We present two widespread design flaws in VPN client. These can be abused to make a victim leak traffic in plaintext outside the protected VPN tunnel.

Have you ever wondered how hackers can compromise a computer with just a USB device? In this blogpost, we will explore the concept of HID attacks, which are a type of physical host attack that use a programmable device to emulate a keyboard or mouse and execute…

Security researcher Bryce Bearchell in collaboration with Protect AI and huntr.mlsecops.com, discovered a bug in MXnet, a library for creating ML models.

An OSINT tool that helps detect members of a company with leaked credentials - infobyte/emploleaks

For too long, web race condition attacks have focused on a tiny handful of scenarios. Their true potential has been masked thanks to tricky workflows, missing tooling, and simple network jitter hiding

Invent with purpose, realize cost savings, and make your organization more efficient with Microsoft Azure’s open and flexible cloud computing platform.

Welcome to our team page :)
We are a beginner to intermediate team.
Founded by Catmil...,S.O.A.P

On August 8th 2023, the .NET community was made aware that the testing library called Moq exfiltrates developers emails from their development machine, and sends them off to third-party remote servers.

In this report, we analyze the Windows, Android, and iOS versions of Tencent’s Sogou Input Method, the most popular Chinese-language input method in China. Our analysis found serious vulnerabilities in the app’s custom encryption system and how it encrypts…

A few months ago, I embarked on a security bug hunt within the scope of a private program available through the Intigriti platform. During this endeavor, I encountered an intriguing anomaly while analyzing the redirect from HTTP to HTTPS traffic on a particular…

Introduction In December 2022, we competed at our first pwn2own. We were able to successfully exploit the Lexmark MC3224i using a command injection 0-day. This post will detail the process we used to discover, weaponize, and have some fun with this vulnerability.…

Claroty unveils a unique attack technique that could allow an attacker to impersonate Western Digital (WD) network-attached storage (NAS) devices. Learn more.

VED-eBPF: Kernel Exploit and Rootkit Detection using eBPF - GitHub - hardenedvault/ved-ebpf: VED-eBPF: Kernel Exploit and Rootkit Detection using eBPF

Teams across Google are working hard to prepare the web for the migration to quantum-resistant cryptography. Continuing with our strategy f...

Conference slides. Contribute to onhexgroup/Conferences development by creating an account on GitHub.

In my previous post post, I began writing about how I was designing a port and service scanner for large-scale networks by combining port-scanning tools like masscan/zmap and service scanning tools like nmap. In this post, I’m going to dive into some of the…

How to get started in bug bounty? What technical skills are required? If you are a bug bounty beginner, check this out!

Why XProtect Remediator scans can report BadPluginServiceSignature status_code 31 and abort, and why you don’t need to do anything about it.

RedRays' comprehensive SAP security analysis reveals critical vulnerabilities across 10,000 public IP addresses. Discover the severity distribution, insights into the most pressing vulnerabilities, and RedRays' innovative, accessible solutions for SAP security.