By Maciej Domanski Trail of Bits is thrilled to announce the Testing Handbook, the shortest path for developers and security professionals to derive maximum value from the static and dynamic analys…

While popular, GitHub-to-AWS keyless authentication mechanisms can be insecurely configured.

A free tamper-proof tool designed for hackers to record and preserve Proof-of-Hacks (PoH)

Zoom is the leader in modern enterprise video communications, with an easy, reliable cloud platform for video and audio conferencing, chat, and webinars across mobile, desktop, and room systems. Zoom Rooms is the original software-based conference room solution…

Lightweight WhoIs client. Contribute to xeptagondev/xep-whois development by creating an account on GitHub.

Rust implementation of lazy_importer. Contribute to kkent030315/razy_importer development by creating an account on GitHub.

A huge Zen 2 leak requires a patch.

Rapid7 is tracking CVE-2023-27997, a purportedly critical remote code execution (RCE) vulnerability in Fortigate SSL VPN firewalls.

Discovered at the end of 2022, SpyNote is now executing an extensive campaign against multiple European customers of different banks. Read the technical analysis to know all his functionalities and how to prevent it.

Enhanced version of secretsdump.py from Impacket. Adds multi-threading and accepts an input file with a list of target hosts for simultaneous secrets extraction. - GitHub - fin3ss3g0d/secretsdump.p...

Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets - Legit-Labs/legitify

A catalog of methods to maintain access to the AWS control plane.

A technical write-up for a cross-site request forgery vulnerability present in some Debug Adapter Protocol implementations. The Debug Adapter Protocol is used by VS Code and other development tools to debug programs. The write-up details the vulnerability…

Leaders in Information Security

Introduction I’ve been doing some Linux kernel exploit development/study and vulnerability research off and on since last Fall and a few months ago I had some downtime on vacation to sit and challenge myself to write my first data-only exploit for a real…

Manager of third-party sources of Semgrep rules 🗂 - GitHub - iosifache/semgrep-rules-manager: Manager of third-party sources of Semgrep rules 🗂

TL;DR Recommendations

Citrix has published a security bulletin warning users of three new vulnerabilities affecting NetScaler ADC and NetScaler Gateway.

By the end , you’ll have a solid understanding of what ports and protocols are, how they work, and why they’re so vital in the field hacking.

By Oleg Zaytsev, Nati Tal (Guardio Labs)