Lately I’ve been conducting research into […]

It's time for another round Citrix Patch Diffing! Earlier this month Citrix released a security bulletin which mentioned "unauthenticated buffer-related vulnerabilities" and two CVEs. These issues affected Citrix NetScaler ADC and NetScaler Gateway.

How to write great vulnerability reports? If you’re a security consultant, penetration tester or a bug bounty hunter these tips are for…

🔐 A CLI tool to extract server certificates. Contribute to Hakky54/certificate-ripper development by creating an account on GitHub.

Discover vulnerability assessment using artificial intelligence: start using the new AI score as a second opinion, don't rely on the CVSS score alone.

Tenable® Holdings, Inc., the Exposure Management company, today announced it has closed its acquisition of Ermetic, Ltd. (“Ermetic”), an innovative cloud-native application protection platform (CNAPP) company, and a leading provider of cloud infrastructure…

Financially motivated threat actor Octo Tempest's evolving campaigns represent growing concern for organizations across multiple industries.

Cisco IOS XE CVE-2023-20198 technical deep-dive, WebUI internals, patch diffing, and exploit theory crafting.

Disengaging Loader Lock to do anything directly from DLLMain...

Overview In an effort to safeguard our customers, we perform proactive vulnerability research with the goal of identifying zero-day vulnerabilities that are likely to impact the security of leading organizations.  We decided to focus on the F5 BIG-IP suite…

Adversaries can steal credentials, cookies and other private data from browsers using various techniques. We cover how you can simulate Credential Stealing From Browser s and detect it with your security tools. Sigma Rules Inside.

a simple discovery noscript that uses popular tools like subfinder, amass, puredns, alterx, massdns and others - foozzi/discoshell

Ragnar Locker remains out of reach of the security software.

toolkit for python reverse engineering. Contribute to Fadi002/de4py development by creating an account on GitHub.

CVE-2023-5043, CVE-2023-5044 and CVE-2022-4886 can be exploited by attacker to steal secret credentials from the cluster. Read all about it!

While poking around Parallels Desktop I found a noscript which is invoked by a setuid-root binary, which has the following snippet: local prl_dir="${usr_home}/Library/Parallels" if [ -e "$prl_dir" -a ! -d "$prl_dir" ]; then log warning "'${prl_dir}' is not…

Uncover the steps to hack WiFi passwords using Hashcat. This guide provides a comprehensive walkthrough, from dictionary attacks to brute-force attack