A technical and root cause analysis of CISA’s Known Exploited Vulnerabilities from 2023.

We guard your domain, so you have peace of mind. Threat Visibility Platform.

Scapy's comprehensive set of features enables the creation of customized network traffic, making it an ideal tool for fuzzing.

Contribute to ad0nis/ntlm_relay_gat development by creating an account on GitHub.

apk.sh makes reverse engineering Android apps easier, automating some repetitive tasks like pulling, decoding, rebuilding and patching an APK. - ax/apk.sh

How would you feel if an attacker could read your AWS resource tags? Turns out they can! Find out how and test your environment with our tool.

Unpack RedLine stealer to extract config using pe-sieve. pe-sieve dumps then unpacked files from memory. Then, extract the config from the dumped file.

ShmooCon 2024by Shmoo Group, various presentersThe videos in this collection are from ShmooCon 2024, which occurred on 12 - 14 January 2024, at the Washington...

Everyone in InfoSec knows Metasploit and the importance this tool has had on many professionals and in the field itself, either be it for awareness purposes, education, CTFs or actual live penetration tests, odds are the reader has encountered and used Metasploit…

Summary A vulnerability in TOTOLINK LR1200GB allows remote unauthenticated attackers to become authenticated due to a stack overflow vulnerability in the web interface. Additional post-auth vulnerabilities in the product allow for command injection and their…

Recently, during a red team engagement […]

When looking across the attack surface of large enterprises, the expectation is the utilisation of well-known heavy-hitting software and appliances. Think your Citrix's, Cisco's, MOVEit's, and other such excitement.

These products are enterprise-grade, in…

In Part 2 of our series focusing on improving LLM security against prompt injection we’re doing a deeper dive into transformers, attention, and how these topics play a role in prompt injection attacks. This post aims to provide more under-the-hood context…

As astute readers of our Twitter account (https://twitter.com/watchtowrcyber) and blog will know, we’ve recently been heavily involved in understanding the recent spatter of vulnerabilities in Ivanti products - most recently, their Connect Secure product…

Aperture is a distributed load management platform designed for rate limiting,

In this blog we delve into a timeseries analysis by trying to answer various questions related to GitHub exploit PoC repositories. A future prediction was made.

TL:DR Insignificant whitespaces in the JSON standard can be used to encode data without breaking the format. This could aid malicious…

We have spent the last six months researching on the previous two years of prior cracked passwords and built some tools to understand password creation strategies better. Here are the results.

The lab is conducting a research study to investigate the usage and possible issues of the NVD (National Vulnerability Database). If you ...