Three major trends, Kubernetes security, cloud security, and supply chain attacks, keep on the rise and on everyone's radar at Blackhat.

Posted in r/netsec by u/CyberMasterV • 59 points and 0 comments

Flutter Reverse Engineering Framework. Contribute to Impact-I/reFlutter development by creating an account on GitHub.

A while ago I was browsing the Python bug tracker, and I stumbled upon this bug - “memoryview to freed memory can cause segfault”. It was created in 2012, originally present in Python 2.7, but remains open to this day, 10 years later. This piqued my interest…

A Hacker's Blog of Unintended Use and Insomnia.

A little bit less hackish way to intercept and modify non-HTTP protocols through Burp & others. - GitHub - cyberark/MITM_Intercept: A little bit less hackish way to intercept and modify non...

How to work with stolen IAM credentials and things to consider.

NCC Group has developed a tool for conducting a new type of BLE relay attack operating at the link layer, for which added latency is within the range of normal GATT response timing variation, and which is capable of relaying encrypted link layer communications.…

Intercept Windows Named Pipes communication using Burp or similar HTTP proxy tools - GitHub - gabriel-sztejnworcel/pipe-intercept: Intercept Windows Named Pipes communication using Burp or similar ...

My HP PSRT case was PSR-2021-0177 which I have been working to make public since early November 2021. The advisory was released May 10th, 2022 and did not, at least in the initial draft, credit me anywhere.

Reverse engineering and analysis of a fiscal printer device for fun and (real) profit.

If you are a user of F5 BIG-IP, go patch! CVE-2022-1388 is a vulnerability in F5 BIG-IP that allows an unauthenticated attacker to run arbitrary commands, modify files, or disable services on unpatched systems.

Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts. - GitHub - idaholab/Malcolm: Malcolm is a...

EMBA - The firmware security analyzer. Contribute to e-m-b-a/emba development by creating an account on GitHub.

Posted by flexibeast - 5 votes and 0 comments

We have reported more than 60 instances of this bug across a wide range of bug bounty programs including companies like Paypal, Atlassian, Microsoft, GitLab, Yahoo, ...

The Mosque-Cathedral of Córdoba is a chronicle of

A guide to relaying credentials everywhere in 2022 NTLM relay is a well-known technique that has been with us for many years and never seems to go away. Almost every article about NTLM relay could start with that phrase. It could be a cliché but it’s almost…

Blog about bug bounty and infosec research

Posted by mexicanw - 21 votes and 5 comments