PWK V1

PWK V1 LIST: ,Disclaimer: The boxes that are contained in this list should be used as a way to get started, to build your practical skills, or brush up on any weak points that you may have in your pentesting methodology. This list is not a substitute…

We present the steps that can lead you to another variation of an OS command injection vulnerability (CVE-2023-4249) in multiple Zavio IP camera models.

A Wi-Fi deauthentication attack, also known as a "deauth attack" or "disassociation attack," is a type of denial-of-service that targets wireless networks. The primary goal of this attack is to disconnect or deauthenticate devices (such as smartphones, laptops…

Posted by ijk_xyz2 - 6 votes and no comments

Good Day ransomware technical malware analysis

Found by @adm1nkyj and @justlikebono

By Ian Beer A graph representation of the sandbox escape NSExpression payload In April this year Google's Threat Analysis Group, in ...

VulnCheck was excited to breach ICS networks when CVE-2023-43261 was first disclosed. However, there is more to this than the CVE denoscription would lead you to believe. Follow VulnCheck’s journey from CVE denoscription to exploitation in the wild

Timestomp Tool to flatten MAC times with a specific timestamp - ZephrFish/Stompy

Add version 1.01

Exim is a message transfer agent (MTA) developed at the University of Cambridge for use on Unix systems connected to the Internet.

Generator of static files(csv, jpeg, png, pdf) for testing file upload. It can generate csv and png files of any number of bytes! - sterrasec/dummy

Battle of The Bots Website

By: John Poulin

At Cloud Security Partners, we have audited thousands of customer AWS accounts as part of our security reviews. Across our customers, roughly 5% of the AWS Relational Database Service (RDS) instances we analyze are publicly accessible. A…

This research is written and discovered by Aaron Costello (Twitter @ConspiracyProof). Daniel Miessler has had absolutely no part in the research nor this article. His sole link to the research is taking statements from this very article and reposting them…

CVE-2023-42627, CVE-2023-42628, CVE-2023-42629: Several stored cross-site noscripting vulnerabilities in Liferay Portal

We recently uncovered two critical code vulnerabilities in the personal cloud system CasaOS. Let's see what we can learn from them.

Learn how SaaS super admins targeted Okta in a social engineering campaign, and how to keep your Okta tenant and highly privileged SaaS identities secure using Reco’s AI-driven approach and comprehensive mapping of data, apps, and identities.