We explore the security service urlscan.io and showcase through various "dorks" that their searchable scan database is a treasure trove of URLs pointing to sensitive user information, allowing account takeover, and much more. Part of the data has been leaked…

About Steampipe

Steampipe organizes your cloud metadata into tables and fields that are easily discoverable and readable.

It is the universal interface to APIs. You can SQL to query cloud infrastructure, SaaS, code, logs, and more.
Painlessly joi...

We discovered multiple vulnerabilities in Checkmk, which can be chained together by an unauthenticated, remote attacker to fully take over a vulnerable server.

By Felix Wilhelm, Project Zero Earlier this year, I discovered a surprising attack surface hidden deep inside Java’s standard library: A cus...

Contribute to jfrog/jfrog-openssl-tools development by creating an account on GitHub.

Background The endless cyber “war” in the levels of OS

A collection of real-world threat model examples across various technologies, providing practical insights into identifying and mitigating security risks. - GitHub - TalEliyahu/Threat_Model_Exampl...

What's New
Change History
Installation Guide
SHA-256: a5163f50bd6ce725c4c8638f7505b64bb603ea6bfe3f7d9ed4e403236716f787

We look at how fuzzing should have caught the OpenSSL Punycode vulnerability, and why that code was even necessary in the first place.

One day based on https://googleprojectzero.blogspot.com/2022/10/rc4-is-still-considered-harmful.html - GitHub - Bdenneu/CVE-2022-33679: One day based on https://googleprojectzero.blogspot.com/2022/...

Determine whether your compute is truly vulnerable to a specific vulnerability by accounting for all factors which affect *actual* exploitability (runtime execution, configuration, permissions, exi...

The threat intelligence team of Cleafy analyzed the Android Malware Vultur and its journey from Google Play to banking fraud. Read here the technical analysis.

AWS Organizations is a common service to run into in AWS environments. It's default behavior can make it a target for attackers.

Keeping up with security research is near impossible. ThinkstScapes helps with this. We scour through thousands of blog posts, tweets and conference proceedings to give you an overview of the work we think significantly moves the needle.

Programmable debugger. Contribute to osandov/drgn development by creating an account on GitHub.

Phylum uncovers a new campaign targeting Python developers. Malware authors surreptitiously replace cryptocurrency addresses in developer clipboards.

Maturity models help integrate traditionally separate organizational functions, set process improvement goals and priorities, provide guidance for quality processes, and provide benchmark for appra...

Substation is a toolkit for routing, normalizing, and enriching security event and audit logs. - brexhq/substation

Posted by u/carrotcypher - 372 votes and 241 comments