Explore the art of automating and visually demonstrating API vulnerabilities you've identified using Postman Workflows.

How to provide secure temporary production access to Azure objects, production networks and cloud infrastructure using Azure Privileged Identity Management.

Information Security Services. Offensive Security, Penetration Testing, Mobile and Application, Purple Team, Red Team

A sandbox escape for Judge0

I was invited to a private bug bounty program of a tech company, one of the biggest tech companies in its country. The scope was pretty…

Key Takeaways In August 2023, we observed an intrusion that started with a phishing campaign using PrometheusTDS to distribute IcedID. IcedID dropped and executed a Cobalt Strike beacon, which was …

Imagine you create an empty, private AWS S3 bucket in a region of your preference. What will your AWS bill be the next morning?

This article takes an uncommon approach to security articles. Insteading of suggesting ways to enhance your application’s security, this…

Following research conducted by a colleague of mine [1] at CyberArk Labs, I better understood NVMe-oF/TCP. This kernel subsystem exposes INET socket(s), which can be a fruitful attack surface for...

Attackers are using Docker Hub for malicious campaigns of various types, including spreading malware, phishing and scams. Read the analysis of 3 malware campaigns.

Over the years that I’ve been teaching Ghidra at Black Hat and other events, there is one question which inevitably comes up.

Trap beats, open loops and Dirty Daves spell trouble for our forensicators.

While working on a target, some of the most interesting parts to test is its API. APIs are dynamics, they get updated more often then…

The Mockingjay process injection technique was designed to prevent the allocation of a buffer with RWX permission, typically used for…

The Lazarus Group, a hacking organization backed by North Korea, has laundered over $200M in crypto through 25+ hacks from 2020 to 2023

Microsoft Developer Blogs Search Tool. Contribute to ElliotKillick/ms-devblogs-search development by creating an account on GitHub.

FlowMate, a BurpSuite extension that brings taint analysis to web applications, by tracking all parameters send to a target application and matches their occurrences in the responses. - usdAG/FlowMate

I recently worked on a Flutter-based application and learned that it is different from other hybrid frameworks like React Native or…

Analyze pcaps with Zeek and a Grafana Dashboard. Contribute to hackertarget/pcap-did-what development by creating an account on GitHub.