PortShellCrypter offers up a noscripting socket, and a simple utility (pscsh) that allows executing shell noscripts on the remote end.

pscsh basically enables you to write a shell noscript, and have it be executed remotely, by sending it line by line to the remote…

Legit Security | This blog shows another case of GitHub Actions environment injection vulnerability in a Google repository.

Threat actor “La_Citrix” is known for hacking companies — he accidentally infected his own computer and likely ended up selling it without noticing.

automatically tests prompt injection attacks on ChatGPT instances - utkusen/promptmap

VoidRAT is based on the open-source RAT called Quasar. The malware steals information from web browsers and applications such as FileZilla and WinSCP. It also implements a keylogger functionality that saves and exfiltrates the pressed keys.

An attack against multiple organizations using the company’s cloud email services, including U.S. government agencies, was “invisible” to many of the victims because they hadn’t paid extra to access security logs. One senator likened the extra costs to “selling…

The threat intelligence team of Cleafy analyzed undercovering drIBAN fraud operations. Read here the final episode of the series of technical analysis.

Doyensec's Blog :: Doyensec is an independent security research and development company focused on vulnerability discovery and remediation.

Session tokens in RWS WorldServer have a low entropy and can be enumerated, leading to unauthorised access to user sessions.

Setting up the environment + Hello […]

Trufflehog is an open-source secret scanning engine that detects sensitive credentials such as passwords and API keys – secrets that are inadvertently exposed by individuals and organizations. Two years ago, Trufflehog v3 was released, a complete rewrite…

TLDR: you can use mitmproxy to modify stuff before it sent to Burp Proxy. Instruction below. Recently we were asked to asses a oldschool Java client server application. After configuring BurpSuite …

Learn how to write your own Burp BCheck noscripts to tap into the web vulnerability scanner to automate your API security testing.

A simple, distributed, zero-configuration WireGuard mesh solution - webmeshproj/webmesh

Celebrate the life of Kevin Mitnick, leave a kind word or memory and get funeral service information care of King David Memorial Chapel & Cemetery.

A simple story when Allah allowed me to successfully achieve P1 through a broken access control issue using an unexpected master ID of “0”.

bypass most PHP filters using only base64

In this post we are going to show how you can (ab)use the new HTML popup functionality in Chrome to exploit XSS in meta tags and hidden inputs. It all started when I noticed the new popover behaviour