Reverse engineering and analysis of a fiscal printer device for fun and (real) profit.

In recent years, the federal government has leveraged cloud-based software and platform services as a means for greater capacity and accessibility as well as for good financial stewardship. However, moving to the cloud can introduce new types of risks if…

We identified severe security issues within AWS Log4Shell hot patch solutions. We provide a root cause analysis and overview of fixes and mitigations.

The long-running BBC sci-fi show Doctor Who has a recurring plot device where the Doctor manages to get out of trouble by showing an identity card which is actually completely blank. Of course, thi…

Learn from 10 major ransomware examples that disrupted organizations worldwide. Understand attack methods and strengthen your cyber defenses.

Understanding Server-Side Request Forgery (SSRF), vulnerabilities and mitigations.

This article will discuss various techniques for catching phishing pages and the main purposes of bad actors.

Contribute to jfrog/jfrog-CVE-2022-21449 development by creating an account on GitHub.

CVE-2022-21449 Proof of Concept demonstrating its usage with a client running on a vulnerable Java version and a malicious TLS server - notkmhn/CVE-2022-21449-TLS-PoC

SCodeScanner stands for Source Code scanner where the user can scans the source code for finding the Critical Vulnerabilities. - GitHub - agrawalsmart7/scodescanner: SCodeScanner stands for Source...

Time to "leak" this old (but gold) pre-auth RCE affecting some of the Red Hat products. As stated by @joaomatosf this is an old but gold vulnerability found by himself and shared in two distinct security conference in Brazil, this vulnerability was part of…

Intro and Prior Work

Proof of concept code for Datadog Security Labs referenced exploits. - DataDog/security-labs-pocs

Conference: 9th - 10th June | Find out speakers for hardwear.io USA 2022

Every byte of a QUIC connection explained and reproduced

WSO2 RCE (CVE-2022-29464) exploit and writeup. Contribute to hakivvi/CVE-2022-29464 development by creating an account on GitHub.

Vulnerability Hunting for Sport If you've been following our blog, you might notice some favoritism when it comes to embedded targets... We'...

Cloud agnostic IAM permissions enumerator. Contribute to securisec/cliam development by creating an account on GitHub.

Understanding CVSS score is crucial to plan the vulnerability mitigation process using prioritization to reduce noise

Recently I came across a tweet by @CristiVlad25 asking about what you should write in a pentest report, when there are no findings? I did a quick quote tweet with the first thoughts that came to mi…

Posted in r/netsec by u/1winway • 86 points and 7 comments