d08e8132-1c34-4223-b83d-9b7622e0f9c4

Compiled tools for internal assessments. Contribute to Syslifters/offsec-tools development by creating an account on GitHub.

Prototype pollution bugs have been a feature in many CTFs in recent years, and real-world examples in open-source applications have led to impactful exploits such as remote code execution and denial-of-service. The discovery of these bugs has long relied…

ReversingLabs researchers discovered more than three dozen malicious packages on the PyPI repository that mimic popular HTTP libraries.

Programming book reviews, programming tutorials,programming news, C#, Ruby, Python,C, C++, PHP, Visual Basic, Computer book reviews, computer history, programming history, joomla, theory, spreadsheets and more.

Phylum discovers ~6,000 malicious packages published to PyPI shipping Rust stage 1 executables in ongoing malware campaign.

We recently discovered three vulnerabilities that allow arbitrary code execution on OpenEMR. Let’s see what we can learn from them and discuss their patches!

CVE-2022-25664, a vulnerability in the Qualcomm Adreno GPU, can be used to leak large amounts of information to a malicious Android application. Learn more about how the vulnerability can be used to leak information in both the user space and kernel space…

With the rise of Single-Sign-On (SSO) and especially OAuth 2.0 and OpenID Connect (OIDC), the attack surface of web applications has increased significantly. In this post, I will show how to escalate a Cross-Site Scripting (XSS) vulnerability to an Account…

Yet, Another Packer/Loader . Contribute to oldboy21/CGPL development by creating an account on GitHub.

A blog series for someone wanting to get a start as a SOC Analyst

Periodic cyber security newsletters that capture the latest news, summaries of conference talks, research, best practices, tools, events, vulnerabilities, and analysis of trending threats and attac...

open-appsec provides Kong users effective and integrated API Security including preemptive protection against zero-day attacks.

Toy noscripts for playing with WinDbg JS API. Contribute to hugsy/windbg_js_noscripts development by creating an account on GitHub.

Contribute to spyx/ParamAngler development by creating an account on GitHub.

Your organization’s security is vital to our mutual success, so we’ve created this guide to help you respond to the recent LastPass security incident in a way that meets your security posture and environment’s needs.

Every week, almost without fail, I come across one thing that confuses, entertains, or most commonly infuriates me. I’ve decided to keep a…