Doing security research we are constantly setting up local installations of software we are testing, and running many noscripts and utilities. To avoid risking or polluting our computer with this, we do most things isolated in virtual machines or containers.…

Several months ago, the Constrast Security Team reported a Java deserialization vulnerability about Spring Kafka to VMWare Security Team. It immediately attracted my attention and I got started to ana

CVE-2013-4786 Go exploitation tool. Contribute to fin3ss3g0d/CosmicRakp development by creating an account on GitHub.

A recently disclosed CVE for the Orthanc DICOM server can be used to obtain Remote Code Execution. As a PoC was not available, we wrote one.

Lately I’ve been conducting research into […]

It's time for another round Citrix Patch Diffing! Earlier this month Citrix released a security bulletin which mentioned "unauthenticated buffer-related vulnerabilities" and two CVEs. These issues affected Citrix NetScaler ADC and NetScaler Gateway.

How to write great vulnerability reports? If you’re a security consultant, penetration tester or a bug bounty hunter these tips are for…

🔐 A CLI tool to extract server certificates. Contribute to Hakky54/certificate-ripper development by creating an account on GitHub.

Discover vulnerability assessment using artificial intelligence: start using the new AI score as a second opinion, don't rely on the CVSS score alone.

Tenable® Holdings, Inc., the Exposure Management company, today announced it has closed its acquisition of Ermetic, Ltd. (“Ermetic”), an innovative cloud-native application protection platform (CNAPP) company, and a leading provider of cloud infrastructure…

Financially motivated threat actor Octo Tempest's evolving campaigns represent growing concern for organizations across multiple industries.

Cisco IOS XE CVE-2023-20198 technical deep-dive, WebUI internals, patch diffing, and exploit theory crafting.

Disengaging Loader Lock to do anything directly from DLLMain...

Overview In an effort to safeguard our customers, we perform proactive vulnerability research with the goal of identifying zero-day vulnerabilities that are likely to impact the security of leading organizations.  We decided to focus on the F5 BIG-IP suite…

Adversaries can steal credentials, cookies and other private data from browsers using various techniques. We cover how you can simulate Credential Stealing From Browser s and detect it with your security tools. Sigma Rules Inside.

a simple discovery noscript that uses popular tools like subfinder, amass, puredns, alterx, massdns and others - foozzi/discoshell