Beside bug fixes this release introduces many new features. You are invited to celebrate the new EMBA version with us.


Spread the word and secure the Internet of Things with EMBA!



Since versio...

Last Minute Patch Thwarts Pwn2Own Entries

Recently, we encountered an obscure security measure while researching GitHub repositories: the popular repository namespace retirement. This security measure was implemented by GitHub to protect (popular) repositories against repo jacking (i.e. hijacking…

The mission of the CVE® Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.

An investigation into CVE-2022-28958 finds the vulnerability doesn't actually exist.

Background Some time ago, we were playing with some Netgear routers and we learned so much from this target.
However, Netgear recently patched several vulnerabilities in their RAX30 router firmware, including the two vulnerabilities in the DHCP interface…

We publish an open source Python-based server for sending and especially receiving SMS using multiple GSM modems and SIM cards, which helps us in pentesting projects, but also for alerting system moni

Writeup of a collaborated bug on Bugcrowd where I was able to bypass Akamai WAF to exploit RCE on Spring Boot error page using SpEL

The Apiiro AI engine discovered a malicious Python package that is currently presented on the python PyPI package management portal.

IT-Security and stuff - Firewalls under the hood - UFW

PoC Implementation of a fully dynamic call stack spoofer - GitHub - klezVirus/SilentMoonwalk: PoC Implementation of a fully dynamic call stack spoofer

Shoggoth: Asmjit Based Polymorphic Encryptor. Contribute to frkngksl/Shoggoth development by creating an account on GitHub.

a cli google client written by ai (chatgpt) that bypasses captcha and rate limiting by using the google alert's "preview" feature - GitHub - visualbasic6/search: a cli goo...

Check out our latest blog post: “How to secure your Open Source Project - A quick guide for developers”. This post provides valuable guidance on how to ensure the security of your open source project. We will be sharing some practical tips and best practices…

Team82 developed a generic web application firewall bypass that exploits a lack of JSON syntax support in leading vendors' SQL injection inspection process.

How the Red Canary Product Security Team found a vulnerability in a Go programming language MessagePack implementation.

We’re back with another entry in our Furbo hacking escapade! In our last post we mentioned we were taking a look at the then recently released Furbo Mini device and we are finally getting around to writing about what we found. Background Some time in the…

Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history. - GitHub - praetorian-inc/noseyparker: Nosey Parker is a command-line program th...

0x00: Introduction

Generating phishing campaigns with OpenAI Chat and GPT-3