This article discusses compromising shared CI/CD runner infrastructure, and how an attacker can escalate their privileges from basic source-repository access to compromising the environments the wider system is deploying.

SAP Penetration Testing: A Comprehensive Analysis of SAP Security Issues - redrays-io/SAP-Penetration-Testing

Aqua Nautilus researchers found exposed Kubernetes secrets that pose a critical threat of supply chain attack to hundreds of organizations and OSS.

Privacy and security baseline for personal Windows 10 and Windows 11 - troennes/private-secure-windows

All the deals for InfoSec related software/tools this Black Friday - 0x90n/InfoSec-Black-Friday

This is a story about different ways to achieve RCE through the Java Log4j2 vulnerability (Log4Shell, CVE-2021-44228). And while some methods may not work, others may.

Learn how, when, and where to use OAuth scopes for authorization. Get a clear understanding of OAuth scopes definition and their proper usage.

It's time to wrap up our series on the security of Visual Studio Code with new vulnerabilities in the NPM integration, bypassing the Workspace Trust security feature.

Fixed an error in Mac OS M1 and M2 that was caused by direct subprocess execution. Special thanks to Tavi for reporting the issue in the extension.
Added a logger to aid in debugging the encryption...

Blackwing Intelligence provides high-end security engineering, analysis, and research services for engineering focused organizations

In the idealistic world of security research, we’d be faced with the latest versions of off-the-shelf enterprise products, primed with fresh hardened code ready for analysis and code kung-fu.

In reality, however, enterprises and users often don’t update…

Azure mindmap for penetration tests. Contribute to synacktiv/Mindmaps development by creating an account on GitHub.

File name: 6558073e997da5ca440b5a4b.exe

Microsoft has uncovered a supply chain attack by Diamond Sleet involving a malicious variant of an application developed by CyberLink Corp.

Think your password is strong? Ever trusted a password strength tool online (or maybe you don't trust anything)? You might be surprised to see how far off the mark some of the most popular password strength tools are.

CVE-2023-46604 discloses a Remote Code Execution (RCE) flaw within Apache ActiveMQ. This vulnerability is trivial to exploit and its leveraged by threat actors.

Hide 🕵️‍♂️ your files of any type inside a image of your choice using steganography - GitHub - JoshuaKasa/van-gonography: Hide 🕵️‍♂️ your files of any type inside a image of your choice using ste...

Comprehensive guide on how to convert your RCE vulnerability into a fully functional metasploit module, that will spawn any payload. We use CVE-2023-32781 as our example.

Pen Test Report Generation and Assessment Collaboration - factionsecurity/faction