Zero-day vulnerabilities chain in CrushFTP (CVE-20-23-43177) uncovered by Converge Red Team requires immediate attention with these remediation steps.

We analyzed data from thousands of organizations to understand the latest trends in cloud security posture.

A remote unauthenticated DOS POC exploit that targets the authentication implementation of Havoc. - syncwithali/HavocExploit

details about DIAL protocol vulnerabilities . Contribute to yunuscadirci/DIALStranger development by creating an account on GitHub.

We took a look at the security of the most popular code editor, Visual Studio Code! This blog post covers vulnerabilities our researchers discovered in third-party extensions.

gbrls's hacking blog

Executables with RWX sections can be abused using a variation of a Process Overwriting technique dubbed Process Stomping. Using (a modified) sRDI and leveraging the new features of Cobalt Strike 4.9 has been possible to load beacon in the RWX section itself…

Advisory ID: usd-2023-0025 (CVE-2023-45878) | Product: Gibbon Edu | Vulnerability Type: Arbitrary File Write (CWE-434)

Windows Task Scheduler enables windows users and administrators to perform automated tasks at specific time intervals. Scheduled tasks has been commonly abused as a method of persistence by threat …

How we could exploit a vulnerability in WithSecure Elements EDR to shut down a company network through malicious isolation.

Contribute to vulnersCom/trivy-plugin-vulners-db development by creating an account on GitHub.

genpatch is IDA plugin that generates a python noscript for patching binary - sterrasec/genpatch

This Blog will show a novel way to avoid detections for Process Injection triggered by ETWti from Kernel.

This article discusses compromising shared CI/CD runner infrastructure, and how an attacker can escalate their privileges from basic source-repository access to compromising the environments the wider system is deploying.

SAP Penetration Testing: A Comprehensive Analysis of SAP Security Issues - redrays-io/SAP-Penetration-Testing

Aqua Nautilus researchers found exposed Kubernetes secrets that pose a critical threat of supply chain attack to hundreds of organizations and OSS.

Privacy and security baseline for personal Windows 10 and Windows 11 - troennes/private-secure-windows

All the deals for InfoSec related software/tools this Black Friday - 0x90n/InfoSec-Black-Friday

This is a story about different ways to achieve RCE through the Java Log4j2 vulnerability (Log4Shell, CVE-2021-44228). And while some methods may not work, others may.

Learn how, when, and where to use OAuth scopes for authorization. Get a clear understanding of OAuth scopes definition and their proper usage.