Ghostnoscript is the backbone of document processing for a lot of web apps and programs. If you have never heard of Ghostnoscript yet, you still have very likely already used it a lot through various programs such as PDF viewers, office suites or …

Hacking the Cosmos SDK via the watchdog process manager Cosmovisor.

Background As blank smartcards supporting Java Card 3.0.4 become increasingly available, it is becoming popular to use projects like SmartPGP to create homemade OpenPGP Cards to store OpenPGP private keys.

PWK V1

PWK V1 LIST: ,Disclaimer: The boxes that are contained in this list should be used as a way to get started, to build your practical skills, or brush up on any weak points that you may have in your pentesting methodology. This list is not a substitute…

We present the steps that can lead you to another variation of an OS command injection vulnerability (CVE-2023-4249) in multiple Zavio IP camera models.

A Wi-Fi deauthentication attack, also known as a "deauth attack" or "disassociation attack," is a type of denial-of-service that targets wireless networks. The primary goal of this attack is to disconnect or deauthenticate devices (such as smartphones, laptops…

Posted by ijk_xyz2 - 6 votes and no comments

Good Day ransomware technical malware analysis

Found by @adm1nkyj and @justlikebono

By Ian Beer A graph representation of the sandbox escape NSExpression payload In April this year Google's Threat Analysis Group, in ...

VulnCheck was excited to breach ICS networks when CVE-2023-43261 was first disclosed. However, there is more to this than the CVE denoscription would lead you to believe. Follow VulnCheck’s journey from CVE denoscription to exploitation in the wild

Timestomp Tool to flatten MAC times with a specific timestamp - ZephrFish/Stompy

Add version 1.01

Exim is a message transfer agent (MTA) developed at the University of Cambridge for use on Unix systems connected to the Internet.

Generator of static files(csv, jpeg, png, pdf) for testing file upload. It can generate csv and png files of any number of bytes! - sterrasec/dummy

Battle of The Bots Website

By: John Poulin

At Cloud Security Partners, we have audited thousands of customer AWS accounts as part of our security reviews. Across our customers, roughly 5% of the AWS Relational Database Service (RDS) instances we analyze are publicly accessible. A…

This research is written and discovered by Aaron Costello (Twitter @ConspiracyProof). Daniel Miessler has had absolutely no part in the research nor this article. His sole link to the research is taking statements from this very article and reposting them…