In this article we present the analysis of one hundred (100) vulnerabilities that you should keep an eye on and prioritize them according to your environment.

Understanding the OpenSSH CVE-2023-25136 high vulnerability. Read our analysis with Proof-of-Concept, learn what's vulnerable, and discover remediations.

This blog post evaluates the state of the art with phishing, which techniques are still relevant and what know-how is worth revisiting. Additionally an overview of various techniques across the three stages of a phishing campaign, an overview of features…

With the continuous rise of graph databases, especially Neo4j, we're seeing increased discussions among security researchers about issues found in those databases. However, given our experience with graph databases ― from designing complex and scalable solutions…

GreyNoise researchers provide context around the mass confusion that is the state of ransomware campaigns against exposed VMWare ESXi hosts and bad attribution takes.

We had a security incident. Here’s what we know. - No votes and no comments

Author : https://twitter.com/123456 Avalanche just fucked me out of a sizable bug bounty — so I immediately found another bug to disclose to the public. This is a remote API DoS/crash that should OOM chain P and render a vulnerable node mostly or entirely…

Found SaltStack on a network and don't know how to attack the thing? Check out how a few configuration issues and a new spin on Jinja template injections can undo a network managed by Salt.

convert secret patterns to gf compatible. Contribute to dwisiswant0/secpat2gf development by creating an account on GitHub.

Find Writable Shares. Contribute to oldboy21/RSMBI development by creating an account on GitHub.

This blog post details a technique for breaking Apache Commons Lang's RandomStringUtils and Java's random.nextInt(bound) when the bound is odd. A tool is released which demonstrates the practicality of the attack.

A brief analysis of the new loader malware distributed by Qakbot

These days, it seems that hardly a week goes by without at least one report of a data breach. A store may have had their credit card data stolen. A health insurance company may have lost the record…

Introduction NTFS is a filesystem developed by Microsoft that was introduced in 1993. Since then, it has become the primary filesystem for Windows. In recent years, the need for an NTFS...

This is a vulnerability I reported back in April, 2022

Here we are again with our new *potato flavor, the LocalPotato! This was a cool finding so we decided to create this dedicated website ;)

Black box fuzzer for web applications. Contribute to Brum3ns/firefly development by creating an account on GitHub.

Phylum discovers over 451 unique malicious packages targeting popular PyPI packages like Selenium.

Part 1: Linux auditd for Threat Detection [Part 1]

A wrapper around grep, to help you grep for things! - Improved version of gf by @tomnomnom. - GitHub - dwisiswant0/gfx: A wrapper around grep, to help you grep for things! - Improved version of gf ...

Small embedded cores have little area to spare for security features and yet must often run code written in unsafe languages and, increasingly, are exposed to the hostile Internet. CHERIoT  (Capability Hardware Extension to RISC-V for Internet of Things)…