In this blog post, we’ll dive into a recently patched Active Directory Domain Privilege Escalation vulnerability that I reported through…

A new underground phishing-as-a-service (PaaS) called "Frappo" has been detected on the dark web by security researchers at Resecurity Hunter.

SaaS vanity URLs can be spoofed and used for phishing campaigns and other attacks. In this article, we’ll showcase two Box link types, two Zoom link types, and two Google Docs link type that we were able to spoof.

Comprehensive Performance Testing Platform. Available on CLI, Self-Hosted, and Cloud - https://ddosify.com 🚀 - GitHub - ddosify/ddosify: Comprehensive Performance Testing Platform. Available on CLI...

Rapid7 discovered and reported a vulnerability that affects Zyxel firewalls supporting Zero Touch Provisioning (ZTP), identified as CVE-2022-30525.

Do you ever wonder about the vulnerabilities you've missed? Why didn't they show themselves - and will they be discovered by somebody else later? Certain vulnerabilities have a knack for evading audit

Three major trends, Kubernetes security, cloud security, and supply chain attacks, keep on the rise and on everyone's radar at Blackhat.

Posted in r/netsec by u/CyberMasterV • 59 points and 0 comments

Flutter Reverse Engineering Framework. Contribute to Impact-I/reFlutter development by creating an account on GitHub.

A while ago I was browsing the Python bug tracker, and I stumbled upon this bug - “memoryview to freed memory can cause segfault”. It was created in 2012, originally present in Python 2.7, but remains open to this day, 10 years later. This piqued my interest…

A Hacker's Blog of Unintended Use and Insomnia.

A little bit less hackish way to intercept and modify non-HTTP protocols through Burp & others. - GitHub - cyberark/MITM_Intercept: A little bit less hackish way to intercept and modify non...

How to work with stolen IAM credentials and things to consider.

NCC Group has developed a tool for conducting a new type of BLE relay attack operating at the link layer, for which added latency is within the range of normal GATT response timing variation, and which is capable of relaying encrypted link layer communications.…

Intercept Windows Named Pipes communication using Burp or similar HTTP proxy tools - GitHub - gabriel-sztejnworcel/pipe-intercept: Intercept Windows Named Pipes communication using Burp or similar ...

My HP PSRT case was PSR-2021-0177 which I have been working to make public since early November 2021. The advisory was released May 10th, 2022 and did not, at least in the initial draft, credit me anywhere.

Reverse engineering and analysis of a fiscal printer device for fun and (real) profit.

If you are a user of F5 BIG-IP, go patch! CVE-2022-1388 is a vulnerability in F5 BIG-IP that allows an unauthenticated attacker to run arbitrary commands, modify files, or disable services on unpatched systems.