An international operation targeting tools and services used to commit serious cyber attacks has seen the takedown of 48 of the world’s most popular ‘booter’ sites.

Earlier this year, the SEC Consult Vulnerability Lab published a technical security advisory on different critical vulnerabilities in Zyxel devices, resulting from insecure coding practices and insecure configuration. Those also included a highly critical…

We chose to investigate the services provided by LEGO, perhaps the most famous toy manufacturer in the world – because we contend this example sheds light on the reality of quick adoption of APIs and the risks that can come with that fast pace.

The venerable cryptographic hash function has vulnerabilities that make its further use inadvisable.

Musk has boasted of entrapping a Tesla leaker by watermarking emails, and he is threatening any dissidents still at Twitter.

Summary A vulnerability in the UMPD (User-Mode Printer Drivers) allows local users to trigger a use-after-free vulnerability. The vulnerability works from Windows 8 and above, and is fairly easy to exploit on older Windows machines. Credit An independent…

Introduction This is the second part of our Decentralized Identity (DID) blog series. In case you’re not familiar with DID concepts, we highly encourage you to start with the first part. This time...

Author, test and deploy security tests. Contribute to preludeorg/build development by creating an account on GitHub.

OSCP 2022

TL;DR The modern frameworks are often very flexible with what they accept, and will happily treat a POST with a JSON body as interchangeable with a URL encoded body, or even with query parameters. Due to this, an unexploitable JSON XSS vector can sometimes…

IDA plugin which queries OpenAI's gpt-3.5-turbo language model to speed up reverse-engineering - GitHub - JusticeRage/Gepetto: IDA plugin which queries OpenAI's gpt-3.5-turbo langua...

TPMS Tracking

Venom is a library that meant to perform evasive communication using stolen browser socket - Idov31/Venom

Featuring Fontuscator

Raw sockets hacking - Date: 18/12/2022

This blog post describes a vulnerability found and exploited in November 2022 by NCC Group. The target was the TP-Link AX1800 WiFi 6 Router (Archer AX21).

When there isn't a Steampipe plugin to meet your need, the Net plugin's net_http_request table can save the day.

Cymulate researchers have discovered a new vulnerability and created a proof of concept. The technique based on it allows attackers to circumvent many EDR vendors.

Learn how Legit Security discovered a vulnerable GitHub actions workflow that affected Google, Apache and potentially many more. Get details on the vulnerability and what you can do to mitigate it.