The SAP Threat Modeling Tool is an on-premises open-source web application designed to analyze and visualize connections between SAP systems, helping users identify security risks and vulnerabiliti...

Heavily obfuscated ASP web shell generation tool. Contribute to fin3ss3g0d/ASPJinjaObfuscator development by creating an account on GitHub.

Join OffSec's own Jeremiah Roe, Advisory CISO and Jeremy (Harbinger) Miller, Senior Content Strategy & Development Manager, as we provide a status update on what we know about this incident so far, some lessons we've already learned, and what you and your…

Cisco is aware of new activity targeting certain Cisco Adaptive Security Appliances (ASA) 5500-X Series and has released three CVEs related to the event. We assess with high confidence this activity is related to same threat actor as ArcaneDoor in 2024.

TyphoonCon conference and training focus on highly technical offensive security topics.
The event is organized by SSD Secure Disclosure.

security measures, policies that we do for literal namesakes

How to achieve a working remote code execution exploit in an embedded phone without any previous access.

Moriarty is designed to enumerate missing KBs, detect various vulnerabilities, and suggest potential exploits for Privilege Escalation in Windows environments. - GitHub - BC-SECURITY/Moriarty: Mor...

MFA was supposed to solve our security problems, so why do attackers keep getting around it?

In our latest blog post, we introduce coverage-guided fuzzing with a brief denoscription of fundamentals and a demonstration of how modifying program instrumentation can be used to more easily track down the source of vulnerabilities and identify interesting…

Unauthenticated privilege escalation in Horacius (Identity and Access Management) - CVE-2024-29417: a security software vulnerability allows for local privilege escalation, even when Windows is locked.



Disclaimer
This Security Advisory is provided on an…

Postman, the popular API testing platform, hosts the largest collection of public APIs. Unfortunately, it’s become one of the largest public sources of leaked secrets. We estimate over 4,000 live credentials are currently leaking publicly on Postman for a…

Legit Security | Dependency Confusion Vulnerability Found in an Archived Apache Project. Get details on the Legit research team's discovery of a dependency confusion vulnerability in an archived Apache project.

Malware Campaign Exploiting Antivirus Updates

Explore the art of automating and visually demonstrating API vulnerabilities you've identified using Postman Workflows.

How to provide secure temporary production access to Azure objects, production networks and cloud infrastructure using Azure Privileged Identity Management.

Information Security Services. Offensive Security, Penetration Testing, Mobile and Application, Purple Team, Red Team

A sandbox escape for Judge0