Harden Windows Safely, Securely using Official Supported Microsoft methods and proper explanation | Always up-to-date and works with the latest build of Windows | Provides tools and Guides for Pers...

Build a CVE library with aggregated CISA, EPSS and CVSS data - r3volved/CVEAggregate

Various one-off pentesting projects written in Nim. Updates happen on a whim. - RePRGM/Nimperiments

This vulnerability allows a physically-present attacker to control the full disk encryption unlock process and gain complete access to decrypted content in some cases where a TPM, dracut and Clevis are used.

Easy to understand NetNTLMv1 downgrade, relaying stuff and further resources for those who want to get the bigger picture at the end of this post.

This class teaches you how to use HyperDbg, a virtualization-based debugger.

Doyensec's Blog :: Doyensec is an independent security research and development company focused on vulnerability discovery and remediation.

Leverage eBPF to secure internet-facing APIs: FastAPI, BlackSheep, Flask, Django, aiohttp, tornado, and more.

Summary A vulnerability in Windows’s File History Service allows local users to gain elevated privileges on the Windows operating system. Credit An independent security researcher working with SSD Secure Disclosure, the vulnerability was one of the winners…

Barracuda email security gateway devices became the target of a cyber espionage attack from a group with ties to China, known as UNC4841. This group managed

Attackers have quite a few sneaky ways to gather information from your WordPress website. They can get their hands on details like the WordPress version you're using, the active plugins and their versions, and even info about your active users. In this article…

According to a recent article on Neowin, Microsoft Edge has a new feature that allows it to take screenshots of every web page a user…

Useful resources for SOC Analyst and SOC Analyst candidates. - GitHub - LetsDefend/awesome-soc-analyst: Useful resources for SOC Analyst and SOC Analyst candidates.

Presenting the usage of the osv-scanner tool from Google in real-life Python and Java projects. A tool review with its pros and cons.

Phylum has identified a malware campaign spanning PyPI, npm and RubyGems. Delivering early stage malware to users.

VULNERABILITY DESCRIPTION
This vulnerability involves a Web Cache Deception attack targeting the https://redacted.com/anynonexisting URL endpoint. By manipulating the caching mechanisms, unauthorized users can gain access to sensitive Personally Identifiable…