Nmap's XML result parse and NVD's CPE correlation to search CVE. - GitHub - CoolerVoid/Vision2: Nmap's XML result parse and NVD's CPE correlation to search CVE.

Early this year we had the opportunity to pentest Watchguard firewalls (XTM, Firebox) for a red team engagement. This blogpost will follow the journey in which I discover 5 vulnerabilities - 2 patched along the way - and build 8 distinct exploits, and finally…

This first blog post introduces the RASP checks used in SingPass

Abuse the node.js inspector mechanism in order to force any node.js/electron/v8 based process to execute arbitrary javanoscript code. - GitHub - evilsocket/jscythe: Abuse the node.js inspector mechan...

Please read This is a work in progress article that will receive updates as we continue publishing detailed walkthroughs for each level.
Ethernaut is OpenZeppelin Web3/Solidity based wargame to learn about Ethereum smart contract security and become familiar…

BGP hijacking

Introduction It’s that time of year again - the Binary Golf Grand Prix is back for a third year running! You can also check out my entries to the first and second times this amazing competition ran.
The theme this year was to produce a binary that crashes…

At BSides Atlanta I gave a talk on how to handle an incident in AWS. The talk and this post is intended to help those already familiar with the principles of Incident Response to understand what to do when the incident involves the AWS Control Plane.

CVE-2022-26113: Arbitrary file write as SYSTEM in Fortinet VPN, with privilege escalation implications.

Convenience tool for hashcat . Contribute to SySS-Research/hashcathelper development by creating an account on GitHub.

Introduction & Motivation Windows Sandbox is a feature that Microsoft added to Windows back in May 2019. As Microsoft puts it: Windows Sandbox provides a lightweight desktop environment to safely run applications in isolation. Software installed inside the…

it is very good. Contribute to ps1337/reinschauer development by creating an account on GitHub.

The Strengths and Weaknesses of a Technique-centric Purple Teaming Approach

Galois is open-sourcing MATE, a suite of tools for interactive program analysis with a focus on hunting for bugs in C and C++ code. MATE unifies application-specific and low-level vulnerability analysis using code property graphs (CPGs), enabling the discovery…

OpenSSL engine for use with SymCrypt cryptographic library - GitHub - microsoft/SymCrypt-OpenSSL: OpenSSL engine for use with SymCrypt cryptographic library

Posted by Francis Perron, Open Source Security Technical Program Manager, and Krzysztof Kotowicz, Information Security Engineer  Today, we a...

Join us on a threat analysis journey as we discover a very shady Python—and a very friendly RAT.

Overcoming version hurdles to perform an NTLM downgrade attack and obtain an NTLMv1 hash from a target computer during our ADFS research.