In the last blog (link), we described how ChatGPT can be used to better understand a codebase and assist us during the making of a PoC for a CVE. ChatGPT didn’t find the vulnerability nor wrote the PoC, but as an assistant gave us hints about the project’s…

Vulnerability scanner for AWS customer managed policies using ChatGPT - GitHub - ustayready/cloudgpt: Vulnerability scanner for AWS customer managed policies using ChatGPT

WorLLMs. GitHub Gist: instantly share code, notes, and snippets.

AhnLab Security Emergency response Center (ASEC) has recently discovered the Trigona ransomware being installed on poorly managed MS-SQL servers. Trigona is a relatively recent ransomware that was first discovered in October 2022, and Unit 42 has recently…

PASTIS: Collaborative Fuzzing Framework. Contribute to quarkslab/pastis development by creating an account on GitHub.

This is a simple example of DLL hijacking enabling proxy execution. - GitHub - MitchHS/Discord-DLL-Hijacking: This is a simple example of DLL hijacking enabling proxy execution.

TruffleHog v3.28.6 introduces the Aho-Corasick algorithm for keyword optimization, leading to a 2x average speedup in scanning. This allows for faster keyword preflight searches in linear time, improving performance as more detectors are added.

While Sidestepping Ethical Controls

Insights from practical experience

Strapi had multiple critical vulnerabilities that could be chained together to gain Unauthenticated Remote Code Execution. This is my public disclosure of the vulnerabilities I found in Strapi, how they were patched and some nonsensical ramblings.

Summary By exploiting file upload functionality users are able to upload .html type of files, containing arbitrary JavaScript code, the file is then saved within server. An attacker would then compose and send an email containing URL to said malicious to…

During hardware assessments, it is common to come across devices implementing U-Boot.

Dependuck provides dependency scanning to help you identify and fix known vulnerabilities in your dependencies. Find dependency vulnerabilities and more.

Background The key has always been a core target of security protection.

How attackers can find and use AWS Account IDs

Issue was disclosed on April 11th, 2023 & was fixed earlier. Linkedin rewarded with a bounty of $10000 for responsible disclosure.

Today, Microsoft is reporting on a distinct subset of Mint Sandstorm (formerly known as PHOSPHORUS), an Iranian threat actor that specializes in hacking into and stealing sensitive information from high-value targets. This subset is technically and operationally…