Quickly visualize and identify attack paths an attacker could leverage. Relationship graphs provide an interactive visualization to navigate resource relationships and drill into asset details without authenticating into multiple accounts or jumping across…

2FA Day on 2nd of FebruAry promotes two-factor authentication to enhance online security. It raises awareness about the importance of an extra security layer.

It turns out that the first “all Google” phone includes a non-Google bug. Learn about the details of CVE-2022-38181, a vulnerability in the Arm Mali GPU. Join me on my journey through reporting the vulnerability to the Android security team, and the exploit…

Community for hackers, pentesters, programmers, activists, philosophers, cyberpunks, artists, infosec, privacy professionals, and those genuinely curious about technology.

Intel introduced the 8086 microprocessor in 1978 and it had a huge influence on computing. I'm reverse-engineering the 8086 by examining t...

Bitwarden is a hot candidate for a LastPass replacement. Looking into how they encrypt data, it doesn’t do things that much better however.

Doyensec's Blog :: Doyensec is an independent security research and development company focused on vulnerability discovery and remediation.

Stay informed on the latest cyber threats - a one-stop destination for all the latest alerts and updates from multiple sources.

GitHub Self-Hosted Runner Enumeration and Attack Tool - GitHub - praetorian-inc/gato: GitHub Self-Hosted Runner Enumeration and Attack Tool

TrustedSec's blog is an expert source of information on information security trends and best practices for strategic risk management.

Recently, a vulnerability was discovered, which allowed for unauthenticated remote code execution in the kernel context.

Contribute to vonahisec/CVE-2022-47966-Scan development by creating an account on GitHub.

Application security issues found by Assetnote

Andreas Happe sometimes blogs about development, life or security.

From subdomain takeover to phishing mails
TL;DR; if you have a subdomain takeover for a given domain, and default DMARC alignment settings, you can create emails that passes SPF and DMARC for phishing purposes. DKIM, however, cannot be passed for the domain…

Burp Suite extension for bypassing client-side encryption using custom logic for manual and automation testing. - GitHub - Anof-cyber/PyCript: Burp Suite extension for bypassing client-side encrypt...

Greetings to all readers,

Pinning your malicious cyber operations to the opposition

We demonstrate how the popular "Ransack" library (Ruby on Rails) can be abused to exfiltrate sensitive data via character by character brute-force, allowing for a full application compromise in some cases. An internet wide search identifies several hundred…