Anybody who runs an internet-facing webserver has seen their fair share of spammy scanners in the logs. It varies server to server, but some of mine get up to 15,000 scans per day.
Almost all of these are harmless network mappers, but they still annoy me.…

I've focused on using my enumeration learnings to automate the process of identifying high privileged principals in an Azure Active Directory Tenant...

Prototype pollution is a JavaScript vulnerability that enables an attacker to add arbitrary properties to global prototypes, which may then be inherited by ...

A local raccoon known around the neighborhood simply as “that thing in the yard” could not believe someone would throw away a pile of perfectly good garbage.

ScrapPY is a Python utility for scraping manuals, documents, and other sensitive PDFs to generate wordlists that can be utilized by offensive security tools to perform brute force, forced browsing,...

USENIX Security brings together researchers, practitioners, system administrators, system programmers, and others to share and explore the latest advances in the security and privacy of computer systems and networks.

We decided to look into one of the most prevalent chargers on Norwegian roads

Today we are excited to release Shufflecake, a tool aimed at helping people whose freedom of expression is threatened by repressive authorities or dangerous criminal organizations, in particular: w…

Tunneling Internet traffic over Whatsapp. Contribute to aleixrodriala/wa-tunnel development by creating an account on GitHub.

Why msg_msg? The size of structure is control by userspace Firstly, the length of the msg_msg struct can be indirectly controlled from userspace, which means that msg can overlap the cache of the specified types.

Contribute to KULeuven-COSIC/Starlink-FI development by creating an account on GitHub.

Introduction When doing application security at scale, you have to make peace with the fact that some issues may as well find their way into production. While we work hard to make sure this almost never happens, we understand that it’s just a fact of life…

This malware encrypts files with the AES algorithm, either fully or partially. The extension of the affected files changes to “.royal”. Find out more in this technical analysis of the Royal Ransomware from SecurityScorecard’s Senior Malware Analyst, Vlad…

Introduction: Robert wants to develop a basic content management system (CMS) because he became sick of all the bloated systems that had too many features and needed initial configurations. In...

A tool for downloading, checking, and applying (CVE) patches to a repository.

Doyensec's Blog :: Doyensec is an independent security research and development company focused on vulnerability discovery and remediation.

A look at hacking insecure webapps that interact with Salesforce's API, and SQL-Injection like attacks in SoQL