Become familiar with developing applications for Flipper Zero, which will be capable of activating adult toys all at once or completely inhibit their use for those within your range (i.e. Denial of Pleasure Attack).

API flaw enabled livestreaming of a telecommunications company’s office cameras.

Developer usage patterns with Azure CLI may leak sensitive data in CI/CD logs when used in public repositories, potentially exposing critical information.

In summer 2023 for a graduate program class I worked with an excellent team made up of Elvis Maese, Parth Joshi, Scott Randall, & Chris…

In OpenCart versions 4.0.0.0 to 4.0.2.3, authenticated backend users having common/security access and modify privileges can write arbitrary untrusted data inside config.php and admin/config.php, resulting in remote code execution on the underlying server.

Introduction

VulnCheck finds a new way to exploit ActiveMQ CVE-2023-46604 that allows the attacker to hide in memory and avoid process-based detections.

Report and exploit of CVE-2023-36427. Contribute to tandasat/CVE-2023-36427 development by creating an account on GitHub.

Useful Techniques, Tactics, and Procedures for red teamers and defenders, alike! - RoseSecurity/Red-Teaming-TTPs

Earlier today, AlphV added MeridianLink to their leak site. MeridianLink (MLNK) is the provider of a loan origination system and digital lending platform for...

In our research, Binary Security found a weakness in Azure Kubernetes Service (AKS) that allows Guest users or third-party apps to access the AKS API without getting assigned any specific roles. Microsoft originally responded that it “does not meet the definition…

How to find out someone's phone number if you just know their email address and how it can be automated using a new OSINT tool: email2phonenumber

A collection of real world AI/ML exploits for responsibly disclosed vulnerabilities - GitHub - protectai/ai-exploits: A collection of real world AI/ML exploits for responsibly disclosed vulnerabil...

I analyzed stackoverflow for secrets and leaks.

Porch Pirate is a Postman recon / OSINT client and framework that facilitates the automated discovery and exploitation of API endpoints and secrets committed to public workspaces, collections, requests, users and teams. Porch Pirate can be used as a client…

Zero-day vulnerabilities chain in CrushFTP (CVE-20-23-43177) uncovered by Converge Red Team requires immediate attention with these remediation steps.

We analyzed data from thousands of organizations to understand the latest trends in cloud security posture.

A remote unauthenticated DOS POC exploit that targets the authentication implementation of Havoc. - syncwithali/HavocExploit

details about DIAL protocol vulnerabilities . Contribute to yunuscadirci/DIALStranger development by creating an account on GitHub.