cmloot.py introduces new angles to exploit Configuration Manager, which has become the new black in internal security assessments of Active Directory environments.

You’re likely seeing a trend - yes, we know, we look at a lot of enterprise-grade software and appliances. Today, we’re not here to change your expectations of us - we’re looking at more enterprise-grade software and appliances.

Today, we’re looking at Sangfor’s…

MANA allows you to perform various Wi-Fi attacks even using your Android device. The MANA (MITM And Network Attacks) Wireless Toolkit is a suite of tools that can be used to perform man-in-the-middle (MITM) attacks, create evil access point, denial of service…

We are cutting the release cycle short and will release curl 8.4.0 on October 11, including fixes for a severity HIGH CVE and one severity LOW. The one rated HIGH is probably the worst curl securit...

As a software engineer, you must be familiar with information security. In your work projects, you may have gone through security audits, including static code scanning, vulnerability scanning, or penetration testing. You may have even done more comprehensive…

🔐 teler Proxy enabling seamless integration with teler WAF 🛡️ to protect locally running web service against a web-based attacks. 🥷 - GitHub - kitabisa/teler-proxy: 🔐 teler Proxy enabling seamless ...

For the very first time, the International Committee of the Red Cross (ICRC) has released a set of guidelines outlining rules of engagement...

An expose the Intellexa Alliance's surveillance capabilities including advanced spyware, mass surveillance platforms, and tactical systems for targeting and intercepting nearby devices.

Warning: extremely wonky cryptography post. Also, possibly stupid and bound for nowhere. One of the hardest problems in applied cryptography (and perhaps all of computer science!) is explaining why…

Vulnerability identification and management in one place - a cost-effective developer friendly platform for managing vulnerabilities

Scanner for CVE-2023-22515 - Broken Access Control Vulnerability in Atlassian Confluence - ErikWynter/CVE-2023-22515-Scan

two-factor authentication is revered as the end all be all of account security. it shouldn't be. it's been easy to phish 2fa since the 90s. aol employees used physical "rsa securid" devices displaying 6 digits that changed once per minute. i once conceptualized…

AI-Powered Ethical Hacking Assistant. Contribute to berylliumsec/nebula development by creating an account on GitHub.

author : pad, x.com/123456 i was the most prolific tumblr spammer in 2011/2012. tumblr was popular then - so hacking/spamming it paid the rent. the most heavily publicized tumblr-related event i cast into existence was a scaled phishing attack. i wrote a…

What could cyberattacks look like with advanced generative AI capabilities?

Picture this: a feature from a security appliance that willingly dispatches its password hashes to any device on the network. That is precisely what WatchGuard's SSO does under certain circumstances. Does a bad feature warrant filing a CVE? I'm not sure.

Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. Official Twitter/X account @PersistSniper. Made w...

For too long, web race condition attacks have focused on a tiny handful of scenarios. Their true potential has been masked thanks to tricky workflows, missing tooling, and simple network jitter hiding

A technical blog

CVE-2023-43641 is a vulnerability in libcue, which can lead to code execution by downloading a file on GNOME.

author : pad, x.com/123456 i just stumbled into a skiptracing/ssn doxing service on fiverr wow and it inspired me to write a second post on doxing that is relevant in 2023. the skiptracing/ssn platform in question on fiverr is called tloxp - a tool used by…