a brief postMessage testing methodology

On a recent engagement I found myself testing a Kubernetes environment. Through application-level bugs I had gotten remote shell access to some of its containers. For further exploration and analysis…

With a CVSS rating of 9.9, the vulnerability fixed in SAP Security Note #3242933 affects SAP Manufacturing Execution and is considered significant.

My OSCP Pre-Preparation Phase. I'm not sure if I'll be able to afford the exam but what count's trying and learning things. I'm gonna give it a try. [Start Date: 21...

Operator require CRDs. In Kubernetes 1.25, CEL validation is in beta! Peek into the process of developing validations for CRDs with & without CEL

A deep dive into CVE-2021–42847

Cerberus is another simple stressing tool simulating DDoS attacks. - GitHub - francesco-ficarola/cerberus: Cerberus is another simple stressing tool simulating DDoS attacks.

Comparing the industry's top subdomain enumeration tools

developers can enroll in the Google Play Services beta and use Chrome Canary. Both features will be generally available on stable channels

After talking about LSMs (“Linux Security Modules”) it is time to continue talking about different technologies which leverage them. I am…

Via timing attacks, threat actors create phony public npm packages masked as private ones to deceive developers into downloading compromised packages

This repository includes code and IoCs that are the product of research done in Akamai's various security research teams. - akamai/akamai-security-research

PiRogue tool suite (PTS) is an open-source tool suite that provides a comprehensive mobile forensic and network traffic analysis platform targeting mobile devices both Android and iOS, internet of things devices (devices that are connected to the user mobile…

Beside the ordinary permissions that a file/directory can have in Linux (read, write & execute) we can also assign specific permissions…

GUIDs (often called UUIDs) are widely used in modern web applications. However, seemingly very few penetration testers and bug bounty hunters are aware of the different versions of GUIDs and the security issues associated with using the wrong one.

Microsoft Office 365 Message Encryption (OME) utilitises Electronic Codebook (ECB) mode of operation. This mode is insecure and leaks information about the structure of the messages sent and can lead to partial or full message disclosure.