I spend a decent amount of time looking at IEEE 802.11 (Wi-Fi) packet captures and feel like every time I close Wireshark I’ve learned…

Aqua Nautilus researchers have identified a security issue that arises from the interaction between Ubuntu's command-not-found package and the snap package repository.

Microsoft, in collaboration with OpenAI, is publishing research on emerging threats in the age of AI, focusing on identified activity associated with known threat actors Forest Blizzard, Emerald Sleet, Crimson Sandstorm, and others. The observed activity…

SOC Interview Questions. Contribute to LetsDefend/SOC-Interview-Questions development by creating an account on GitHub.

The beginning of January we released a new way to detect AiTM attacks on your Microsoft 365 environment. In just one month, we are protecting over 100 tenants with this new approach. We were able t…

python flask app which utilises ngrok and gunicorn to securely upload files to local machine and download to remote machine over the internet. all handled by the bash noscript. - deeexcee-io/duppy

TL;DR The presence of the TRACE method is generally considered to be at best an informational finding (and in isolation, I wouldn’t disagree with that). But before you deploy your meh, if you know what to look for, the TRACE method (and any other mechanism…

TL;DR According to data from RIPE, over 40% of computers attached to the Internet have a few seconds of clock drift, which with the right combination of headers, will make an HTTP response unintentionally cacheable. Background Like many parts of the HTTP…

Introduction While doing some research about file formats, I occasionally found some references about the DICOM file format. Since I never heard about it I’ve decided to dig deeper.
16/02/2024 Update It seems that the developer was already aware of the Double…

The best safe place for your files. Contribute to ElroubyMagnos/ElroubyDecryptedDesktop development by creating an account on GitHub.

This article provides practical recommendations for configuring Docker platform aimed at increasing its security. It also suggests tools helpful in automation of some tasks related to securing Docker.

Overview  Recently, five CVEs have been discovered in Ivanti Connect Secure, a software product designed to offer secure remote access to corporate resources and applications. This product is...

Welcome to the Top 10 Web Hacking Techniques of 2023, the 17th edition of our annual community-powered effort to identify the most innovative must-read web security research published in the last year

Discover how to uncover vulnerabilities in source code applications and learn key techniques to identify and mitigate security risks effectively.

Overview  Recently, five CVEs have been discovered in Ivanti Connect Secure, a software product designed to offer secure remote access to corporate resources and applications. This product is...

Active Directory users that have the Kerberos pre-authentication enabled and require access to a resource initiate the Kerberos authentication process by sending an Authentication Server Request (A…

I will delve into using Android smartphone while charging from computer to perform automated DNS poisoning attack without any user interaction. I go through its results, downsides and effective prevention tips.

Embedder is a collection of sources in different languages to embed Python interpreter with minimal dependencies - naksyn/Embedder