AppView is an open source instrumentation utility for any application, regardless of its runtime, with no code modification required. Collect only the data you need for full observability of your applications, systems and infrastructure.

Good morning!

dauthi is a tool that takes advantage of API functionality across a variety of MDM solutions to perform user enumeration and single-factor authentication attacks. Additionally, the framework offers...

After detailing authentication issues with VMWare’s Airwatch and Ivanti’s MobileIron, I began to search other popular Mobile Device Management (MDM) tools for similar logic flaws. One of my primary targets for this effort was the BlackBerry MDM. Black who…

CVE-2024-2389 unauthenticated command injection vulnerability found in Progress Flowmon server.

North Korean threat actors return to npm with a new attack. Phylum detects malicious packages targeting macOS and Windows. Protect your software supply chain.

The SAP Threat Modeling Tool is an on-premises open-source web application designed to analyze and visualize connections between SAP systems, helping users identify security risks and vulnerabiliti...

Heavily obfuscated ASP web shell generation tool. Contribute to fin3ss3g0d/ASPJinjaObfuscator development by creating an account on GitHub.

Join OffSec's own Jeremiah Roe, Advisory CISO and Jeremy (Harbinger) Miller, Senior Content Strategy & Development Manager, as we provide a status update on what we know about this incident so far, some lessons we've already learned, and what you and your…

Cisco is aware of new activity targeting certain Cisco Adaptive Security Appliances (ASA) 5500-X Series and has released three CVEs related to the event. We assess with high confidence this activity is related to same threat actor as ArcaneDoor in 2024.

TyphoonCon conference and training focus on highly technical offensive security topics.
The event is organized by SSD Secure Disclosure.

security measures, policies that we do for literal namesakes

How to achieve a working remote code execution exploit in an embedded phone without any previous access.

Moriarty is designed to enumerate missing KBs, detect various vulnerabilities, and suggest potential exploits for Privilege Escalation in Windows environments. - GitHub - BC-SECURITY/Moriarty: Mor...

MFA was supposed to solve our security problems, so why do attackers keep getting around it?

In our latest blog post, we introduce coverage-guided fuzzing with a brief denoscription of fundamentals and a demonstration of how modifying program instrumentation can be used to more easily track down the source of vulnerabilities and identify interesting…

Unauthenticated privilege escalation in Horacius (Identity and Access Management) - CVE-2024-29417: a security software vulnerability allows for local privilege escalation, even when Windows is locked.



Disclaimer
This Security Advisory is provided on an…

Postman, the popular API testing platform, hosts the largest collection of public APIs. Unfortunately, it’s become one of the largest public sources of leaked secrets. We estimate over 4,000 live credentials are currently leaking publicly on Postman for a…