may seem counter-intuitive at first. If you looked at your average hacker, they wouldn’t look bored. More like a mixture…