Overcoming version hurdles to perform an NTLM downgrade attack and obtain an NTLMv1 hash from a target computer during our ADFS research.

CVE-2021-38297 allows attackers to override an entire Wasm module & achieve WebAssembly code execution. Read technical analysis & mitigation from JFrog Security research >

GitHub officially recommends using GitHub Apps when integrating with GitHub, as they are easy to build and enjoy a rich and extensive API.  Most of us GitHub users have probably installed at least a few GitHub Apps, but have you ever stopped and wondered…

Posted by Pedro Barbosa, Security Engineer, and  Daniel Bleichenbacher, Software Engineer Paranoid is a project to detect well-known weaknes...

Security challenges

Run individual configuration, compliance and security controls or full compliance benchmarks for CIS, FFIEC, PCI, NIST, HIPAA, RBI CSF, GDPR, SOC 2, Audit Manager Control Tower, FedRAMP, GxP and AWS Foundational Security Best Practices controls across all…

Educational, CTF-styled labs for individuals interested in Memory Forensics - GitHub - stuxnet999/MemLabs: Educational, CTF-styled labs for individuals interested in Memory Forensics

Microsoft discovered a high-severity vulnerability in the TikTok Android application, now identified as CVE-2022-28799 and fixed by TikTok, which could have allowed attackers to compromise users' accounts with a single click.

In this blog post, we'll deep-dive into Linux Audit Framework.

Introduction Its no secret that MDSec provides a commercial command-and-control framework with a focus on evasion for covert operations. With this in mind, we are continuously performing on-going R&D in...

Introduction netlink and nf_tables Overview Sets Expressions Set Expressions Stateful Expressions Expressions of Interest nft_lookup nft_dynset nft_connlimit Vulnerability Discovery CVE-2022-32250 …

Group Syncing between Active Directory and Tenable.io, and Automated Access Control - GitHub - RossGeerlings/tio-ad-sync: Group Syncing between Active Directory and Tenable.io, and Automated Access...

Source Code Management Attack Toolkit. Contribute to h4wkst3r/SCMKit development by creating an account on GitHub.

As we discussed in our blogs, “Achieving Autonomic Security Operations: Reducing toil” and “Achieving Autonomic Security Operations…

My aim for this post is to provide some insights for getting into Linux kernel vulnerability research and exploit development

Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in …

Michael Rand, one of White Oak Security’s penetration testing experts, demonstrates how to exploit GraphQL batching attacks using Turbo Intruder. Learn more..

iPhone 11 emulated on QEMU. Contribute to TrungNguyen1909/qemu-t8030 development by creating an account on GitHub.

Provides information about how to achieve Secured-core PC compliance with Firmware Attack Surface Reduction (FASR).

UNISOC (formerly Spreadtrum) is a rapidly growing semiconductor company that is nowadays focused on the Android entry-level smartphone market. While still a rare sight in the west, the company has …