Multiple vulnerabilities found in ExtremeNetworks ExtremeXOS by Rhino Security Labs.

Makes reverse engineering Android apps easier, automating repetitive tasks like pulling, decoding, rebuilding and patching an APK. - ax/apk.sh

The Password Manager Extension from One Identity can be used to perform two different kiosk escapes on the lock screen of a Windows client. These two escapes allow an attacker to execute commands with the highest permissions of a user with the SYSTEM role.

This document gives an overview and specification of Version 5 of the protocol for the Kerberos network authentication system. [STANDARDS-TRACK]

This is a gif of the exfiltration process (We've increased the speed so you're not waiting around for 1 minute). Read on to discover how this works... CSS Cafe presentation I presented this technique

BugProve discovers additional zero-day vulnerabilities in Zyxel's personal cloud storage device. Detailed writeup of the firmware analysis process.

This is the second post in a two-part series on DNS rebinding. In this post, I introduce new techniques for achieving reliable, split-second DNS rebinding in Chrome, Edge, and Safari when IPv6 is available, as well as a technique for bypassing the local network…

GitHub Gist: instantly share code, notes, and snippets.

Security experts

Determining the intent behind a package publication is notoriously difficult. Is it a legitimate threat actor or a security researcher? We can rarely make this determination, so Phylum generally errs on the side of caution and annotates packages that exhibit…

Dasharo User Group (DUG) #4 and Dasharo Developers vPub 0x9 When? 07th December 2023 5PM UTC to last hacker standing...

A modern investigation of the Windows loader architecure and loader lock

Using CVE-2023-43641 as an example, I’ll explain how to develop an exploit for a memory corruption vulnerability on Linux. The exploit has to bypass several mitigations to achieve code execution.

APIs (Application Programming Interfaces) enable software systems and applications to communicate and share data. API testing is important as ...

Introduction In August 2023, Google published research they did on AI-powered fuzzing. They showed they could automatically improve fuzzing code coverage of C/C++ projects already enrolled in OSS-F…

This is the personal website of Egidio Romano, a very curious guy from Sicily, Italy. He's a computer security enthusiast, particularly addicted to webapp security.

Akamai researchers discovered a new set of attacks against Active Directory (AD) using Microsoft DHCP servers that can lead to full AD takeover.

BSidesSF is soliciting submissions for the annual BSidesSF conference on April 26-27, 2025. Call for Participation is currently open for all tracks.Note: We DO NOT provide speaker or travel ...