Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fo...

What is your worst supply chain nightmare and why is it somebody that could take over all the PHP packages at once? Let's deep dive into how we could demonstrate it!

Automatically detect the URI scheme (http or https) if no scheme is provided
SQLite report format
Option to overwrite unwanted extensions with selected extensions
Option to view redirects history w...

The first of a two-part series. This part will cover how I set up a grammar fuzzer with LibAFL and Nautilus in order to fuzz the game server for Trackmania Nations Forever.

A novel backdoor for Microsoft SQL servers controlled using SQL queries

Every week, almost without fail, I come across one thing that confuses, entertains, or most commonly infuriates me. I’ve decided to keep a…

A Remote Code Execution vulnerability on Dompdf <= v2.0.0

By: Amy Robertson, Jared Ondricek, and Matt Malone

🐙 Track down GitHub users. Contribute to mxrch/GitFive development by creating an account on GitHub.

Doyensec's Blog :: Doyensec is an independent security research and development company focused on vulnerability discovery and remediation.

Hidden DNS resolvers and how to compromise your infrastructure

We analyzed trends in the implementation of security best practices and took a closer look at various types of misconfigurations that contribute to the most common causes of security breaches.

Highlights:
Bonnie: I have a new feature integrated into K.I.T.T.
Michael: Give me more details
K.I.T.T.: With my new friend EMBA I am able to find the weak spot in every firmware.
40 years later ....

Researched and written by: Caio Burgardt and Silton Santos

Understanding which PyYAML API versions are vulnerable with a testing matrix

An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole (extraction to …

In this blog post, we'll deep-dive into the SAML2 protocol, how IdP-initiated login works and how to implement it securely.