Comparing the industry's top subdomain enumeration tools

developers can enroll in the Google Play Services beta and use Chrome Canary. Both features will be generally available on stable channels

After talking about LSMs (“Linux Security Modules”) it is time to continue talking about different technologies which leverage them. I am…

Via timing attacks, threat actors create phony public npm packages masked as private ones to deceive developers into downloading compromised packages

This repository includes code and IoCs that are the product of research done in Akamai's various security research teams. - akamai/akamai-security-research

PiRogue tool suite (PTS) is an open-source tool suite that provides a comprehensive mobile forensic and network traffic analysis platform targeting mobile devices both Android and iOS, internet of things devices (devices that are connected to the user mobile…

Beside the ordinary permissions that a file/directory can have in Linux (read, write & execute) we can also assign specific permissions…

GUIDs (often called UUIDs) are widely used in modern web applications. However, seemingly very few penetration testers and bug bounty hunters are aware of the different versions of GUIDs and the security issues associated with using the wrong one.

Microsoft Office 365 Message Encryption (OME) utilitises Electronic Codebook (ECB) mode of operation. This mode is insecure and leaks information about the structure of the messages sent and can lead to partial or full message disclosure.

On Friday 14th of October 2022 Alex Plaskett (@alexjplaskett) and Cedric Halbronn (@saidelike) presented Toner Deaf – Printing your next persistence at Hexacon 2022. This talk demonstrated re…

This post looks at the recent trend of pulling Azure tokens from Office process memory and tries to identify just how these tokens were loaded, how Office handles a Microsoft Account (MSA), and how we can recover cached credentials from the Token Broker Cache.

Contribute to jfrog/text4shell-tools development by creating an account on GitHub.

The Microsoft Detection and Response Team (DART) details a recent ransomware incident in which the attacker used a collection of commodity tools and techniques, such as using living-off-the-land binaries, to launch their malicious code.