Setup Kioptrix 1.1 & start hacking, commenting & showing every step from recon, port scan, exploitation, privilege escalation & becoming root

Discovery and walkthrough of CVE-2023-38633 in librnoscript, when two URL parser implementations (Rust and Glib) disagree on file scheme parsing leading to path traversal.

Identify and harden your External Security Posture with the leader. Let us manage time-consuming tasks and focus on remediation

In my past two blog posts, I’ve explored how to combine multiple port scanning tools to create a fast service scanning tool for large networks, and how I sped up nmap’s service scanning by changing its “wait for content” time. In this post, I’m going to be…

We analyze an information stealer written in Node.js, packaged into an executable, exfiltrated stolen data via both Telegram bot API and a C&C server, and employed GraphQL as a channel for C&C communication.

TruffleHog scanned the top 1 Million visited websites and discovered 4,500 exposed git directories and hundreds of leaked API keys + secrets.

V9BET là địa chỉ chơi game online chất lượng hàng đầu tại Việt Nam hiện nay. Mọi thể loại cá cược đều có tại sân chơi. Hãy nhấp link này để khám phá thêm.

Update: This post sparked a lot of excellent discussion and debate on workarounds, and there are now multple working solutions to allow certificate injection...

elttam is an independent security company providing research-driven security assessment services. We combine pragmatism and deep technical insight to help our customers secure their most important assets.

PrologueIn the last blog post, we learned about the different types of kernel callbacks and created our registry protector driver.In this blog post, I’ll exp...

I am famously not a fan of JSON Web Tokens (JWT). Like most cryptography and security experts familiar with JWT, I would much rather you use something else if you can. I even proposed a secure alte…

The Sonar Research team discovered critical code vulnerabilities in Proton Mail, Skiff and Tutanota. This post covers the technical details of the XSS vulnerability in Proton Mail.

In this article, we will explore some of the offensive capabilities that eBPF can provide to an attacker and how to defend against them.

Apache Superset is a popular open source data exploration and visualization tool. In a previous post, we disclosed a vulnerability, CVE-2023-27524, affecting thousands of Superset servers on the Internet, that […]

Threat intelligence is a cyber-security discipline focusing on detailed knowledge about the cyber threats targeting an organization. Threat...

Indian Android users are under threat from DogeRAT, a malicious software that illicitly accesses critical data, including banking information, contacts, and

Steps for Conducting a Third-Party Risk Assessment: Define Assessment Criteria (NIST Framework Integration): Tailoring NIST's Cybersecurity Framework to your organization's specific needs is crucial when defining assessment criteria. These criteria encompass…