While Sidestepping Ethical Controls

Insights from practical experience

Strapi had multiple critical vulnerabilities that could be chained together to gain Unauthenticated Remote Code Execution. This is my public disclosure of the vulnerabilities I found in Strapi, how they were patched and some nonsensical ramblings.

Summary By exploiting file upload functionality users are able to upload .html type of files, containing arbitrary JavaScript code, the file is then saved within server. An attacker would then compose and send an email containing URL to said malicious to…

During hardware assessments, it is common to come across devices implementing U-Boot.

Dependuck provides dependency scanning to help you identify and fix known vulnerabilities in your dependencies. Find dependency vulnerabilities and more.

Background The key has always been a core target of security protection.

How attackers can find and use AWS Account IDs

Issue was disclosed on April 11th, 2023 & was fixed earlier. Linkedin rewarded with a bounty of $10000 for responsible disclosure.

Today, Microsoft is reporting on a distinct subset of Mint Sandstorm (formerly known as PHOSPHORUS), an Iranian threat actor that specializes in hacking into and stealing sensitive information from high-value targets. This subset is technically and operationally…

Russian cyber-attack targets Cisco devices. Read on for the details and suggested mitigations.

Reasonably undetected shellcode stager and executer. - MitchHS/Mischief-DLL-Stager

In 2022, the Citizen Lab gained extensive forensic visibility into new NSO Group exploit activity after finding infections among members of Mexico’s civil society, including two human rights defenders from Centro PRODH, which represents victims of military…

Cado and Permiso researchers team up to do a breakdown of Legion's toolset and discuss the review some of the differences between Legion and the likes of AndroxGh0st and Greenbot.

Search for c2 servers based on netlas. Contribute to michael2to3/c2-search-netlas development by creating an account on GitHub.

Awesome EDR Bypass Resources For Ethical Hacking. Contribute to tkmru/awesome-edr-bypass development by creating an account on GitHub.

Driver-based attacks against security products are on the rise

Web3 technologies are seeing widespread adoption — including by TAs. We discuss Web3 technology InterPlanetary File System (IPFS), and malicious use of it.