My HP PSRT case was PSR-2021-0177 which I have been working to make public since early November 2021. The advisory was released May 10th, 2022 and did not, at least in the initial draft, credit me anywhere.

Reverse engineering and analysis of a fiscal printer device for fun and (real) profit.

If you are a user of F5 BIG-IP, go patch! CVE-2022-1388 is a vulnerability in F5 BIG-IP that allows an unauthenticated attacker to run arbitrary commands, modify files, or disable services on unpatched systems.

Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts. - GitHub - idaholab/Malcolm: Malcolm is a...

EMBA - The firmware security analyzer. Contribute to e-m-b-a/emba development by creating an account on GitHub.

Posted by flexibeast - 5 votes and 0 comments

We have reported more than 60 instances of this bug across a wide range of bug bounty programs including companies like Paypal, Atlassian, Microsoft, GitLab, Yahoo, ...

The Mosque-Cathedral of Córdoba is a chronicle of

A guide to relaying credentials everywhere in 2022 NTLM relay is a well-known technique that has been with us for many years and never seems to go away. Almost every article about NTLM relay could start with that phrase. It could be a cliché but it’s almost…

Blog about bug bounty and infosec research

Posted by mexicanw - 21 votes and 5 comments

Another yet quick blog post. A few years ago, 3 or 4, maybe 5, I was "working" with @marcioalm  in a "Simple Web Vulnerability Scanner" tool intended to be part of an automation vulnerability check for a large and specific environment. Keep in mind that adventure…

Yik Yak app contained a sensitive information disclosure vulnerability that could allow an attacker to de-anonymize the user’s…

The hacker group Killnet claimed the attacks against Italy. How it's possible to detect the activities of the Mirai botnet used through Falco

This post details the development of a guest-to-host virtualization escape for Parallels Desktop on macOS, as used in our successful Pwn2Own 2021 entry. Give...

Observing a 254% increase in activity over the last six months from a versatile Linux trojan called XorDdos, the Microsoft 365 Defender research team provides in-depth analysis into this stealthy malware's capabilities and key infection signs.

This post was authored by Taqi and Rosamira

how to hack timing on hack the box

Disclaimer: as many other security researchers […]