Our security team scanned 189.5M URLs and found more than 18,000 exposed API secrets. Explore the methodology.

Yet another security platform being pwned by trivial vulnerabilities (CVE-2024-22107 & CVE-2024-22108)

Learn all about the 35-year-old vulnerabilities found by our Security Team in libX11, causing a denial-of-service and remote code execution.

Paxton Access is a UK-based company specialising in access control solutions. Their products cater to a wide range of security needs in various sectors, including commercial, educational, and healthcare facilities.One of the key products from Paxton Access…

Summary Chaining of three vulnerabilities allows unauthenticated attackers to execute arbitrary command with root privileges on Zyxel VPN firewall (VPN50, VPN100, VPN300, VPN500, VPN1000). Due to recent attack surface changes in Zyxel, the chain described…

For the past eight months, Trail of Bits has worked with the Python Cryptographic Authority to build cryptography-x509-verification, a brand-new, pure-Rust implementation of the X.509 path validation algorithm that TLS and other encryption and authentication…

On September 20th, 2023 a member of the huntr community reported an issue in Triton where a file traversal vulnerability lead to the ability to overwrite any file on the server when Triton is run using a non-default configuration option. 

Notes about attacking Jenkins servers. Contribute to gquere/pwn_jenkins development by creating an account on GitHub.

Decrypt AsyncRAT configurations effortlessly using CyberChef with our step-by-step guide. Dive into the recipe and enhance your malware analysis skills.

Playing Chess is one of the many hobbies I like to do in my spare time, apart from tinkering around with technology. However, I'm not very good at it, and after losing many games, I decided to see if I could do something I'm much better at; hacking the system!

A step by step blog on how to build a password cracker for professional cracking.

A tool that allows you to convert NMAP results to html, csv, json, markdown, graphviz (dot) or sqlite. Simply put it's nmap converter. - GitHub - vdjagilev/nmap-formatter: A tool that allow...

Execute shellcode files with rundll32. Contribute to florylsk/ExecIT development by creating an account on GitHub.

TyphoonCon conference and training focus on highly technical offensive security topics.
The event is organized by SSD Secure Disclosure.

By Oleg Zaytsev, Nati Tal (Guardio Labs)

Key Takeaways In late December 2022, we observed threat actors exploiting a publicly exposed Remote Desktop Protocol (RDP) host, leading to data exfiltration and the deployment of Trigona ransomwar…

The Orca Research Pod has discovered a risk in Google Kubernetes Engine (GKE) that would allow an attacker with any Google account to take over a Kubernetes cluster. Learn about this risk dubbed Sys:All and the recommended actions to take.

This webinar will focus on strategies for remediating leaked keys, managing key rotation, and handling platform-specific processes for the leading SaaS providers.