Using the open source programs/platform, anyone can scan millions of public buckets at once using certain keywords. Typically, buckets...

In 2022, The DFIR Report observed an increase in the adversarial usage of Remote Management and Monitoring (RMM) tools. When compared to post-exploitation channels that heavily rely on terminals, such … Read More

CVE: CVE-2023-38831: A New WinRar Vulnerabilty A remote code execution when the user attempts to view a benign file within a ZIP archive. The issue occurs because a) ZIP archive may include a...

Today, we are proud to announce the beta version of SocketSleuth, our new Burp Suite extension for performing security testing against WebSocket-based applications. SocketSleuth was created out of our security research group to aid in our security research…

Dynamic-Static binary instrumentation framework on top of GDB - GitHub - tin-z/GDBleed: Dynamic-Static binary instrumentation framework on top of GDB

Join us on a DNS debugging deep dive, starting from bisecting the problem to reproducing the issue and finding a fix.

The "Common Vulnerabilities and
Exposures" (CVE) system was launched late
in the previous century (September 1999) to track vulnerabilities in
software. Over the years since, it has had a somewhat checkered
reputation, along with some some attempts to
replace…

Telemetry provides the most advanced search and analytics capabilities for telegram data

The `TemplateParser` is fundamental in ASP.NET Web Forms. It is used for parsing different ASP.NET source files such as `*.aspx` and for parsing other input from various sources, including user provided data.
In this two part series we will take a deep look…

Plus, Signal Fortifies Its Encryption: PQXDH Protocol Upgrade Bolsters Quantum Resistance

With the normal flow of frontend frameworks moving from hipster to mainstream in the coming few months, during a test, you bump into this…

Use sts:GetFederationToken to maintain access, even if the original IAM credentials are revoked.

In this post, I'll exploit CVE-2023-3420, a type confusion in Chrome that allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site.

NoSQL injection is a vulnerability where an attacker is able to interfere with the queries that an application makes to a NoSQL database. NoSQL injection ...

This blog will introduce you how it is possible to write a persistent reverse shell app on Android without any user requested and visible permissions. Since such application has no permissions, it shouldn’t be able to perform any task. Well, that isn’t true.…