Masky is a python library providing an alternative way to remotely dump domain users’ credentials thanks to an ADCS. A command line tool has been built on top of this library in order to easily harvest PFX, NT hashes and TGT on a larger scope.

HTTP header Blind SQL injection Example is explained in this article to show how to exploit SQL injection in HTTP headers.

JD Edwards EnterpriseOne Tools 9.2 or lower versions allow unauthenticated attackers to bypass the authentication and get Administrator rights on the system.

In the third part of our Securing Developer Tools series, we look at a critical vulnerability that affects one of the most popular code editors: Visual Studio Code.

SBOM is a key piece in securing the software supply chain and fundamental for vulnerability matching and management.

Rapidly Search and Hunt through Windows Forensic Artefacts - GitHub - WithSecureLabs/chainsaw: Rapidly Search and Hunt through Windows Forensic Artefacts

In the first part of this series , we reviewed how Pwn2Own contestant Manfred Paul was able to compromise the Mozilla Firefox renderer process via a prototype pollution vulnerability in the await implementation. In modern browser architecture design, compromising…

Scans Software Bill of Materials (SBOMs) for security vulnerabilities - GitHub - devops-kung-fu/bomber: Scans Software Bill of Materials (SBOMs) for security vulnerabilities

Critical vulnerability found in Microsoft Translator Hub where all of its 13000 projects could be deleted using indirect object reference vulnerability

Remote Code Execution in extension pages is actually hard to achieve. We’ll produce a vulnerable extension nevertheless and look into how it can be exploited.

Website

A Poc on blocking Procmon from monitoring network events - GitHub - NUL0x4C/EtwSessionHijacking: A Poc on blocking Procmon from monitoring network events

Microsoft discovered a memory corruption vulnerability in a ChromeOS component that could have been triggered remotely, allowing attackers to perform either a denial-of-service (DoS) or, in extreme cases, remote code execution (RCE).

Open Source EDR for Windows. Contribute to 0xrawsec/whids development by creating an account on GitHub.

Introduction Last year, I blogged about Investigating .NET CLR Usage Log Tampering Techniques For EDR Evasion. In that part 1 post, we covered: The purpose of .NET Usage Logs and when they are crea…

Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests. - GitHub - blst-secu...