Explore how GitHub Actions can be leveraged to rotate IP addresses during password spraying attacks to bypass IP-Based blocking such as Entra Smart lockout.

pgAdmin <= 8.3 is affected by a path-traversal vulnerability while deserializing user's session in the session handling code. If the server is running on Windows, an unauthenticated attacker can load and deserialize remote pickle objects and gain code execution.…

A highly unusual leak last month of internal documents from a private contractor linked to China's government and police revealed the sordid wheeling and dealing that takes place behind the scenes in China's hacking industry.

Personal blog of Julien (jvoisin) Voisin

A PoC demonstrating code execution via DLL Side-Loading in WinSxS binaries. - thiagopeixoto/winsos-poc

I will show you how to install and run it on non-rooted Android device using Termux app. This brings convenience of analyzing Android apps directly on device

Learning how to use Trusted Platform Modules (TPMs)

Overview CVE-2024–23897 is a critical vulnerability discovered in Jenkins, with a high CVSS score of 9.8. This vulnerability allows the attacker to read files in the system through the integrated...

NextChat a.k.a ChatGPT-Next-Web, a popular Gen AI ChatBot, is vulnerable to a critical server-side request forgery (SSRF) vulnerability.

Read about Introduction to LLM Security

CVE-2024-28084 Patched in Inet Wireless Daemon 2.16

A BrainF*ck Inspired Shell Obfuscation Proof-of-Concept - CyberSecurityN00b/shellfeck

In part two of this Team82 series, we examine practical and theoretical attacks against operational technology (OT) through the use of a virtual factory environment. The attacks range in sophistication and present defenders with an opportunity to threat model…

Introduction: In today’s interconnected world, understanding network security is essential. One essential tool in a security professional’s arsenal is a port scanner. You probably thinking …

Kubernetes LAN Party - by Wiz

Meet Asteroid - an AI-powered, multi-terrain hacking robot designed to conduct cybersecurity missions in challenging environments where human involvement is either unfeasible or hazardous.

AI Powered Sensitive Information Detection. Contribute to berylliumsec/eclipse development by creating an account on GitHub.

TL;DR This post will teach you how to patch diff CVE-2024–20696 (and indirectly CVE-2024–20697) from the January 2024 Patch Tuesday.