For the last year, I’ve been working hard on creating what I believe to be the next stage in the evolution of tooling for penetration testers, web application security testers, security analysts, and security engineers—in short, anyone who spends time testing…

Allows request/response modification using a GUI analogous to CyberChef

I’m back from Lille, France, where I attended the sixth edition of the conference called “Pass The Salt“. This event focuses on security but around free software. Vendors are not welcome to promote their solutions! Christophe from the crew introduced the…

SonicWall has recently disclosed several vulnerabilities in their Global Management System (GMS) and Analytics products. Learn impact, mitigation, and risks.

Scan vulnerable drivers on Windows with loldrivers.io - FourCoreLabs/LolDriverScan

Researchers assessed satellite security mechanisms from an IT perspective and found a lack of modern security implementation.

Contribute to ZephrFish/PotUtils development by creating an account on GitHub.

Disclaimer VED (Vault Exploit Defense) test image contains only the VED kernel module, and does not contain any security baselines, access control policies and situational hardening solution.

PortShellCrypter offers up a noscripting socket, and a simple utility (pscsh) that allows executing shell noscripts on the remote end.

pscsh basically enables you to write a shell noscript, and have it be executed remotely, by sending it line by line to the remote…

Legit Security | This blog shows another case of GitHub Actions environment injection vulnerability in a Google repository.

Threat actor “La_Citrix” is known for hacking companies — he accidentally infected his own computer and likely ended up selling it without noticing.

automatically tests prompt injection attacks on ChatGPT instances - utkusen/promptmap

VoidRAT is based on the open-source RAT called Quasar. The malware steals information from web browsers and applications such as FileZilla and WinSCP. It also implements a keylogger functionality that saves and exfiltrates the pressed keys.

An attack against multiple organizations using the company’s cloud email services, including U.S. government agencies, was “invisible” to many of the victims because they hadn’t paid extra to access security logs. One senator likened the extra costs to “selling…

The threat intelligence team of Cleafy analyzed undercovering drIBAN fraud operations. Read here the final episode of the series of technical analysis.

Doyensec's Blog :: Doyensec is an independent security research and development company focused on vulnerability discovery and remediation.

Session tokens in RWS WorldServer have a low entropy and can be enumerated, leading to unauthorised access to user sessions.

Setting up the environment + Hello […]